7ffa34f5f1e242045271cbc4fa822c7c5c894540cd4e897633b163ced464bc09

Analysis

max time kernel
152s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
23-10-2023 05:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Touhou Project PC-98.exe
Size

62.2MB
MD5

9b1ddea2c321f54fb010e47e60ac01fb
SHA1

40d1b53211ed7b22580d39723ae1a56d2bef520f
SHA256

7ffa34f5f1e242045271cbc4fa822c7c5c894540cd4e897633b163ced464bc09
SHA512

f7c76bca0bd7e567a512468656f7876a779204ab4c0101d8aec7243d00fa4bf205e96dd7b058e1275c157612eaa0465015a5ffc8f6bb3e3336764a96ff351743
SSDEEP

1572864:3TjzukeHnK140AyB4hyZ37uu53PYk5KG2HnfWT:DjakeHnK1pAG4hi3p5F5IfWT

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3024	rt5sandbox.exe

Loads dropped DLL 4 IoCs

pid	Process
3024	rt5sandbox.exe
3024	rt5sandbox.exe
3024	rt5sandbox.exe
3024	rt5sandbox.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1724	3024	WerFault.exe	115

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133425124801684089"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 49 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-568313063-1441237985-1542345083-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-568313063-1441237985-1542345083-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-568313063-1441237985-1542345083-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-568313063-1441237985-1542345083-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-568313063-1441237985-1542345083-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-568313063-1441237985-1542345083-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-568313063-1441237985-1542345083-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-568313063-1441237985-1542345083-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe10000000863f4e808003da01576ccca28c03da01c9f51bb67105da0114000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-568313063-1441237985-1542345083-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\NodeSlot = "2"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-568313063-1441237985-1542345083-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-568313063-1441237985-1542345083-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-568313063-1441237985-1542345083-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-568313063-1441237985-1542345083-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-568313063-1441237985-1542345083-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-568313063-1441237985-1542345083-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-568313063-1441237985-1542345083-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-568313063-1441237985-1542345083-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-568313063-1441237985-1542345083-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-568313063-1441237985-1542345083-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-568313063-1441237985-1542345083-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-568313063-1441237985-1542345083-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-568313063-1441237985-1542345083-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-568313063-1441237985-1542345083-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-568313063-1441237985-1542345083-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-568313063-1441237985-1542345083-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-568313063-1441237985-1542345083-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-568313063-1441237985-1542345083-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-568313063-1441237985-1542345083-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-568313063-1441237985-1542345083-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-568313063-1441237985-1542345083-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-568313063-1441237985-1542345083-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-568313063-1441237985-1542345083-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-568313063-1441237985-1542345083-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-568313063-1441237985-1542345083-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-568313063-1441237985-1542345083-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-568313063-1441237985-1542345083-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-568313063-1441237985-1542345083-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-568313063-1441237985-1542345083-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-568313063-1441237985-1542345083-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-568313063-1441237985-1542345083-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-568313063-1441237985-1542345083-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-568313063-1441237985-1542345083-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-568313063-1441237985-1542345083-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-568313063-1441237985-1542345083-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-568313063-1441237985-1542345083-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-568313063-1441237985-1542345083-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-568313063-1441237985-1542345083-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-568313063-1441237985-1542345083-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3360	chrome.exe
3360	chrome.exe
3792	chrome.exe
3792	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4220	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe

Suspicious use of FindShellTrayWindow 53 IoCs

pid	Process
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
3024	rt5sandbox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3360 wrote to memory of 3320	3360	chrome.exe	95
PID 3360 wrote to memory of 3320	3360	chrome.exe	95
PID 3360 wrote to memory of 4976	3360	chrome.exe	97
PID 3360 wrote to memory of 4976	3360	chrome.exe	97
PID 3360 wrote to memory of 4976	3360	chrome.exe	97
PID 3360 wrote to memory of 4976	3360	chrome.exe	97
PID 3360 wrote to memory of 4976	3360	chrome.exe	97
PID 3360 wrote to memory of 4976	3360	chrome.exe	97
PID 3360 wrote to memory of 4976	3360	chrome.exe	97
PID 3360 wrote to memory of 4976	3360	chrome.exe	97
PID 3360 wrote to memory of 4976	3360	chrome.exe	97
PID 3360 wrote to memory of 4976	3360	chrome.exe	97
PID 3360 wrote to memory of 4976	3360	chrome.exe	97
PID 3360 wrote to memory of 4976	3360	chrome.exe	97
PID 3360 wrote to memory of 4976	3360	chrome.exe	97
PID 3360 wrote to memory of 4976	3360	chrome.exe	97
PID 3360 wrote to memory of 4976	3360	chrome.exe	97
PID 3360 wrote to memory of 4976	3360	chrome.exe	97
PID 3360 wrote to memory of 4976	3360	chrome.exe	97
PID 3360 wrote to memory of 4976	3360	chrome.exe	97
PID 3360 wrote to memory of 4976	3360	chrome.exe	97
PID 3360 wrote to memory of 4976	3360	chrome.exe	97
PID 3360 wrote to memory of 4976	3360	chrome.exe	97
PID 3360 wrote to memory of 4976	3360	chrome.exe	97
PID 3360 wrote to memory of 4976	3360	chrome.exe	97
PID 3360 wrote to memory of 4976	3360	chrome.exe	97
PID 3360 wrote to memory of 4976	3360	chrome.exe	97
PID 3360 wrote to memory of 4976	3360	chrome.exe	97
PID 3360 wrote to memory of 4976	3360	chrome.exe	97
PID 3360 wrote to memory of 4976	3360	chrome.exe	97
PID 3360 wrote to memory of 4976	3360	chrome.exe	97
PID 3360 wrote to memory of 4976	3360	chrome.exe	97
PID 3360 wrote to memory of 4976	3360	chrome.exe	97
PID 3360 wrote to memory of 4976	3360	chrome.exe	97
PID 3360 wrote to memory of 4976	3360	chrome.exe	97
PID 3360 wrote to memory of 4976	3360	chrome.exe	97
PID 3360 wrote to memory of 4976	3360	chrome.exe	97
PID 3360 wrote to memory of 4976	3360	chrome.exe	97
PID 3360 wrote to memory of 4976	3360	chrome.exe	97
PID 3360 wrote to memory of 4976	3360	chrome.exe	97
PID 3360 wrote to memory of 3160	3360	chrome.exe	96
PID 3360 wrote to memory of 3160	3360	chrome.exe	96
PID 3360 wrote to memory of 2104	3360	chrome.exe	98
PID 3360 wrote to memory of 2104	3360	chrome.exe	98
PID 3360 wrote to memory of 2104	3360	chrome.exe	98
PID 3360 wrote to memory of 2104	3360	chrome.exe	98
PID 3360 wrote to memory of 2104	3360	chrome.exe	98
PID 3360 wrote to memory of 2104	3360	chrome.exe	98
PID 3360 wrote to memory of 2104	3360	chrome.exe	98
PID 3360 wrote to memory of 2104	3360	chrome.exe	98
PID 3360 wrote to memory of 2104	3360	chrome.exe	98
PID 3360 wrote to memory of 2104	3360	chrome.exe	98
PID 3360 wrote to memory of 2104	3360	chrome.exe	98
PID 3360 wrote to memory of 2104	3360	chrome.exe	98
PID 3360 wrote to memory of 2104	3360	chrome.exe	98
PID 3360 wrote to memory of 2104	3360	chrome.exe	98
PID 3360 wrote to memory of 2104	3360	chrome.exe	98
PID 3360 wrote to memory of 2104	3360	chrome.exe	98
PID 3360 wrote to memory of 2104	3360	chrome.exe	98
PID 3360 wrote to memory of 2104	3360	chrome.exe	98
PID 3360 wrote to memory of 2104	3360	chrome.exe	98
PID 3360 wrote to memory of 2104	3360	chrome.exe	98
PID 3360 wrote to memory of 2104	3360	chrome.exe	98
PID 3360 wrote to memory of 2104	3360	chrome.exe	98

