hxxps://cdn[.]discordapp[.]com/attachments/1192712279108620338/1236322350816039042/velocitysniper[.]exe?ex=6637966a&is=663644ea&hm=6090665a4aff0b81396dde384be14ac83152525544ec6c9bb378eee9e2e87b4b&

Resubmissions

04/05/2024, 17:23

240504-vx5pxscc8z 8

04/05/2024, 16:47

240504-vaqx9aee87 8

Analysis

max time kernel
2100s
max time network
2085s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
04/05/2024, 16:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/1192712279108620338/1236322350816039042/velocitysniper.exe?ex=6637966a&is=663644ea&hm=6090665a4aff0b81396dde384be14ac83152525544ec6c9bb378eee9e2e87b4b&

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Control Panel\International\Geo\Nation	javaw.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Control Panel\International\Geo\Nation	javaw.exe

Executes dropped EXE 64 IoCs

pid	Process
1808	velocitysniper.exe
4436	java.exe
3536	java.exe
4852	java.exe
4228	java.exe
1896	java.exe
4628	java.exe
1780	java.exe
1748	javaw.exe
424	java.exe
3564	java.exe
2176	java.exe
2760	java.exe
4764	java.exe
1204	java.exe
3408	java.exe
1376	javaw.exe
2988	Git-2.45.0-64-bit.exe
3808	Git-2.45.0-64-bit.tmp
4424	git.exe
4348	git.exe
4136	git.exe
816	git.exe
1356	git.exe
3120	git.exe
2292	git.exe
1040	git.exe
1084	git.exe
5064	git.exe
1720	git.exe
2536	git.exe
4600	git.exe
4864	git.exe
1540	git.exe
2740	scalar.exe
4584	scalar.exe
2208	bash.exe
292	bash.exe
2276	bash.exe
3876	ln.exe
2336	bash.exe
556	cygpath.exe
2284	bash.exe
2500	expr.exe
612	bash.exe
4992	cp.exe
4116	bash.exe
2776	cygpath.exe
3344	bash.exe
2376	expr.exe
1772	bash.exe
4968	cp.exe
5004	bash.exe
880	cygpath.exe
1040	bash.exe
2844	expr.exe
4132	bash.exe
2248	cp.exe
1220	bash.exe
1928	cygpath.exe
1436	bash.exe
2736	expr.exe
348	bash.exe
812	cp.exe

Loads dropped DLL 64 IoCs

pid	Process
4728	MsiExec.exe
1976	MsiExec.exe
3008	MsiExec.exe
3008	MsiExec.exe
3008	MsiExec.exe
3008	MsiExec.exe
2760	MsiExec.exe
2760	MsiExec.exe
2760	MsiExec.exe
2760	MsiExec.exe
2760	MsiExec.exe
2760	MsiExec.exe
2760	MsiExec.exe
2760	MsiExec.exe
2760	MsiExec.exe
2760	MsiExec.exe
2760	MsiExec.exe
2760	MsiExec.exe
4228	MsiExec.exe
4228	MsiExec.exe
4228	MsiExec.exe
4228	MsiExec.exe
4228	MsiExec.exe
4228	MsiExec.exe
4228	MsiExec.exe
4228	MsiExec.exe
4228	MsiExec.exe
4228	MsiExec.exe
4228	MsiExec.exe
4228	MsiExec.exe
4228	MsiExec.exe
4228	MsiExec.exe
3536	java.exe
3536	java.exe
3536	java.exe
3536	java.exe
3536	java.exe
3536	java.exe
3536	java.exe
3536	java.exe
4228	java.exe
4228	java.exe
4228	java.exe
4228	java.exe
4228	java.exe
4228	java.exe
4228	java.exe
4228	java.exe
4228	java.exe
4228	java.exe
4228	java.exe
1896	java.exe
1896	java.exe
1896	java.exe
1896	java.exe
1896	java.exe
1896	java.exe
1896	java.exe
1896	java.exe
1780	java.exe
1780	java.exe
1780	java.exe
1780	java.exe
1780	java.exe

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
1376	icacls.exe

Blocklisted process makes network request 2 IoCs

flow	pid	Process
148	4448	msiexec.exe
327	2776	msiexec.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 64 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
83	camo.githubusercontent.com
84	camo.githubusercontent.com
85	camo.githubusercontent.com
81	camo.githubusercontent.com
82	camo.githubusercontent.com

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\system32\WindowsAccessBridge-64.dll	MsiExec.exe
File opened for modification	C:\Windows\system32\WindowsAccessBridge-64.dll	MsiExec.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Go\src\archive\zip\testdata\test.zip	msiexec.exe
File created	C:\Program Files\Go\src\runtime\testdata\testprogcgo\stackswitch.c	msiexec.exe
File created	C:\Program Files\Go\src\syscall\zsysnum_openbsd_riscv64.go	msiexec.exe
File created	C:\Program Files\Go\test\fixedbugs\issue5809.go	msiexec.exe
File created	C:\Program Files\Go\test\fixedbugs\issue29402.go	msiexec.exe
File created	C:\Program Files\Go\src\cmd\internal\obj\s390x\listz.go	msiexec.exe
File created	C:\Program Files\Go\src\sync\oncefunc_test.go	msiexec.exe
File created	C:\Program Files\Go\src\runtime\defs_arm_linux.go	msiexec.exe
File created	C:\Program Files\Go\src\encoding\json\tags.go	msiexec.exe
File created	C:\Program Files\Go\src\crypto\internal\nistec\p224.go	msiexec.exe
File created	C:\Program Files\Go\test\fixedbugs\issue22389.go	msiexec.exe
File created	C:\Program Files\Go\src\cmd\asm\internal\asm\testdata\avx512enc\avx512_4vnniw.s	msiexec.exe
File created	C:\Program Files\Go\src\cmd\gofmt\testdata\stdin7.golden	msiexec.exe
File created	C:\Program Files\Go\src\sync\atomic\doc.go	msiexec.exe
File created	C:\Program Files\Go\test\fixedbugs\issue64826.go	msiexec.exe
File created	C:\Program Files\Go\test\fixedbugs\bug331.go	msiexec.exe
File created	C:\Program Files\Go\src\internal\fuzz\mutator_test.go	msiexec.exe
File created	C:\Program Files\Go\src\crypto\internal\edwards25519\field\fe_amd64.go	msiexec.exe
File created	C:\Program Files\Go\test\fixedbugs\issue5470.dir\a.go	msiexec.exe
File created	C:\Program Files\Go\src\math\big\prime.go	msiexec.exe
File created	C:\Program Files\Go\src\debug\dwarf\testdata\bitfields.c	msiexec.exe
File created	C:\Program Files\Go\src\cmd\vendor\golang.org\x\sys\unix\zsysnum_openbsd_arm64.go	msiexec.exe
File created	C:\Program Files\Go\test\fixedbugs\issue32595.dir\main.go	msiexec.exe
File created	C:\Program Files\Go\src\net\mail\message_test.go	msiexec.exe
File created	C:\Program Files\Go\test\fixedbugs\issue4283.go	msiexec.exe
File created	C:\Program Files\Go\src\crypto\internal\nistec\p521.go	msiexec.exe
File created	C:\Program Files\Go\test\typeparam\dedup.dir\c.go	msiexec.exe
File created	C:\Program Files\Go\src\runtime\mgcwork.go	msiexec.exe
File created	C:\Program Files\Go\test\fixedbugs\issue19467.dir\mysync.go	msiexec.exe
File created	C:\Program Files\Go\src\runtime\tls_riscv64.s	msiexec.exe
File created	C:\Program Files\Go\src\runtime\testdata\testfds\main.go	msiexec.exe
File created	C:\Program Files\Go\src\os\sys_aix.go	msiexec.exe
File created	C:\Program Files\Go\src\cmd\go\testdata\script\install_cgo_excluded.txt	msiexec.exe
File created	C:\Program Files\Go\src\net\http\internal\chunked.go	msiexec.exe
File created	C:\Program Files\Go\src\math\big\arith_decl_pure.go	msiexec.exe
File created	C:\Program Files\Go\src\cmd\go\testdata\script\mod_get_fallback.txt	msiexec.exe
File created	C:\Program Files\Go\src\cmd\cgo\internal\testcarchive\testdata\libgo\libgo.go	msiexec.exe
File created	C:\Program Files\Go\src\cmd\compile\internal\ssa\copyelim.go	msiexec.exe
File created	C:\Program Files\Go\src\cmd\go\internal\lockedfile\internal\filelock\filelock_fcntl.go	msiexec.exe
File created	C:\Program Files\Go\src\runtime\cgo\gcc_windows_386.c	msiexec.exe
File created	C:\Program Files\Go\src\runtime\crash_cgo_test.go	msiexec.exe
File created	C:\Program Files\Go\src\debug\elf\testdata\gcc-amd64-openbsd-debug-with-rela.obj	msiexec.exe
File created	C:\Program Files\Go\src\cmd\compile\internal\ir\sizeof_test.go	msiexec.exe
File created	C:\Program Files\Go\src\go\doc\comment\testdata\list2.txt	msiexec.exe
File created	C:\Program Files\Go\src\cmd\vendor\golang.org\x\tools\go\ast\inspector\typeof.go	msiexec.exe
File created	C:\Program Files\Go\src\fmt\state_test.go	msiexec.exe
File created	C:\Program Files\Go\src\cmd\cgo\internal\test\issue42018_windows.go	msiexec.exe
File created	C:\Program Files\Go\src\cmd\cgo\internal\test\issue30527\b.go	msiexec.exe
File created	C:\Program Files\Go\src\cmd\cgo\internal\testplugin\testdata\issue22295.pkg\main.go	msiexec.exe
File created	C:\Program Files\Go\src\cmd\vendor\golang.org\x\tools\go\analysis\passes\unmarshal\unmarshal.go	msiexec.exe
File created	C:\Program Files\Go\src\archive\tar\testdata\pax-nil-sparse-hole.tar	msiexec.exe
File created	C:\Program Files\Go\src\cmd\go\testdata\script\mod_get_fossil.txt	msiexec.exe
File created	C:\Program Files\Go\src\cmd\compile\internal\loopvar\testdata\for_complicated_esc_address.go	msiexec.exe
File created	C:\Program Files\Go\src\cmd\compile\internal\typecheck\stmt.go	msiexec.exe
File created	C:\Program Files\Go\test\fixedbugs\bug328.go	msiexec.exe
File created	C:\Program Files\Go\src\cmd\go\internal\modload\mvs_test.go	msiexec.exe
File created	C:\Program Files\Go\src\cmd\go\testdata\script\mod_tidy_temp.txt	msiexec.exe
File created	C:\Program Files\Go\src\go\doc\testdata\examples\import_groups_named.golden	msiexec.exe
File created	C:\Program Files\Go\test\fixedbugs\issue42876.go	msiexec.exe
File created	C:\Program Files\Go\test\typeparam\issue55101.go	msiexec.exe
File created	C:\Program Files\Go\src\cmd\go\testdata\mod\rsc.io_breaker_v2.0.0.txt	msiexec.exe
File created	C:\Program Files\Go\src\cmd\go\testdata\script\test_benchmark_1x.txt	msiexec.exe
File created	C:\Program Files\Go\src\cmd\go\internal\cfg\zdefaultcc.go	msiexec.exe
File created	C:\Program Files\Java\jdk-22\legal\jdk.dynalink\dynalink.md	MsiExec.exe

