f32e218b4ee725d66f699b9ac8dbcd6ff1991aa9b23bab22d5ad995e6ec4c322

Analysis

max time kernel
213s
max time network
1116s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
13-02-2024 11:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Osaka Simulator FINAL (standalone).zip
Size

31.6MB
MD5

69c5e729bd4acc28320afbcc863b454a
SHA1

0f7c018b6c95ad80e4cf9c18759af2275777b360
SHA256

f32e218b4ee725d66f699b9ac8dbcd6ff1991aa9b23bab22d5ad995e6ec4c322
SHA512

5b96bd03cb2a09e7cd682afd34be05cee5a0191c87381a9e0a75780c73cf0e7d09f8654290f75ff2d602cf2e103f90cd145623cabb3baff5514f1690f24adb95
SSDEEP

786432:0rVfj800RpKAkTUOM7xj/IetAXqqiXgxXLSPsIcYnpwthlFgqRl:0rm0GpKVTUOMef6q/XLEsNuwthLbb

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat	SearchProtocolHost.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@C:\Windows\System32\ieframe.dll,-10046 = "Internet Shortcut"	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} {0000013A-0000-0000-C000-000000000046} 0xFFFF = 0100000000000000e03e6059745eda01	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@C:\Windows\system32\wmphoto.dll,-500 = "Windows Media Photo"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@C:\Windows\system32\SampleRes.dll,-117 = "Maid with the Flaxen Hair"	SearchProtocolHost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SBE\SAL\FileInlineGrowthQuantumSeconds = "30"	SearchProtocolHost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SBE\SAL\LogMinJobWaitTimeMs = "3000"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32,@elscore.dll,-3 = "Microsoft Traditional Chinese to Simplified Chinese Transliteration"	SearchIndexer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{E37A73F8-FB01-43DC-914E-AAEE76095AB9} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 010000000000000010b19270745eda01	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SBE	SearchProtocolHost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SBE\SAL\CommitMaxCheckPoitnRateMs = "10000"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit	SearchFilterHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	SearchIndexer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32,@elscore.dll,-4 = "Microsoft Simplified Chinese to Traditional Chinese Transliteration"	SearchIndexer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@C:\Program Files\windows journal\journal.exe,-62005 = "Tablet PC"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@C:\Windows\system32\SampleRes.dll,-103 = "Hydrangeas"	SearchProtocolHost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SBE\SAL\LogMaxJobDemoteTimeMs = "5000"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft	SearchFilterHost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\ActiveMovie	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@C:\Windows\eHome\ehepgres.dll,-304 = "Public Recorded TV"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:"	SearchProtocolHost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SBE\SAL\CacheShortPageCount = "64"	SearchProtocolHost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SBE\SAL\CacheWaitForSize = "32"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	SearchFilterHost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones	SearchIndexer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{45670FA8-ED97-4F44-BC93-305082590BFB} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 010000000000000040808470745eda01	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\MPEG2Demultiplexer	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@C:\Windows\system32\SampleRes.dll,-105 = "Koala"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@C:\Windows\system32\SampleRes.dll,-104 = "Jellyfish"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@C:\Windows\system32\SampleRes.dll,-142 = "Wildlife"	SearchProtocolHost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SBE\SAL\ShadowFileMaxClients = "32"	SearchProtocolHost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SBE\SAL\CommitMaxCheckPointPageCount = "7"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit\{4EFE2452-168A-11D1-BC76-00C04FB9453B}\Default MidiOut Device	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix	SearchProtocolHost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SBE\SAL\FileDiscontinuitiesPerSecond = "20"	SearchProtocolHost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SBE\SAL\NvpRecCount = "32"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@C:\Windows\System32\acppage.dll,-6003 = "Windows Command Script"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap	SearchIndexer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32,@elscore.dll,-5 = "Microsoft Transliteration Engine"	SearchIndexer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:"	SearchProtocolHost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SBE\SAL\CacheLongPageCount = "32"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Multimedia	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@C:\Program Files\Common Files\System\wab32res.dll,-4602 = "Contact file"	SearchProtocolHost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SBE\SAL\CacheHashTableSize = "67"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32,@elscore.dll,-7 = "Microsoft Devanagari to Latin Transliteration"	SearchIndexer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@C:\Windows\System32\ieframe.dll,-12385 = "Favorites Bar"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@C:\Windows\system32\MCTRes.dll,-200016 = "USA.gov"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@C:\Windows\system32\SampleRes.dll,-108 = "Penguins"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@C:\Windows\system32\SampleRes.dll,-107 = "Lighthouse"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@C:\Windows\system32\notepad.exe,-469 = "Text Document"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@C:\Windows\System32\searchfolder.dll,-9023 = "Saved Search"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	SearchIndexer.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{F81B1B56-7613-4EE4-BC05-1FAB5DE5C07E} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000c058ad6c745eda01	SearchProtocolHost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SBE\SAL\SwagBitsPerSecond = "19922944"	SearchProtocolHost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SBE\SAL\NvpClientsCount = "32"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE	SearchFilterHost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SBE\SAL\LogInitialPageCount = "16"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\My	SearchFilterHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\Default DirectSound Device	SearchFilterHost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SBE\SAL\FileGrowthQuantumSeconds = "180"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@C:\Windows\system32\MCTRes.dll,-200005 = "Websites for United States"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32,@elscore.dll,-1 = "Microsoft Language Detection"	SearchIndexer.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe

Suspicious use of SetWindowsHookEx 21 IoCs

pid	Process
1688	SearchProtocolHost.exe
1688	SearchProtocolHost.exe
1688	SearchProtocolHost.exe
1688	SearchProtocolHost.exe
1688	SearchProtocolHost.exe
2508	SearchProtocolHost.exe
2508	SearchProtocolHost.exe
2508	SearchProtocolHost.exe
2508	SearchProtocolHost.exe
2508	SearchProtocolHost.exe
2508	SearchProtocolHost.exe
2508	SearchProtocolHost.exe
2508	SearchProtocolHost.exe
2508	SearchProtocolHost.exe
1688	SearchProtocolHost.exe
2508	SearchProtocolHost.exe
2508	SearchProtocolHost.exe
2508	SearchProtocolHost.exe
2508	SearchProtocolHost.exe
2508	SearchProtocolHost.exe
2508	SearchProtocolHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2072 wrote to memory of 884	2072	chrome.exe	37
PID 2072 wrote to memory of 884	2072	chrome.exe	37
PID 2072 wrote to memory of 884	2072	chrome.exe	37
PID 2072 wrote to memory of 640	2072	chrome.exe	39
PID 2072 wrote to memory of 640	2072	chrome.exe	39
PID 2072 wrote to memory of 640	2072	chrome.exe	39
PID 2072 wrote to memory of 640	2072	chrome.exe	39
PID 2072 wrote to memory of 640	2072	chrome.exe	39
PID 2072 wrote to memory of 640	2072	chrome.exe	39
PID 2072 wrote to memory of 640	2072	chrome.exe	39
PID 2072 wrote to memory of 640	2072	chrome.exe	39
PID 2072 wrote to memory of 640	2072	chrome.exe	39
PID 2072 wrote to memory of 640	2072	chrome.exe	39
PID 2072 wrote to memory of 640	2072	chrome.exe	39
PID 2072 wrote to memory of 640	2072	chrome.exe	39
PID 2072 wrote to memory of 640	2072	chrome.exe	39
PID 2072 wrote to memory of 640	2072	chrome.exe	39
PID 2072 wrote to memory of 640	2072	chrome.exe	39
PID 2072 wrote to memory of 640	2072	chrome.exe	39
PID 2072 wrote to memory of 640	2072	chrome.exe	39
PID 2072 wrote to memory of 640	2072	chrome.exe	39
PID 2072 wrote to memory of 640	2072	chrome.exe	39
PID 2072 wrote to memory of 640	2072	chrome.exe	39
PID 2072 wrote to memory of 640	2072	chrome.exe	39
PID 2072 wrote to memory of 640	2072	chrome.exe	39
PID 2072 wrote to memory of 640	2072	chrome.exe	39
PID 2072 wrote to memory of 640	2072	chrome.exe	39
PID 2072 wrote to memory of 640	2072	chrome.exe	39
PID 2072 wrote to memory of 640	2072	chrome.exe	39
PID 2072 wrote to memory of 640	2072	chrome.exe	39
PID 2072 wrote to memory of 640	2072	chrome.exe	39
PID 2072 wrote to memory of 640	2072	chrome.exe	39
PID 2072 wrote to memory of 640	2072	chrome.exe	39
PID 2072 wrote to memory of 640	2072	chrome.exe	39
PID 2072 wrote to memory of 640	2072	chrome.exe	39
PID 2072 wrote to memory of 640	2072	chrome.exe	39
PID 2072 wrote to memory of 640	2072	chrome.exe	39
PID 2072 wrote to memory of 640	2072	chrome.exe	39
PID 2072 wrote to memory of 640	2072	chrome.exe	39
PID 2072 wrote to memory of 640	2072	chrome.exe	39
PID 2072 wrote to memory of 640	2072	chrome.exe	39
PID 2072 wrote to memory of 640	2072	chrome.exe	39
PID 2072 wrote to memory of 1832	2072	chrome.exe	41
PID 2072 wrote to memory of 1832	2072	chrome.exe	41
PID 2072 wrote to memory of 1832	2072	chrome.exe	41
PID 2072 wrote to memory of 2324	2072	chrome.exe	40
PID 2072 wrote to memory of 2324	2072	chrome.exe	40
PID 2072 wrote to memory of 2324	2072	chrome.exe	40
PID 2072 wrote to memory of 2324	2072	chrome.exe	40
PID 2072 wrote to memory of 2324	2072	chrome.exe	40
PID 2072 wrote to memory of 2324	2072	chrome.exe	40
PID 2072 wrote to memory of 2324	2072	chrome.exe	40
PID 2072 wrote to memory of 2324	2072	chrome.exe	40
PID 2072 wrote to memory of 2324	2072	chrome.exe	40
PID 2072 wrote to memory of 2324	2072	chrome.exe	40
PID 2072 wrote to memory of 2324	2072	chrome.exe	40
PID 2072 wrote to memory of 2324	2072	chrome.exe	40
PID 2072 wrote to memory of 2324	2072	chrome.exe	40
PID 2072 wrote to memory of 2324	2072	chrome.exe	40
PID 2072 wrote to memory of 2324	2072	chrome.exe	40
PID 2072 wrote to memory of 2324	2072	chrome.exe	40
PID 2072 wrote to memory of 2324	2072	chrome.exe	40
PID 2072 wrote to memory of 2324	2072	chrome.exe	40
PID 2072 wrote to memory of 2324	2072	chrome.exe	40