C:\Users\Admin\AppData\Local\Temp\Touhou Project PC-98.exe
"C:\Users\Admin\AppData\Local\Temp\Touhou Project PC-98.exe"
1⤵
PID:3792

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4376

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcb6e89758,0x7ffcb6e89768,0x7ffcb6e89778
  2⤵
  PID:3320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1960 --field-trial-handle=2024,i,8402242270199435645,16616053174091359116,131072 /prefetch:8
  2⤵
  PID:3160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1772 --field-trial-handle=2024,i,8402242270199435645,16616053174091359116,131072 /prefetch:2
  2⤵
  PID:4976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2260 --field-trial-handle=2024,i,8402242270199435645,16616053174091359116,131072 /prefetch:8
  2⤵
  PID:2104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3004 --field-trial-handle=2024,i,8402242270199435645,16616053174091359116,131072 /prefetch:1
  2⤵
  PID:2600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2996 --field-trial-handle=2024,i,8402242270199435645,16616053174091359116,131072 /prefetch:1
  2⤵
  PID:220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4752 --field-trial-handle=2024,i,8402242270199435645,16616053174091359116,131072 /prefetch:1
  2⤵
  PID:1704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4948 --field-trial-handle=2024,i,8402242270199435645,16616053174091359116,131072 /prefetch:8
  2⤵
  PID:2560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4956 --field-trial-handle=2024,i,8402242270199435645,16616053174091359116,131072 /prefetch:8
  2⤵
  PID:4156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5152 --field-trial-handle=2024,i,8402242270199435645,16616053174091359116,131072 /prefetch:8
  2⤵
  PID:980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 --field-trial-handle=2024,i,8402242270199435645,16616053174091359116,131072 /prefetch:8
  2⤵
  PID:3476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 --field-trial-handle=2024,i,8402242270199435645,16616053174091359116,131072 /prefetch:8
  2⤵
  PID:2204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5232 --field-trial-handle=2024,i,8402242270199435645,16616053174091359116,131072 /prefetch:1
  2⤵
  PID:1388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4884 --field-trial-handle=2024,i,8402242270199435645,16616053174091359116,131072 /prefetch:1
  2⤵
  PID:3924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5396 --field-trial-handle=2024,i,8402242270199435645,16616053174091359116,131072 /prefetch:1
  2⤵
  PID:4008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5016 --field-trial-handle=2024,i,8402242270199435645,16616053174091359116,131072 /prefetch:1
  2⤵
  PID:3852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3372 --field-trial-handle=2024,i,8402242270199435645,16616053174091359116,131072 /prefetch:8
  2⤵
  PID:4964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5616 --field-trial-handle=2024,i,8402242270199435645,16616053174091359116,131072 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:4220

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4848

C:\All Touhou Games98\Touhou 5 Mystic Square\rt5sandbox.exe
"C:\All Touhou Games98\Touhou 5 Mystic Square\rt5sandbox.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:3024
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 952
  2⤵
  - Program crash
  PID:1724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 3024 -ip 3024
1⤵
PID:4172

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb6e89758,0x7ffcb6e89768,0x7ffcb6e89778
  2⤵
  PID:4836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=556 --field-trial-handle=1792,i,16673327789867278280,11139202068125169933,131072 /prefetch:2
  2⤵
  PID:2112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=1792,i,16673327789867278280,11139202068125169933,131072 /prefetch:8
  2⤵
  PID:5104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1792,i,16673327789867278280,11139202068125169933,131072 /prefetch:8
  2⤵
  PID:2496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2868 --field-trial-handle=1792,i,16673327789867278280,11139202068125169933,131072 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2860 --field-trial-handle=1792,i,16673327789867278280,11139202068125169933,131072 /prefetch:1
  2⤵
  PID:1684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4656 --field-trial-handle=1792,i,16673327789867278280,11139202068125169933,131072 /prefetch:1
  2⤵
  PID:2456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4748 --field-trial-handle=1792,i,16673327789867278280,11139202068125169933,131072 /prefetch:8
  2⤵
  PID:1824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4804 --field-trial-handle=1792,i,16673327789867278280,11139202068125169933,131072 /prefetch:8
  2⤵
  PID:3524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4956 --field-trial-handle=1792,i,16673327789867278280,11139202068125169933,131072 /prefetch:8
  2⤵
  PID:1012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 --field-trial-handle=1792,i,16673327789867278280,11139202068125169933,131072 /prefetch:8
  2⤵
  PID:4012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 --field-trial-handle=1792,i,16673327789867278280,11139202068125169933,131072 /prefetch:8
  2⤵
  PID:4164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5328 --field-trial-handle=1792,i,16673327789867278280,11139202068125169933,131072 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4956 --field-trial-handle=1792,i,16673327789867278280,11139202068125169933,131072 /prefetch:1
  2⤵
  PID:2640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3040 --field-trial-handle=1792,i,16673327789867278280,11139202068125169933,131072 /prefetch:1
  2⤵
  PID:4020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5724 --field-trial-handle=1792,i,16673327789867278280,11139202068125169933,131072 /prefetch:1
  2⤵
  PID:1652

