2a4a71f7fefc27615280ac70b408d5aa073751a59b6b55604309a02ce602e3d4

Analysis

max time kernel
208s
max time network
209s
platform
windows11-21h2_x64
resource
win11-20240214-en
resource tags

arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system
submitted
19-02-2024 20:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BetaManager.exe
Size

12.5MB
MD5

da6ea5f9cad25dc49257646a8194766c
SHA1

ccb77fc65d13f91a2eb2da7faff77e8810c4adee
SHA256

2a4a71f7fefc27615280ac70b408d5aa073751a59b6b55604309a02ce602e3d4
SHA512

c47e22268dfb643af854a280088dcb2fdcb7ce8bd2f415c5f4cb66e84d0ba63d8e82ab7f6c62fadd7a59cc170043b75d8f81de6f504397a0377240a3a843e008
SSDEEP

393216:u/3/npLL+wtQQlL5SY18jN4kSBTCXH9eK:WvpGw6Af1uNoIJ

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 5 IoCs

pid	Process
1852	BetaManager.exe
4192	BetaManager_Installer.exe
1740	BetaManager_Installer.exe
3804	BetaManager.exe
1904	BetaManager.exe

Loads dropped DLL 25 IoCs

pid	Process
4624	MsiExec.exe
4624	MsiExec.exe
4624	MsiExec.exe
4624	MsiExec.exe
4624	MsiExec.exe
4624	MsiExec.exe
4624	MsiExec.exe
4624	MsiExec.exe
4624	MsiExec.exe
4624	MsiExec.exe
4624	MsiExec.exe
4624	MsiExec.exe
4624	MsiExec.exe
4624	MsiExec.exe
4624	MsiExec.exe
3040	MsiExec.exe
3040	MsiExec.exe
3040	MsiExec.exe
3040	MsiExec.exe
3040	MsiExec.exe
3040	MsiExec.exe
3040	MsiExec.exe
3588	MsiExec.exe
3040	MsiExec.exe
4624	MsiExec.exe

Enumerates connected drives 3 TTPs 64 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\G:	BetaManager_Installer.exe
File opened (read-only)	\??\N:	BetaManager_Installer.exe
File opened (read-only)	\??\L:	BetaManager_Installer.exe
File opened (read-only)	\??\P:	BetaManager_Installer.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\T:	BetaManager_Installer.exe
File opened (read-only)	\??\K:	BetaManager_Installer.exe
File opened (read-only)	\??\V:	BetaManager_Installer.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\M:	BetaManager_Installer.exe
File opened (read-only)	\??\V:	BetaManager_Installer.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\J:	BetaManager_Installer.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\Z:	BetaManager_Installer.exe
File opened (read-only)	\??\P:	BetaManager_Installer.exe
File opened (read-only)	\??\Y:	BetaManager_Installer.exe
File opened (read-only)	\??\J:	BetaManager_Installer.exe
File opened (read-only)	\??\Z:	BetaManager_Installer.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\E:	BetaManager_Installer.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\I:	BetaManager_Installer.exe
File opened (read-only)	\??\Q:	BetaManager_Installer.exe
File opened (read-only)	\??\Q:	BetaManager_Installer.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\X:	BetaManager_Installer.exe
File opened (read-only)	\??\E:	BetaManager_Installer.exe
File opened (read-only)	\??\G:	BetaManager_Installer.exe
File opened (read-only)	\??\H:	BetaManager_Installer.exe
File opened (read-only)	\??\I:	BetaManager_Installer.exe
File opened (read-only)	\??\O:	BetaManager_Installer.exe
File opened (read-only)	\??\U:	BetaManager_Installer.exe
File opened (read-only)	\??\U:	BetaManager_Installer.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\R:	BetaManager_Installer.exe
File opened (read-only)	\??\O:	BetaManager_Installer.exe
File opened (read-only)	\??\T:	BetaManager_Installer.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\B:	BetaManager_Installer.exe
File opened (read-only)	\??\S:	BetaManager_Installer.exe
File opened (read-only)	\??\A:	BetaManager_Installer.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\H:	BetaManager_Installer.exe
File opened (read-only)	\??\M:	BetaManager_Installer.exe
File opened (read-only)	\??\S:	BetaManager_Installer.exe
File opened (read-only)	\??\Y:	BetaManager_Installer.exe
File opened (read-only)	\??\W:	BetaManager_Installer.exe
File opened (read-only)	\??\K:	BetaManager_Installer.exe
File opened (read-only)	\??\L:	BetaManager_Installer.exe
File opened (read-only)	\??\B:	BetaManager_Installer.exe
File opened (read-only)	\??\N:	BetaManager_Installer.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\BetaManager\BetaManager.exe	msiexec.exe
File created	C:\Program Files (x86)\BetaManager\BetaManager Updater.exe	msiexec.exe

Drops file in Windows directory 23 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\MSI6827.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\{658CB583-2C0C-4659-8E06-4EF3273A939A}\BetaManager.exe	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI6A4C.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI6AEA.tmp	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI6004.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI6100.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI6612.tmp	msiexec.exe
File created	C:\Windows\SystemTemp\~DFC4CA19343A606850.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\~DF53DB42B3AD4636B9.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI6015.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\SourceHash{658CB583-2C0C-4659-8E06-4EF3273A939A}	msiexec.exe
File created	C:\Windows\SystemTemp\~DF6F2C9F6820C71D24.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\~DFA32F41EFAE0761B1.TMP	msiexec.exe
File created	C:\Windows\Installer\{658CB583-2C0C-4659-8E06-4EF3273A939A}\BetaManager.exe	msiexec.exe
File created	C:\Windows\Installer\e5a5e02.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI67A9.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI68C5.tmp	msiexec.exe
File created	C:\Windows\Installer\e5a5e00.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e5a5e00.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI5FA6.tmp	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 4 IoCs

pid	pid_target	Process	procid_target
2156	3444	WerFault.exe	79
3068	1852	WerFault.exe	112
4520	3804	WerFault.exe	131
1456	1904	WerFault.exe	134

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Control Panel 1 IoCs

evasion

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-751003968-2436847326-2055497515-1000\Control Panel\Colors	BetaManager_Installer.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133528469153576750"	chrome.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\22\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\23	msiexec.exe