Drops file in Windows directory 46 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\MSI6815.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7241.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7266.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\e686186.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\SourceHash{C88E1536-B969-551C-BD73-956329A6D5B0}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI6836.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7240.tmp	msiexec.exe
File created	C:\Windows\Installer\e5be1f0.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e5be1f0.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7DD5.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7265.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI75B6.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF152.tmp	msiexec.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	javaw.exe
File opened for modification	C:\Windows\Installer\MSI6F30.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7277.tmp	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI67D2.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI67F4.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI6804.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI6857.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7254.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI6484.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI6763.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI67E3.tmp	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI6825.tmp	msiexec.exe
File created	C:\Windows\Installer\e686188.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI722F.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7253.tmp	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\{393945AA-EA94-415A-857C-0E0AEE321905}\gopher.ico	msiexec.exe
File created	C:\Windows\Installer\e686186.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7276.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI6858.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7242.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7252.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7278.tmp	msiexec.exe
File created	C:\Windows\Installer\e5be1f2.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI67D1.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI6847.tmp	msiexec.exe
File created	C:\Windows\Installer\SourceHash{393945AA-EA94-415A-857C-0E0AEE321905}	msiexec.exe
File created	C:\Windows\Installer\{393945AA-EA94-415A-857C-0E0AEE321905}\gopher.ico	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2003	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0051	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Capabilities	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0052	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Mfg	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0054	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0058	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0038	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0002	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0064	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0051	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0005	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004D	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\300A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0064	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0038	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0038	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0034	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0002	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0018	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0016	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0034	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0054	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0058	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004E	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\300A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2006	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0055	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004C	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0003	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Capabilities	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0058	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004E	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0055	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000A	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\ConfigFlags	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0065	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{3b2ce006-5e61-4fde-bab8-9b8aac9b26df}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\300A	svchost.exe

Checks processor information in registry 2 TTPs 22 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	java.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	java.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	java.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	java.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	java.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	java.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	java.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	msiexec.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	java.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	java.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	java.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	java.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	javaw.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	java.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	java.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msiexec.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	javaw.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	javaw.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	java.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	javaw.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	java.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	java.exe

Delays execution with timeout.exe 2 IoCs

evasion

pid	Process
3452	timeout.exe
5056	timeout.exe

Enumerates processes with tasklist 1 TTPs 3 IoCs

Process Discovery

T1057

pid	Process
340	tasklist.exe
1096	tasklist.exe
2616	tasklist.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 28 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\System	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1b\52C64B7E	MsiExec.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:"	MsiExec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1b\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1b	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Environment	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache	svchost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice\ProgId = "AppXq0fevzme2pys62n3e0fbqa7peapykr8v"	MsiExec.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\FileAssociations\ProgIds\_http = "1"	MsiExec.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1b	msiexec.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:"	MsiExec.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133593148571999303"	chrome.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice\Hash = "u0mzeXJFOyA="	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\FileAssociations\ProgIds	MsiExec.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1b\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1c	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Keyboard Layout	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Printers	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	MsiExec.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Control Panel	MsiExec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1A\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\EUDC	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections	svchost.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shell\git_shell	Git-2.45.0-64-bit.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LibraryFolder\background\shell\git_shell\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Git\\git-bash.exe\" \"--cd=%v.\""	Git-2.45.0-64-bit.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\Background\shell\git_gui	Git-2.45.0-64-bit.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LibraryFolder\Background\shell\git_gui	Git-2.45.0-64-bit.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AA54939349AEA51458C7E0A0EE239150\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AA54939349AEA51458C7E0A0EE239150\SourceList\Media\16 = ";"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6351E88C969BC155DB375936926A5D0B\AdvertiseFlags = "388"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\4F4A3A46297B6D117AA8000B0D022002	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AA54939349AEA51458C7E0A0EE239150\SourceList\Media\25 = ";"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\sh_auto_file\shell\open\command	Git-2.45.0-64-bit.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shell\git_gui\ = "Open Git &GUI here"	Git-2.45.0-64-bit.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AA54939349AEA51458C7E0A0EE239150\SourceList\Media\10 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AA54939349AEA51458C7E0A0EE239150\SourceList\Media\13 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.jar\ = "jarfile"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.sh\ = "sh_auto_file"	Git-2.45.0-64-bit.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\.jar	MsiExec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AA54939349AEA51458C7E0A0EE239150\AdvertiseFlags = "388"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\0567AE226CA41004FB924F8B77D51B0C\AA54939349AEA51458C7E0A0EE239150	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AA54939349AEA51458C7E0A0EE239150\SourceList\Media\2 = ";"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6351E88C969BC155DB375936926A5D0B\DeploymentFlags = "3"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6351E88C969BC155DB375936926A5D0B\Language = "1033"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6351E88C969BC155DB375936926A5D0B\SourceList\PackageName = "jdk-22_windows-x64_bin.msi"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\sh_auto_file\shell\open	Git-2.45.0-64-bit.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LibraryFolder	Git-2.45.0-64-bit.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.gitmodules\PerceivedType = "text"	Git-2.45.0-64-bit.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LibraryFolder\background\shell\git_shell\Icon = "C:\\Users\\Admin\\AppData\\Local\\Programs\\Git\\git-bash.exe"	Git-2.45.0-64-bit.tmp
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AA54939349AEA51458C7E0A0EE239150\Language = "1033"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AA54939349AEA51458C7E0A0EE239150\SourceList\Media\1 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AA54939349AEA51458C7E0A0EE239150\SourceList\Media\18 = ";"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6351E88C969BC155DB375936926A5D0B	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.gitignore\Content Type = "text/plain"	Git-2.45.0-64-bit.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\sh_auto_file\DefaultIcon	Git-2.45.0-64-bit.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\sh_auto_file\ShellEx\DropHandler	Git-2.45.0-64-bit.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\background\shell\git_gui\ = "Open Git &GUI here"	Git-2.45.0-64-bit.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AA54939349AEA51458C7E0A0EE239150\SourceList\Media\21 = ";"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance	java.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\6351E88C969BC155DB375936926A5D0B	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AA54939349AEA51458C7E0A0EE239150\ProductIcon = "C:\\Windows\\Installer\\{393945AA-EA94-415A-857C-0E0AEE321905}\\gopher.ico"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\sh_auto_file\ = "Shell Script"	Git-2.45.0-64-bit.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\background\shell\git_shell\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Git\\git-bash.exe\" \"--cd=%v.\""	Git-2.45.0-64-bit.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LibraryFolder\background\shell\git_gui\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Git\\cmd\\git-gui.exe\" \"--working-dir\" \"%v.\""	Git-2.45.0-64-bit.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AA54939349AEA51458C7E0A0EE239150\SourceList\Media\9 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6351E88C969BC155DB375936926A5D0B\PackageCode = "0B42627F985F2A141818AC5D631F2D50"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6351E88C969BC155DB375936926A5D0B\SourceList\Net\1 = "C:\\Users\\Admin\\Downloads\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\sh_auto_file\ShellEx	Git-2.45.0-64-bit.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.gitmodules\Content Type = "text/plain"	Git-2.45.0-64-bit.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\sh_auto_file	Git-2.45.0-64-bit.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\background\shell\git_shell\ = "Open Git Ba&sh here"	Git-2.45.0-64-bit.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\Background\shell\git_gui\command	Git-2.45.0-64-bit.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AA54939349AEA51458C7E0A0EE239150\SourceList\Media\4 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AA54939349AEA51458C7E0A0EE239150\SourceList\Media\14 = ";"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance	java.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\6351E88C969BC155DB375936926A5D0B\ToolsFeature	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6351E88C969BC155DB375936926A5D0B\SourceList\Media\1 = "DISK1;1"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LibraryFolder\background\shell\git_shell\command	Git-2.45.0-64-bit.tmp
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AA54939349AEA51458C7E0A0EE239150\InstanceType = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AA54939349AEA51458C7E0A0EE239150\SourceList\Media\17 = ";"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6351E88C969BC155DB375936926A5D0B\Version = "369098753"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AA54939349AEA51458C7E0A0EE239150\SourceList\Media	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AA54939349AEA51458C7E0A0EE239150\SourceList\Media\3 = ";"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6351E88C969BC155DB375936926A5D0B\AuthorizedLUAApp = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\java.exe\IsHostApp	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\javaw.exe\IsHostApp	MsiExec.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	velocitysniper.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	velocitysniper.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	velocitysniper.exe

