147695a93ca690a62967e982d9fb3ee52b36693f594806b14e10e09a9dd60e10

Analysis

max time kernel
1204s
max time network
1211s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
05-03-2024 15:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

My Talking Angela/BlueStacksInstaller_5.8.100.1036.exe
Size

783KB
MD5

0781512d75a512b443d6f75437902aff
SHA1

d9395ad80f1eca1627eec368d25f53901d94df42
SHA256

ea851b062c25c36ec7d7988bae56fb385be244bf26c44e43cfe0069887b55a6d
SHA512

fb2d8b82b2481b7a9232ff40c191a3ec5ac04bb5c2f75db9cef5c16cfd35a7ad15bcbbe70880a625c9adeb877d8cc252b8de42f6eeddbd006e8ab253a46d8715
SSDEEP

12288:NivtCXQd0RYK1mv6qQdeRPHKhuV9c1klspixcogZAhcZr0CXWYJ:NivtCXF1mv6qQOqWcyOJBAhc104

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
210	raw.githubusercontent.com
211	raw.githubusercontent.com

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	BlueStacksInstaller_5.8.100.1036.exe

Executes dropped EXE 3 IoCs

pid	Process
2408	BlueStacksInstaller.exe
208	HD-CheckCpu.exe
4376	HD-CheckCpu.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133541266621903797"	chrome.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2408	BlueStacksInstaller.exe
2408	BlueStacksInstaller.exe
2408	BlueStacksInstaller.exe
2408	BlueStacksInstaller.exe
2408	BlueStacksInstaller.exe
2408	BlueStacksInstaller.exe
1564	chrome.exe
1564	chrome.exe
1148	chrome.exe
1148	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2408	BlueStacksInstaller.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 544 wrote to memory of 2408	544	BlueStacksInstaller_5.8.100.1036.exe	96
PID 544 wrote to memory of 2408	544	BlueStacksInstaller_5.8.100.1036.exe	96
PID 2408 wrote to memory of 208	2408	BlueStacksInstaller.exe	103
PID 2408 wrote to memory of 208	2408	BlueStacksInstaller.exe	103
PID 2408 wrote to memory of 208	2408	BlueStacksInstaller.exe	103
PID 2408 wrote to memory of 4376	2408	BlueStacksInstaller.exe	107
PID 2408 wrote to memory of 4376	2408	BlueStacksInstaller.exe	107
PID 2408 wrote to memory of 4376	2408	BlueStacksInstaller.exe	107
PID 1564 wrote to memory of 2708	1564	chrome.exe	135
PID 1564 wrote to memory of 2708	1564	chrome.exe	135
PID 1564 wrote to memory of 1816	1564	chrome.exe	137
PID 1564 wrote to memory of 1816	1564	chrome.exe	137
PID 1564 wrote to memory of 1816	1564	chrome.exe	137
PID 1564 wrote to memory of 1816	1564	chrome.exe	137
PID 1564 wrote to memory of 1816	1564	chrome.exe	137
PID 1564 wrote to memory of 1816	1564	chrome.exe	137
PID 1564 wrote to memory of 1816	1564	chrome.exe	137
PID 1564 wrote to memory of 1816	1564	chrome.exe	137
PID 1564 wrote to memory of 1816	1564	chrome.exe	137
PID 1564 wrote to memory of 1816	1564	chrome.exe	137
PID 1564 wrote to memory of 1816	1564	chrome.exe	137
PID 1564 wrote to memory of 1816	1564	chrome.exe	137
PID 1564 wrote to memory of 1816	1564	chrome.exe	137
PID 1564 wrote to memory of 1816	1564	chrome.exe	137
PID 1564 wrote to memory of 1816	1564	chrome.exe	137
PID 1564 wrote to memory of 1816	1564	chrome.exe	137
PID 1564 wrote to memory of 1816	1564	chrome.exe	137
PID 1564 wrote to memory of 1816	1564	chrome.exe	137
PID 1564 wrote to memory of 1816	1564	chrome.exe	137
PID 1564 wrote to memory of 1816	1564	chrome.exe	137
PID 1564 wrote to memory of 1816	1564	chrome.exe	137
PID 1564 wrote to memory of 1816	1564	chrome.exe	137
PID 1564 wrote to memory of 1816	1564	chrome.exe	137
PID 1564 wrote to memory of 1816	1564	chrome.exe	137
PID 1564 wrote to memory of 1816	1564	chrome.exe	137
PID 1564 wrote to memory of 1816	1564	chrome.exe	137
PID 1564 wrote to memory of 1816	1564	chrome.exe	137
PID 1564 wrote to memory of 1816	1564	chrome.exe	137
PID 1564 wrote to memory of 1816	1564	chrome.exe	137
PID 1564 wrote to memory of 1816	1564	chrome.exe	137
PID 1564 wrote to memory of 1816	1564	chrome.exe	137
PID 1564 wrote to memory of 1816	1564	chrome.exe	137
PID 1564 wrote to memory of 1816	1564	chrome.exe	137
PID 1564 wrote to memory of 1816	1564	chrome.exe	137
PID 1564 wrote to memory of 1816	1564	chrome.exe	137
PID 1564 wrote to memory of 1816	1564	chrome.exe	137
PID 1564 wrote to memory of 1816	1564	chrome.exe	137
PID 1564 wrote to memory of 1816	1564	chrome.exe	137
PID 1564 wrote to memory of 1912	1564	chrome.exe	138
PID 1564 wrote to memory of 1912	1564	chrome.exe	138
PID 1564 wrote to memory of 1048	1564	chrome.exe	139
PID 1564 wrote to memory of 1048	1564	chrome.exe	139
PID 1564 wrote to memory of 1048	1564	chrome.exe	139
PID 1564 wrote to memory of 1048	1564	chrome.exe	139
PID 1564 wrote to memory of 1048	1564	chrome.exe	139
PID 1564 wrote to memory of 1048	1564	chrome.exe	139
PID 1564 wrote to memory of 1048	1564	chrome.exe	139
PID 1564 wrote to memory of 1048	1564	chrome.exe	139
PID 1564 wrote to memory of 1048	1564	chrome.exe	139
PID 1564 wrote to memory of 1048	1564	chrome.exe	139
PID 1564 wrote to memory of 1048	1564	chrome.exe	139
PID 1564 wrote to memory of 1048	1564	chrome.exe	139
PID 1564 wrote to memory of 1048	1564	chrome.exe	139
PID 1564 wrote to memory of 1048	1564	chrome.exe	139