Modifies registry class 25 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\385BC856C0C29564E860E43F72A339A9\MainFeature	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\385BC856C0C29564E860E43F72A339A9\SourceList\Net	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\385BC856C0C29564E860E43F72A339A9\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Roaming\\BETA, Inc\\BetaManager 2.0.0.0\\install\\73A939A\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\385BC856C0C29564E860E43F72A339A9\ProductName = "BetaManager"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\385BC856C0C29564E860E43F72A339A9\Language = "1033"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\385BC856C0C29564E860E43F72A339A9\AuthorizedLUAApp = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\385BC856C0C29564E860E43F72A339A9\SourceList\Media\DiskPrompt = "[1]"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\385BC856C0C29564E860E43F72A339A9\AdvertiseFlags = "388"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\385BC856C0C29564E860E43F72A339A9\InstanceType = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\385BC856C0C29564E860E43F72A339A9\SourceList	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\385BC856C0C29564E860E43F72A339A9	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\385BC856C0C29564E860E43F72A339A9\PackageCode = "1A03FA8978CC9804CA797083F05E5D93"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\385BC856C0C29564E860E43F72A339A9\Version = "33554432"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\385BC856C0C29564E860E43F72A339A9\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Roaming\\BETA, Inc\\BetaManager 2.0.0.0\\install\\73A939A\\"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\385BC856C0C29564E860E43F72A339A9\Assignment = "1"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\385BC856C0C29564E860E43F72A339A9\ProductIcon = "C:\\Windows\\Installer\\{658CB583-2C0C-4659-8E06-4EF3273A939A}\\BetaManager.exe"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\385BC856C0C29564E860E43F72A339A9\SourceList\PackageName = "BetaManager.msi"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\385BC856C0C29564E860E43F72A339A9\Clients = 3a0000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\385BC856C0C29564E860E43F72A339A9	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\385BC856C0C29564E860E43F72A339A9\DeploymentFlags = "3"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\432D7A1254E97C44FAB9BB49C214B81A	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\385BC856C0C29564E860E43F72A339A9\SourceList\Media	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\432D7A1254E97C44FAB9BB49C214B81A\385BC856C0C29564E860E43F72A339A9	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\385BC856C0C29564E860E43F72A339A9\SourceList\Media\1 = ";"	msiexec.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\BetaManager.exe:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\BetaManager_Installer.exe:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1320	chrome.exe
1320	chrome.exe
1548	chrome.exe
1548	chrome.exe
3724	msiexec.exe
3724	msiexec.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3444	BetaManager.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1320 wrote to memory of 3156	1320	chrome.exe	87
PID 1320 wrote to memory of 3156	1320	chrome.exe	87
PID 1320 wrote to memory of 3528	1320	chrome.exe	89
PID 1320 wrote to memory of 3528	1320	chrome.exe	89
PID 1320 wrote to memory of 3528	1320	chrome.exe	89
PID 1320 wrote to memory of 3528	1320	chrome.exe	89
PID 1320 wrote to memory of 3528	1320	chrome.exe	89
PID 1320 wrote to memory of 3528	1320	chrome.exe	89
PID 1320 wrote to memory of 3528	1320	chrome.exe	89
PID 1320 wrote to memory of 3528	1320	chrome.exe	89
PID 1320 wrote to memory of 3528	1320	chrome.exe	89
PID 1320 wrote to memory of 3528	1320	chrome.exe	89
PID 1320 wrote to memory of 3528	1320	chrome.exe	89
PID 1320 wrote to memory of 3528	1320	chrome.exe	89
PID 1320 wrote to memory of 3528	1320	chrome.exe	89
PID 1320 wrote to memory of 3528	1320	chrome.exe	89
PID 1320 wrote to memory of 3528	1320	chrome.exe	89
PID 1320 wrote to memory of 3528	1320	chrome.exe	89
PID 1320 wrote to memory of 3528	1320	chrome.exe	89
PID 1320 wrote to memory of 3528	1320	chrome.exe	89
PID 1320 wrote to memory of 3528	1320	chrome.exe	89
PID 1320 wrote to memory of 3528	1320	chrome.exe	89
PID 1320 wrote to memory of 3528	1320	chrome.exe	89
PID 1320 wrote to memory of 3528	1320	chrome.exe	89
PID 1320 wrote to memory of 3528	1320	chrome.exe	89
PID 1320 wrote to memory of 3528	1320	chrome.exe	89
PID 1320 wrote to memory of 3528	1320	chrome.exe	89
PID 1320 wrote to memory of 3528	1320	chrome.exe	89
PID 1320 wrote to memory of 3528	1320	chrome.exe	89
PID 1320 wrote to memory of 3528	1320	chrome.exe	89
PID 1320 wrote to memory of 3528	1320	chrome.exe	89
PID 1320 wrote to memory of 3528	1320	chrome.exe	89
PID 1320 wrote to memory of 3528	1320	chrome.exe	89
PID 1320 wrote to memory of 3528	1320	chrome.exe	89
PID 1320 wrote to memory of 3528	1320	chrome.exe	89
PID 1320 wrote to memory of 3528	1320	chrome.exe	89
PID 1320 wrote to memory of 3528	1320	chrome.exe	89
PID 1320 wrote to memory of 3528	1320	chrome.exe	89
PID 1320 wrote to memory of 3528	1320	chrome.exe	89
PID 1320 wrote to memory of 3528	1320	chrome.exe	89
PID 1320 wrote to memory of 5020	1320	chrome.exe	93
PID 1320 wrote to memory of 5020	1320	chrome.exe	93
PID 1320 wrote to memory of 3236	1320	chrome.exe	90
PID 1320 wrote to memory of 3236	1320	chrome.exe	90
PID 1320 wrote to memory of 3236	1320	chrome.exe	90
PID 1320 wrote to memory of 3236	1320	chrome.exe	90
PID 1320 wrote to memory of 3236	1320	chrome.exe	90
PID 1320 wrote to memory of 3236	1320	chrome.exe	90
PID 1320 wrote to memory of 3236	1320	chrome.exe	90
PID 1320 wrote to memory of 3236	1320	chrome.exe	90
PID 1320 wrote to memory of 3236	1320	chrome.exe	90
PID 1320 wrote to memory of 3236	1320	chrome.exe	90
PID 1320 wrote to memory of 3236	1320	chrome.exe	90
PID 1320 wrote to memory of 3236	1320	chrome.exe	90
PID 1320 wrote to memory of 3236	1320	chrome.exe	90
PID 1320 wrote to memory of 3236	1320	chrome.exe	90
PID 1320 wrote to memory of 3236	1320	chrome.exe	90
PID 1320 wrote to memory of 3236	1320	chrome.exe	90
PID 1320 wrote to memory of 3236	1320	chrome.exe	90
PID 1320 wrote to memory of 3236	1320	chrome.exe	90
PID 1320 wrote to memory of 3236	1320	chrome.exe	90
PID 1320 wrote to memory of 3236	1320	chrome.exe	90
PID 1320 wrote to memory of 3236	1320	chrome.exe	90
PID 1320 wrote to memory of 3236	1320	chrome.exe	90