Runs net.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1028	vlc.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
4748	chrome.exe
4748	chrome.exe
3212	msiexec.exe
3212	msiexec.exe
1032	msiexec.exe
1032	msiexec.exe
2272	chrome.exe
2272	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1028	vlc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 42 IoCs

pid	Process
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe
Token: SeShutdownPrivilege	2272	chrome.exe
Token: SeCreatePagefilePrivilege	2272	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe

Suspicious use of SendNotifyMessage 27 IoCs

pid	Process
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
2272	chrome.exe
1028	vlc.exe
1028	vlc.exe
1028	vlc.exe

Suspicious use of SetWindowsHookEx 41 IoCs

pid	Process
1028	vlc.exe
3452	java.exe
3452	java.exe
3452	java.exe
3452	java.exe
3452	java.exe
3452	java.exe
3452	java.exe
3452	java.exe
3452	java.exe
3452	java.exe
3452	java.exe
3452	java.exe
3452	java.exe
1748	javaw.exe
1748	javaw.exe
1748	javaw.exe
1748	javaw.exe
1748	javaw.exe
1376	javaw.exe
1376	javaw.exe
1376	javaw.exe
1376	javaw.exe
1376	javaw.exe
1376	javaw.exe
1376	javaw.exe
1376	javaw.exe
1376	javaw.exe
1376	javaw.exe
1376	javaw.exe
1376	javaw.exe
1376	javaw.exe
1376	javaw.exe
1376	javaw.exe
1376	javaw.exe
1376	javaw.exe
1376	javaw.exe
1376	javaw.exe
1376	javaw.exe
1376	javaw.exe
1376	javaw.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2272 wrote to memory of 2164	2272	chrome.exe	72
PID 2272 wrote to memory of 2164	2272	chrome.exe	72
PID 2272 wrote to memory of 5080	2272	chrome.exe	74
PID 2272 wrote to memory of 5080	2272	chrome.exe	74
PID 2272 wrote to memory of 5080	2272	chrome.exe	74
PID 2272 wrote to memory of 5080	2272	chrome.exe	74
PID 2272 wrote to memory of 5080	2272	chrome.exe	74
PID 2272 wrote to memory of 5080	2272	chrome.exe	74
PID 2272 wrote to memory of 5080	2272	chrome.exe	74
PID 2272 wrote to memory of 5080	2272	chrome.exe	74
PID 2272 wrote to memory of 5080	2272	chrome.exe	74
PID 2272 wrote to memory of 5080	2272	chrome.exe	74
PID 2272 wrote to memory of 5080	2272	chrome.exe	74
PID 2272 wrote to memory of 5080	2272	chrome.exe	74
PID 2272 wrote to memory of 5080	2272	chrome.exe	74
PID 2272 wrote to memory of 5080	2272	chrome.exe	74
PID 2272 wrote to memory of 5080	2272	chrome.exe	74
PID 2272 wrote to memory of 5080	2272	chrome.exe	74
PID 2272 wrote to memory of 5080	2272	chrome.exe	74
PID 2272 wrote to memory of 5080	2272	chrome.exe	74
PID 2272 wrote to memory of 5080	2272	chrome.exe	74
PID 2272 wrote to memory of 5080	2272	chrome.exe	74
PID 2272 wrote to memory of 5080	2272	chrome.exe	74
PID 2272 wrote to memory of 5080	2272	chrome.exe	74
PID 2272 wrote to memory of 5080	2272	chrome.exe	74
PID 2272 wrote to memory of 5080	2272	chrome.exe	74
PID 2272 wrote to memory of 5080	2272	chrome.exe	74
PID 2272 wrote to memory of 5080	2272	chrome.exe	74
PID 2272 wrote to memory of 5080	2272	chrome.exe	74
PID 2272 wrote to memory of 5080	2272	chrome.exe	74
PID 2272 wrote to memory of 5080	2272	chrome.exe	74
PID 2272 wrote to memory of 5080	2272	chrome.exe	74
PID 2272 wrote to memory of 5080	2272	chrome.exe	74
PID 2272 wrote to memory of 5080	2272	chrome.exe	74
PID 2272 wrote to memory of 5080	2272	chrome.exe	74
PID 2272 wrote to memory of 5080	2272	chrome.exe	74
PID 2272 wrote to memory of 5080	2272	chrome.exe	74
PID 2272 wrote to memory of 5080	2272	chrome.exe	74
PID 2272 wrote to memory of 5080	2272	chrome.exe	74
PID 2272 wrote to memory of 5080	2272	chrome.exe	74
PID 2272 wrote to memory of 3204	2272	chrome.exe	75
PID 2272 wrote to memory of 3204	2272	chrome.exe	75
PID 2272 wrote to memory of 2004	2272	chrome.exe	76
PID 2272 wrote to memory of 2004	2272	chrome.exe	76
PID 2272 wrote to memory of 2004	2272	chrome.exe	76
PID 2272 wrote to memory of 2004	2272	chrome.exe	76
PID 2272 wrote to memory of 2004	2272	chrome.exe	76
PID 2272 wrote to memory of 2004	2272	chrome.exe	76
PID 2272 wrote to memory of 2004	2272	chrome.exe	76
PID 2272 wrote to memory of 2004	2272	chrome.exe	76
PID 2272 wrote to memory of 2004	2272	chrome.exe	76
PID 2272 wrote to memory of 2004	2272	chrome.exe	76
PID 2272 wrote to memory of 2004	2272	chrome.exe	76
PID 2272 wrote to memory of 2004	2272	chrome.exe	76
PID 2272 wrote to memory of 2004	2272	chrome.exe	76
PID 2272 wrote to memory of 2004	2272	chrome.exe	76
PID 2272 wrote to memory of 2004	2272	chrome.exe	76
PID 2272 wrote to memory of 2004	2272	chrome.exe	76
PID 2272 wrote to memory of 2004	2272	chrome.exe	76
PID 2272 wrote to memory of 2004	2272	chrome.exe	76
PID 2272 wrote to memory of 2004	2272	chrome.exe	76
PID 2272 wrote to memory of 2004	2272	chrome.exe	76
PID 2272 wrote to memory of 2004	2272	chrome.exe	76
PID 2272 wrote to memory of 2004	2272	chrome.exe	76

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cdn.discordapp.com/attachments/1192712279108620338/1236322350816039042/velocitysniper.exe?ex=6637966a&is=663644ea&hm=6090665a4aff0b81396dde384be14ac83152525544ec6c9bb378eee9e2e87b4b&
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xd0,0xd4,0xd8,0xcc,0xdc,0x7ffb4fb79758,0x7ffb4fb79768,0x7ffb4fb79778
  2⤵
  PID:2164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:2
  2⤵
  PID:5080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1848 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:8
  2⤵
  PID:3204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2120 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:8
  2⤵
  PID:2004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2988 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:1
  2⤵
  PID:1272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3000 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:1
  2⤵
  PID:3808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5124 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:8
  2⤵
  PID:3092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5308 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:8
  2⤵
  PID:4848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5352 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:8
  2⤵
  PID:436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:8
  2⤵
  PID:8
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:8
  2⤵
  PID:524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5300 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:8
  2⤵
  PID:596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5368 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:8
  2⤵
  PID:4792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5552 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:1
  2⤵
  PID:4224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5856 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:1
  2⤵
  PID:3568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6028 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:8
  2⤵
  PID:1420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3944 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:8
  2⤵
  PID:3188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5300 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:1
  2⤵
  PID:3460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3184 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:8
  2⤵
  PID:4392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5816 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:8
  2⤵
  PID:4228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=796 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=2636 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:1
  2⤵
  PID:1392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5772 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:1
  2⤵
  PID:1460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4476 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:8
  2⤵
  PID:4992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5384 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:8
  2⤵
  PID:4168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5180 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:1
  2⤵
  PID:556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5588 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=1780 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=4444 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:1
  2⤵
  PID:4168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5532 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:8
  2⤵
  PID:1664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3848 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:8
  2⤵
  PID:3512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=5776 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=5404 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6772 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:8
  2⤵
  PID:164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6972 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:8
  2⤵
  PID:5012
- C:\Windows\System32\msiexec.exe
  "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\go1.22.2.windows-amd64.msi"
  2⤵
  - Blocklisted process makes network request
  - Enumerates connected drives
  PID:4448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6172 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:8
  2⤵
  PID:2760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3024 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:8
  2⤵
  PID:2868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=4860 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:1
  2⤵
  PID:1120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=3280 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6260 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:8
  2⤵
  PID:4732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5524 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:8
  2⤵
  PID:3192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=6904 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:1
  2⤵
  PID:364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=6284 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:1
  2⤵
  PID:3212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=4444 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:1
  2⤵
  PID:392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=6112 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:1
  2⤵
  PID:8
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=6744 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:1
  2⤵
  PID:1816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6080 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:8
  2⤵
  PID:4068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=5892 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:1
  2⤵
  PID:3620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=2980 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:1
  2⤵
  PID:392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4780 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:8
  2⤵
  PID:68
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2668 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:8
  2⤵
  PID:4816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6756 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:8
  2⤵
  PID:2068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5872 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:8
  2⤵
  PID:2080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=3244 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:1
  2⤵
  PID:2856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=3064 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:1
  2⤵
  PID:1508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=6284 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:1
  2⤵
  PID:3940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=6932 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:1
  2⤵
  PID:1388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5780 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:8
  2⤵
  PID:1908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5776 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:8
  2⤵
  PID:2072
- C:\Windows\System32\msiexec.exe
  "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\jdk-22_windows-x64_bin.msi"
  2⤵
  - Blocklisted process makes network request
  - Enumerates connected drives
  - Checks processor information in registry
  PID:2776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=4860 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:1
  2⤵
  PID:4100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5592 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:8
  2⤵
  PID:2380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6080 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:8
  2⤵
  PID:3440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=1520 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:1
  2⤵
  PID:4228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=4444 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:1
  2⤵
  PID:956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=6284 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:1
  2⤵
  PID:2868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=3828 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6380 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:8
  2⤵
  PID:1816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=3132 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=3128 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:1
  2⤵
  PID:1276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=828 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:1
  2⤵
  PID:3656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2152 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:8
  2⤵
  PID:4192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5932 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:8
  2⤵
  PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --mojo-platform-channel-handle=2632 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:1
  2⤵
  PID:1016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --mojo-platform-channel-handle=5644 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --mojo-platform-channel-handle=6968 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:1
  2⤵
  PID:2408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --mojo-platform-channel-handle=3400 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6748 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:8
  2⤵
  PID:2336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5840 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:8
  2⤵
  PID:3356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --mojo-platform-channel-handle=3164 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:1
  2⤵
  PID:4108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --mojo-platform-channel-handle=4864 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:1
  2⤵
  PID:2448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --mojo-platform-channel-handle=6320 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:1
  2⤵
  PID:348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --mojo-platform-channel-handle=5456 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:1
  2⤵
  PID:2708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4760 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:8
  2⤵
  PID:2664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2620 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:8
  2⤵
  PID:812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2664 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:8
  2⤵
  PID:1276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=692 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:8
  2⤵
  PID:1112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5932 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:8
  2⤵
  PID:4736
- C:\Users\Admin\Downloads\Git-2.45.0-64-bit.exe
  "C:\Users\Admin\Downloads\Git-2.45.0-64-bit.exe"
  2⤵
  - Executes dropped EXE
  PID:2988
- - C:\Users\Admin\AppData\Local\Temp\is-J43NH.tmp\Git-2.45.0-64-bit.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-J43NH.tmp\Git-2.45.0-64-bit.tmp" /SL5="$C0324,66615998,867328,C:\Users\Admin\Downloads\Git-2.45.0-64-bit.exe"
    3⤵
    - Executes dropped EXE
    - Modifies registry class
    PID:3808
  - - C:\Windows\system32\cmd.exe
      "C:\Windows\system32\cmd.exe" /d /c net session >"C:\Users\Admin\AppData\Local\Temp\is-AL0S9.tmp\net-session.txt"
      4⤵
      PID:308
    - - C:\Windows\system32\net.exe
        