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\Osaka Simulator FINAL (standalone).zip"
1⤵
PID:2092

C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
1⤵
- Modifies data under HKEY_USERS
PID:2876
- C:\Windows\system32\SearchProtocolHost.exe
  "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-3308111660-3636268597-2291490419-10001_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-3308111660-3636268597-2291490419-10001 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1688
- C:\Windows\system32\SearchFilterHost.exe
  "C:\Windows\system32\SearchFilterHost.exe" 0 512 516 524 65536 520
  2⤵
  - Modifies data under HKEY_USERS
  PID:2228
- C:\Windows\system32\SearchProtocolHost.exe
  "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
  2⤵
  - Drops file in System32 directory
  - Modifies data under HKEY_USERS
  - Suspicious use of SetWindowsHookEx
  PID:2508
- C:\Windows\system32\SearchFilterHost.exe
  "C:\Windows\system32\SearchFilterHost.exe" 0 512 516 524 65536 520
  2⤵
  PID:1300
- C:\Windows\system32\SearchFilterHost.exe
  "C:\Windows\system32\SearchFilterHost.exe" 0 512 516 524 65536 520
  2⤵
  PID:1732
- C:\Windows\system32\SearchProtocolHost.exe
  "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
  2⤵
  PID:988
- C:\Windows\system32\SearchFilterHost.exe
  "C:\Windows\system32\SearchFilterHost.exe" 0 512 516 524 65536 520
  2⤵
  PID:2616
- C:\Windows\system32\SearchProtocolHost.exe
  "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
  2⤵
  PID:1472
- C:\Windows\system32\SearchFilterHost.exe
  "C:\Windows\system32\SearchFilterHost.exe" 0 512 516 524 65536 520
  2⤵
  PID:2972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef33d9758,0x7fef33d9768,0x7fef33d9778
  2⤵
  PID:884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1112 --field-trial-handle=1364,i,5711193447084312680,8047302976061472536,131072 /prefetch:2
  2⤵
  PID:640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1588 --field-trial-handle=1364,i,5711193447084312680,8047302976061472536,131072 /prefetch:8
  2⤵
  PID:2324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1496 --field-trial-handle=1364,i,5711193447084312680,8047302976061472536,131072 /prefetch:8
  2⤵
  PID:1832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2292 --field-trial-handle=1364,i,5711193447084312680,8047302976061472536,131072 /prefetch:1
  2⤵
  PID:1100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2284 --field-trial-handle=1364,i,5711193447084312680,8047302976061472536,131072 /prefetch:1
  2⤵
  PID:2060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1376 --field-trial-handle=1364,i,5711193447084312680,8047302976061472536,131072 /prefetch:2
  2⤵
  PID:1692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3100 --field-trial-handle=1364,i,5711193447084312680,8047302976061472536,131072 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3668 --field-trial-handle=1364,i,5711193447084312680,8047302976061472536,131072 /prefetch:1
  2⤵
  PID:2812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3872 --field-trial-handle=1364,i,5711193447084312680,8047302976061472536,131072 /prefetch:8
  2⤵
  PID:1964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1732 --field-trial-handle=1364,i,5711193447084312680,8047302976061472536,131072 /prefetch:8
  2⤵
  PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3212 --field-trial-handle=1364,i,5711193447084312680,8047302976061472536,131072 /prefetch:1
  2⤵
  PID:188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1060 --field-trial-handle=1364,i,5711193447084312680,8047302976061472536,131072 /prefetch:1
  2⤵
  PID:2020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=1956 --field-trial-handle=1364,i,5711193447084312680,8047302976061472536,131072 /prefetch:1
  2⤵
  PID:2328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3864 --field-trial-handle=1364,i,5711193447084312680,8047302976061472536,131072 /prefetch:1
  2⤵
  PID:2868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3100 --field-trial-handle=1364,i,5711193447084312680,8047302976061472536,131072 /prefetch:8
  2⤵
  PID:1768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2424 --field-trial-handle=1364,i,5711193447084312680,8047302976061472536,131072 /prefetch:8
  2⤵
  PID:2412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1704 --field-trial-handle=1364,i,5711193447084312680,8047302976061472536,131072 /prefetch:8
  2⤵
  PID:2952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1728 --field-trial-handle=1364,i,5711193447084312680,8047302976061472536,131072 /prefetch:8
  2⤵
  PID:840

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1468

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x500
1⤵
PID:1072

C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe
"C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe"
1⤵
PID:2156

C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe
"C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe"
1⤵
PID:2940

C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe
"C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe"
1⤵
PID:708

C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe
"C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe"
1⤵
PID:1668

C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe
"C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe"
1⤵
PID:2412

C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe
"C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe"
1⤵
PID:2076

C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe
"C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe"
1⤵
PID:1996

C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe
"C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe"
1⤵
PID:1740

C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe
"C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe"
1⤵
PID:2660

C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe
"C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe"
1⤵
PID:1940

C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe
"C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe"
1⤵
PID:2856

C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe
"C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe"
1⤵
PID:2356

C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe
"C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe"
1⤵
PID:2916

C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe
"C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe"
1⤵
PID:2740

C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe
"C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe"
1⤵
PID:2948

C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe
"C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe"
1⤵
PID:752

C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe
"C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe"
1⤵
PID:1300

C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe
"C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe"
1⤵
PID:2772