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\All Touhou Games98\Emulador\TH01.lnk

Filesize
999B

MD5
d762426bcea9e12619c30d6c76189f37

SHA1
0b28c3650872cddd00f9153abec4cc9f6f5f9a8c

SHA256
d2a5717cf2fd9ced8036c319eb83034c2003d423960c7ec6b53b3d531f155215

SHA512
d1029cb58d9fe5f51335be69b34420f8c66a45aef06d834840b879cac320a51580969221bd114b77f76f885f338ce59eae888db60a790cfd7bb4e121cabb8d1b

Download Submit
C:\All Touhou Games98\Emulador\content_video_history.$$A

Filesize
197B

MD5
eccda3f9e526e41bbb05dda695fe6f17

SHA1
978a80769e0bd6997bffe4bc5c01cc9d5cbd9e68

SHA256
fb00146eff0bee0ad4679035a265bab2c20c37bc2e27430ea1073ce0f40dc9df

SHA512
12246f0f24424964990dad3696597b06980f72831876b2b7cc9d0708aaafdb1045047b6d75fea1af1d4a19add210873bda4a971c00c43daddbde4130dc19eb34

Download Submit
C:\All Touhou Games98\Touhou 5 Mystic Square\13.ico

Filesize
264KB

MD5
dac077ff4f00bb5e057774a13019ed57

SHA1
ba1bfa8d3cf9d3a81c28304afe482771377fef3d

SHA256
536203d804c453ec322844697d2f21ee2959fe8b636b0d021a3a7e8eee162c0b

SHA512
ce6dc920b64865108e611cabb5756f0e0bc7028d0987d38b3a9de1991068ad474859586d5b39e1838a18ccffa35d8a664acae06a2fd563c125b5e14b0d191f28

Download Submit
C:\All Touhou Games98\Touhou 5 Mystic Square\GuruGuruSMF4.dll

Filesize
144KB

MD5
d54ea3ed7a48120669cc394e45f49964

SHA1
1c58c6211b17c70e1785e02e5530b11f4b76fe77

SHA256
838fa1dc5a2ef366570bc8b19757aad51623b4b898caa0ce788abfb0a17d3771

SHA512
c28db376e8e35be6ea64cde46a7b1aa5ee6cb25c4834ed104c10c2771478e3a54bbf4647534eb0016aa595e1403f214143636e1095a5eaed6361d9ea617bca75

Download Submit
C:\All Touhou Games98\Touhou 5 Mystic Square\GuruGuruSMF4.dll

Filesize
144KB

MD5
d54ea3ed7a48120669cc394e45f49964

SHA1
1c58c6211b17c70e1785e02e5530b11f4b76fe77

SHA256
838fa1dc5a2ef366570bc8b19757aad51623b4b898caa0ce788abfb0a17d3771

SHA512
c28db376e8e35be6ea64cde46a7b1aa5ee6cb25c4834ed104c10c2771478e3a54bbf4647534eb0016aa595e1403f214143636e1095a5eaed6361d9ea617bca75

Download Submit
C:\All Touhou Games98\Touhou 5 Mystic Square\PMDWin.dll

Filesize
148KB

MD5
6913dcaa775fb136fbf8b517ff2275cd

SHA1
dd134722407c9dc54edfbe4a43129e0c1b4ec0ee

SHA256
1c7f09ae7db93c3165d1e03f42189e168b981dcb17c5444ac2b12517de25647b

SHA512
df5aad24a459468a0d62325f975653bf353b1226c2ee434dd05a87fd862c3350cc4e3ef9b4cb7b2ceda4dce6c55d2019136122429824c08b2c37e6c860ac9ec0

Download Submit
C:\All Touhou Games98\Touhou 5 Mystic Square\PMDWin.dll

Filesize
148KB

MD5
6913dcaa775fb136fbf8b517ff2275cd

SHA1
dd134722407c9dc54edfbe4a43129e0c1b4ec0ee

SHA256
1c7f09ae7db93c3165d1e03f42189e168b981dcb17c5444ac2b12517de25647b

SHA512
df5aad24a459468a0d62325f975653bf353b1226c2ee434dd05a87fd862c3350cc4e3ef9b4cb7b2ceda4dce6c55d2019136122429824c08b2c37e6c860ac9ec0

Download Submit
C:\All Touhou Games98\Touhou 5 Mystic Square\PMDWin.dll

Filesize
148KB

MD5
6913dcaa775fb136fbf8b517ff2275cd

SHA1
dd134722407c9dc54edfbe4a43129e0c1b4ec0ee

SHA256
1c7f09ae7db93c3165d1e03f42189e168b981dcb17c5444ac2b12517de25647b

SHA512
df5aad24a459468a0d62325f975653bf353b1226c2ee434dd05a87fd862c3350cc4e3ef9b4cb7b2ceda4dce6c55d2019136122429824c08b2c37e6c860ac9ec0

Download Submit
C:\All Touhou Games98\Touhou 5 Mystic Square\glew32.dll

Filesize
297KB

MD5
9bc2f291ac86a72ecad3955067feaa13

SHA1
29cdb8249eabaedbdcc8bd83fb06e7ae575155e8

SHA256
08a385cd28820d15e34594935d054298074b9b46152cc1a723b956f0b3220997

SHA512
61381216e937dcec0405a46e7917cad266fef07098b99258171f48796c8906aeb281cb75f523ffc5dbcea3cea197bc4809be1a3359d6584fea9c8b3c1fa60199