C:\Users\Admin\AppData\Local\Temp\BetaManager.exe
"C:\Users\Admin\AppData\Local\Temp\BetaManager.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3444
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 1164
  2⤵
  - Program crash
  PID:2156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3444 -ip 3444
1⤵
PID:832

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc22b49758,0x7ffc22b49768,0x7ffc22b49778
  2⤵
  PID:3156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1684 --field-trial-handle=1792,i,1555865122103303460,8447109656796576281,131072 /prefetch:2
  2⤵
  PID:3528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2180 --field-trial-handle=1792,i,1555865122103303460,8447109656796576281,131072 /prefetch:8
  2⤵
  PID:3236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3216 --field-trial-handle=1792,i,1555865122103303460,8447109656796576281,131072 /prefetch:1
  2⤵
  PID:2808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3184 --field-trial-handle=1792,i,1555865122103303460,8447109656796576281,131072 /prefetch:1
  2⤵
  PID:4120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=1792,i,1555865122103303460,8447109656796576281,131072 /prefetch:8
  2⤵
  PID:5020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4560 --field-trial-handle=1792,i,1555865122103303460,8447109656796576281,131072 /prefetch:1
  2⤵
  PID:4200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 --field-trial-handle=1792,i,1555865122103303460,8447109656796576281,131072 /prefetch:8
  2⤵
  PID:1980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5084 --field-trial-handle=1792,i,1555865122103303460,8447109656796576281,131072 /prefetch:8
  2⤵
  PID:4672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 --field-trial-handle=1792,i,1555865122103303460,8447109656796576281,131072 /prefetch:8
  2⤵
  PID:832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4908 --field-trial-handle=1792,i,1555865122103303460,8447109656796576281,131072 /prefetch:1
  2⤵
  PID:3920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=1660 --field-trial-handle=1792,i,1555865122103303460,8447109656796576281,131072 /prefetch:1
  2⤵
  PID:2324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4600 --field-trial-handle=1792,i,1555865122103303460,8447109656796576281,131072 /prefetch:1
  2⤵
  PID:2660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3408 --field-trial-handle=1792,i,1555865122103303460,8447109656796576281,131072 /prefetch:1
  2⤵
  PID:1692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3456 --field-trial-handle=1792,i,1555865122103303460,8447109656796576281,131072 /prefetch:8
  2⤵
  PID:4568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3176 --field-trial-handle=1792,i,1555865122103303460,8447109656796576281,131072 /prefetch:8
  2⤵
  PID:1008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3272 --field-trial-handle=1792,i,1555865122103303460,8447109656796576281,131072 /prefetch:8
  2⤵
  PID:1608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2800 --field-trial-handle=1792,i,1555865122103303460,8447109656796576281,131072 /prefetch:8
  2⤵
  - NTFS ADS
  PID:2280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3252 --field-trial-handle=1792,i,1555865122103303460,8447109656796576281,131072 /prefetch:8
  2⤵
  PID:1044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3420 --field-trial-handle=1792,i,1555865122103303460,8447109656796576281,131072 /prefetch:8
  2⤵
  PID:3336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3172 --field-trial-handle=1792,i,1555865122103303460,8447109656796576281,131072 /prefetch:8
  2⤵
  PID:4672
- C:\Users\Admin\Downloads\BetaManager.exe
  "C:\Users\Admin\Downloads\BetaManager.exe"
  2⤵
  - Executes dropped EXE
  PID:1852
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1852 -s 1164
    3⤵
    - Program crash
    PID:3068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5516 --field-trial-handle=1792,i,1555865122103303460,8447109656796576281,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5640 --field-trial-handle=1792,i,1555865122103303460,8447109656796576281,131072 /prefetch:8
  2⤵
  PID:916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5536 --field-trial-handle=1792,i,1555865122103303460,8447109656796576281,131072 /prefetch:8
  2⤵
  PID:2648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5744 --field-trial-handle=1792,i,1555865122103303460,8447109656796576281,131072 /prefetch:8
  2⤵
  - NTFS ADS
  PID:2240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5752 --field-trial-handle=1792,i,1555865122103303460,8447109656796576281,131072 /prefetch:8
  2⤵
  PID:2992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5980 --field-trial-handle=1792,i,1555865122103303460,8447109656796576281,131072 /prefetch:8
  2⤵
  PID:3216
- C:\Users\Admin\Downloads\BetaManager_Installer.exe
  "C:\Users\Admin\Downloads\BetaManager_Installer.exe"
  2⤵
  - Executes dropped EXE
  - Enumerates connected drives
  - Modifies Control Panel
  PID:4192
- - C:\Users\Admin\Downloads\BetaManager_Installer.exe
    C:\Users\Admin\Downloads\BetaManager_Installer.exe /i "C:\Users\Admin\AppData\Roaming\BETA, Inc\BetaManager 2.0.0.0\install\73A939A\BetaManager.msi" AI_EUIMSI=1 AI_SETUPEXEPATH="C:\Users\Admin\Downloads\BetaManager_Installer.exe" AiSkipExitDlg="1" APPDIR="C:\Program Files (x86)\\BetaManager" PINTOTASKBAR="IDYES" AppsShutdownOption="All" CustomActionData="[AI_ButtonText_Next_Orig]:[ButtonText_Next]:AI_INSTALL|[ButtonText_Next]:[[AI_CommitButton]]:AI_INSTALL|[AI_Text_Next_Orig]:[Text_Next]:AI_INSTALL|[Text_Next]:[Text_Install]:AI_INSTALL" AI_SETUPEXEPATH_ORIGINAL="C:\Users\Admin\Downloads\BetaManager_Installer.exe" TARGETDIR="F:\" AI_INSTALL="1" SHORTCUTDIR="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BetaManager" SECONDSEQUENCE="1" CLIENTPROCESSID="4192" AI_MORE_CMD_LINE=1
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    PID:1740

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1852 -ip 1852
1⤵
PID:2964

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:3724
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding B035038F724D6D0E3A6F91CD8C4EFBE6 C
  2⤵
  - Loads dropped DLL
  PID:4624
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 5C36F4BD96D9D022E9CDAE40D03BE641
  2⤵
  - Loads dropped DLL
  - Modifies registry class
  PID:3040
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 280992A80406A06FE60836EE0FDA65B3 E Global\MSI0000
  2⤵
  - Loads dropped DLL
  PID:3588