C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe
"C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe"
1⤵
PID:756

C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe
"C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe"
1⤵
PID:2832

C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe
"C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe"
1⤵
PID:2696

C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe
"C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe"
1⤵
PID:1956

C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe
"C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe"
1⤵
PID:548

C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe
"C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe"
1⤵
PID:1752

C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe
"C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe"
1⤵
PID:288

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\init.log
1⤵
PID:1144

C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe
"C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe"
1⤵
PID:2752

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.cfg
1⤵
PID:1520
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.cfg
  2⤵
  PID:1964

C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe
"C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe"
1⤵
PID:1476

C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe
"C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe"
1⤵
PID:2444

C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe
"C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe"
1⤵
PID:1728

C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe
"C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe"
1⤵
PID:2316

C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe
"C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe"
1⤵
PID:2924

C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe
"C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe"
1⤵
PID:768

C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe
"C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe"
1⤵
PID:1500

C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe
"C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe"
1⤵
PID:2236

C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe
"C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe"
1⤵
PID:2704

C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe
"C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe"
1⤵
PID:680

C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe
"C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe"
1⤵
PID:2756

C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe
"C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe"
1⤵
PID:2780

C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe
"C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe"
1⤵
PID:2180

C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe
"C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe"
1⤵
PID:2708

C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe
"C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe"
1⤵
PID:2988

C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe
"C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe"
1⤵
PID:1552

C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe
"C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe"
1⤵
PID:344

C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe
"C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe"
1⤵
PID:2260

C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe
"C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe"
1⤵
PID:2036

C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe
"C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe"
1⤵
PID:2688

C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe
"C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe"
1⤵
PID:1412

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.dat
1⤵
PID:1152

C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe
"C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe"
1⤵
PID:2688

C:\Windows\system32\verclsid.exe
"C:\Windows\system32\verclsid.exe" /S /C {9E175B8B-F52A-11D8-B9A5-505054503030} /I {0C733A8A-2A1C-11CE-ADE5-00AA0044773D} /X 0x401
1⤵
PID:2564

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" shell32.dll,Control_RunDLL desk.cpl,screensaver,@screensaver
1⤵
PID:1672

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" shell32.dll,Control_RunDLL desk.cpl,screensaver,@screensaver
1⤵
PID:1388

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2648

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x58c
1⤵
PID:2240

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.cfg
1⤵
PID:2660

C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe
"C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe"
1⤵
PID:1500

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.cfg
1⤵
PID:2016

C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe
"C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe"
1⤵
PID:2528

C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe
"C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.exe"
1⤵
PID:1016

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log

Filesize
1024KB

MD5
13f57645dfff5534761ecdedbf052cc7

SHA1
ad4bd4d39205af30116630728bf72f08fee71007

SHA256
470c950d31b4edb1dd0d75197469b705d4db4900b0381a711aa37df19938f7e7

SHA512
0d44f09d76f4b0b658a357bf3709d1745ce4be7e4883bb45a31b1fe3ac82c9b69667d2361295e4df6dabab36543e45a3232f835e38ddc931f7236b119cd652cf

Download Submit
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log

Filesize
1024KB

MD5
8af8c682a95c515e7fef718da27ccfb0

SHA1
d626f5a9d884a8cb62199213e335b85d220af805

SHA256
85b0048740bf508d5f1901330089d9d3bc9d5004e35a31ca667dbcef31cfe5e7

SHA512
8ad731cda30d3184ba1296c22ff6490d7f03b6af46c76569b65682cb718fa59829ed3786a634073ec783725ccfe68bffe9da61f98c7f37afba063ea2f5360f8b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e0722008226657fe3509453a2ca4a630

SHA1
e45ec2e921d325923c8ad1824a653b7dbb06da08

SHA256
b9bd0b727f7ced032b3c7bb9dce6bbfb6b8f4d00c4ca5210a71371eb17005aa0

SHA512
72a302e185d0a55147848cc1cf4aa9a96610b9af516b14be45d3fbb6be8e074997f02e6d5ad0d274b17e1a8924ef87be654444d2c2a6bfedc286124b06bb1458

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0c908319b12554f1eb11ef138c8ae167

SHA1
f1a224ba30d35b15c48e3ad174672bdd85611f6d

SHA256
e659d57b9fb56884c734f416ad5ba436e0ac410271e5128eb9d9084e9a30bb47

SHA512
41cf668a64a8188fe4e72fad40d0ca3e6a7e797f90c4490c9b319430ffc769c2a2dff6eea4f4f99a98b12e876c872d9f68da5d22dbd2760d4ce8e1f952d30a6b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
86e782fc9ddac57f573c7c1ee1f7172b

SHA1
76aafd66e4898174131d70f1b0aafd55fedf929a

SHA256
37769dd33d71ae2d5258eeaef3416d7d156522ef58095e0d2a1e7e2f5502839b

SHA512
8eadd106391eaf5be3fd240a478b42d1baf1bbcae14b7de02a3fa84f92470b1f050c677b4748b90801440db3461d34f06aad7104401438488c2a4774806002bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
531dcd12ed1a9cbbc6d0073403332198

SHA1
bca5c66a9f1bba85f07283767662ec9d998992ab

SHA256
d4704875898807b5ce98a7f419cf9ea359cf57a4347210d3c0ad54bf67f4d81a

SHA512
74c186766a1724282d717a30f0014b3c96ce2c4d74d2cc0be96c5ce1af0f1c1c469a2208558532daa6fa52149cba2d4438b1b6bd299cff17f798ef28f8fe4401