Download Submit
C:\All Touhou Games98\Touhou 5 Mystic Square\glew32.dll

Filesize
297KB

MD5
9bc2f291ac86a72ecad3955067feaa13

SHA1
29cdb8249eabaedbdcc8bd83fb06e7ae575155e8

SHA256
08a385cd28820d15e34594935d054298074b9b46152cc1a723b956f0b3220997

SHA512
61381216e937dcec0405a46e7917cad266fef07098b99258171f48796c8906aeb281cb75f523ffc5dbcea3cea197bc4809be1a3359d6584fea9c8b3c1fa60199

Download Submit
C:\All Touhou Games98\Touhou 5 Mystic Square\rt5sandbox.exe

Filesize
926KB

MD5
08926572c5551be5a39f2b6335313ad3

SHA1
09ca5e396bd01a775be17c750cb3f017a3b2ba81

SHA256
7795f57c25b51d934911da80312fba2cf6f4ea3dbe63f1ccb9d7aedc4618e9cd

SHA512
d94792afa5f25ca27094cc00703ccc70e48f8f6a0b09dfc0af17f9fb7524961c6205f2d13f6175a9614746bc214057fc883df702ac3ebd5991d2514823f0e187

Download Submit
C:\All Touhou Games98\Touhou 5 Mystic Square\rt5sandbox.exe

Filesize
926KB

MD5
08926572c5551be5a39f2b6335313ad3

SHA1
09ca5e396bd01a775be17c750cb3f017a3b2ba81

SHA256
7795f57c25b51d934911da80312fba2cf6f4ea3dbe63f1ccb9d7aedc4618e9cd

SHA512
d94792afa5f25ca27094cc00703ccc70e48f8f6a0b09dfc0af17f9fb7524961c6205f2d13f6175a9614746bc214057fc883df702ac3ebd5991d2514823f0e187

Download Submit
C:\All Touhou Games98\Touhou 5 Mystic Square\th05.lnk

Filesize
858B

MD5
8b9fdd3cf09a53ef45615ec4e401d30d

SHA1
d3a78c7736324dcc7c25ba1aafd7ab64b34aeee1

SHA256
0c7d9c9b9a0f8d74b255db836122d97013456da33c8c90caaae5b3be3becec20

SHA512
2d1722e1cd8c4dc8e465a2eb26936a2248f2917a4b4fbf71bf66e4737a81663ce5b02f2109925dd6c2a58aaf45478ce81917d78c1f6ca60e9cb74f457ad1c9ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
9d771adbd5c09d6d9704f65cb232cbb2

SHA1
74ea80d1179bcf78fabe7f81a04593eb2d874fc3

SHA256
4913f49482efb46f923cc44a8231bd48e3ba56953d109ae0572dc37582da42a4

SHA512
8fd115518ba58288269554eacc9ca86c25a1801715d766c22079e54303c229242c73b4a81b98597f3efa27b727fab63802c7798233b3f559ee399cfc536762a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
9d771adbd5c09d6d9704f65cb232cbb2

SHA1
74ea80d1179bcf78fabe7f81a04593eb2d874fc3

SHA256
4913f49482efb46f923cc44a8231bd48e3ba56953d109ae0572dc37582da42a4

SHA512
8fd115518ba58288269554eacc9ca86c25a1801715d766c22079e54303c229242c73b4a81b98597f3efa27b727fab63802c7798233b3f559ee399cfc536762a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
70a753476437ada3c878ba36daef90d9

SHA1
600c38dda42277fdd2340b7c81454a28c1868cdb

SHA256
c4a8111344168e6e1c9b46d1cccf8f4dbaa1f2ba921abe3dd79f1e8fb4cb53d7

SHA512
87f3408a3b0f64a4cceefa1fafa16feb848caf4270cb2926a21a18e0e5095cc6f7b33b9a019b32091714c5374635d12fc47f8ad9b27b5b1aef8b2f77f28a0153

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
1549ab9a303e90fed8c19dc7e65aa0e1

SHA1
7546b1b9879f511cb058f80bf1fd9946c1b43f9b

SHA256
298dcd1f0513f44e336eaa70796a89b654ff27e9b9d5d7cf80d9fdc049f99e46

SHA512
2f493ff70ad0e77d254d5994fec7cb9527727258e7df4172b5b0e08e65c0ba0bde008abdde7efc72bbcc95c22d2e26784ac814ca4a3de1f9341b8502780b60db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
58bd22986360491ef2d14550c62f1f05

SHA1
ff0ac182a70ca13a2b71b5417e7f804f82fda2d9

SHA256
576c0376d2c4275f7d460def98e023335643abf24a0567d2dffe4e4d899c7b76

SHA512
ff052a393437ac3765c61534f6a54e560af7dc72aaff15a0a466119f28e32fb450e217949fc89f4aa5b9c3693f55fb0a9da6e2f7e9e5467eda0bea6c22d73bce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
935e96b0634f9cc4612a71099c0142ac

SHA1
0e265fbc5293fda861f348b60221e274ade808bc

SHA256
e221f445d5ca56914cedf226705981a35e3c97ac0bf2bde349ed3c4291c76678

SHA512
0fad81b5afe7f42014d06ba3f1addccb6f98ebf07803ccffe89c5df9e7dca607078e9365888eb79f322fd8a37614621cf312fac235bfbf5e4361107a7bdfcbc4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
37KB

MD5
efb1d311a90a62c1f5a5c12603d38099

SHA1
d4cc72bcaf6f1af621daa89bcd665299082c906b

SHA256
c89b3aaea48066ebaa3c7459deaca8d265ad9c6bd0fa974a387c448405c02fc1

SHA512
142065ac2831693942b5745af0694af10337a4f4bdae69f547e16820673d9911a02ca3cd3ea34c4256647643dc6cf17d5a27c467d5abcac2165acc3649e87791