C:\Program Files (x86)\BetaManager\BetaManager.exe
"C:\Program Files (x86)\BetaManager\BetaManager.exe"
1⤵
- Executes dropped EXE
PID:3804
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 1156
  2⤵
  - Program crash
  PID:4520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 3804 -ip 3804
1⤵
PID:4756

C:\Program Files (x86)\BetaManager\BetaManager.exe
"C:\Program Files (x86)\BetaManager\BetaManager.exe"
1⤵
- Executes dropped EXE
PID:1904
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1904 -s 1136
  2⤵
  - Program crash
  PID:1456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 1904 -ip 1904
1⤵
PID:1920

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e5a5e01.rbs

Filesize
9KB

MD5
d0d3a1b312e55f216b2349a94ba25548

SHA1
a72b48a724a25254adb5bd0b789e043fe6b309a7

SHA256
7a519be0abc0c35373fba1cce120482775b141b83928d63458f61a4b82ed7cf4

SHA512
3f982d6341c79dd1abaa881ec17b6906df0e66bfe85d57c4fbb88200c154566fc0050567f09930c94f5f7d27282be8398e260c4d4e66b5c6b0495370a4300ab0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
194KB

MD5
ac84f1282f8542dee07f8a1af421f2a7

SHA1
261885284826281a99ff982428a765be30de9029

SHA256
193b8f571f3fd65b98dc39601431ff6e91ade5f90ee7790bfc1fba8f7580a4b0

SHA512
9f4f58ab43ddadad903cea3454d79b99a750f05e4d850de5f25371d5bec16fc312015a875b8f418154f1124c400ae1c82e2efd862870cd35c3f0961426c8cd82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
5fd935766d0c033fb788f367eadfc290

SHA1
6aaac91a87bb72fba21fb5a0538cba7357992d26

SHA256
203ac609e30f25623c3e804214e48e53eeb5ead04b91f1c4dc8eeeb68e184389

SHA512
a4ff592fb621f6124506f034f5dd7bbc59ef4d195bbb290fb0e7d09b4beb904155407532775ae34b6a22431e05fed72af12ba31d65cd1d20c2e6b2e100597691

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
912B

MD5
edfbed01324a1db5d959673b02504fff

SHA1
e5ffb2c41774fbc55214f0a87726b4ac438de82b

SHA256
3da7f7b8921c45fdd88e6c00a10319eff9f33a97987849d8d4f43aebbb99570a

SHA512
5c0e5945695dfe6dd49edd43f724c12cd73a7cf7fc35ece6ccf3440a814bdcda47f515ca31059155d63f7f4a2a51fad3d3a16210f757b9d2fbe07d99c4462b86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
70da63d8955fe80d12a5e0711e8ff97f

SHA1
b466839f643aaa277494b91c5786d43649c11b54

SHA256
9489697c42168010f7ce4e91a3da8f6a93adadcdb71caf3d7b9cd2f306a96cbd

SHA512
b9b5c591cd7bc8f1cb9b0c676b086112872bcccc6929dce537e960780ca12a41375b57efe42172c6a5f520c75e6eed0d6378623898f3ba10010b6a417b63584b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
a5585d0dd30aa6fcd76cb549f13f9a91

SHA1
3acdd84152e7567317600069bc6075d42e586018

SHA256
0b86c7294bac5782b6af3985fbf35f8d7865141ff79b427490cd456295f3736d

SHA512
0bad44897fa4647ccc0fb48fb1102c69e4297d9d8f6661120023df40c76241472ffe7142ec91bb2396227a73f6de5ab7c1222ff6c02ac9fa2be4f74453b689ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
3113e20b0d085fa70a893ef9d5d50e2d

SHA1
7c2dd3af7232a3bc427fad5a30d7df2242da902c

SHA256
b0de14cb3a783d1451d8235a8d54295ce7075bec075a6ca1f456a63103be5185

SHA512
0cf049fcfbfc9b51298064759470ea117d7077ceee86a3b1bf86922b880c5c1c45ff751425a7173b49ea018e2ed606c0ade11fcc5b36d65a1b049120e4531b78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
83ab13d28be045e6f4eda83962135a77

SHA1
589f6636c51d5cf7fe1ab5b39713250b711a5c3e

SHA256
ae65d09b6877a26f5ef80f81523ace4e56c81f92c04d63e3b1fbfc454ead5e06

SHA512
963fcd74198e98fcab493da1d36d58aa9c75b6bbe5ccfd0497a78754000f4dbed7597b20311b4c8cb3aeea902481dca658e15d4b8f4a71f033e5f79806b34f8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
3976ddd2673c6d6f778adf796bc02899

SHA1
4be110b33d0864499855fc24155ea61a5abee28e

SHA256
b95abe17b5f0eeec016b05825445242c6149ca963e479a8b4391e609ac443439

SHA512
f6698959e536d9a693caa7e32285a237d3fac1535dc445adc493ba1370ece119b507ecfdee0cb0aee2088e884c53d6722c8c321f6df2b3487bc165a31e36e2af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
2d12c7147280fb1221e12fd2f5440a0e

SHA1
208e859b07524e3533d78e5fa427e6f69fb40d8b

SHA256
f1a530ece5d22bfc533985246112b3128e7d94096260bf96192e8f32f4c67d86

SHA512
5753838bd0a515748f2538b872460990b176262c213c9441a2f18f95b66719a21867f5edf4fb262c0cea155beed39d0b29314e3949a69a54f14bb1c6772bea0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
c02b1ec6f26cadac0faef781b046f5e3

SHA1
367548d1bb80e63abea4ede32bf13e44f507bc06

SHA256
30f44d24705515e793005ff2a1230aad1d208e3ac353cf938e8efef7486311e9

SHA512
81176443f8b5d8f53cc85dad406701b643d3720cdd7510771b0797859393a3d4f9dc9a7e009b7454f769dc564f26509959fb2b6df5e2be61c934be1b2fe863d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ac11de64a88239e5ca44e52661bf8b37

SHA1
360ae644eec604b6c25c7404a531c3f3fd657e21

SHA256
8fa9a499ba15e55f45abd94212a623b1006779508b9e2705d4f9bd4027b93da4

SHA512
b19ebdc58bb152263efaa5f307696d9cb552fc06038b30c15888482e883d00929f9daaf2367c0a775455b6a4f49bd3bc6b5ddc5b0d5925ba7b9e12d8eacff33f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
22ca98694caff1638e66e968af1ecbd8