C:\Users\Admin\AppData\Local\Temp\My Talking Angela\BlueStacksInstaller_5.8.100.1036.exe
"C:\Users\Admin\AppData\Local\Temp\My Talking Angela\BlueStacksInstaller_5.8.100.1036.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:544
- C:\Users\Admin\AppData\Local\Temp\7zS022CA618\BlueStacksInstaller.exe
  "C:\Users\Admin\AppData\Local\Temp\7zS022CA618\BlueStacksInstaller.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2408
- - C:\Users\Admin\AppData\Local\Temp\7zS022CA618\HD-CheckCpu.exe
    "C:\Users\Admin\AppData\Local\Temp\7zS022CA618\HD-CheckCpu.exe" --cmd checkHypervEnabled
    3⤵
    - Executes dropped EXE
    PID:208
- - C:\Users\Admin\AppData\Local\Temp\7zS022CA618\HD-CheckCpu.exe
    "C:\Users\Admin\AppData\Local\Temp\7zS022CA618\HD-CheckCpu.exe" --cmd checkSSE4
    3⤵
    - Executes dropped EXE
    PID:4376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4324 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:8
1⤵
PID:3420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1312 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:8
1⤵
PID:4028

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe70919758,0x7ffe70919768,0x7ffe70919778
  2⤵
  PID:2708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1792 --field-trial-handle=1908,i,3089541111151502306,7793185307358410636,131072 /prefetch:2
  2⤵
  PID:1816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1908,i,3089541111151502306,7793185307358410636,131072 /prefetch:8
  2⤵
  PID:1912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2276 --field-trial-handle=1908,i,3089541111151502306,7793185307358410636,131072 /prefetch:8
  2⤵
  PID:1048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3212 --field-trial-handle=1908,i,3089541111151502306,7793185307358410636,131072 /prefetch:1
  2⤵
  PID:2272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3220 --field-trial-handle=1908,i,3089541111151502306,7793185307358410636,131072 /prefetch:1
  2⤵
  PID:3316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4680 --field-trial-handle=1908,i,3089541111151502306,7793185307358410636,131072 /prefetch:1
  2⤵
  PID:3092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5124 --field-trial-handle=1908,i,3089541111151502306,7793185307358410636,131072 /prefetch:8
  2⤵
  PID:636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 --field-trial-handle=1908,i,3089541111151502306,7793185307358410636,131072 /prefetch:8
  2⤵
  PID:2212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5548 --field-trial-handle=1908,i,3089541111151502306,7793185307358410636,131072 /prefetch:1
  2⤵
  PID:3964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=244 --field-trial-handle=1908,i,3089541111151502306,7793185307358410636,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2384 --field-trial-handle=1908,i,3089541111151502306,7793185307358410636,131072 /prefetch:1
  2⤵
  PID:1384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1852 --field-trial-handle=1908,i,3089541111151502306,7793185307358410636,131072 /prefetch:1
  2⤵
  PID:2172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5792 --field-trial-handle=1908,i,3089541111151502306,7793185307358410636,131072 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5508 --field-trial-handle=1908,i,3089541111151502306,7793185307358410636,131072 /prefetch:1
  2⤵
  PID:3780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5944 --field-trial-handle=1908,i,3089541111151502306,7793185307358410636,131072 /prefetch:1
  2⤵
  PID:2264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6024 --field-trial-handle=1908,i,3089541111151502306,7793185307358410636,131072 /prefetch:8
  2⤵
  PID:1948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4704 --field-trial-handle=1908,i,3089541111151502306,7793185307358410636,131072 /prefetch:8
  2⤵
  PID:4596

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4824

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
195KB

MD5
89d79dbf26a3c2e22ddd95766fe3173d

SHA1
f38fd066eef4cf4e72a934548eafb5f6abb00b53

SHA256
367ef9ec8dc07f84fed51cac5c75dc1ac87688bbf8f5da8e17655e7917bd7b69

SHA512
ab7ce168e6f59e2250b82ec62857c2f2b08e5a548de85ac82177ac550729287ead40382a7c8a92fbce7f53b106d199b1c8adbb770e47287fc70ea0ea858faba6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
24KB

MD5
b82ca47ee5d42100e589bdd94e57936e

SHA1
0dad0cd7d0472248b9b409b02122d13bab513b4c

SHA256
d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d

SHA512
58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\bf2e87c0ce80af7a_0

Filesize
18KB

MD5
ded058e794da12c71f5222cf7c0f47c8

SHA1
bd077c61cb9411ef3b08eccebe7d06c602fd0cd2

SHA256
1d52ec0c9ce17152dbda51e38ddce751325ed6fb3f60cadda922f68c093c923d

SHA512
2ff58ac567b1d7cb84a0966142ea45a52936f99bb41ef4bc9d5a1dfd8998c348a6cbd225639e73f32622b7e544edb85bcd07b08ebaf44a8c7e8bce13d6852c6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f5c39b9eddc5fd42_0

Filesize
280B

MD5
d855884bff7ed74538ea1f1a747791ab

SHA1
7dce731c5640eeed8a5b06194187b7ab761889cb

SHA256
456557d1edec6982ff69f7da160c41cc33bb3c4a7e3d15d2464a3d2678dde884

SHA512
3a9ed4f3953243eea2a5acdf6802b7bbd8ebc56f3c78db533feb27136f8a80536b775479cd0d4bfb3789bde96351d51b86a680683e2be327e0e2de5e7fb091df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
7e01b62a10e48078047d28bf8087ef21