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b5eb1c68468f189bcfce4b6389ec5f01

SHA1
e5530a1d27a6f25bd21b8d55316954c0e2fd2ec3

SHA256
94f37eb180d17421085b917e9e97fc92bd1630f72ab8eab75c9d22932fc3aae8

SHA512
a87b6fe78e940dd395348a02ca9c739588a5141d153952aed741a366cfff371b7f33345e5319f2e6a554196e329ca791dc68fad1f975df2b2095a2736f17a128

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\2df92fd2-80c0-4afb-9c92-0eef31564b02.tmp

Filesize
5KB

MD5
e3bf8454dbe31af990d18de01d23b8e3

SHA1
196039d65f5ad2a76f7d59f9cefa98f274b55380

SHA256
6c463a7ea5fc037c89ca5d1b56d5c6e890cdb126f7a45d98f30861d8fb070a28

SHA512
ca2b741152c4440c093186a0cd9b4c27579c3720f77fd1b81b94f5859e80ac29a6949245374642e06444e57b69625a5eedcc61c55a05423a2892b47597bbff2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
194KB

MD5
36104d04a9994182ba78be74c7ac3b0e

SHA1
0c049d44cd22468abb1d0711ec844e68297a7b3d

SHA256
ccde155056cdce86d7e51dfd4e8fb603e8d816224b1257adfcf9503139dd28f1

SHA512
8c115e3e5925fb01efd8dda889f4d5e890f6daaf40b10d5b8e3d9b19e15dadcb9dcf344f40c43f59a1f5428b3ee49e24e492cf0cb6826add1c03d21efdec52ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
f638b5d9720c11f202ba12e134d34629

SHA1
cfeae3ef328052a9339548d645ac50489f7e20d3

SHA256
18218b9b020031b768b8653fb79359772538ec1b5793e9ca7083fa857f6e8a2d

SHA512
4dfbf7c62749f00577574a59262aca5cccdf96eaad44cb2761f920285fda188f718b7296818016b91de03ee39de64b092b18c164233d7db7889c99374176de76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
96e8d8bb502cece61170d30e823df6db

SHA1
33b37a8ee3d5064d0387747f802da28f5c9a183b

SHA256
4675d9443589e7992244f90ecb9fe64b445f9c88a6ce05249514de7a55a71091

SHA512
18d08359f973e7a220e2c01de759c1c9d8a5f43018f37750eface1b93d2d7a2624b100eaea913eb0720a084893f6ba0779f34374118dfa3fd2318ec15cfb0a99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
9e168c81229db9065d9d08b508595585

SHA1
e65c5271d3d3931ac759c4f589c16c4e61a72f3f

SHA256
7a37c1c2c6d3920f642b0ba358b569b93d22c8f7201099e17be67d39d07c29fa

SHA512
407427670146952522af065553d452cc7a269ba86a6e15c6e9dc5fc5bcf439d24a4024a8919ef20c20148877fcbcc0a9888440ad085bdb98b831c4d15729c121

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
0c9f859c2489d0f93f1c50a9aa41d1b0

SHA1
98238e422c0b0de422b9cadcd6f4332ae9d08112

SHA256
95fdd574678a2668d1486d1ce1d845bd0c98099adcebb5333741771993ba61d5

SHA512
4e7ce9e81484f72b2b85c1a67f6339a56c72e22b8c6f2056086c32e56f2ca68becd6d9d48715a8848b908963f9e3af4e7703fa75e41541b54a4940d56a86d37c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
c43e81e2ddbac79ec066028c1875c614

SHA1
ce848d3ffd5935cab94c572cd29d1f02d82af2e8

SHA256
37241314e12a02c81c4ab5a5256a837b4697a2c80694cef2b25078c3d2ddda93

SHA512
abc7c70911842d9980461b5d58254869fa8cf906b887567c155ee019f136073ed8c1400253d6ae3e112699d19f1c033b5794b11dcb9f23117338ab65e83b3143

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
5c8345f411209f885122eac2483049e7

SHA1
c6d14ae761453613ded9f38790fdb783b679d1a7

SHA256
1c425c79dc3d6453a6cf3518e3bd0f2cb17075d96d520861772255d32e57d5f7

SHA512
a889d73b018eaa98355ed2333fb8cbf074645b8529399dbeddcaa5612deb08798489434c97661681b00369608522e05ee4c983a4ecec2a1bd6e3fc6d59677013

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
fa2d1ed3897d01df875648ee22c471c1

SHA1
4d7416042067195c60f2972fc1ab6326d7edd94e

SHA256
de60c7bfb787a6bed4e9cb2d8255c16da96d455595466628a5cffe66a37d7ac2

SHA512
a1c367849c74a1d11a5aafcf5e92b6c991bcf688970a11049c659e633028de372fa79e3b949fd5e09bcc036fae5fde0b8fcecd1065a6f04a66300d64e8f268c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
a2e722e0282094b7a9d49b96f690321a

SHA1
8aaa5fb91050e6adf299da00c0ae038e62e68fe3

SHA256
013f434f8accd81d5381a76dcfa21d8e4ae1e8dae5b1caa18fa5e8d68d1b24d7

SHA512
a78385a7eaf8fc8b7693893fbc849472f64a197cf0face3ae4dd2c5f7158e6362d0d2fd9eb201b994a54b0d78df84d2be3d783dc7b71250bede679c634a3f4db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
b1c6b23f9eb114efa4482c0bf321cb0b