SHA1
6c79e8a3f6faa74c26ea5880f3b741343030d86a

SHA256
f78c31745c7b1f713deac1ce48823a2b119cdcbe9c940466a6739c3a615db629

SHA512
d02a2661d571043b7908672c4495f2887cfde96e138707ec856e74bca1aecf99bed4104bde3fb7dc08fd293358bc12b5f7cd8cf6909a899195ad0ad135c2e4d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
dd14011e8b37abe952e06e0d8897d26a

SHA1
a8a7131970cb226583bf4fee13bdab2e3805c17b

SHA256
f61c19f53eeed2fff299e9fa255457a2c11ef3eb2c2d1e15dda31a1377c01001

SHA512
1b321068c84f945950cb0a9242a33fc9162b42c53e5a530f14f23583ccd54b14c4f732c5dae189b2c9bbced7c2a3a9d15496ef83371ea7c25652b6b489f98eea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bd6d8bdd56f288b5cfd9cc7d0c91f4ea

SHA1
5bc42c3243a7f975fa923f1ec99ff439c2255ebe

SHA256
0bfe21d032c9619b353126c7881af4e9da64b8eac0557eed2a898e1f098f04d1

SHA512
a22def14a9b2a275a66094c8cf97e44956ed52d9f1c59824387309c5212648e27c0dd736bbf00f0a56267fc2b1dbc1f70e1ece4dfc830b031982474a90db89b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
dce5d1d2f7fe320e3fc9b871a1a064d7

SHA1
1496c902a1826a8c3bd61b9dad343c49e140ba4d

SHA256
c6ee4c44ef5d175ff8f5e2c1529c1a41b1b94dcfa3e6b84c50b4b5f57fa4829e

SHA512
ddd58c66db85f1e9d5b4e0695295ed6bf53b5c019e71d436e503b9f2533c12fa74fcd08420fa6f0e031d79a2bb09b5bc63a308c05c75d37c4a4029de2bc6541f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7619731a57fa0adfdbf2d463e7f6ec11

SHA1
ef60bbdaa8448b0ddd7699d7cf11c8b3b8b318f4

SHA256
dc381e689d2fbbe07590e9011e8b877718489cc2f434ddafa8680e5cc240e9bf

SHA512
aa14d5bc2bd1ff244de1ca700091adc79ead9a75fcaea331ef7f4688fcecbd00e02fe172ff24b4f99ce51344ef985244f6885d58a14d1d5b62e89eb5c965f832

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5d5c74f04b832ae99da0ea18ed4a99aa

SHA1
153bbcaa57aaaa2040bf884dfac44c51d3a97318

SHA256
ab21f5c2f7b922b6e71e34c3db25819d33f0cef4799a31580d4d4508eea33eec

SHA512
a922d34710592e75b128a5b4249462aa5675c9e5aa5612f59d7011ceef2b2655acd450f4728932eacfbb52cbad7187815da1b971b7ad54eb16c5afc29b9bddbf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
5634868af8c9e057ecfe2f4ec18893bf

SHA1
de01f98db02fead36f25007dedfba77abdeaff65

SHA256
7c7749a81be4464d13347929be4ae9aac890ffff072a20c0c65d3f9c6b7d8a46

SHA512
cb3f3cba7aac0fba8576e897cd014001a6454c8a848873cbf9bec182db99d4575868cdd246860e7de86bd116a030f821bf41af636559f8251839bb8cde2a4d21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
f759611d6d0eebac92d73caab798eb26

SHA1
371638fc9f1dd546bacb3a2bcfc3cf28b7bdf190

SHA256
05d413bb97ad529649480d1e633daaae06391f488a937330cac24f5120f23772

SHA512
d96c6965ad36048daa870c1a4e455579f7072069b5b4dff6278db2fc2352d22f3772808ddae11929d24afa6d7ed76049672be2169d16fc3fc6f8d82d4435206b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
7d709a3a988523032a4fab6a36419f1b

SHA1
36e93366fa1a0398f4fd54ad7ad22751c46b8517

SHA256
79598319af77f7c465b0a62125a97df32a3a9b7b9bf2c03678454774642b0d94

SHA512
ac039f79fe8fecdef8f4f1db7be2379a471248c06278881ac49fb683474984379bac6044817301f67d3a01f0120e82b186e485925401c7a0996f5d669b3cbc88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
94KB

MD5
40424a1f450378b8a75612b317f9f125

SHA1
2d26c5aca4ab8db48313cc5e42b3c39b036711c8

SHA256
6a9ce104f8455486df4919decc8b066fc1a70b1c92573780efed97b91d1644b2

SHA512
ef054261d0cc90afdf0b65695f5581f1c42c1795c738c3d3b5ae7baf1f0a917d54f08e03a08f2d160280948e508194208a89e60a772a1333c1d3a3c1f9a38d92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
108KB

MD5
f18c32cdbd8cb3ca0f63b703e06ad102

SHA1
8423fa6cdda5f1b50221c6ced50510ce6d5edeb7

SHA256
96afe89d01e5286f9946eed22e668d3a1c5a05bd704df0d2fbf63028c7db3697

SHA512
6129353266c16691cfaa32f39611037b42f4fbd5495d21d799b02ba1ddfe650c44921ae4f0b65e7dfadb613158e76a20f7ea9d3610c916d99192e8add6541e92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe597536.TMP

Filesize
89KB

MD5
baff707de6257a79ce37b18611efb529

SHA1
316ac7ed59447dc29d68f86dd3d24a7cb47599bd

SHA256
f4c7b920d5f147f0e6f3dfbcb8f3e931f258533b31762cf1ed859cdbc3a2ef3b

SHA512
a96848d1fc9a8ec09712a895d71573cdbe0764e15954f2cf12e9b965a6a690c7f25d5949e032f2eb1c06614440be51f1fcda26731e7a8cb82303bfda81abacca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_4192\aboutbtn.xaml

Filesize
791B

MD5
ea680496ad3d80dc404138cb24187d8b

SHA1
782913444374e5a2844165e5f6b47bd67ebafc3c

SHA256
e95d463716efa3b37fbf909e6b87b8f6cce2b5e38839b5405a817e97fb48e15d

SHA512
4414279d39fa1a59fbf088c8c65db7a048f1245bd9a7eb68ea585341a009b65b652ff81c66166b2f56fed3369d60070800964f532c658b88cd4a93b817c188cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_4192\buttonimgs.xaml