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
20KB

MD5
923a543cc619ea568f91b723d9fb1ef0

SHA1
6f4ade25559645c741d7327c6e16521e43d7e1f9

SHA256
bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd

SHA512
a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
129KB

MD5
7049a136ba8f8985a08612fd37f4768b

SHA1
bf0af7abbdd6378ecc1d6652244d84cbf8f1ef6d

SHA256
9c4678c31deb7007991b1c5d0dba49f0027681cd8f172539e8d3e595be424251

SHA512
a289d9a9611fff614ffdac33db53b5e10b80bbe98ba9c2582fda1f189298338760ab6931bdbf2ce015df6d7b9bbf7148db580b011d0ad9441cf64d002079f892

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
303KB

MD5
a684e334a56348ccda5215b6b0a6287f

SHA1
106f5e78d888a88cac9198862d0f24708c945b39

SHA256
129bbbc7b7e1395f64373ba4ec4dfc93a4c6d5b05fc64adfa83711204cbb3179

SHA512
79a9324282a26bed40017c3868a100a0d015c2b608d780c5af0b557bbb46ec5d12ec8dafb31d75baf8bd59866c6ed5b98a9dd48f482c20317bb56dfe2f7e2390

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
72KB

MD5
210a5a11cc3c0411190ac78a345c2f37

SHA1
981ef6653e6bf3c3499e6005f5a4983a5a0578fa

SHA256
67744cb0ec664f1cb17bf04ad2996b12f2bd3df8f6172a708ea58acb314960b5

SHA512
f689e9154c9a716307566f6379af9c8ca35c33453a367ef5d1234f032362fbfd0654739a66a6800797fabd37dadcc27e754999e73a2161ae33e385e1d18d94bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
153KB

MD5
a929b8295a1dadbf0a241801fff904dd

SHA1
ceca2f1a699283b331125c2f6993f83350a43283

SHA256
c2a8542ab2141722ce0d4f9991ba4e0a20bc175e6c89d800516cfb52ddf18a5a

SHA512
61a93b7f36e09bd30cab1a0aa41ed7a8efccf4f58e359cf3ff755952179a69beb0e760811c62b0d2fcd78c8a5bc87dc4f481f232edf6ad7c56dc6adf9aa99633

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
113KB

MD5
408dd72b7742671c35195ffc6a0b05a6

SHA1
1d0011fd920fcf94b1b8a6586f9fc587c0bff26e

SHA256
b428655c80e308c2803e12da5bf8e0fef918c12ee516b4bbb7b6e516d68d9a55

SHA512
6e54018a4a9e18ba2e27f0bc70052b72c4e2a123e72627c8a75602aafd6e057d2006b708f22fa0f17b06a9cc3539c1c72f2351068c27cfc1ee21ff3caf6cd094

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
39KB

MD5
17b9bb9509fa8aa6e3ef890dc6cb9917

SHA1
81d4f55fe01ad0a40d0d798b102ca826e97c0de1

SHA256
b1e8315c3e639293576ca2ff44b6374643ec3d70faad0b74972bd3d0183d1efe

SHA512
0a22b4d514642116d483d522bf3a86ac3fa4ed7e9931a67e401cb98ced433316711416f49682ba3014dc0249356a65122e09465d84331574c59e62c293b0344c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
480KB

MD5
90c631a2abc8104b8984df39d95ce007

SHA1
d38fba3da21f8f024c3e3fefb801fa369e60d816

SHA256
133427c1ee297d128ab7f3c3c44916f665c8fa2fe3cb72a6103bbf582d332fbf

SHA512
1b002993ca8a115f1d5c1e9faf42243653d86af9795da11223b02e68758891d4ce50ed0caf4dfe3dc2abba2cd4d226e412fa0deaceb2f8a4d5ce65cb83cb179f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
199KB

MD5
fa468427adfc3296248d57100a0b1373

SHA1
8d2a858cc215b805c198e95ce4508070d1c09239

SHA256
279f60e36afdbe1f88c7fd0fc86b4ca029f7d6152541634a66bdbf85e176b1e4

SHA512
4b87df5db5278b7546f7e2dcbc65b0e9a3c16ae35e79bc5d8bb14ed2c692575f01993ded50b8b2cfb94279397a6fc238133fc8c5884578b114eddb5f52bad948

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
17KB

MD5
9928507995847ca9b07ff4ddd1c5b10a

SHA1
95c72519361edbc5b0fa887136e8a5bb0b4fabd0

SHA256
030762d05d9d4a49564ba0b430f3ec51d82ae8e8de12fddad58e8e2bf6cf748d

SHA512
8c4c689d21262e4f905a53b40fef198d2a792ecb94da232eff412b17729a6f5296d4a70d60f593b7ac04ae7df0cec7d90989ad94d698d2441b836a04f79b3b05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
20KB

MD5
35957ced81c02de5254ec3a4803892d7

SHA1
53d0945046ca7ee1a70d3f164673611203afda77

SHA256
54414ed9ef1b77f10278558ee8ad9ecc1cbf9bb7ddc03b708b4ef0dedae1fb44

SHA512
e5b5fa0c48ad177bc16f39b09e48b4f7382633795cc78ac835eb28fb05d929ac7e0300702cbed37141846d8c4986141da255dfb145cdbe0632ede1c043c125b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
235KB

MD5
b687f0ef1985b84292a99021b887f581

SHA1
294975c518c99354d7701f5d561c727ac0bd7f65

SHA256
4e6f836b1f9e55beaa5c981df5a929f67918cc537a4a696a8b65d473143aeb9d

SHA512
8898142736781f9cb4a44c4d9c6b9e3089f5b6d23af2b5ae73e0d9f7427570f54d98f62f3b4705c750e005273529167b1c1290daeddc43d3e5bafa9c4b205a99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
84KB

MD5
852fe0cc118cdb16bcd51f4cb1d9824b

SHA1
50e2675b0b951b8d84832f2c5b362084113ba3e7

SHA256
ec03587d95ea283baa7bee56878f492ebffdc8f355df933dbf7481b864c9549b

SHA512
64795c75f7de8a9937952a7d053f7dbf01028ef5fe0c43c8591a47f71bca22081f30ec5a558a1868e46c8cf524fccfcf50f386ec081cd101afb4e1ce019404aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
200KB