SHA1
13866daa7a7c4ce8e0646a804f4b6a447e4fc89d

SHA256
12d77870c0263fb05cdf2ebf3938a71296cccb57e5dcc48069d520d19083f9be

SHA512
f03eb7fabae25afff45a041f114be3c66ac8c51e17b7d1b1aa358ae66ae981cc15250a4cd603042dd5e0bdd426a57c15865efd686999eb46f4db0e358c0f1e2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
544a6c66ae6b56e70631ad681e585e89

SHA1
83691937fd22f22f052394907038e868d6ca9218

SHA256
9ad8fae624dca1e8f4253cca749de2c2aecde127123dc09ac409a87666e94d47

SHA512
6caa167157bc3a3edc89a2f8bc4f6bf388c152aa9bd682e85eb0fbe100b85c8cdd8a665d47008b257bc4b66a942029fe5d168ce86d379c27c2bc9fe397ae82dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
254e452b5bcc48802010ad6423a1e98f

SHA1
8014416a88bfcb5d00d2211e4d5b83e3d9bcde49

SHA256
e77df45ca682b79529a929407fca91ba36ed5258cd4f4f437c63a53ef10451c6

SHA512
3ef29fd31568546e7336f198ff73d133d316e3d48f412c7866cd1671815e1e59b1598d1db633f9af8b8110ea5281acbe7d24f8092de3db41492965f234373612

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
28909c995f9c818eb02cf551161c99ee

SHA1
63b236ad9657007d32082056940e7e3f21cb7074

SHA256
de8a7cb66bb0061ee4077d8e7005b4b593df7d3f0aa0c19893e20f8254a26e6c

SHA512
66b240b072cc1356900564ce2a9a879227be7caf7b27c70780e442bfd00058d7377d0483c7d381f2b446bf61c5f4d0be5792ecc1c7bde1e82ba22f64beac794c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
16b2be1cbc1934e0ccabc2bb873f9de4

SHA1
05aa427ce0afeb99eb7aaa272b84df9fede1eb49

SHA256
0622f2e48c6f2583c6fdd5ed4ce59517858076ff8df80cece5b12bac9bff8713

SHA512
5795505ed5309e5e2aae8869ca1da7c85389d5c837ae06294c0bc6a7e7088af8b6d2d8e11e0583e2e97c439cd952f2f1f1cb0f2144c5e2156f197966d78d05c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
f07316dbcd0ec761e5a2b656334fe098

SHA1
bae79f9e3a409b8dae169a94bce259c89d1da285

SHA256
017850d43f0fd928f540ca51075466f5fd8a10cf2cc397a0a54c69d1f854b89e

SHA512
c5d52e5d0b512e6c76d6bb41697d51390d346ef6aa4c7047f899e4c0a802e8f192055450f5c4ebd27773fad1d05d0ab96d284e1b821a1af8c27de37c5ddfb64e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
9f090a3ffac90ffdc1894eab66ee7f1f

SHA1
1ea734670ba5feeda19fe714ef274ae39dfede25

SHA256
00f6880b35ed7cdfc8bec11063ef4ee942d267de8b2c306a1c51622f7e02dc5e

SHA512
73377a5fbca7131fc4e366a72ca7d371b623fc190a120efa7390c306c0fe23cc9b35e0f11840dc632cc54ffc7f9d4dd6774f9984fdc3e35732653c9ddea34abc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
1a55288336e8c2690f8d519c7966ac9d

SHA1
036b07000a01b63a018ec4e667c92549985a1624

SHA256
f34902770c13d0ca35af93fdcc3b189eb5360ad6fcfcdc68a1f1f3b372b94a65

SHA512
77c8cc56a7715e37944aaf20d4983caa158bda67789876397184bd95feaedb902a9ab60e20fc5a9571292ce749141039d130e9e1cc8bff07bc58e887faeabcc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
9a2a328a266b74698183f700207bcbf8

SHA1
f8fec95a8e7cdc354a805d12edd118278f9ee3d0

SHA256
a4fecd3727c5daa2949ba24e7635209bb1999a83f4e721444c5f56a71df7fc74

SHA512
0c8f1458f51a1d4523d5a68f3c001448e871e43f246f0711c6a687c34d5cd85161f6cec3af3d39dd4c5603edc11e760cf5ab813118e9b0c33a5b60a74bf1ac5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
21d1d994e282a808540576c4abe5b911

SHA1
2447400068b5f15331158fe5cb3dd15921f3be04

SHA256
f80bf9109f075a4b9df7d949daa2a0e7d34c4da28294ac4cf7662fb7a6e0398b

SHA512
5b5eb5f74eaf196c5933e55be7dbc8330a304392fb98b45347ead7f718e870d41d56d749bccdf93a5a3dea5eb19b5f619a9a3fb48807f5f19eb69403e1981c73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
107fecefb41b734980885137a0710c88

SHA1
703d74872dcf2eb10eca1d3951aa8c2b136293ae

SHA256
5e4556a628dd8707fdcee1e5bfd96ce8eb3469856a4170fd4f435e157178fcf6

SHA512
dc69720c2d9abd30666d9a03349edf409c759fc436c3beaeea02d442fa937de2f722192779bfa730ef5b08326f86259e3a293dd6e616821e0a220c3d4757d6a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
72df372ec7d882e89627eb658eb80541

SHA1
c3ff87e34f941df602ab4489b423ddd274b918e3

SHA256
09a0c1407f941e17c76aa4ec4e6f6399e33fd6b9e3ed5b5c2a8fe996a5320e5d

SHA512
e958f21fbfcd774528db9518d865a69428e157013bf968ce1764cd6f22e5c21550886008c54bd53dbd0b8edfee07b7527468dc5dbaf9dff01640df6dd42a5fad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
369B