        net session
        5⤵
        
        PID:2292
      - C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 session
        6⤵
        
        PID:4784
  - - C:\Users\Admin\AppData\Local\Programs\Git\mingw64\bin\git.exe
      "C:\Users\Admin\AppData\Local\Programs\Git\mingw64\bin\git.exe" config --system --replace-all "diff.astextplain.textconv" "astextplain"
      4⤵
      Executes dropped EXE
      PID:4424
  - - C:\Users\Admin\AppData\Local\Programs\Git\mingw64\bin\git.exe
      "C:\Users\Admin\AppData\Local\Programs\Git\mingw64\bin\git.exe" config --system --replace-all "filter.lfs.clean" "git-lfs clean -- %f"
      4⤵
      Executes dropped EXE
      PID:4348
  - - C:\Users\Admin\AppData\Local\Programs\Git\mingw64\bin\git.exe
      "C:\Users\Admin\AppData\Local\Programs\Git\mingw64\bin\git.exe" config --system --replace-all "filter.lfs.smudge" "git-lfs smudge -- %f"
      4⤵
      Executes dropped EXE
      PID:4136
  - - C:\Users\Admin\AppData\Local\Programs\Git\mingw64\bin\git.exe
      "C:\Users\Admin\AppData\Local\Programs\Git\mingw64\bin\git.exe" config --system --replace-all "filter.lfs.process" "git-lfs filter-process"
      4⤵
      Executes dropped EXE
      PID:816
  - - C:\Users\Admin\AppData\Local\Programs\Git\mingw64\bin\git.exe
      "C:\Users\Admin\AppData\Local\Programs\Git\mingw64\bin\git.exe" config --system --replace-all "filter.lfs.required" "true"
      4⤵
      Executes dropped EXE
      PID:1356
  - - C:\Users\Admin\AppData\Local\Programs\Git\mingw64\bin\git.exe
      "C:\Users\Admin\AppData\Local\Programs\Git\mingw64\bin\git.exe" config --system --replace-all "http.sslBackend" "openssl"
      4⤵
      Executes dropped EXE
      PID:3120
  - - C:\Users\Admin\AppData\Local\Programs\Git\mingw64\bin\git.exe
      "C:\Users\Admin\AppData\Local\Programs\Git\mingw64\bin\git.exe" config --system --replace-all "http.sslCAInfo" "C:/Users/Admin/AppData/Local/Programs/Git/mingw64/etc/ssl/certs/ca-bundle.crt"
      4⤵
      Executes dropped EXE
      PID:2292
  - - C:\Users\Admin\AppData\Local\Programs\Git\mingw64\bin\git.exe
      "C:\Users\Admin\AppData\Local\Programs\Git\mingw64\bin\git.exe" config --system --replace-all "core.autocrlf" "true"
      4⤵
      Executes dropped EXE
      PID:1040
  - - C:\Users\Admin\AppData\Local\Programs\Git\mingw64\bin\git.exe
      "C:\Users\Admin\AppData\Local\Programs\Git\mingw64\bin\git.exe" config --system --replace-all "pull.rebase" "false"
      4⤵
      Executes dropped EXE
      PID:1084
  - - C:\Users\Admin\AppData\Local\Programs\Git\mingw64\bin\git.exe
      "C:\Users\Admin\AppData\Local\Programs\Git\mingw64\bin\git.exe" config --system --replace-all "credential.helper" "manager"
      4⤵
      Executes dropped EXE
      PID:5064
  - - C:\Users\Admin\AppData\Local\Programs\Git\mingw64\bin\git.exe
      "C:\Users\Admin\AppData\Local\Programs\Git\mingw64\bin\git.exe" config --system --replace-all "credential.https://dev.azure.com.useHttpPath" "true"
      4⤵
      Executes dropped EXE
      PID:1720
  - - C:\Users\Admin\AppData\Local\Programs\Git\mingw64\bin\git.exe
      "C:\Users\Admin\AppData\Local\Programs\Git\mingw64\bin\git.exe" config --system --replace-all "core.fscache" "true"
      4⤵
      Executes dropped EXE
      PID:2536
  - - C:\Users\Admin\AppData\Local\Programs\Git\mingw64\bin\git.exe
      "C:\Users\Admin\AppData\Local\Programs\Git\mingw64\bin\git.exe" config --system --replace-all "core.symlinks" "false"
      4⤵
      Executes dropped EXE
      PID:4600
  - - C:\Users\Admin\AppData\Local\Programs\Git\mingw64\bin\git.exe
      "C:\Users\Admin\AppData\Local\Programs\Git\mingw64\bin\git.exe" config --system --unset-all core.fsmonitor
      4⤵
      Executes dropped EXE
      PID:4864
  - - C:\Users\Admin\AppData\Local\Programs\Git\mingw64\bin\git.exe
      "C:\Users\Admin\AppData\Local\Programs\Git\mingw64\bin\git.exe" config --system --replace-all "init.defaultBranch" "master"
      4⤵
      Executes dropped EXE
      PID:1540
  - - C:\Windows\system32\cmd.exe
      "C:\Windows\system32\cmd.exe" /D /C ""C:\Users\Admin\AppData\Local\Programs\Git\cmd\scalar.exe" reconfigure --all >"C:\Users\Admin\AppData\Local\Temp\is-AL0S9.tmp\scalar-reconfigure.out" 2>"C:\Users\Admin\AppData\Local\Temp\is-AL0S9.tmp\scalar-reconfigure.err""
      4⤵
      PID:5092
    - - C:\Users\Admin\AppData\Local\Programs\Git\cmd\scalar.exe
        
        "C:\Users\Admin\AppData\Local\Programs\Git\cmd\scalar.exe" reconfigure --all
        5⤵
        Executes dropped EXE
        
        PID:2740
      - C:\Users\Admin\AppData\Local\Programs\Git\mingw64\bin\scalar.exe
        
        git.exe reconfigure --all
        6⤵
        Executes dropped EXE
        
        PID:4584
  - - C:\Windows\system32\cmd.exe
      "C:\Windows\system32\cmd.exe" /C ""C:\Users\Admin\AppData\Local\Programs\Git\post-install.bat" >"C:\Users\Admin\AppData\Local\Temp\is-AL0S9.tmp\post-install.log""
      4⤵
      PID:3872
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "VER"
        5⤵
        
        PID:2160
    - - C:\Users\Admin\AppData\Local\Programs\Git\usr\bin\bash.exe
        
        usr\bin\bash.exe --norc -c "export PATH=/usr/bin:$PATH; export SYSCONFDIR=/etc; for p in $(export LC_COLLATE=C; echo /etc/post-install/*.post); do test -e \"$p\" && . \"$p\"; done"
        5⤵
        Executes dropped EXE
        
        PID:2208
      - C:\Users\Admin\AppData\Local\Programs\Git\usr\bin\bash.exe
        
        usr\bin\bash.exe --norc -c "export PATH=/usr/bin:$PATH; export SYSCONFDIR=/etc; for p in $(export LC_COLLATE=C; echo /etc/post-install/*.post); do test -e \"$p\" && . \"$p\"; done"
        6⤵
        Executes dropped EXE
        
        PID:292
      - C:\Users\Admin\AppData\Local\Programs\Git\usr\bin\bash.exe
        
        usr\bin\bash.exe --norc -c "export PATH=/usr/bin:$PATH; export SYSCONFDIR=/etc; for p in $(export LC_COLLATE=C; echo /etc/post-install/*.post); do test -e \"$p\" && . \"$p\"; done"
        6⤵
        Executes dropped EXE
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Programs\Git\usr\bin\ln.exe
        
        C:\Users\Admin\AppData\Local\Programs\Git\usr\bin\ln.exe -sf /proc/mounts /etc/mtab
        7⤵
        Executes dropped EXE
        