MD5
2e8a9a067a8a24ec302f5793c757dd1e

SHA1
08908fee01643a43d8b59d6e3357d16852236854

SHA256
70d9911c05c22114f5799daa9aaf249cbc2d3a5e8fb110e72f4f15eed28e5ce0

SHA512
b05803d217f0cee54192687895793c53c404f32ebf2e8713eff63d32e13fb097e76af8e688d5eb1f2b5a1791a1f4335d7330f19b5c403d3b278c7e401673d980

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
31KB

MD5
b59effb914f7babb084aca087af04647

SHA1
1510a1ca30f47210fcb139a54d941adcfc00e837

SHA256
1f2eb68beba60f9460ea4cce489406db69cd89da1cc9f75da0199dcc52d451e3

SHA512
17cf6aef3c9ef3ae6f892f7b9b5cf3c630d57534c9cc78774b76e36c562cd79171530bd32dcc50f69cdd9ddd36b0e132b3ef9398252766e8cbeb6cc9066be2b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
73KB

MD5
d009ac7542c7e8fb1b0581d2fc305429

SHA1
d6b544b8a0379dd52d849f3b28b5c77d8706380f

SHA256
97b8af4bcabab0885fafe6392e261e159941a8118698bf94479abb5034f0e01f

SHA512
aecd03c2d4ce488b52d1d7ffebc8344ff8274d385ba242430ddbe1ad3f224cf26733861b0a3ce3be85d95350f14bcb06cabb8fc787e10789b89a65d6b2952ae2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
145KB

MD5
b692a5ec0bbe28b36076a86330f23e23

SHA1
ed59107df6aea7186a39585f93fd633ef10219ba

SHA256
12a717367af287b090030c6136c673990ea4366c7a76eb7161e17f3b2ef0733a

SHA512
eec1bebf899d67205d7b4bb206e9434fea1379665f7c31c55e099a331ad5f33669fb0ce4b31444798f8d3268a6b472f6a725257daae50c0d82b96c46fdf7b968

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
90KB

MD5
9cabf7f1b4cedb0b2014b08af077c2f4

SHA1
2754934cdd7af3787e7357e5ed2194947d3b1847

SHA256
4168b1e05f0cfe3949190cbeda35343ee0d92092b913649194fde3ece66a69ca

SHA512
2b7318ded7d2ea579e435beb82121e976b2a1e921adc24de58cf03a4fe136be4d8632919488629a9468365209da5a33284a2c857796fc711e236b891bf7a6f81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

Filesize
184KB

MD5
990324ce59f0281c7b36fb9889e8887f

SHA1
35abc926cbea649385d104b1fd2963055454bf27

SHA256
67bcedd3040fc55d968bbe21df05c02b731181541aff4ae72b9205300a4a3ecc

SHA512
31e83da1ac217d25be6e7f35a041881b926f731fff69db6f144e4fe99b696a31f9ab7766ca22cf5a482743c2a2d00a699ca2c2d67837a86c471a2dd3bed9ea1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
fd92b5537f9b6cf7e5cacfafcb4ff239

SHA1
cfafa2e9db5ae950faa35434abd0db3c99b7d9f8

SHA256
f78c74eeefe1291adf16faff4f865e14ae987e2d24c2c0b6c73af0195a0628cf

SHA512
b5c0f865e5e841f0dfebb1a207c53c335f63522978dfe9eea36c434fd552f99dddbecfc0a06c184f7229e2d1d0a94f16d0882e62895e2d1c013c50c7920974f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
888B

MD5
221166eb9fc1837cabcdbccfaa31b7da

SHA1
b77bc0e3bd761931ac6717e42f82e727fde4b258

SHA256
8fd0685cf99e2ff3b31122594aca3ebb4b5ab97f8a028d018e2bed54268406b3

SHA512
863c36789658491405654ec04ba6d12f7a58c2d182d840615e0e957a1e84812a74c0b0119d31c3fdedd24862a2554af326ca58845eec807a1bfa0886b9b572f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

Filesize
24KB

MD5
a309c43ea8b794c2084d1b065e62f120

SHA1
54fc3ae6ea427e6d328a89cb93933a641a8d8fd6

SHA256
c7ea0cc8aa3af207654f74b5b7978770370f11e9a88dcca4b987d62fe563760e

SHA512
e8d09357b55e8f889e6ddc01f3135215f00165e16ff75aeac1d1480c80cd839074f76a473e6fa33b63ae521ec5d40e03fc2a1c7eaeaa436a1fb3afc5628c5fe2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
619a749cc2a155fbf7447dec2200d7ff

SHA1
2db05772a3b9b95b3f0fb0fd72c87bb301830e65

SHA256
c8c0f81d33eea7aaeccf9481811006b32db17cb80ebe8eae5c1f421d0e9b6092

SHA512
04d33119af35124bcd32718343cc4046b4d070069ffac0d19c10fb545699dbb5d92aecdaf3b7855a9e0ce287e64cd6a60b6e23aee3fb26d6756543b2f8a631bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
148KB

MD5
b704119bae3e0ed7af525c2566113f1c

SHA1
4d65d4a7992faf0855abfb4fb1c51cedcf77c172

SHA256
b8210228ce5e55b7496bff73b00ed6e35d8cfc68d3db9c642ef0a8699da5daca

SHA512
a4b72532a6441c7ad3fa0ad4771c4b5dbcbb740d0ba18767a926eca72a790059233a2b9100160915d04f14f2e547dd1fb2a33d65896ad19cb5d267a88cd9badc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
62556c74ebfecc16a6c3aa0a211a4912

SHA1
6286e7eecf8a8799e171d4b328dfa3f6541cb1ce

SHA256
1bbc49eb26aa902a5e85252b788a7ee39d64c0ef3e7f4be726c95566e7d8d5cd

SHA512
62bc0a0d70794ddf8809d54ec165f100aaf57378bdef5ad0e11bc5dcaeb4569c25b15f00dae62787a60121449be2b5513e687d855d01c96c4a01f9dabc9370c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
873B

MD5
dfeee45d1e03806a051dc709ed5e2502

SHA1
63bd771276c4d99649281a4ce8b7d567dfaa8ca3

SHA256
07db252ba9d3823f3b01871762977b1f0691b20cb65bea9801a9c4fe4c1e1538

SHA512
c80df1a0af38415a45d86d4bda62b3ae3982cc51b57838db7f092dfe13b278395cfce4b46699e5bbab2e30548067ef0069f12443172de25801c656f747dc2092