MD5
fa559488dfa13811af05aff75d940fce

SHA1
31ad632fd82401d04a2d84ff0d58be17c2dd09d5

SHA256
f29b217a3753175a0bb378ae22be183e541970f109248dcc1d22d491b446920b

SHA512
da29033ea68c1ff74d3fba695bbb6199f90ddc8e568bc934ad4b68421adeb1d7bdea301bcaa3d807fbd54a6119eaa122d879049478b28f89c072b65b45f15c31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1020B

MD5
79ea1d7816dad55f4bb6b407d38073f0

SHA1
29e9682f1c5b8bb852faaa18c034a2c8db7262ef

SHA256
55d2ac5cfba76fd5db73d5e1c6e1ae4ca0d55ab330b62485c032a2398a7ad2bf

SHA512
2a59519a6bead317ec5652eff372b374b5f4dd28fd5c0af006bd7b4b32ed0e7009c623a0c8a64d0a500de280c343ef4009d3fcc8b8b71eb31b48730aca698d00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
590b6392a16f7ce10605c45971167780

SHA1
47dc6af998c8d8629a1c6f39a139b4d0b8988774

SHA256
7e0b8dd0d74d416aaac2c32c113db8be4d771d88513c5b08b5ec3f9e94ac97ae

SHA512
17de13e6438fb7aeef0901c52a78564eb51b707af3a67203bb7ce6f5059ec48f1c4b817052a4f118c2135414e8ccf7eb8abc1c858f48a8d0c42828b4f5db38f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
70ea429042fe33b704d4378778ab31b7

SHA1
a4ccf3b29e7d49edf601fe0162797cf8aa5b3667

SHA256
29f59e2a9e382079b3827c200442d58926347c5e22c3cf0e8b491ccb1b20f610

SHA512
e5d3794f0d3f30c8550ec765dcf8b370ed12f0324c649d02dde06768522d5be6909483343180ae1c0eacda1142ea872daa0e01dd25290018e3e85a770f0a1037

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0a888d41308a65ec9ac48de9a3397957

SHA1
8873b8655ddf2e404d36e3c1556e44f52fd1693d

SHA256
aaca75f2f788ce200e7b1b7eafbbb0fa538523f0d28b08660fadbae1c898627c

SHA512
2f640bf8359750963bf4008968c6371dbfbd999a28affb2d5b5ac780aa5c4ee72b02bc778a8209551d122baaa31288eec0056eab3a4eb6c8d806c4ce1f350608

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
369B

MD5
18a0b1580656db5e5bfae73d852f3257

SHA1
497ecffc6a2bc115877aaf8dd640fab961aa8dd1

SHA256
d60fcb5d3d1a2693013c33640b5bd1a20bbafbbb896464e2e83510bc2df669ac

SHA512
098fcd1ff4f273f9335dfcb8017702ea1abbfa6c365aefe8c2c3193332f313ea6291d0cb0a1b002f7ed20374f6616dd51830ed602231f4d736414f8cec3d7f68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
369B

MD5
d8f7a491fc5f2772e4d63776fb317c76

SHA1
82e66b82a85854a4305fde00f7a34f918c2b52bb

SHA256
ca8fb7cf4c22a99c4dd5325ae8e98ea4420dcadb53c26e8c1ca8a25d0aecb5ba

SHA512
140028741ccbd86bd3d6f75a75d2b2588a0d2b04f37863632a6c55c2c32b09f3c911b5a9277f7d0218b74fc349fa5c2f85ada2a8f927e3fe56b20ea1677d0177

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4c00d4eb93382794602245775cc80635

SHA1
390057491d0a8383bc595fe4cdda575fb3ed621f

SHA256
3be3651ded21080288547191b82aa2bc7c5112b490df288c1190b34ec4c968d9

SHA512
1154cbdae52954823ee5b865492e7a07ece0ec9917f7e24e5e3dbf123ba3e3105bb55b27bbff1255b3465059a8a87ae89f3c4478b2a044a6710843b8e05e29ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
369B

MD5
63a9ba871aa165006e0caab1c7a584a9

SHA1
f4d20d65adc5ea85eb95868ab87ecb3c653aa3f3

SHA256
b10f09bb8554ec41b57d62846144b87f961adc1f8d9acbbc8686f869a23a49ca

SHA512
95779a76ef3d0c54d1418e628693796e3675e6128e61ffbc15aca205e1fd9af9c422e93d0505b5aa08a363251e13664bbf9aea71092a93f247d812f5b60fd079

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
17abe49778c5fe73ab26e61d0006ef81

SHA1
ec86b0f47980f0e1b3873ce67709352aefb93ab3

SHA256
e3275eadd40e04a5406637b7a4bbd1aa7f3cf5379f961b6eab283790706044d0

SHA512
71ce62f6828ac5e5997dd7947740dc85e0f601618936ae558a99696502d62ecb5daed8e7201837d57cbe28f7ad1c0ef8dbd60620eb93891df0d3280cc68e2b30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9961eb91ecce47702f13f4ccf09a6f94

SHA1
6e3a5dc5e50fb3dbdf1771430605dc04e71df81a

SHA256
1e442822835a34f312c890547d880c8bf7198a02d3a04254ac8b6c0094158f87

SHA512
9ea7b7d437983e9cccd01f8807196d9f7f9c718a28659bccdd900edbbacb9b3546363352678c29320b3011793cab4447bc5880fc38e05441102d6a3c8631c336

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
501e33ba9306902d74dd597e6e43f52e

SHA1
32ee766a1cc8a56f94601d2f6a2b9e99cb65d3d8

SHA256
23c26e342a89ee98d8d74ade11e6e2becbfd19feb647fa250d7a1b7e4f209140

SHA512
ae5baa2e2314a3ac75a9cb482652d64bfd1ba9274090f2eb74595170ca30cd0db8176c507664a088d07f0f89c602f2213ccf186d3568be44c347873103192d05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d0cde596df58ecfbf045e5db3e4fa3a7