        PID:3876
      - C:\Users\Admin\AppData\Local\Programs\Git\usr\bin\bash.exe
        
        usr\bin\bash.exe --norc -c "export PATH=/usr/bin:$PATH; export SYSCONFDIR=/etc; for p in $(export LC_COLLATE=C; echo /etc/post-install/*.post); do test -e \"$p\" && . \"$p\"; done"
        6⤵
        Executes dropped EXE
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Programs\Git\usr\bin\cygpath.exe
        
        C:\Users\Admin\AppData\Local\Programs\Git\usr\bin\cygpath.exe -S -w
        7⤵
        Executes dropped EXE
        
        PID:556
      - C:\Users\Admin\AppData\Local\Programs\Git\usr\bin\bash.exe
        
        usr\bin\bash.exe --norc -c "export PATH=/usr/bin:$PATH; export SYSCONFDIR=/etc; for p in $(export LC_COLLATE=C; echo /etc/post-install/*.post); do test -e \"$p\" && . \"$p\"; done"
        6⤵
        Executes dropped EXE
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Programs\Git\usr\bin\expr.exe
        
        C:\Users\Admin\AppData\Local\Programs\Git\usr\bin\expr.exe substr hosts 1 8
        7⤵
        Executes dropped EXE
        
        PID:2500
      - C:\Users\Admin\AppData\Local\Programs\Git\usr\bin\bash.exe
        
        usr\bin\bash.exe --norc -c "export PATH=/usr/bin:$PATH; export SYSCONFDIR=/etc; for p in $(export LC_COLLATE=C; echo /etc/post-install/*.post); do test -e \"$p\" && . \"$p\"; done"
        6⤵
        Executes dropped EXE
        
        PID:612
        
        C:\Users\Admin\AppData\Local\Programs\Git\usr\bin\cp.exe
        
        C:\Users\Admin\AppData\Local\Programs\Git\usr\bin\cp.exe -p -v C:\Windows\system32\drivers\etc\hosts /etc/hosts
        7⤵
        Executes dropped EXE
        
        PID:4992
      - C:\Users\Admin\AppData\Local\Programs\Git\usr\bin\bash.exe
        
        usr\bin\bash.exe --norc -c "export PATH=/usr/bin:$PATH; export SYSCONFDIR=/etc; for p in $(export LC_COLLATE=C; echo /etc/post-install/*.post); do test -e \"$p\" && . \"$p\"; done"
        6⤵
        Executes dropped EXE
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Programs\Git\usr\bin\cygpath.exe
        
        C:\Users\Admin\AppData\Local\Programs\Git\usr\bin\cygpath.exe -S -w
        7⤵
        Executes dropped EXE
        
        PID:2776
      - C:\Users\Admin\AppData\Local\Programs\Git\usr\bin\bash.exe
        
        usr\bin\bash.exe --norc -c "export PATH=/usr/bin:$PATH; export SYSCONFDIR=/etc; for p in $(export LC_COLLATE=C; echo /etc/post-install/*.post); do test -e \"$p\" && . \"$p\"; done"
        6⤵
        Executes dropped EXE
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Programs\Git\usr\bin\expr.exe
        
        C:\Users\Admin\AppData\Local\Programs\Git\usr\bin\expr.exe substr protocols 1 8
        7⤵
        Executes dropped EXE
        
        PID:2376
      - C:\Users\Admin\AppData\Local\Programs\Git\usr\bin\bash.exe
        
        usr\bin\bash.exe --norc -c "export PATH=/usr/bin:$PATH; export SYSCONFDIR=/etc; for p in $(export LC_COLLATE=C; echo /etc/post-install/*.post); do test -e \"$p\" && . \"$p\"; done"
        6⤵
        Executes dropped EXE
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Programs\Git\usr\bin\cp.exe
        
        C:\Users\Admin\AppData\Local\Programs\Git\usr\bin\cp.exe -p -v C:\Windows\system32\drivers\etc\protocol /etc/protocols
        7⤵
        Executes dropped EXE
        
        PID:4968
      - C:\Users\Admin\AppData\Local\Programs\Git\usr\bin\bash.exe
        
        usr\bin\bash.exe --norc -c "export PATH=/usr/bin:$PATH; export SYSCONFDIR=/etc; for p in $(export LC_COLLATE=C; echo /etc/post-install/*.post); do test -e \"$p\" && . \"$p\"; done"
        6⤵
        Executes dropped EXE
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Programs\Git\usr\bin\cygpath.exe
        
        C:\Users\Admin\AppData\Local\Programs\Git\usr\bin\cygpath.exe -S -w
        7⤵
        Executes dropped EXE
        
        PID:880
      - C:\Users\Admin\AppData\Local\Programs\Git\usr\bin\bash.exe
        
        usr\bin\bash.exe --norc -c "export PATH=/usr/bin:$PATH; export SYSCONFDIR=/etc; for p in $(export LC_COLLATE=C; echo /etc/post-install/*.post); do test -e \"$p\" && . \"$p\"; done"
        6⤵
        Executes dropped EXE
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Programs\Git\usr\bin\expr.exe
        
        C:\Users\Admin\AppData\Local\Programs\Git\usr\bin\expr.exe substr services 1 8
        7⤵
        Executes dropped EXE
        
        PID:2844
      - C:\Users\Admin\AppData\Local\Programs\Git\usr\bin\bash.exe
        
        usr\bin\bash.exe --norc -c "export PATH=/usr/bin:$PATH; export SYSCONFDIR=/etc; for p in $(export LC_COLLATE=C; echo /etc/post-install/*.post); do test -e \"$p\" && . \"$p\"; done"
        6⤵
        Executes dropped EXE
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Programs\Git\usr\bin\cp.exe
        
        C:\Users\Admin\AppData\Local\Programs\Git\usr\bin\cp.exe -p -v C:\Windows\system32\drivers\etc\services /etc/services
        7⤵
        Executes dropped EXE
        
        PID:2248
      - C:\Users\Admin\AppData\Local\Programs\Git\usr\bin\bash.exe
        
        usr\bin\bash.exe --norc -c "export PATH=/usr/bin:$PATH; export SYSCONFDIR=/etc; for p in $(export LC_COLLATE=C; echo /etc/post-install/*.post); do test -e \"$p\" && . \"$p\"; done"
        6⤵
        Executes dropped EXE
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Programs\Git\usr\bin\cygpath.exe
        
        C:\Users\Admin\AppData\Local\Programs\Git\usr\bin\cygpath.exe -S -w
        7⤵
        Executes dropped EXE
        
        PID:1928
      - C:\Users\Admin\AppData\Local\Programs\Git\usr\bin\bash.exe
        
        usr\bin\bash.exe --norc -c "export PATH=/usr/bin:$PATH; export SYSCONFDIR=/etc; for p in $(export LC_COLLATE=C; echo /etc/post-install/*.post); do test -e \"$p\" && . \"$p\"; done"
        6⤵
        Executes dropped EXE
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Programs\Git\usr\bin\expr.exe
        
        C:\Users\Admin\AppData\Local\Programs\Git\usr\bin\expr.exe substr networks 1 8
        7⤵
        Executes dropped EXE
        
        PID:2736
      - C:\Users\Admin\AppData\Local\Programs\Git\usr\bin\bash.exe
        
        usr\bin\bash.exe --norc -c "export PATH=/usr/bin:$PATH; export SYSCONFDIR=/etc; for p in $(export LC_COLLATE=C; echo /etc/post-install/*.post); do test -e \"$p\" && . \"$p\"; done"
        6⤵
        Executes dropped EXE
        
        PID:348
        
        C:\Users\Admin\AppData\Local\Programs\Git\usr\bin\cp.exe
        
        C:\Users\Admin\AppData\Local\Programs\Git\usr\bin\cp.exe -p -v C:\Windows\system32\drivers\etc\networks /etc/networks
        7⤵
        Executes dropped EXE
        
        PID:812
      - C:\Users\Admin\AppData\Local\Programs\Git\usr\bin\bash.exe
        
        usr\bin\bash.exe --norc -c "export PATH=/usr/bin:$PATH; export SYSCONFDIR=/etc; for p in $(export LC_COLLATE=C; echo /etc/post-install/*.post); do test -e \"$p\" && . \"$p\"; done"
        6⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Programs\Git\usr\bin\rm.exe
        
        C:\Users\Admin\AppData\Local\Programs\Git\usr\bin\rm.exe -rf /etc/post-install
        7⤵
        
        PID:3436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5904 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:8
  2⤵
  PID:2880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3944 --field-trial-handle=1832,i,14451073777844899504,3135149287473755436,131072 /prefetch:8
  2⤵
  PID:1620

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4124

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:3212
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 3E1D6B6E2C40BCFD194AD45C3296CA18 C
  2⤵
  - Loads dropped DLL
  PID:4728
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
  2⤵
  PID:348
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding C4CF9F0F5743B01A6690C8BF620CE0E7
  2⤵
  - Loads dropped DLL
  PID:1976

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:364

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -s DsmSvc
1⤵
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
PID:4008

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2336

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\gore-0.11.4\gore-0.11.4\go.mod"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1028