SHA1
e6fba337a22cf4a046a3cf39f8d071eb11097e3f

SHA256
b405aaa2537d6c2b231026b43c556d6ee222235356de56c47c676ea07ec3707c

SHA512
add7f211eb411aa93e9ad533fc9cd9054bc2626db5fa1cb96c61cb9194c6cd3bd6163990b2ace45ae1953f214044f501a3d2ddfbdf8ee0723ab9648e25a6e544

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
cab3a5b51691b0738e8fdc233e8b05cd

SHA1
7671ec67fe12d745f5920f9b628fe1ccc1759147

SHA256
c93c7b3da6c7a53cb3f7bc4a184e7cdc5cbdffb26210dd404d30736b172b031e

SHA512
bde33e641edae769883400cf372866ddad37cca73a64303b667d2ea3f4b3ebd8c42cfe6282816d2e012fe95ce5aabbd56aaca02803d678f0a0c03620fcbaeada

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3fc0922eeb6b176d6801e9baa7ed3403

SHA1
9f9df0b3caf1b1bf6a6f48be0218afcf641bac08

SHA256
656c2776c84713da10b2202f0b16e060e56c82e3d1d580cdd4c060e2a1776da4

SHA512
e77fc8eb7b9b1bd1b454dd7c4dca6e42cfab540c9012d2897583278b5a34ea387f0732758c1643c8c55ba430871eb323ac487eb1465098b721e8f4fc5d4d0133

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
a6823510fa88ced06d72fc773b5ec02e

SHA1
b024456312944bd8afb89f7694da392525cff9d7

SHA256
273546febb465d7f95494c2a1a63983bac2be00ce069a946de381ddb9c5c0a12

SHA512
14bb1e19152b403637ae8d5f92d258a7cc8f7a1082f2f0a73605c25175582cbbf47e97220d98a097c8c805943de8572e128cdd0f7e190c05f50318009b52c078

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
c2f5e24c462dc748a1b94c70f55f382b

SHA1
15c4f3afac68849d7377b081de18e7032728dc79

SHA256
f1bd2d05a9674df99d04af3db08a1c56034454f844f671300b68b6c20ba3cd9b

SHA512
7a887774e71fe1c79f4c382584e88eb8c347020ab365e43610036a754003ef12561eb3c3993648b0cf4a411994d3c2a8ef95c0ce5c1f7d030392e338b21e9db3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
e877c039ba2ddf1e836afce84ccb0c93

SHA1
7a5c0aac1fcdd0bfd22ef96a2b450f6fb34b53f2

SHA256
bdb045925e9f7efc3e795f3ee31c72ef8c1f1cd009b592d53a161450580944f3

SHA512
a63a8eb8f99c200b135125d6a0cfb5b51d5bc600b58b9486891eb31d58506b92197e6591e891153c37ed86dfcf0801c4925391ba1a201e0a681d78ea2d1dd207

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
efeb5f72c9d47a8f13685e99b7c49d51

SHA1
f86c34e5cc8fcf5ab8f88c87bc7cad0721e9fb40

SHA256
13d3a8489bb621797dda8b275fe8d4b0608fb5ca6a1f08079c21839be1d1d18c

SHA512
315b05e4c9a1d333f820443c42d2840f33870e1e26da926d4b7d7797500e3fc6dd9d72b9a51f8d02d4900d5bf8ce5453811ab2a673525ec463fd83d63768c8a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
bed3833526063641e7a390540e779ee9

SHA1
cfcbf9252719f8ec0de02cfdd197d14934e2f6df

SHA256
d2090d9db91cc03bf9510071855a5d0a72ddef607f4f9df8ec28f684c72ee1ca

SHA512
75d2074c1a0f58af2132ce00fb2a6c12722ded2dae4747bbf014ddaa6d750453a3074f1a5792330af5525cf024464a20f39b1b5bfa50b3642381e1c9fe007bfa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
fbef9169396386b186ecadc45ae824ca

SHA1
c92850c6545936cd599f1155a7cacfd9b91f9d29

SHA256
61ba85b076f4f1984bd272ebed3274489398c96e8cd2958d0a68df4b275bae68

SHA512
4f45a6cb87d25dd55d1215a0df54dd4f84af2aa787f056500e96b524abea2d40ccdeda968265210a19a20eb1a1b7866bafc2c2c50c1e4c69d07bb4c435a23009

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
1a4560bddd080a9e66232c28675b8093

SHA1
4b079a02f992c8f819de77fc1dfdd5f70a8e0c10

SHA256
9d156217fa98b4092578018bfc4cbb77f3f1147dc6f3f4c1e1bf4e2199d6a264

SHA512
38fe6d6682b13e541e93a1d5160e51b0d08584920d7375db23cb013ab6f36bc015652ad8686cb8fec2a70ab6ec05491ff648d05f899432a00d3e56e053eda098

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
2882c36450eae565ee8522ab75860ccb

SHA1
0e73396352edf0288c934cd3ddf8f7e56b0e881d

SHA256
ee688791def9e3724cd1b2f7f151d0986e2e0eb06e5405fdc6d480ae71bc190f

SHA512
5ad64d2382d4d00e400efc4106f0129b7f4e8c956c8a7fa97dde53b3049c5564a7444a2ce7b4bdb5a4bcc4eeaa7623b7079fcf8538f4c79fd5be4b561598d291