SHA1
572ed31bc138a3725bf6c895e8ca8b999a48768b

SHA256
bbccd3e7bb5826aff55be8a6eccec3a79afa5181bff981f85d70e41a9901a6c9

SHA512
2b72d025ce38e3cdf2bdb98ca0ee5230419fd2b1f5e62a68273b1d2efef24b73d6636e9a54baecaf426d83c1f433379b040126d22c1f6ba0de5982ebf64be255

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5f530be2f1e3eba3c306a4b0beb0d053

SHA1
9bffb1c0ac2705612583b9980adea34e1752ebcc

SHA256
d5ba100b0d75bb47296851685df28212961df35234ce221cb454d1415f62fb21

SHA512
3ed8560efb8954dd09347c001826345efe3236abe9fed63d5c69ddf90ad485de8a02df59668068f5f920fb91a65d6723de0d4af550165efd00ec907c97a021bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bd16f60d5ff1d8fcf567735e0f2b15cd

SHA1
4cbac25a7b82575fae184a0927ff51a8ccd62912

SHA256
54ca6dd01d24ce1eaaa2b8f8d1d8039f3d5c560e372cb255382970a05dd0e49d

SHA512
2cc33dddb511dec6cb6e32d5a8bd79742983b63533dd0e71135651113e932c636da75776274af0b953cfa053fb2de4be4c56f7930942b3a719f91caaa0b2d707

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8fec54418ea48606a270daa7e2e41368

SHA1
732964f346858f03aa45b3fddf6126f5d34705f0

SHA256
4f233a850977b3d2bbef3a0a8b465231a6105c228976a597292615e78a696aad

SHA512
93ee9d2b8a8006cf113a096ff00e31d7a018cf563ec7c5523b621bcbaa36c6db3a4e311b9206b52d14db56f9335d60973c38676dfb691dc424d8fbe34a900b60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
05540943c37e09f1777b9b3817cd2ccb

SHA1
fcafc631d4fe29bb6062fba15afc7ce72adcddd4

SHA256
9eb1bebbd149bf7c901a23895656c84a620a56c99deb515d6f40e40a5640fb39

SHA512
782670641dec90fba855d11798af78463ed6a028a220c25644bf6cc8f174cf7d578d89b9308b18fc434fdea6fa734798fd7489a81d7a72d777b5c6a87779ef53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
acd25b825d616138b1cca29ac35637c1

SHA1
9ddc791bdef4c6e24b04b37094b06ff733580726

SHA256
550d51ede7e0f36c277953fdcbdafc0dddefe6aafa4ae498ece349514279b636

SHA512
5c24877bdb2c0f2a711a8c436e05de6220c810c790627e2e7a39f29bf49f22c7f4421c9200c1444c8d5feadd64a55f1718ee1f423d7195cd51a5d5f2325751e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d32d7db4f8667df921740c1f7537d390

SHA1
8e60550f0206835c9143410ebd4823fc05381c59

SHA256
beeb1851c6036e9f6ed035b82dd5008809800732bdc14486101137c096ecb6a6

SHA512
711c779f33e9bcd3a35c0f01217fb0544babb1906947591774132023ae709253a77eed736fd7b89724e3e2c8888a7d6b7d69952d94c1839746c91d050950769e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\blob_storage\1180fe04-0896-48fd-9e92-74658a213239\5

Filesize
652KB

MD5
72e4d8a17f41d91a2036284a2326f1e9

SHA1
71fddf428bb76d58e5345901b1811e8cf60d1463

SHA256
8e3bace7f8e4e433c28dd55557277581db953d735002f72d4a9bf2c1586154de

SHA512
cbe25457bd1fdcd6187c95d7e69f356357bed8aea330abee02bff29109e4c9ef6d90b3664af45c508fc496a41d49078c58b33eef71fb6900aeb33de694edce70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
256KB

MD5
39296364e9c4ba2036dacdb79d78c855

SHA1
d681118b9fdd36c0a8c3a69236c9c733bf2961b0

SHA256
28760f27e6c151376174bff7a4ae44307b746b9223a097fee8ecb57b5ffa8373

SHA512
b0ca44e176e0873efc3d40d99665f1fe5438d1c584ab7c516181c73d6ce024e4e319b15d82839d8751921e737ed5a9a29170ce19ff83a9c3564630511c8ddbf9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
256KB

MD5
e39025bb3013137c6ede049dad7c71f8

SHA1
d2cc6218e01041f2965abd7f03a032ea3fea88fb

SHA256
acb726d1f42a5c6fb25bdae997eecb51906bc651b2ea0de141f86c7ba348b3c9

SHA512
8dea4d3cde5a406857383905552377421ad5ebf34344c75b21cc78890435350795c7d7d9bdc01c5b236a9e50c26e88fdba08e44ab487f56347b09d579cfe9da9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
256KB

MD5
207e7532eb38a79b554fcea482989eed

SHA1
8427195bca2510f29139ea6e24180ffd75ab05f8

SHA256
e9c192db32488b1960fafdfe3e965ba0ef848832ea65e305adacefb7b48cc479

SHA512
22c9d405674c24f560d0fc5e03828f07defbd85201c20cdbc66706bf40282785a314997428fdd44f1620d13e678924a52474eaf7d21ed4914b1a1108b9ae4fcb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
894b7ebc418d8a8022182b34a38b385a

SHA1
6b000976c63c10db509d7ad667b825d381eb68b4

SHA256
a295b9ee6eb3f0cc032404b44c6d6f9cdc74f37f6d9300a03e46ba38053dcddd

SHA512
1552735e52db468843037aa00d54f7c3344a6844d0d9c241159535b1ee876dd18641da302b82947af3c84dbe8a21fcbecc7436bc117abd58a9d24eda2657700f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe68cf05.TMP