Filesize
351B

MD5
118f4c63590056978ac5065ecd4337b7

SHA1
3c8b555894deb0e0f3872ab6badb75d73a837ff5

SHA256
18573b641fd232ce9506dfbb4a15f7871b73bf3499f6a6b5734c2bc152852c94

SHA512
3a6ca3bd174b88dd0bb1b2b160a78e46a2ffe3e52228d48683493e74881419f63bf9c7fbd4a8a754583fb77ef97d77d04136bb9c7c6eecd76a143ac5016fc982

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI11D0.tmp

Filesize
1.1MB

MD5
6bb65410717bb2c62ed92cdbc9c41652

SHA1
1f0d56a24588c0c07e878f348df6bb0c3e4f693a

SHA256
91a6c5daebe89b7d9157188a2b3fa8e47d53b4d20c29bcc244635d1943397f7b

SHA512
1a864c6d010e3d62337a2067f53e82067ab01a556edee65036658bb7dd863bf22379d16aaf6385fda23060148c68c7225610058a153420e7b125c038285ceb38

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI8AD.tmp

Filesize
719KB

MD5
c9c085c00bc24802f066e5412defcf50

SHA1
557f02469f3f236097d015327d7ca77260e2aecc

SHA256
a412b642de0e94db761ebd2834dde72eed86e65fc4a580670a300015b874ba24

SHA512
a6fa1f34cd630a7509a6441be7ad060de7e039967d2ec015e27c2a643b04e0eecf53902b7173c4c2e92e3a890bd7acb6a3307d9923838f0bfc71496fb184b1de

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI9D7.tmp

Filesize
559KB

MD5
3caecc1c49c672dcaaabee46961ee98a

SHA1
8e6799f52ca8ab0ac33587fa42cc2235248e7280

SHA256
12fa849586b4a75ef25f49801c2a9ef7c4a8ad34bc60e76f18927ffbff529b98

SHA512
c390297b05db2a7d49b770d72e19ca08dfd7791a0b8660ee1fb8f7fe52abe93244ae0139c3012fa47936c054cafcc526c8c776556c4fe0fdf3ce8f5db516103a

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIA07.tmp

Filesize
715KB

MD5
77bf00eb683126fc72425843b946cf7d

SHA1
e01efa9ebbc2c36080f8c9f61ec5a008668354b3

SHA256
b6c9326d1e7d7149d395e39aa446e0637b284c64bc3289f162a8abc5dd3e63f9

SHA512
7947eb6375ca628efddee0939ed8bd90cdb178d497f144bb667b57efbf5968c65105a71a10afccc75c4f06eb85709614cbe50a2742c44f2b29ace7f4680ef966

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIB8E.tmp

Filesize
583KB

MD5
af69688925d957dd1367659e89150762

SHA1
75625f8af9731ddc39458a3b86b57f9363d0d438

SHA256
bed1a389c538a05d661c34cf962cc5d6ee1cc349d315745ddf60e3b74aeee3a8

SHA512
b7ec30ad92068e0a7e513fc11625a1090d6b28ce2871364370d1d0872d81ff4ae314aaf229042a56ea999f5084ec654ab200d02209e59f845953f25487106cc8

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIB8E.tmp

Filesize
769KB

MD5
5dc82cdff5934f3fafbd0052da7495d2

SHA1
408e0119d27b920e403a070c0c573077e0887258

SHA256
0e699a3511ffa8a9e6ab9629b120299c9de50b04b7a0e9512c50bfa961ec658b

SHA512
e89343f67b53bab1d71828c4f50c4b30e52784c9386408ca2bf26b33a374b76b343cf6daff98db30f47908b38d8db7d1ba0f12a2489b67c776c74e8d341e4c98

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIB9F.tmp

Filesize
573KB

MD5
ba1a7015eac899fd6391f4d66c018626

SHA1
dd6c4279f6d9e2f74fe1d5a8c3a38a5f2560034a

SHA256
852c25a78852a3818bd267db3aaddde9a673be9484801952e6fb9b2b1a9daccb

SHA512
c746bc3360cf4eb49af1a041d98554bc77d34d820b2abf1f9c7ec547d375728bb385614a533bf8e35caa21a4dd9309cc5ed22c60bced10225626ae50dd6e6f73

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIB9F.tmp

Filesize
488KB

MD5
91a394cc16e0f6cb043dff5116cebf0e

SHA1
7cb2ae4778eb86713373d44f2076d7c669ed1006

SHA256
9fb1018eaca993917b9e21e7af3d76d865859a0fcf159e3af79369e701fd4327

SHA512
cb79cd4bcfbbdc61be82420b91a27bad5e412042a82b34381d52317f1fc8647d8283b7b6d86083ef0bee74e942416feabd3394f9045ad9fa7eb169f024363e23

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIBB0.tmp

Filesize
524KB

MD5
3197824a498bb7837252b3d974511908

SHA1
e4df1d5079f3d4e69a0405b544f36e21b1dc8597

SHA256
70825625dc1b74d676388ae051a4b332d2b4ff729c74a6af96b347b1f0528a41

SHA512
0a77b8bde5ea6753c534db4de66c9a3801844cb2860c1e4998935d16ae390ed98f3bfe8c841fbfa6ef66b9c31ea1caff718808276487bd62cfdc39f2257ebe06

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIBB0.tmp

Filesize
675KB

MD5
dc7e079aed124ef51163c609a45acde9

SHA1
29f877bdd085bd3cf2aa80cc23c2e067c7a7dc6d

SHA256
c9c0d378f46231bc17ca0b35a0589d30e006f8a9cfed61c4d1cebe1e533322b2

SHA512
46ec1a3369c69f1d8e75e4202dbd383d404773ec885e006c84f88e715e711d702cbd8d86969e99548cec7562318bed2ed0a1ca6d84b08ac130c2e0ed7564b028

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIBC0.tmp

Filesize
685KB

MD5
224f75bd21194a25102cfb4ea0152515

SHA1
893dc57254429daa9ae4100b116daf03dc0cbde2

SHA256
f3558883be0a625a332a4056d1660ef710763a73f5d93bcd925b0bcd1731f276

SHA512
d58dc1bf5055bd57ff5f21f56531bb43017a00526fa1954892eaac8a616b33e421661b6350cd102d3a9876aa5ef48f931f47b026bc70f1c4fbd837bdbc5fceb3