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
a4b5a5ba115d36cbd18d96746797e83b

SHA1
83218e0c772368d58dc1ae1129be0969c0b4b43c

SHA256
01c47d9d4087b004ef0b01617703f85686c29583f186bd9783012ed16c881bd8

SHA512
f99acfa782c9585963b4357651bddf9ddce557444ef269bbee3376fa471a3e4cc6caa2c5deb197e5cf9cc34879f90084a225bd0332591a308b38d31c1c6709fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
602e9fbe8ea4a4f37c94bd75dcc500b4

SHA1
5d56d6dd2faef19bfd4fbac043bb876931d74703

SHA256
c431af7bb2e0d1ce5eb5ad1d812f880ed5c7cdc6a627517e286fd79901655a09

SHA512
3f00f93b9ad76a35e442e73d84a27fc4478b9c16bd0aafca58b6fb72a51c9ac3124d738b5075f937e18359deafbcdca5f3afacdc914ad581b8e1c529918fd34f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
8ffec760ae558d753c671d96f91247b9

SHA1
c7a3bcc777feded30e220de6ae92fbdec0160082

SHA256
5ad82a64af29a121d78a9a30166727a4f1df69c44aac9b891d732f7100cc57a2

SHA512
b50caf5f36825d5680b7807c4a8635e020df41c0e4f3319493d6c6fb81d7030dcfc72f3042d33fe96f4c078c9c180c8eaab4253bf9e0def4276dcba6be461a03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
4f31fd258b93f7bfd98e919b5b394f8b

SHA1
f07db8e557053343f91a9b83277804f969442d99

SHA256
ed5333a701efc8d3cf8ee234b7441db51a99d9f86cdd0d326433d51480aa577c

SHA512
bf9e0abf8816d8b88cf315d60800070898f5dec4205ddeab61c6e49346d1b32ebacae76ef6ba88876cb77ae9eaaa615cf78f515d9a57efdf6dd73d225c71491f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
239KB

MD5
469da8dd6b5634eaa33153b5038d6c83

SHA1
d706a873e141eaa5bd9143fe6c92fdbb24fad2ea

SHA256
4e301f978e4604e08c0bbe331915fed27c7b675657603cebb3e3ba3df2b90dfd

SHA512
db5b71369cf67ca71bab122c044a465b72600d75baf1a44ac5f80c6d29b4e9bb2c868318409f21bb34141c83c4164c6e7b61fd5df13079f11b2b7064dd3dddbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
78KB

MD5
4d42b5c23e16de574b99229cde43594c

SHA1
0265aab84b61af3480bc75a654efa1d5a7b11155

SHA256
ca84658a3ef00510ce2b5e1e50803e5500cb6507ef28889184fe3ccb4685c370

SHA512
53bf4100042ab1bafcaae5e343adf29677f3f0c2464e79c05e859802bc8a7cda8f60dd70f2c75c6cfb9efea1f0263a225e302860f3f395354234fcd714a56b0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
84KB

MD5
84d7a441514ba214bf2a409b36140822

SHA1
73040ab535b617cd24a9c6d9b943535ea2960764

SHA256
3287e982d0840cac408c733afc943465bbe1cbc2e16b2067d53aa31da9a4ac49

SHA512
b2f5d4d9cbaac6bd75554c3725c339f94523d76781b0d6422964c1328f05d034311a9a9e7646999e57dbcdddc7f33ddd2b82fa62c6c54c85839e0c3c1af2f978

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Themes\Custom.theme

Filesize
1KB

MD5
b65aeb1b3da0b96313cc6e10dde4afe0

SHA1
34039989280d6d5a45793deaab79665c79b74b8d

SHA256
0254d776e25aeb83f195aacc7d477cd37683932586b27fdb7f09836d08296a3c

SHA512
be5c22848ee3491061feaab9c8e708e04e5d34bc0d8b46e816e059e6616c0114cfe5f40aee935f9d5dee546a990efa3bca00bdec03bcc29fedad37d0dbda95ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Themes\Custom.theme

Filesize
1KB

MD5
159bd6a587f370f16522b2a6f690bcc3

SHA1
c07d14fc439997e2f65b982c0702a985b36b9cf8

SHA256
9193c9b28f4e19c5fbd00340dce578825fbc6ce6ab67b1c9082c0d8f64446993

SHA512
a1ddc058193d778b3935ef8f158bb06f014de72124d5561a4d7af99e77921bcfe5ffcb24a1375917d5e438e0f2a1dccb96c1bdc2fa5b6aaf75ca5cabe1788e46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Themes\Custom.theme

Filesize
1KB

MD5
7c048eaacd1820ac933dccc0b872fa05

SHA1
955999eb7463f7e4031d551e24fbd1e1fb812197

SHA256
614d7a9ca519b3aa741a512e95f6f99aedd25e8c1630d30d13dd9735b562b3be

SHA512
09f35a1a69344e64b13f0a54ecc82cd7dd1ee9124bfc274fcd5fe8af2a07e30bbf0841d9230591cbbe12bc8f066f5f36e1577b82d5d1f3f0eb6b9b5154ce5d4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabDD08.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarDD79.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone).zip