Filesize
97KB

MD5
70799f4222dca2251ff6f0f0f7725765

SHA1
51cb00256b13e72f03815f8803dffef9272ded35

SHA256
1c91723862eab1cf100907a3d8fc799f189179b807d5fa8c2ecdb72f54be46eb

SHA512
46f6ea8be5a8e10e889b70b911cd23871309055d101305f99cc527a8412c5ac1478d4214e77187de7ba3461aca5489805736fb89ae513e2cebd918c40c103eb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS022CA618\Assets\backicon.png

Filesize
15KB

MD5
7ff5dc8270b5fa7ef6c4a1420bd67a7f

SHA1
b224300372feaa97d882ca2552b227c0f2ef4e3e

SHA256
fa64884054171515e97b78aaa1aad1ec5baa9d1daf9c682e0b3fb4a41a9cb1c1

SHA512
f0d5a842a01b99f189f3d46ab59d2c388a974951b042b25bbce54a15f5a3f386984d19cfca22ba1440eebd79260066a37dfeff6cb0d1332fca136add14488eef

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS022CA618\Assets\checked_gray.png

Filesize
538B

MD5
ce144d2aab3bf213af693d4e18f87a59

SHA1
df59dc3dbba88bdc5ffc25f2e5e7b73ac3de5afa

SHA256
d8e502fab00b0c6f06ba6abede6922ab3b423fe6f2d2f56941dabc887b229ad3

SHA512
0f930edd485a0d49ef157f6cc8856609c087c91b77845adeb5cc8c8a80ebc7ec5416df351ffa1af780caad884dbb49dcc778b0b30de6fb7c85ffef22d7220ebe

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS022CA618\Assets\close_red.png

Filesize
15KB

MD5
93216b2f9d66d423b3e1311c0573332d

SHA1
5efaebec5f20f91f164f80d1e36f98c9ddaff805

SHA256
d0b6d143642d356b40c47459a996131a344cade6bb86158f1b74693426b09bfb

SHA512
922a7292de627c5e637818556d25d9842a88e89f2b198885835925679500dfd44a1e25ce79e521e63c4f84a6b0bd6bf98e46143ad8cee80ecdbaf3d3bc0f3a32

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS022CA618\Assets\close_red_click.png

Filesize
15KB

MD5
6db7460b73a6641c7621d0a6203a0a90

SHA1
d39b488b96f3e5b5fe93ee3eecb6d28bb5b03cf3

SHA256
d5a7e6fc5e92e0b29a4f65625030447f3379b4e3ac4bed051a0646a7932ce0cd

SHA512
a0e6911853f51d73605e8f1a61442391fad25ff7b50a3f84d140d510fd98e262c971f130fb8a237a63704b8162c24b8440a5f235f51a5c343389f64e67c1c852

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS022CA618\Assets\close_red_hover.png

Filesize
15KB

MD5
5ceab43aa527bc146f9453a1586ddf03

SHA1
88ffb3cadccb54d4be3aabf31cf4d64210b5f553

SHA256
7c625ae4668cc03e37e4ffc478b87eace06b49b77e71e3209f431c23d98acdd0

SHA512
8a5c81c048fb7d02b246ed23a098ae5f95cdf6f4ca58fd3d30e4fe3001c933444310ca6391096cfaeed86b13f568236f84df4ea9a3d205c0677e31025616f19e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS022CA618\Assets\custom.png

Filesize
17KB

MD5
03b17f0b1c067826b0fcc6746cced2cb

SHA1
e07e4434e10df4d6c81b55fceb6eca2281362477

SHA256
fbece8bb5f4dfa55dcfbf41151b10608af807b9477e99acf0940954a11e68f7b

SHA512
67c78ec01e20e9c8d9cdbba665bb2fd2bb150356f30b88d3d400bbdb0ae92010f5d7bcb683dcf6f895722a9151d8e669d8bef913eb6e728ba56bb02f264573b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS022CA618\Assets\installer_bg.jpg

Filesize
42KB

MD5
162c23f5962381efba79be503b41089c

SHA1
fc5a95e6eb2bb015fe27457873528c24b3bc459d

SHA256
04d70d0968675290294df78800ed48fe4a681a72803405fbdc541b927b445457

SHA512
9bd6e634d6cb362ab40f2646ca59a865f05e6049ac55b9d03b3df1f8e853715119438771196a351ca98c6cb61a212bbc0bedb7bf2d306563f6198353a7680c54

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS022CA618\Assets\installer_logo.png

Filesize
7KB

MD5
d6f746b61d5c91d6688faab54ecc74c3

SHA1
9581cafbc93d6189c7e0633bd43dfd017510f731

SHA256
ed7e205b0ccdd454d4fa47c48834ad36a6e9fb51f4042a2dcd39a7fe01244d95

SHA512
0139711388976628ebd46a2f1dc7e0c38184d3b4ab63a8f2b6c8cd9e6032cddcd2dafb8ce4ab3ba8008beba9d6c3e444577cd7953bb48e39635e5c9666fdf478

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS022CA618\Assets\installer_minimize.png

Filesize
113B

MD5
38b539a1e4229738e5c196eedb4eb225

SHA1
f027b08dce77c47aaed75a28a2fce218ff8c936c

SHA256
a064f417e3c2b8f3121a14bbded268b2cdf635706880b7006f931de31476bbc2

SHA512
2ce433689a94fae454ef65e0e9ec33657b89718bbb5a038bf32950f6d68722803922f3a427278bad432395a1716523e589463fcce4279dc2a895fd77434821cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS022CA618\Assets\loader.png