C:\Users\Admin\Downloads\velocitysniper.exe
"C:\Users\Admin\Downloads\velocitysniper.exe"
1⤵
- Executes dropped EXE
- Modifies system certificate store
PID:1808
- C:\Windows\system32\cmd.exe
  cmd /c cls
  2⤵
  PID:4252
- C:\Windows\system32\cmd.exe
  cmd /c "$Host.UI.RawUI.WindowTitle Velocity 2.0.1 - Alts: 0 - Connected: 0 - Total Servers: 0 - Nitros Claimed: 0 - Nitros Detected: 0 - Time Running: 0s"
  2⤵
  PID:32
- C:\Windows\system32\cmd.exe
  cmd /c "title Velocity 2.0.1 - Alts: 0 - Connected: 0 - Total Servers: 0 - Nitros Claimed: 0 - Nitros Detected: 0 - Time Running: 0s"
  2⤵
  PID:5056
- C:\Windows\system32\cmd.exe
  cmd /C tasklist
  2⤵
  PID:392
- - C:\Windows\system32\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    PID:340
- C:\Windows\system32\cmd.exe
  cmd /c "$Host.UI.RawUI.WindowTitle Velocity 2.0.1 - Alts: 0 - Connected: 0 - Total Servers: 0 - Nitros Claimed: 0 - Nitros Detected: 0 - Time Running: 5s"
  2⤵
  PID:1644
- C:\Windows\system32\cmd.exe
  cmd /c "title Velocity 2.0.1 - Alts: 0 - Connected: 0 - Total Servers: 0 - Nitros Claimed: 0 - Nitros Detected: 0 - Time Running: 5s"
  2⤵
  PID:5072
- C:\Windows\system32\cmd.exe
  cmd /c "$Host.UI.RawUI.WindowTitle Velocity 2.0.1 - Alts: 0 - Connected: 0 - Total Servers: 0 - Nitros Claimed: 0 - Nitros Detected: 0 - Time Running: 10s"
  2⤵
  PID:4160
- C:\Windows\system32\cmd.exe
  cmd /c "title Velocity 2.0.1 - Alts: 0 - Connected: 0 - Total Servers: 0 - Nitros Claimed: 0 - Nitros Detected: 0 - Time Running: 10s"
  2⤵
  PID:3564

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\ghidra_11.0.3_PUBLIC_20240410\ghidra_11.0.3_PUBLIC\ghidraRun.bat" "
1⤵
PID:4988
- C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
  java -version
  2⤵
  PID:1760
- - C:\Windows\system32\icacls.exe
    C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
    3⤵
    - Modifies file permissions
    PID:1376
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c java -cp "C:\Users\Admin\Downloads\ghidra_11.0.3_PUBLIC_20240410\ghidra_11.0.3_PUBLIC\support\LaunchSupport.jar" LaunchSupport "C:\Users\Admin\Downloads\ghidra_11.0.3_PUBLIC_20240410\ghidra_11.0.3_PUBLIC\support\.." -jdk_home -save
  2⤵
  PID:3536
- - C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -cp "C:\Users\Admin\Downloads\ghidra_11.0.3_PUBLIC_20240410\ghidra_11.0.3_PUBLIC\support\LaunchSupport.jar" LaunchSupport "C:\Users\Admin\Downloads\ghidra_11.0.3_PUBLIC_20240410\ghidra_11.0.3_PUBLIC\support\.." -jdk_home -save
    3⤵
    PID:1436
  - - C:\Program Files\Java\jdk-1.8\bin\java.exe
      "C:\Program Files\Java\jdk-1.8\bin\java.exe" -XshowSettings:properties -version
      4⤵
      PID:4768
  - - C:\Program Files\Java\jdk-1.8\bin\java.exe
      "C:\Program Files\Java\jdk-1.8\bin\java.exe" -XshowSettings:properties -version
      4⤵
      PID:1980
- C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
  java -cp "C:\Users\Admin\Downloads\ghidra_11.0.3_PUBLIC_20240410\ghidra_11.0.3_PUBLIC\support\LaunchSupport.jar" LaunchSupport "C:\Users\Admin\Downloads\ghidra_11.0.3_PUBLIC_20240410\ghidra_11.0.3_PUBLIC\support\.." -jdk_home -ask
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:3452

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:1032
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding 188F788269C7FCF8B7CAD59EBD884378 C
  2⤵
  - Loads dropped DLL
  PID:3008
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding F17F8D4757F5B8D2B20431EE723B2ECA
  2⤵
  - Loads dropped DLL
  PID:2760
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding 1F7F064ED11762BD26DD94F65A739F8E E Global\MSI0000
  2⤵
  - Loads dropped DLL
  - Drops file in System32 directory
  - Drops file in Program Files directory
  - Modifies data under HKEY_USERS
  - Modifies registry class
  PID:4228

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:1976

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\ghidra_11.0.3_PUBLIC_20240410\ghidra_11.0.3_PUBLIC\ghidraRun.bat" "
1⤵
PID:316
- C:\Program Files\Common Files\Oracle\Java\javapath\java.exe
  java -version
  2⤵
  - Executes dropped EXE
  PID:4436
- - C:\Program Files\Java\jdk-22\bin\java.exe
    "C:\Program Files\Java\jdk-22\bin\java.exe" -version
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks processor information in registry
    PID:3536
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c java -cp "C:\Users\Admin\Downloads\ghidra_11.0.3_PUBLIC_20240410\ghidra_11.0.3_PUBLIC\support\LaunchSupport.jar" LaunchSupport "C:\Users\Admin\Downloads\ghidra_11.0.3_PUBLIC_20240410\ghidra_11.0.3_PUBLIC\support\.." -jdk_home -save
  2⤵
  PID:1124
- - C:\Program Files\Common Files\Oracle\Java\javapath\java.exe
    java -cp "C:\Users\Admin\Downloads\ghidra_11.0.3_PUBLIC_20240410\ghidra_11.0.3_PUBLIC\support\LaunchSupport.jar" LaunchSupport "C:\Users\Admin\Downloads\ghidra_11.0.3_PUBLIC_20240410\ghidra_11.0.3_PUBLIC\support\.." -jdk_home -save
    3⤵
    - Executes dropped EXE
    PID:4852
  - - C:\Program Files\Java\jdk-22\bin\java.exe
      "C:\Program Files\Java\jdk-22\bin\java.exe" -cp C:\Users\Admin\Downloads\ghidra_11.0.3_PUBLIC_20240410\ghidra_11.0.3_PUBLIC\support\LaunchSupport.jar LaunchSupport C:\Users\Admin\Downloads\ghidra_11.0.3_PUBLIC_20240410\ghidra_11.0.3_PUBLIC\support\.. -jdk_home -save
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Checks processor information in registry
      PID:4228
    - - C:\Program Files\Java\jdk-22\bin\java.exe
        
        "C:\Program Files\Java\jdk-22\bin\java.exe" -XshowSettings:properties -version
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Checks processor information in registry
        
        PID:1896
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c java -cp "C:\Users\Admin\Downloads\ghidra_11.0.3_PUBLIC_20240410\ghidra_11.0.3_PUBLIC\support\LaunchSupport.jar" LaunchSupport "C:\Users\Admin\Downloads\ghidra_11.0.3_PUBLIC_20240410\ghidra_11.0.3_PUBLIC\support\.." -vmargs
  2⤵
  PID:212
- - C:\Program Files\Common Files\Oracle\Java\javapath\java.exe
    java -cp "C:\Users\Admin\Downloads\ghidra_11.0.3_PUBLIC_20240410\ghidra_11.0.3_PUBLIC\support\LaunchSupport.jar" LaunchSupport "C:\Users\Admin\Downloads\ghidra_11.0.3_PUBLIC_20240410\ghidra_11.0.3_PUBLIC\support\.." -vmargs
    3⤵
    - Executes dropped EXE
    PID:4628
  - - C:\Program Files\Java\jdk-22\bin\java.exe
      "C:\Program Files\Java\jdk-22\bin\java.exe" -cp C:\Users\Admin\Downloads\ghidra_11.0.3_PUBLIC_20240410\ghidra_11.0.3_PUBLIC\support\LaunchSupport.jar LaunchSupport C:\Users\Admin\Downloads\ghidra_11.0.3_PUBLIC_20240410\ghidra_11.0.3_PUBLIC\support\.. -vmargs
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Checks processor information in registry
      PID:1780
- C:\Program Files\Java\jdk-22\bin\javaw.exe
  "C:\Program Files\Java\jdk-22\bin\javaw" -Duser.home="C:\Users\Admin" -Djava.system.class.loader=ghidra.GhidraClassLoader -Dfile.encoding=UTF8 -Duser.country=US -Duser.language=en -Duser.variant= -Dsun.java2d.opengl=false -Djdk.tls.client.protocols=TLSv1.2,TLSv1.3 -Dcpu.core.limit= -Dcpu.core.override= -Dfont.size.override= -Dpython.console.encoding=UTF-8 -Xshare:off -Dsun.java2d.d3d=false -Dlog4j.skipJansi=true -cp "C:\Users\Admin\Downloads\ghidra_11.0.3_PUBLIC_20240410\ghidra_11.0.3_PUBLIC\support\..\Ghidra\Framework\Utility\lib\Utility.jar" ghidra.Ghidra ghidra.GhidraRun
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Checks processor information in registry
  - Suspicious use of SetWindowsHookEx
  PID:1748
- C:\Windows\System32\timeout.exe
  C:\Windows\System32\timeout.exe /NOBREAK 1
  2⤵
  - Delays execution with timeout.exe
  PID:3452
- C:\Windows\System32\tasklist.exe
  C:\Windows\System32\tasklist.exe
  2⤵
  - Enumerates processes with tasklist
  PID:1096
- C:\Windows\System32\findstr.exe
  C:\Windows\System32\findstr.exe "javaw"
  2⤵
  PID:2772