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIBC0.tmp

Filesize
579KB

MD5
25d25b0bb9d2721f2fa9e6726f1fe029

SHA1
add425a48008e0682387c834b1ed15498a145bd1

SHA256
b50ec347ee30bd70ca3508ed3cd71dde60aff8e3c5ea207a078a056f983fc090

SHA512
bf12607882649e50ac82f1a30d86ff7af18a70e17f8ba42de3f34c33e39ec9e5c6088b93efc723880830cf73d2438eeebad1d329a7c620b65cb73c968c657fa9

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIBD1.tmp

Filesize
543KB

MD5
3bccd82124abe002eade4308808d5733

SHA1
29f5666c929c6fa2c98d496968ae32a8b0ab447f

SHA256
2b3d279bf60eb35d331231092b64f8b026fd489520e6f2f43af77610ad4e5e2e

SHA512
368ec119dfc773d072e93036efd09530fb95959115ce8c313db754dbc45565c042689576ef35598938e3296041bf8efdef09f74733e9d5c1a722f7fdd554160c

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIBD1.tmp

Filesize
382KB

MD5
ea41cee94cb488f7b109b47d66276e70

SHA1
eed885e3d48c6d0b0a8b4bd63f57765c5d8bd0f5

SHA256
82dc2316d3b74bb47cbdd0ad95d5c0ba5c939bc9dfce0fe0f4e0a2853f8c6fb7

SHA512
7531819a15a8864e91827e0205b3cc9cc48b8d778a9f6159074252588d92ed9ff0b196756049ec53f0da75cd6113d497d57c6c8cfcd0097b90bf62bfc97b55c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIBE1.tmp

Filesize
529KB

MD5
ee74a46a3069919d43189ebc53b7eacd

SHA1
a21641a5abde24bedd2998ff84b6f756ce896941

SHA256
e1aa11417284eff4807b4a50647884cc997ca3bcb3db25cd40ec42cff9b9c1d5

SHA512
436b881303112ddfcdb8d4ad5d07b04892ccd446350d828a5df0c75f98ad9874f777695327bed6afb50b6b0f14c37b091af75a655c5fe74e7558803a09080c1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIBE1.tmp

Filesize
398KB

MD5
f6f0a292e554c020689c73b2216ac86d

SHA1
8bb0bc899fb04d57d2d3c9200f66c625141eb99d

SHA256
cb82fd00337d8104d2f19fbb00bb05d0c40698f40216df3f5b5ca56961d81c54

SHA512
cfa8f7ae90335f09170b5459f9c9929775315b917b239018ebe65123e29ffb5b20901eda989725f0c1730ace5bea8cf792bfb48777acfcb915b091a5ff636e1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIBF2.tmp

Filesize
457KB

MD5
42a97cf769b5173ef543d0091d57ffbe

SHA1
51abc7d38a31a15966577bf92b225f4d5314ef33

SHA256
765bdffd5b5ab0f28029445a2b27212a4aaba0228f0a32c461c9bf98f6193fcc

SHA512
205be766ea4dc2d09f649b2a53c274e3149c30d338101b4f4f6b3319540c4e858793f448b7e96e2ec6b3416eb0e43858394f6194d340892c16e57ab4fbca94a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIBF2.tmp

Filesize
326KB

MD5
5487fb0c49f34f9298dad378f08c5a95

SHA1
ebb482bd8f1ef031cff7326f41e29ca42bb2176b

SHA256
a5a175187b6e5dc4af6ead2268b5979e4b5a6fa876c731ffc43aa2868a216f2e

SHA512
81210b66c56f26f83fc89e37d36b1d04bc90f1c5cab9d06c293e5fb073532223f5dcecd56154913b7a59777b0bf315fed587525e1be63b34ff61974ec78da7b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIC03.tmp

Filesize
501KB

MD5
b5b497c482344bdb2414bff788c0559f

SHA1
9ffd47590567cc9f61a60fb494d94664612e2a15

SHA256
35f7db5354c53cd3be5e083c87fb1da5f9051f62e816d15fbdfa04e814386620

SHA512
c938ac66374522c82782bac305720b85a006c9baea89a6dc257329278d075c8bd9e6111ce10e2188423855662f8aedc1d0fa732062ceed3976109c20008482bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIC03.tmp

Filesize
542KB

MD5
b7986dd04288eafea612e3e74a2d987a

SHA1
64b1dbfafa9570f588714730324cbaabddea931b

SHA256
9dd5e0a87aac49ea0422270ae6bce20ec040200131fd9711e224a1695dc117d4

SHA512
0b09bc5309381ca20a4c150536eb5cde61b4cd306f53b212586272712e9baec98dd7d6a06b9d94d28dcc7023cc4f9175c7aeb1a3b1d291dad7ac29a3eb965127

Download Submit
C:\Users\Admin\AppData\Local\Temp\shi5D44.tmp

Filesize
1.7MB

MD5
6e4ab0ceefd0180a5d39f05c23f1da5d

SHA1
751203499836301c22c1f95da58729a59196f7c0

SHA256
1cdcda13fff282e6b54de54028fc28981d64216c014f8bc4c5be98350f281897

SHA512
af31c31b14f6e2e18c3e981c37d1334b3661568cc96c8a6220f8acc4a6bfc874b1cfe8fc18cbd88fbb5882ee4501a8778e44d8b7f458200f546a517c5cb252e3

Download Submit
C:\Users\Admin\AppData\Roaming\BETA, Inc\BetaManager 2.0.0.0\install\73A939A\BetaManager.exe

Filesize
1.3MB

MD5
9d1ad16b57ad73d14c2cd18e01ef7880

SHA1
771a4cdf762961abf57233de60233ac761dd3d16

SHA256
1292bbf935c3c3dbad1aff5b0cd6458a2be0fe95476cb27bebb90d2e1f2150bf

SHA512
0d5d46185725521158becb47e3511c779cc415d2cb01af47a56a62d3f65957417cfab1a0418a6d2462525804ca23dffd35e5d251a11f083d083e1d2b23d07e90

Download Submit
C:\Users\Admin\AppData\Roaming\BETA, Inc\BetaManager 2.0.0.0\install\73A939A\BetaManager.msi

Filesize
1.9MB

MD5
74fb487da2fd7de60d8185d8e51b5841

SHA1
4d8286abed2fa2b46dedd7f52e31370e1a81176c

SHA256
5b6ae917c8976efc6234685ea125a52bd8d9fab7217df29dc2438237f4c46ffd

SHA512
665aeb3086ecfebad06dae751643a68e3baeaacd336545fbe235906e3eb790996757cc6e09fb163ed5eebd7e1f9931173fe6e65a7503d1f06001db564775b175