Filesize
279B

MD5
03903fd42ed2ee3cb014f0f3b410bcb4

SHA1
762a95240607fe8a304867a46bc2d677f494f5c2

SHA256
076263cc65f9824f4f82eb6beaa594d1df90218a2ee21664cf209181557e04b1

SHA512
8b0e717268590e5287c07598a06d89220c5e9a33cd1c29c55f8720321f4b3efc869d20c61fcc892e13188d77f0fdc4c73a2ee6dece174bf876fcc3a6c5683857

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS022CA618\Assets\setpath.png

Filesize
15KB

MD5
b2e7f40179744c74fded932e829cb12a

SHA1
a0059ab8158a497d2cf583a292b13f87326ec3f0

SHA256
5bbb2f41f9f3a805986c3c88a639bcc22d90067d4b8de9f1e21e3cf9e5c1766b

SHA512
b95b7ebdb4a74639276eaa5c055fd8d9431e2f58a5f7c57303f7cf22e8b599f6f2a7852074cf71b19b49eb31cc9bf2509aedf41d608981d116e49a00030c797c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS022CA618\Assets\unchecked_gray.png

Filesize
192B

MD5
e50df2a0768f7fc4c3fe8d784564fea3

SHA1
d1fc4db50fe8e534019eb7ce70a61fd4c954621a

SHA256
671f26795b12008fbea1943143f660095f3dca5d925f67d765e2352fd7ee2396

SHA512
c87a8308a73b17cbdd179737631fb1ba7fdaeb65e82263f6617727519b70a81266bb695867b9e599c1306ee2cf0de525452f77ce367ca89bf870ea3ae7189998

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS022CA618\BlueStacksInstaller.exe

Filesize
553KB

MD5
e2f76998386537e04ee05948a6de71cc

SHA1
f8b520a6c8f57d76ac80eacaa18d258a9e7608b1

SHA256
8f54529ae01fa273ac1dc588318ed174704bff9248b6770b24cfcd9497b9ecba

SHA512
0a412e44accbaa4003374b88db54231584ca6566905e115d3aa52c602a36721bf00c449763336440492fae6b2a9f697556a7a3af234bdefc5bd930f7d4c49104

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS022CA618\BlueStacksInstaller.exe.config

Filesize
324B

MD5
1b456d88546e29f4f007cd0bf1025703

SHA1
e5c444fcfe5baf2ef71c1813afc3f2c1100cab86

SHA256
d6d316584b63bb0d670a42f88b8f84e0de0db4275f1a342084dc383ebeb278eb

SHA512
c545e416c841b8786e4589fc9ca2b732b16cdd759813ec03f558332f2436f165ec1ad2fbc65012b5709fa19ff1e8396639c17bfad150cabeb51328a39ea556e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS022CA618\HD-CheckCpu.exe

Filesize
211KB

MD5
764ac83167adcd8d2273f6bff7d769b2

SHA1
bf6a46b8c03d7efb16fdd6e4ce0a5e4362f41957

SHA256
e81e0444ba2deb4056872d1c4f9b01971bb4fb376c6434c942718da7c39190bf

SHA512
a3a484aaf5cfdff1c198c37f3055409dc066646db3d61e74bfef2b4ce212d95fd43d3e3b239e080ba9fab62eae23cd4b54b6b466fad3192845b43d4212ccd667

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS022CA618\JSON.dll

Filesize
411KB

MD5
f5fd966e29f5c359f78cb61a571d1be4

SHA1
a55e7ed593b4bc7a77586da0f1223cfd9d51a233

SHA256
d2c8d26f95f55431e632c8581154db7c19547b656380e051194a9d2583dd2156

SHA512
d99e6fe250bb106257f86135938635f6e7ad689b2c11a96bb274f4c4c5e9a85cfacba40122dbc953f77b5d33d886c6af30bff821f10945e15b21a24b66f6c8be

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS022CA618\Locales\i18n.en-US.txt

Filesize
14KB

MD5
9c034eae201c90c384a94d42ed25f07e

SHA1
fb61f7409843cddd7ec55ab05cabb3389571583a

SHA256
f8febb66a7363e4245e9516b452d0d9947b86100f25bf5072d93a0fec654b469

SHA512
2c20f0c91b9ccc768bed62c24f4bdcc6ca8667b0435bc298ed93896683fe37a7c9c97bab47d6cd33c0f4f5eea532b921374ff072a36e3a760cf54e0bcb20e548

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS022CA618\ThemeFile

Filesize
51KB

MD5
3c27210a0c28b501d3dfc4d83c5bbebf

SHA1
b01e46f6f62a39c56b1f94d8a457cff82bb287ce

SHA256
78f6c1b91732691689fa9ecc97356dd1523fea637c6b56bd906b64eff347de55

SHA512
2a671879c59c1da0ce9ff583a28810bfb8ea1b530a458819a6c5a20f266660362f5ffd06f64f27241979027d66d00588c43c886de7715060e032780066eafed4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Assets\installer_bg_1.jpg

Filesize
89KB

MD5
d5521b02ccbe5e1716de2922e5a663f4

SHA1
e850ab791b7aa465c0d676a0bcf17e4ca60ea1bd

SHA256
427039f8968a4e518c37bddde86de314b476d55a52a0cdaa8f45e6266a8ed08b

SHA512
025d3bdaa02e93e309d187a34a3b1fdaada262b444363d5d36eba5888f0449efbbe118622cfeee09123693b783844ee094078ad243fd8c070a670126dd08c8c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Assets\installer_bg_2.jpg

Filesize
121KB

MD5
2f0acb01bbfd565f803eff0e12d4f74f

SHA1
521f2cde14fa7be049ba11336cd344ce335b487f

SHA256
7cc477b38d05c7002621a51d04d2c2d9f943be5115abae1d8bcbd2def49de54e

SHA512
c3c97c7a2d66bd6c5f901ba06282fbc1c7cbf8a62d9b3e5c1f63882113addcfc9dfefcf03c6abe96c52bc4c2c4e09939e35a1e8cb9615a82024e0d50d9dd5eef