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\ghidra_11.0.3_PUBLIC_20240410\ghidra_11.0.3_PUBLIC\ghidraRun.bat" "
1⤵
PID:3584
- C:\Program Files\Common Files\Oracle\Java\javapath\java.exe
  java -version
  2⤵
  - Executes dropped EXE
  PID:424
- - C:\Program Files\Java\jdk-22\bin\java.exe
    "C:\Program Files\Java\jdk-22\bin\java.exe" -version
    3⤵
    - Executes dropped EXE
    - Checks processor information in registry
    PID:3564
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c java -cp "C:\Users\Admin\Downloads\ghidra_11.0.3_PUBLIC_20240410\ghidra_11.0.3_PUBLIC\support\LaunchSupport.jar" LaunchSupport "C:\Users\Admin\Downloads\ghidra_11.0.3_PUBLIC_20240410\ghidra_11.0.3_PUBLIC\support\.." -jdk_home -save
  2⤵
  PID:3288
- - C:\Program Files\Common Files\Oracle\Java\javapath\java.exe
    java -cp "C:\Users\Admin\Downloads\ghidra_11.0.3_PUBLIC_20240410\ghidra_11.0.3_PUBLIC\support\LaunchSupport.jar" LaunchSupport "C:\Users\Admin\Downloads\ghidra_11.0.3_PUBLIC_20240410\ghidra_11.0.3_PUBLIC\support\.." -jdk_home -save
    3⤵
    - Executes dropped EXE
    PID:2176
  - - C:\Program Files\Java\jdk-22\bin\java.exe
      "C:\Program Files\Java\jdk-22\bin\java.exe" -cp C:\Users\Admin\Downloads\ghidra_11.0.3_PUBLIC_20240410\ghidra_11.0.3_PUBLIC\support\LaunchSupport.jar LaunchSupport C:\Users\Admin\Downloads\ghidra_11.0.3_PUBLIC_20240410\ghidra_11.0.3_PUBLIC\support\.. -jdk_home -save
      4⤵
      Executes dropped EXE
      Checks processor information in registry
      PID:2760
    - - C:\Program Files\Java\jdk-22\bin\java.exe
        
        "C:\Program Files\Java\jdk-22\bin\java.exe" -XshowSettings:properties -version
        5⤵
        Executes dropped EXE
        Checks processor information in registry
        
        PID:4764
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c java -cp "C:\Users\Admin\Downloads\ghidra_11.0.3_PUBLIC_20240410\ghidra_11.0.3_PUBLIC\support\LaunchSupport.jar" LaunchSupport "C:\Users\Admin\Downloads\ghidra_11.0.3_PUBLIC_20240410\ghidra_11.0.3_PUBLIC\support\.." -vmargs
  2⤵
  PID:1632
- - C:\Program Files\Common Files\Oracle\Java\javapath\java.exe
    java -cp "C:\Users\Admin\Downloads\ghidra_11.0.3_PUBLIC_20240410\ghidra_11.0.3_PUBLIC\support\LaunchSupport.jar" LaunchSupport "C:\Users\Admin\Downloads\ghidra_11.0.3_PUBLIC_20240410\ghidra_11.0.3_PUBLIC\support\.." -vmargs
    3⤵
    - Executes dropped EXE
    PID:1204
  - - C:\Program Files\Java\jdk-22\bin\java.exe
      "C:\Program Files\Java\jdk-22\bin\java.exe" -cp C:\Users\Admin\Downloads\ghidra_11.0.3_PUBLIC_20240410\ghidra_11.0.3_PUBLIC\support\LaunchSupport.jar LaunchSupport C:\Users\Admin\Downloads\ghidra_11.0.3_PUBLIC_20240410\ghidra_11.0.3_PUBLIC\support\.. -vmargs
      4⤵
      Executes dropped EXE
      Checks processor information in registry
      PID:3408
- C:\Program Files\Java\jdk-22\bin\javaw.exe
  "C:\Program Files\Java\jdk-22\bin\javaw" -Duser.home="C:\Users\Admin" -Djava.system.class.loader=ghidra.GhidraClassLoader -Dfile.encoding=UTF8 -Duser.country=US -Duser.language=en -Duser.variant= -Dsun.java2d.opengl=false -Djdk.tls.client.protocols=TLSv1.2,TLSv1.3 -Dcpu.core.limit= -Dcpu.core.override= -Dfont.size.override= -Dpython.console.encoding=UTF-8 -Xshare:off -Dsun.java2d.d3d=false -Dlog4j.skipJansi=true -cp "C:\Users\Admin\Downloads\ghidra_11.0.3_PUBLIC_20240410\ghidra_11.0.3_PUBLIC\support\..\Ghidra\Framework\Utility\lib\Utility.jar" ghidra.Ghidra ghidra.GhidraRun
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Drops file in Windows directory
  - Checks processor information in registry
  - Suspicious use of SetWindowsHookEx
  PID:1376
- - C:\Users\Admin\Downloads\ghidra_11.0.3_PUBLIC_20240410\ghidra_11.0.3_PUBLIC\Ghidra\Features\Decompiler\os\win_x86_64\decompile.exe
    C:\Users\Admin\Downloads\ghidra_11.0.3_PUBLIC_20240410\ghidra_11.0.3_PUBLIC\Ghidra\Features\Decompiler\os\win_x86_64\decompile.exe
    3⤵
    PID:3356
- - C:\Users\Admin\Downloads\ghidra_11.0.3_PUBLIC_20240410\ghidra_11.0.3_PUBLIC\Ghidra\Features\Decompiler\os\win_x86_64\decompile.exe
    C:\Users\Admin\Downloads\ghidra_11.0.3_PUBLIC_20240410\ghidra_11.0.3_PUBLIC\Ghidra\Features\Decompiler\os\win_x86_64\decompile.exe
    3⤵
    PID:3536
- - C:\Users\Admin\Downloads\ghidra_11.0.3_PUBLIC_20240410\ghidra_11.0.3_PUBLIC\Ghidra\Features\Decompiler\os\win_x86_64\decompile.exe
    C:\Users\Admin\Downloads\ghidra_11.0.3_PUBLIC_20240410\ghidra_11.0.3_PUBLIC\Ghidra\Features\Decompiler\os\win_x86_64\decompile.exe
    3⤵
    PID:1768
- - C:\Users\Admin\Downloads\ghidra_11.0.3_PUBLIC_20240410\ghidra_11.0.3_PUBLIC\Ghidra\Features\Decompiler\os\win_x86_64\decompile.exe
    C:\Users\Admin\Downloads\ghidra_11.0.3_PUBLIC_20240410\ghidra_11.0.3_PUBLIC\Ghidra\Features\Decompiler\os\win_x86_64\decompile.exe
    3⤵
    PID:5056
- - C:\Users\Admin\Downloads\ghidra_11.0.3_PUBLIC_20240410\ghidra_11.0.3_PUBLIC\Ghidra\Features\Decompiler\os\win_x86_64\decompile.exe
    C:\Users\Admin\Downloads\ghidra_11.0.3_PUBLIC_20240410\ghidra_11.0.3_PUBLIC\Ghidra\Features\Decompiler\os\win_x86_64\decompile.exe
    3⤵
    PID:4376
- - C:\Users\Admin\Downloads\ghidra_11.0.3_PUBLIC_20240410\ghidra_11.0.3_PUBLIC\Ghidra\Features\Decompiler\os\win_x86_64\decompile.exe
    C:\Users\Admin\Downloads\ghidra_11.0.3_PUBLIC_20240410\ghidra_11.0.3_PUBLIC\Ghidra\Features\Decompiler\os\win_x86_64\decompile.exe
    3⤵
    PID:2748
- - C:\Users\Admin\Downloads\ghidra_11.0.3_PUBLIC_20240410\ghidra_11.0.3_PUBLIC\Ghidra\Features\Decompiler\os\win_x86_64\decompile.exe
    C:\Users\Admin\Downloads\ghidra_11.0.3_PUBLIC_20240410\ghidra_11.0.3_PUBLIC\Ghidra\Features\Decompiler\os\win_x86_64\decompile.exe
    3⤵
    PID:1536
- - C:\Users\Admin\Downloads\ghidra_11.0.3_PUBLIC_20240410\ghidra_11.0.3_PUBLIC\Ghidra\Features\Decompiler\os\win_x86_64\decompile.exe
    C:\Users\Admin\Downloads\ghidra_11.0.3_PUBLIC_20240410\ghidra_11.0.3_PUBLIC\Ghidra\Features\Decompiler\os\win_x86_64\decompile.exe
    3⤵
    PID:3728
- C:\Windows\System32\timeout.exe
  C:\Windows\System32\timeout.exe /NOBREAK 1
  2⤵
  - Delays execution with timeout.exe
  PID:5056
- C:\Windows\System32\tasklist.exe
  C:\Windows\System32\tasklist.exe
  2⤵
  - Enumerates processes with tasklist
  PID:2616
- C:\Windows\System32\findstr.exe
  C:\Windows\System32\findstr.exe "javaw"
  2⤵
  PID:4612

C:\Users\Admin\Downloads\exeinfope\ExeinfoPe\exeinfope.exe
"C:\Users\Admin\Downloads\exeinfope\ExeinfoPe\exeinfope.exe"
1⤵
PID:4236

C:\Users\Admin\AppData\Local\Programs\Git\git-cmd.exe
"C:\Users\Admin\AppData\Local\Programs\Git\git-cmd.exe" --cd-to-home
1⤵
PID:1580
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /K "C:\Windows\system32\doskey.exe git=^"C:\Users\Admin\AppData\Local\Programs\Git\cmd\git.exe^" $*"
  2⤵
  PID:2376
- - C:\Windows\system32\doskey.exe
    C:\Windows\system32\doskey.exe git="C:\Users\Admin\AppData\Local\Programs\Git\cmd\git.exe" $*
    3⤵
    PID:4628
- - C:\Users\Admin\AppData\Local\Programs\Git\cmd\git.exe
    "C:\Users\Admin\AppData\Local\Programs\Git\cmd\git.exe" clone https://github.com/CodeCracker-Tools/MegaDumper MegaDumper
    3⤵
    PID:2924
  - - C:\Users\Admin\AppData\Local\Programs\Git\mingw64\bin\git.exe
      git.exe clone https://github.com/CodeCracker-Tools/MegaDumper MegaDumper
      4⤵
      PID:4168
    - - C:\Users\Admin\AppData\Local\Programs\Git\mingw64\libexec\git-core\git.exe
        
        git remote-https origin https://github.com/CodeCracker-Tools/MegaDumper
        5⤵
        
        PID:5076
      - C:\Users\Admin\AppData\Local\Programs\Git\mingw64\libexec\git-core\git-remote-https.exe
        
        git-remote-https origin https://github.com/CodeCracker-Tools/MegaDumper
        6⤵
        