Download Submit
C:\Users\Admin\AppData\Roaming\BETA, Inc\BetaManager 2.0.0.0\install\73A939A\BetaManager.msi

Filesize
2.3MB

MD5
a8a1fff0e78887a11d9253c2faca103b

SHA1
43231ab552f74f43433056ae5e3e11731aa1a008

SHA256
ede420aafa179db92e6e91e992c7b50ebab872302506d2103bf3b47e345b4cea

SHA512
238fde7011d907d2c1065b10c9a89abe8c5ed257bc7d2bb31414403e4e56d91bc69a83f9ef4a1f4bac73448845420531deb7b6e8d977533ef74620d225c1e75e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\BetaManager.lnk

Filesize
1KB

MD5
bffce6445bb0091e42f57f63881c471d

SHA1
0bd4bfc45ff5dcd51aa7e0e5556136225f6f56e5

SHA256
6ae0ed28a7b9b22cf3b4107c63a21d1095acb3ad8550a29573bc836573b7e17f

SHA512
36058f165d97837f8e8840f943f847e481b520aae81ab6a5c900ec046a70c7d3abe6c9ac372902c5218956a7ab741fbd1c9555dc5647b6230f041d9b62c7861b

Download Submit
C:\Users\Admin\Downloads\BetaManager.exe

Filesize
4.2MB

MD5
a57d5a4b4504c8ef93970b6bd36bde58

SHA1
b675887757dee7b27f2f510b41d7223fe4c61775

SHA256
0c9de18b3ef46e157471b0a9b7ade94eef7654c5f97b1ee5c6a09519df3ff87f

SHA512
19e433a6259c394ad0b3a8bee5234f6d036dcdc9debde94c6c5cf2ca44d7a3a3781d7fe92300980dfa84131cea6ab3c9de3ed660a6f914ae65cf9fb454b83df5

Download Submit
C:\Users\Admin\Downloads\BetaManager.exe

Filesize
8.9MB

MD5
a32ad3b3dc1b7788c11f3330dc66c57a

SHA1
a50c775711c1c53fd6290eb22397614a62c0fe21

SHA256
4f2776889f98ec35f64d4c2fdde68b84f4b0965120fdc417659e78fa7dbaf4e3

SHA512
6acdcc9b0d5f5788042e87f12e2ee2c1a7a06d55059c1242075007acc1e56e74b7af64e3dc2f018d41f5a2876fb00ec23a6c0f2d8f2400d7e50156655fb65fa1

Download Submit
C:\Users\Admin\Downloads\BetaManager.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\BetaManager_Installer.exe

Filesize
6.0MB

MD5
bb6e4107101eb5b2664c66cdfdaf2ac5

SHA1
57899752e548fc0d83346e7a6db64ccf690c6836

SHA256
7a8816e6180f3a4e0346cd9203a4c54d643f3f7fb020f21da2304cdd3425456b

SHA512
ab185f505fc782ad93b81b5c823ee74117ee2066e6ce71314f6a78e9f0d8bb829bfd57d56264583953dcb3259a1fe0c893a9b2e07ed2e51ab0d215d0ec503fd9

Download Submit
C:\Users\Admin\Downloads\BetaManager_Installer.exe

Filesize
5.6MB

MD5
6f4b2f3396287e053f94b68f24b30ba7

SHA1
212f20884ee2220e6a735210680aa1672dcaf241

SHA256
912b0c5b604f79cf36fe250df94ea5b6ec6c7be174414e771bb51204b78e5141

SHA512
7617990554b2e15537da746434d266b4f39f75f4f22ca8615fc4117420ca87b51aba5f003181327ae9f27fac310b9502a1bf7934d68db3871a56e1e82a9abdab

Download Submit
C:\Users\Admin\Downloads\BetaManager_Installer.exe

Filesize
3.7MB

MD5
4bc4b33d789ec2680eba07fd4a12f1fb

SHA1
c6bb362f87ac58d9b41988bd64cb93961bbd66cf

SHA256
503c73906a23e297709e53abab711e41093d5ae8df8900a00a08d4e16b069348

SHA512
c9e14a377fb7bf351c4f94eeba369484a551c9ee776f3c898724b0bbcb52cbebcd6017f07c619faaff529f87f5d2d3421a86f38da617041b3040cdabf4fae1dd

Download Submit
C:\Windows\Installer\MSI68C5.tmp

Filesize
399KB

MD5
2f460d81ef08038d2991118786846df0

SHA1
46394e61efc86f4f29707b55ef651d81ffa26263

SHA256
65265aab41b3cbf4b8ad6a8b1d6e02ee82a2168a9c07a0328dcbfb10bbc366bd

SHA512
3993e1653d7c866d74203e79cdbcdf9b8d75fcded33a102c82626d8130d496917d6321df1503359ebdab9a03a529ffedfcf8356f201bdc05236313e7a03fea8e

Download Submit
memory/1852-320-0x00000000749A0000-0x0000000075151000-memory.dmp

Filesize
7.7MB

Download
memory/1852-321-0x0000000006BB0000-0x0000000006BC0000-memory.dmp

Filesize
64KB

Download
memory/1852-336-0x00000000749A0000-0x0000000075151000-memory.dmp

Filesize
7.7MB

Download
memory/1904-650-0x0000000074A40000-0x00000000751F1000-memory.dmp

Filesize
7.7MB

Download
memory/1904-649-0x0000000005EF0000-0x0000000005F00000-memory.dmp

Filesize
64KB

Download
memory/1904-648-0x0000000074A40000-0x00000000751F1000-memory.dmp

Filesize
7.7MB

Download
memory/3444-3-0x0000000005F60000-0x0000000005F70000-memory.dmp

Filesize
64KB

Download
memory/3444-1-0x0000000000610000-0x000000000128A000-memory.dmp

Filesize
12.5MB

Download
memory/3444-2-0x0000000005C70000-0x0000000005C8A000-memory.dmp

Filesize
104KB

Download
memory/3444-0-0x00000000749A0000-0x0000000075151000-memory.dmp

Filesize
7.7MB

Download
memory/3444-4-0x00000000749A0000-0x0000000075151000-memory.dmp

Filesize
7.7MB

Download
memory/3804-636-0x00000000749A0000-0x0000000075151000-memory.dmp

Filesize
7.7MB

Download
memory/3804-637-0x0000000005BF0000-0x0000000005C00000-memory.dmp

Filesize
64KB

Download
memory/3804-638-0x00000000749A0000-0x0000000075151000-memory.dmp

Filesize
7.7MB

Download