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
873B

MD5
d6b36c611306550ccdc714cf2dad2795

SHA1
8bf737c74272b721c45b649d36d06fb3d85db44a

SHA256
dfb1b5cef2a1acb99311e844ba9f22a40d1eb86faa433c2b4505aefed7c71c20

SHA512
74ec11bed343b74aaa3cf3e7525741a2b388e3afcf343afc6b0e29f9eac56c6adb3dfe753edb86b91aad943ba9c7420cbaa5ee39b8af694c15527451378ca7e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
d1428bd6ff43d390e0c1dfc3d5753aac

SHA1
86b1a475f6fb54cea62ddf968b8e89d960906bb4

SHA256
27c1a1d28b1b5987375f7b870aba3d0cb1bd3dbe6fe4118e4434be31979dab3d

SHA512
98252681c864e8c5ca42be8e97af3635edb29b75296ffc9eb719cfd6a989b7d7d2b16c39a84136001ab5ff8cd9850c46369b3d384e83b86d33f48ce5684b2ca7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
779f37f53fc8761111a4cffe81c380cc

SHA1
66426a7fb8106840638ae7bf6cdfbb07a9214841

SHA256
38e63cb82115f52e06083bc7b775a9a4acbb14c4e41c60bfd6d5ef4610ad29c8

SHA512
566a30404e04d55dcb72a07dd6fec345e014813f54922d88624b8c5a905d4234508856f6f3f20ac46ba19f3053c2d60d8b3abb136f1a77de19db44e153103019

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
98a4fd1a751dba36c25ea6ccd719cf65

SHA1
e1bb530e84bf33a395de61eb9306a7a8745fbc04

SHA256
9eb469bb7e489469199101fa52b7b8ad93c390b2141d904c35e743f99be116d8

SHA512
b67e3d229bf19a9bf3e8fccf70289d0de0603b15fb4f2c4fa6f90d2dff9e4d75ab2c24877ae6781dbc6bef9ea579fb02953bbcbf24d446fb165282a8905c8354

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
50cd36ea37cc64d241e4e4ed4db941b8

SHA1
3c9e80d9c96852e822b3df84d6c7902969b8ab16

SHA256
cec3679581d3f62416f4e449119f655d080297346011753b4886fc673c55787f

SHA512
f457ed63ab7208a509f41fd6b89aacfe79d3af689a2bdec641f2982854000256f74320fefb8688eb1971c5c06f7c706ed46fe6a7a7c3d3f27c521a4bb684491f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
50cd36ea37cc64d241e4e4ed4db941b8

SHA1
3c9e80d9c96852e822b3df84d6c7902969b8ab16

SHA256
cec3679581d3f62416f4e449119f655d080297346011753b4886fc673c55787f

SHA512
f457ed63ab7208a509f41fd6b89aacfe79d3af689a2bdec641f2982854000256f74320fefb8688eb1971c5c06f7c706ed46fe6a7a7c3d3f27c521a4bb684491f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
e75e9a51f0a04639b6b98839033d5000

SHA1
a5aae974502eaefd62bad7b073a6a12db10581b4

SHA256
3f51c2146c59e60e5dcf084da8f6e2ad3679d23509051ce8b3b82effeab97a11

SHA512
bde78b57c16385eb155259c452d00a830bec029e78165d54911eacd33502dedb1c8fc8a67426dfde2a1047c8a42375754c709c0a90b945c62a15b3e916fb7f28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
65469014742fe6f1868a75a79a5977cb

SHA1
c6186427a91f74a6997e2f71bbb6f5917106821f

SHA256
4e03c21ebe09f7e41a9af0d7f7642c0977b349505025367a8016426e53867c5c

SHA512
87cebf8ee5951cead683d84aa2659a1392adc1af617d398177108c614d829cce74bca8779999521ab8bae687931ba6f6571047026bc9c9e03690582ddfce6953

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
4ae6dbd9a834fc8ce15273b38269e44a

SHA1
dc8ad75c8c38ef3bcbc00f99ec8b4c5a77e752d2

SHA256
0a1a40af2e3f196eb4a67115fd9c9da4752f2a5d0b050154d65d662c5067fc6c

SHA512
ae445c088e3b716b63f3baa391ddbf11efa2718c3d265d7173b7b1ef6232c11096b608c3d3de33254e469f75008579099e98ec9daa4437af1a8e5899d400e457

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
4ae6dbd9a834fc8ce15273b38269e44a

SHA1
dc8ad75c8c38ef3bcbc00f99ec8b4c5a77e752d2

SHA256
0a1a40af2e3f196eb4a67115fd9c9da4752f2a5d0b050154d65d662c5067fc6c

SHA512
ae445c088e3b716b63f3baa391ddbf11efa2718c3d265d7173b7b1ef6232c11096b608c3d3de33254e469f75008579099e98ec9daa4437af1a8e5899d400e457

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
0e5a36f4ee8840e526bfb84d5d9d8cd4

SHA1
89f52255fa09e6fa60d98771731797862c7681d4

SHA256
dda498b40fea8267c8bfa95d95635a92b1f748f72194dd21aee498255ce5ea3d

SHA512
b3dceed30ef237b39ad88a3e72475838efe2f4d334ed9b40c70213a521b27e0ad866ef0550421b769de479ecd4f1c6747af811407a397384b78342b7becfc94d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58ebc2.TMP

Filesize
48B

MD5
ed939922274f6e06a536e7eaedcd5947

SHA1
a12cb1433de61d2db09689f5dc6a8f3a237b61f9

SHA256
9bf668231fef49b07ee21d62ceb008a9a6ab4bb43cad54ff5747199c816b9f22

SHA512
f9c3226215d299148904f4bc23ed235ce5a18a9a9f6b0ac65d46657db7f0a2a9b6631674a417f8604e8c08a992f6432ab9fe8cac340553a527abb50934b4263a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
1b15b0933dfe39a92db5ad3015a3eb7f