Filesize
900KB

MD5
3c80b74152945709ef687263b2a71766

SHA1
7db3c5cc231144c2c35557f8eacf7dd1752e1e59

SHA256
b7a26ba92918b45336daec2c7b2c41ed35f7f5153ef1e197cc367212cabcfb49

SHA512
5ad32f625b562ed4acf509ca72387cb2fbfbce217363cd6fc00cbc0c3d9c13f77182583d809a10cc66c33042d5bd0400cc88487ea4429c98df105dfaace2ae1f

Download Submit
C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone).zip.crdownload

Filesize
4.7MB

MD5
73fb86f63995331ec431b18ae8e1db6b

SHA1
bca67e3f039494b10d137a7f3303e93a96c88e09

SHA256
055be7b14a80ebead7934b114f30b770705c6ba47b738fa807b775004c49f90e

SHA512
8a6b4846e37f90a7dfb6bde72ee1e5604cf751ad654c947e3c2135c67806c9fa00be5592e8c1fdfd128aa797b0504121c1b3ed74897d70fae09e2b1403a7e324

Download Submit
C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\init.log

Filesize
1KB

MD5
324975b62d3dcef8da4acfa31dba70e1

SHA1
4fb0ac575b26ae7decc34d905eef84cb5462d7b5

SHA256
71238ee854e6880139d0823e050fcf486e976f38ea7c87ec99a200ef814eb8a8

SHA512
e62660d39d1258a2ab5850c38771111f6ca00e2e47754fef781d35ddfa2d4220ad820ecd672feb662bdeb091e261ad5def63a14cf0097b251a037567533e2e3b

Download Submit
C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\init.log

Filesize
256B

MD5
e7d9da35bf16a2cfb097a4142ef26f72

SHA1
dfd56dc6ec56c1be295e00529cf346deafc5d166

SHA256
a7ced4739753b84b09fc2ebddf0420be47ac5b7168cb7707f55ec316bf204b7d

SHA512
758b775ccc96788993c3f2758ce9fbd5b0194215c189e435c41bcddcdc05b022efa5a071a193188ccbc98ee72d626359015f0c55ac4d2fab7d957746701faed4

Download Submit
C:\Users\Admin\Downloads\Osaka Simulator FINAL (standalone)\Osaka Simulator FINAL\tsu_han.cfg

Filesize
441B

MD5
0d901d229b0a975e1d6aa1df075b8440

SHA1
c8642419c3ed48ea4d88add9a70f2e0b5cda98d4

SHA256
64ca12c3766253443fa986eb6c6f217434a567f2d70f0473c652b46bb29e7e49

SHA512
220b4230e4c19dd91247d2ad85566d04b9134814a8807ef1dad909aa62f70b3b8e927c0222abdd72fc9513358a32ae3ecf75b4056adb12d71d80a88a5ed5abc7

Download Submit
memory/2228-632-0x000007FEDA620000-0x000007FEDA62A000-memory.dmp

Filesize
40KB

Download
memory/2228-631-0x000007FEF4570000-0x000007FEF46B3000-memory.dmp

Filesize
1.3MB

Download
memory/2228-654-0x000007FEDA620000-0x000007FEDA62A000-memory.dmp

Filesize
40KB

Download
memory/2228-653-0x000007FEF4570000-0x000007FEF46B3000-memory.dmp

Filesize
1.3MB

Download
memory/2876-240-0x0000000002B10000-0x0000000002B18000-memory.dmp

Filesize
32KB

Download
memory/2876-724-0x0000000000F10000-0x0000000000F11000-memory.dmp

Filesize
4KB

Download
memory/2876-728-0x0000000000F10000-0x0000000000F18000-memory.dmp

Filesize
32KB

Download
memory/2876-720-0x0000000000F20000-0x0000000000F28000-memory.dmp

Filesize
32KB

Download
memory/2876-678-0x0000000005140000-0x0000000005141000-memory.dmp

Filesize
4KB

Download
memory/2876-677-0x0000000005150000-0x0000000005158000-memory.dmp

Filesize
32KB

Download
memory/2876-669-0x0000000005120000-0x0000000005128000-memory.dmp

Filesize
32KB

Download
memory/2876-663-0x00000000030C0000-0x00000000030C1000-memory.dmp

Filesize
4KB

Download
memory/2876-656-0x0000000000A80000-0x0000000000A81000-memory.dmp

Filesize
4KB

Download
memory/2876-652-0x0000000005120000-0x0000000005128000-memory.dmp

Filesize
32KB

Download
memory/2876-622-0x0000000005110000-0x0000000005111000-memory.dmp

Filesize
4KB

Download
memory/2876-621-0x0000000005120000-0x0000000005128000-memory.dmp

Filesize
32KB

Download
memory/2876-250-0x00000000031F0000-0x00000000031F8000-memory.dmp

Filesize
32KB

Download
memory/2876-0-0x0000000001680000-0x0000000001690000-memory.dmp

Filesize
64KB

Download
memory/2876-231-0x0000000000EF0000-0x0000000000EF1000-memory.dmp

Filesize
4KB

Download
memory/2876-229-0x0000000002AB0000-0x0000000002AB8000-memory.dmp

Filesize
32KB

Download
memory/2876-223-0x0000000002B50000-0x0000000002B51000-memory.dmp

Filesize
4KB

Download
memory/2876-217-0x0000000002AB0000-0x0000000002AB8000-memory.dmp

Filesize
32KB

Download
memory/2876-16-0x0000000001780000-0x0000000001790000-memory.dmp

Filesize
64KB

Download