Download Submit
C:\Users\Admin\AppData\Local\Temp\Assets\installer_bg_3.jpg

Filesize
99KB

MD5
1d5e7e72dcb6d1141976c6519ed381ea

SHA1
b478ad52c2d116c121d4a95b150790975d6b34bc

SHA256
e5488121a3155d4d770105ab35d2d50270cc8fe0e71db4c46b4aec72580357f1

SHA512
04857e8b9735bdcd876a8cdae0857a7700403c83cb069156b0db0d23851f5a3af2e632a6ecda5291bc7c06427c905ce2b6db74ea427a8b3047812533b2105dd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Assets\installer_bg_4.jpg

Filesize
94KB

MD5
29c1bfef2bda9451a54554492d56a66b

SHA1
644788f16bf137546fddec47bdf6596dfb5e32fa

SHA256
3ff5f2fe5659543e141f0abb835e9e3d21adac4f36206ec6454d0d182dd64443

SHA512
cc1f640f36a2907c9ba133be6a5214c49e912bd0b0e7c54d59a7d67938c79a2a5d9d047eb9c92680fb657a22da8a3ddc9a48c5983399f8ad4406108c37755e87

Download Submit
C:\Users\Admin\AppData\Local\Temp\Assets\installer_bg_5.jpg

Filesize
87KB

MD5
ffa3db7ab9e75972e5e8ba1f9f2b61de

SHA1
4229e04326e71bd1eae100377316e6b3c6206901

SHA256
423dba72b462e2595f608bc6e66bfe35869aa5b240791a30432b89b3ab0547ba

SHA512
2afed67571e384f79d3d15ce154166f27c4e5c12f36e8f1a4f497d0d2de1b64d0795692a7ab48bcb71278b3ed67dcb97520ec79932560e348c1d4a59ca8e2d90

Download Submit
C:\Users\Admin\AppData\Local\Temp\Assets\installer_bg_6.jpg

Filesize
101KB

MD5
fd5577e8af1f1c05f24ec84b503d5161

SHA1
334a43f4601802e0b3fc48e3f9ab1bc2f4185a59

SHA256
9d97256abf52aab13fdaecac6addfb999a27abce3023a70c77664e68663c6fc9

SHA512
3617d78682ebf6f814f6e6d7ee6907c924f4bde36f0def24b947b2eba2310678be28ac56af5e9948080a0277ccddaa34157768144e5778875ba697bed767c6bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Assets\installer_bg_7.jpg

Filesize
104KB

MD5
55324be215073dbb15e94c8badac14df

SHA1
175679549fba2d1fe5cde27462165e31464cab01

SHA256
1ab4953190aeb9e7e5c2cb7d58aa13508906d982c2a8435ba50c709cd6b597c8

SHA512
fb60240ed1d7dc2735a5f458ef2f4361521d8c1ea9e583280bb0c29d10e5a66afbf63113e5b794b559d1db7b29dd32e0d403f971bfe4740c5a68c942455acf9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Assets\installer_bg_8.jpg

Filesize
93KB

MD5
3510f0529819708a1594e65e90148be6

SHA1
0d14b8237d35a17e97135ea6eef03e4851b00b6f

SHA256
3c947b7946c9e92318880bb5d31fb600b9d32476fade9ed0ee9c9c7c714f6a57

SHA512
53441e7bf99d462a62cf50c1151bb73702fe14bfa638630995aa1e119498c23cb11ff5bbef8e46310215515ed3284d6d64687a18a2427b40e212409cbad9daef

Download Submit
C:\Users\Admin\Downloads\HorrorKrabs.zip.crdownload

Filesize
3.4MB

MD5
98090ac6840b6f75ca15d63270de82bc

SHA1
d7becd3c9cba3c52b6ff87ff9a0ac40cdb1647a0

SHA256
1ae4d32be8ba7e066573bae52c4153338e0cb1e41ad019458304f7e811e963c5

SHA512
4e46b485fc837392b6f45abfd445d3a41194e6d3e3b5a415b4ffbe52dff28d1b62375f6fd9ba03941686c60e5b3eeca7ac4fa21c675035cd750f5cc0335ca935

Download Submit
memory/2408-122-0x000000001B230000-0x000000001B240000-memory.dmp

Filesize
64KB

Download
memory/2408-158-0x000000001B230000-0x000000001B240000-memory.dmp

Filesize
64KB

Download
memory/2408-129-0x000000001B230000-0x000000001B240000-memory.dmp

Filesize
64KB

Download
memory/2408-144-0x000000001FD50000-0x000000001FD58000-memory.dmp

Filesize
32KB

Download
memory/2408-157-0x000000001B230000-0x000000001B240000-memory.dmp

Filesize
64KB

Download
memory/2408-126-0x000000001C2D0000-0x000000001C7F8000-memory.dmp

Filesize
5.2MB

Download
memory/2408-130-0x000000001EA00000-0x000000001EA38000-memory.dmp

Filesize
224KB

Download
memory/2408-153-0x00007FFE5E7F0000-0x00007FFE5F2B1000-memory.dmp

Filesize
10.8MB

Download
memory/2408-125-0x000000001B230000-0x000000001B240000-memory.dmp

Filesize
64KB

Download
memory/2408-121-0x000000001B4F0000-0x000000001B558000-memory.dmp

Filesize
416KB

Download
memory/2408-160-0x000000001B230000-0x000000001B240000-memory.dmp

Filesize
64KB

Download
memory/2408-265-0x00007FFE5E7F0000-0x00007FFE5F2B1000-memory.dmp

Filesize
10.8MB

Download
memory/2408-118-0x00007FFE5E7F0000-0x00007FFE5F2B1000-memory.dmp

Filesize
10.8MB

Download
memory/2408-117-0x00000000005B0000-0x000000000063E000-memory.dmp

Filesize
568KB

Download
memory/2408-131-0x000000001C270000-0x000000001C27E000-memory.dmp

Filesize
56KB

Download