SHA1
640a845ace2ed8c0b95bd689357408e8b97de137

SHA256
e4d838f6507e5db9c07531ec3fa547d1441f72bf4308f932c242f48d168cb415

SHA512
f83f7ca506d6d679659f7d7938fc3422db153b6b30ae3e24b2fe3b8c7b5b2daf07db48e1b4ff6959a36a06b690d9d7ba5586954ac189ca69563ee71914ed14f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

Filesize
128KB

MD5
5c7671162a52ec10143676e58fda3156

SHA1
26be6846ab93646cbeee8020324c7114d1b1a04c

SHA256
375783bc6c880b8e8bf9f479fd36ca59d8954444c06698f51ee8ff7370ae3344

SHA512
83b427ff0f25b771a3fc6975906933ba2d4a9d965a7e4af6a74720921e367f54908a6297d42183bb8504464f7bd56db1068df553ce279e859c64eb7de78a0974

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
214KB

MD5
cc969c386e1f8f3d7b1e7321c049bf48

SHA1
d3faf1416a90a9b530e0502d45d5d4595172b9bb

SHA256
5733ad04c8562b335c0fa14d41d937c1109c30e6976607858cf835c244980713

SHA512
d1bbb2dc466ecfe15e003ea4e0f7c01dc87d97b033019f3bb0395b46b2a557b2503faf4ca8a13f51ed7dabb6ab1545dac5aa01d7db0b5a92757f0575473a8931

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
f9d281a581a2087120fd63ae9025c2ab

SHA1
93ae834c90ae364abacdbb4488cc11ee7041af73

SHA256
166e5078f7660605c55387257ddd7600288338d4abedcd48202a85cbb8516af1

SHA512
36c1d76620f6e45ed5a7219b4c3183e42cc02a7f983bb39da0a92655c2d7815fa25e9e3f48205b558c74db2530d02a4574dcfc87e50bcd558c2062f99b38a0d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
214KB

MD5
b06f0158552da0cf7afb25228de43caa

SHA1
4455bda967da3eb3dcd41d5e59d3515e24efe21f

SHA256
2decbe91254ebdc967afaa31d7937f3af545ef9ba90683a6c0b576b82fb3a570

SHA512
1477865524b600a014945044113b318ccb284529caf9952752f55205cf11b32bd9f39b01632d0e101d9caf3c896d39f8737904236290b036c7d2d08fa4406d5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
214KB

MD5
b06f0158552da0cf7afb25228de43caa

SHA1
4455bda967da3eb3dcd41d5e59d3515e24efe21f

SHA256
2decbe91254ebdc967afaa31d7937f3af545ef9ba90683a6c0b576b82fb3a570

SHA512
1477865524b600a014945044113b318ccb284529caf9952752f55205cf11b32bd9f39b01632d0e101d9caf3c896d39f8737904236290b036c7d2d08fa4406d5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
fca6427a6fd2c2472abf97ddcbd83cd6

SHA1
1d3c37b564b8311d59da65abb6c81f2edd320b06

SHA256
43edc93843a8c497d0751f267593d4dfc70fc404262b598f20d06bc8a96fa4f9

SHA512
2301ed4914da142278f904c173f0e985caf5cb83b85a4cddd70105f98693f5ce392970106ed9e219739d39ff041dbddbbf17c04fabe71c673b5ffcf8e7e2505a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
0e3c400e768aeff5d343459fb33c5813

SHA1
1e88b972d431b3ec6cb58fe125d32e1fb33107a4

SHA256
8c545341a3c179e3fa141e587c5d8589dc8772c1cb11ddb6f264126513c910fc

SHA512
cd208aebd13e17d3ad4416c7d79c85ea6fa4fd36a2f9cb84a429ba755f80763914c3bfd87d2d632a76faf249f4b1f775244763347eff3ae878c4cb97c852ca74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Desktop\Touhou 2 Story of Eastern Wonderland.lnk

Filesize
997B

MD5
904c678fed19c149484c3a4f917bc7c3

SHA1
b6051280b5fb9e1c330ad6c2c4acc3bd41957e8b

SHA256
3903503359e3454379ac3be95becb6a91d1b63493f351ec41a3750a912832517

SHA512
37a637a4bdb276ed487f987f1f03aabd989afb16f5ab86212a9e8b355dcbba19b52c341500d88aeb62719f0643f25c0010ac38febb612ec3b527bc47c34691d2

Download Submit
C:\Users\Admin\Desktop\Touhou 3 Phantasmagoria of Dim. Dream.lnk

Filesize
985B

MD5
0e372c4517afb3ecc112be64e85ebf2c

SHA1
7e22f52c955165d5b01b1b5f4dad739ee8328628

SHA256
8f273692b674e211055b3ad16c3c7f0569ab2b172fbffdce411e736ec35b721f

SHA512
3630a3cf594d3841920671fa2cf98eb89bdbc8335b684ac4daa152e8225d3512f8c5a2e29c30cad731b58414ee3a5f07874bb9d309fca6a8c4575b8d463c35c1

Download Submit
C:\Users\Admin\Desktop\Touhou 4 Lotus Land Story.lnk

Filesize
975B

MD5
de6dd69f2fe80984dfbc5956257f1891

SHA1
38942a4211f51611e9ca359329f6e662d2aca657

SHA256
7b7ce92edf97bb8334d70743cdb47457a2eb4fcccde5eff9a89eb912a4b5fb2b

SHA512
7928aba33d19001c6790d3f28c31f50160a3bde594b6fe518693bf259113765a673d8a7d4578a1369e6dfb041d0b3695a28b5b696f6aac3ce2b5e5d885eb375f

Download Submit
C:\Users\Admin\Desktop\Touhou 5 Mystic Square.lnk

Filesize
858B

MD5
8b9fdd3cf09a53ef45615ec4e401d30d

SHA1
d3a78c7736324dcc7c25ba1aafd7ab64b34aeee1

SHA256
0c7d9c9b9a0f8d74b255db836122d97013456da33c8c90caaae5b3be3becec20

SHA512
2d1722e1cd8c4dc8e465a2eb26936a2248f2917a4b4fbf71bf66e4737a81663ce5b02f2109925dd6c2a58aaf45478ce81917d78c1f6ca60e9cb74f457ad1c9ae

Download Submit
memory/3024-1334-0x00000000015E0000-0x0000000001619000-memory.dmp

Filesize
228KB

Download