        PID:4368
    - - C:\Users\Admin\AppData\Local\Programs\Git\mingw64\libexec\git-core\git.exe
        
        git index-pack --stdin -v --fix-thin "--keep=fetch-pack 4168 on Ybqdfvlh" --check-self-contained-and-connected
        5⤵
        
        PID:1052
    - - C:\Users\Admin\AppData\Local\Programs\Git\mingw64\libexec\git-core\git.exe
        
        git rev-list --objects --stdin --not --all --quiet --alternate-refs "--progress=Checking connectivity"
        5⤵
        
        PID:1920
- - C:\Windows\system32\help.exe
    help MegaDumper
    3⤵
    PID:2596
- - C:\Users\Admin\AppData\Local\Programs\Git\cmd\git.exe
    "C:\Users\Admin\AppData\Local\Programs\Git\cmd\git.exe" MegaDumper
    3⤵
    PID:3336
  - - C:\Users\Admin\AppData\Local\Programs\Git\mingw64\bin\git.exe
      git.exe MegaDumper
      4⤵
      PID:1684

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:4376

C:\Users\Admin\AppData\Local\Programs\Git\cmd\git-gui.exe
"C:\Users\Admin\AppData\Local\Programs\Git\cmd\git-gui.exe"
1⤵
PID:3288
- C:\Users\Admin\AppData\Local\Programs\Git\mingw64\bin\wish.exe
  "C:\Users\Admin\AppData\Local\Programs\Git\mingw64\bin\wish.exe" "C:\Users\Admin\AppData\Local\Programs\Git\mingw64\libexec\git-core"\git-gui --
  2⤵
  PID:3584
- - C:\Users\Admin\AppData\Local\Programs\Git\mingw64\libexec\git-core\git.exe
    C:\Users\Admin\AppData\Local\Programs\Git\mingw64\libexec\git-core\git.exe --version
    3⤵
    PID:368
- - C:\Users\Admin\AppData\Local\Programs\Git\mingw64\libexec\git-core\git.exe
    C:\Users\Admin\AppData\Local\Programs\Git\mingw64\libexec\git-core\git.exe --exec-path
    3⤵
    PID:304
- - C:\Users\Admin\AppData\Local\Programs\Git\mingw64\libexec\git-core\git.exe
    C:\Users\Admin\AppData\Local\Programs\Git\mingw64\libexec\git-core\git.exe rev-parse --git-dir
    3⤵
    PID:1920
- - C:\Users\Admin\AppData\Local\Programs\Git\mingw64\libexec\git-core\git.exe
    C:\Users\Admin\AppData\Local\Programs\Git\mingw64\libexec\git-core\git.exe config --system --null --list
    3⤵
    PID:4052
- - C:\Users\Admin\AppData\Local\Programs\Git\mingw64\libexec\git-core\git.exe
    C:\Users\Admin\AppData\Local\Programs\Git\mingw64\libexec\git-core\git.exe config --global --null --list
    3⤵
    PID:1100
- - C:\Users\Admin\AppData\Local\Programs\Git\mingw64\libexec\git-core\git.exe
    C:\Users\Admin\AppData\Local\Programs\Git\mingw64\libexec\git-core\git.exe config --null --list
    3⤵
    PID:3928

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Peripheral Device Discovery

T1120

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e5be1f1.rbs

Filesize
2.7MB

MD5
73456e62a40892a036399cc915b82740

SHA1
dad7efba9fd81cfeb886a1a0ebaed1eac742ea47

SHA256
df25c1f242e689232e938db861b80b1b9b2a9c58f8def01407a14b8dc16e2a23

SHA512
31420e22c8c8a64ec2a2cc74ad8338963d429a1dea318307a1574a5acd36843b2732e02e71c91e6b5026a9794a0147f79ac918ade2091bd33eadb4040b442199

Download Submit
C:\Config.Msi\e686187.rbs

Filesize
9KB

MD5
57c312ff207d16cbb646ae6044a04859

SHA1
0bcf11cd449214898c864b0b64c701bf20a02e61

SHA256
43b85190b2af41183f4b74406831e911c264e7d51c9c7fb4271505e55cd6aad6

SHA512
e1f44f24faf4fbc8ce89d370bc7bbf891dabf3d0e94087273f37316fe54f472101ae0c23bb9fd3166ee061f822ea1d8e3c83d7ed1241d4b2027a226568d693ca

Download Submit
C:\Program Files\Common Files\Oracle\Java\javapath_target_241726375\java.exe

Filesize
699KB

MD5
99695c06445af934f4fc40da7a39dd10

SHA1
027395b89bd0d075353182e33d4300768b15319a

SHA256
195ac51102902a1488176a2afefb68ea4ac98ff3e143430f6b3bc2e0b9c888a0

SHA512
1de70ca3f0114ad3c14ad9b9509cafbf0262fab4b93cd44ac09ded5f072cf62c0b4227b232bda05ba3730f5fafa455f82ed88df8cb42458179defe06d0de5d1a

Download Submit
C:\Program Files\Go\src\cmd\vendor\golang.org\x\mod\LICENSE

Filesize
1KB

MD5
5d4950ecb7b26d2c5e4e7b4e0dd74707

SHA1
d6a5f1ecaedd723c325a2063375b3517e808a2b5

SHA256
2d36597f7117c38b006835ae7f537487207d8ec407aa9d9980794b2030cbc067

SHA512
5bbb2d94184f661d95ac3db758b72a9ce25d409b1179264634bf0612f797424b15a3f6e02069442a75561ca5054e4c4111b158b8dce4d545a7348f6392506a35

Download Submit
C:\Program Files\Go\src\cmd\vendor\golang.org\x\sync\PATENTS

Filesize
1KB

MD5
3a55d95595a6f9e37dee53826b4daff2

SHA1
4eca45b612f7d86f2f598f238074a0dac9b72bc9

SHA256
96f408bfae65bf137fc2525d3ecb030271c50c1e90799f87abf8846d8dd505cc

SHA512
c15bbad668d0cfbb752645504e15cc5a4d613dedb28be825f39769a9c06cba19180140d0d6d8087c0e8489dc1363d8bd99aefc1f6579e7f103e0e8f81f5262c2

Download Submit
C:\Program Files\Go\test\fixedbugs\issue32595.go

Filesize
187B

MD5
e6c3b20f5ea4b807599b7c9a0669315b

SHA1
6c126b5d6fdc23ab9b67fd77f1022a791ec5379b

SHA256
981d96ffeca48c0c85e4b8356b06256841f4ec0419c25c3c28226dd3f95742af

SHA512
9c017b6a69f2a6ffaa92b64063cbebeade67d55e19d24d470d57b6fe308f2e9afb3b119f47a1e3d47304f9af650ae2d67f7d929ef354654bd2fb717657516e84

Download Submit
C:\Program Files\Go\test\fixedbugs\issue52128.go

Filesize
191B

MD5
8e59a1ebfda51e2a1f403dc38fcabdeb

SHA1
238794947b687e46828baf6a328830d54b4e1dc7

SHA256
964e1853b653b9c6cf3f9f3cc32e98fb57066d0b1fed3e934976634aff087f2b

SHA512
6fd5c49d652e3955142133a9f954a7a3ef721daf82a0b71d184928f910c4d850ff78e1a9f4a0d2f0fbf39d2453ee9f48a926dbd7436f676a9bd6217d17945bea

Download Submit
C:\Program Files\Go\test\typeparam\issue47892b.go

Filesize
191B

MD5
ead61cbe89c838b7f30760dca7b1bad1

SHA1
0425279890c13b52f976ee11d95d587a9f0eca26

SHA256
47539505b1fa7ea4cfd08d3f136b171789b21b05948e41bb74f8184ce84a6219

SHA512
de9ece21abef46d021335ff5ef5b17c012723bedbc7e87268d8b4dc99fd790563e84809aa68b0ef814a3ea53ac5a793c4e324fe38df3695b712bc079482c3225

Download Submit
C:\Program Files\Go\test\typeparam\issue50121b.go

Filesize
187B

MD5
93f57cb9aafd5139173a8f94136f3d43

SHA1
e1e47ab5fd3d0158be7f51e4f502e43bd6ad5dd4

SHA256
a9479d7c22dbe82085d58f275f1d94aa1b9caab62b8d5507762a10a3696a4e4b

SHA512
b222a38f0012f81509706fc01f849a568d5c2073b7540186bacc0cb6396010dcfde54efceec9b72c717aef949b7086057e05fc30f50bd6e65e57f833345d72bc

Download Submit
C:\Program Files\Go\test\typeparam\issue51250a.go

Filesize
187B

MD5
39704e1b2c683c78bcf6ff3a4045f768

SHA1
ac0897b1c11bc7e92493b89c5e30ad5af08fce0f

SHA256
c367e24723070d9d4b38599e0b89ab697cd10cc4f07b3d5afacc0c182e789a89

SHA512
76a110116c5df8ccbc1e58f52b3e7517e31b69348cdc28445e0290a023256dc7510a5875637654e8ac499ffa9e9527b4a5b23a71463375c8789fffefe73fc1d5

Download Submit
C:\Program Files\Java\jdk-22\bin\windowsaccessbridge-64.dll

Filesize
70KB

MD5
0201284de84f02dc6be3d3d24c0bbdfe

SHA1
a72a8bd1396379626addcfe33ae588d164824263

SHA256
d3f838f45906bed9eba590ba9567d9b7a2b5e9ad797d71c91657bec3a65da677

SHA512
59d8750d8f97fac2db69ed7596e86525b83d234fb7ff2b038616c706041cab021146697c61cf53a5ac68db2dd2672940faa0f89aa0e1d1e5e434955708e34a07

Download Submit
C:\Program Files\Java\jdk-22\legal\java.logging\COPYRIGHT

Filesize
35B

MD5
4586c3797f538d41b7b2e30e8afebbc9

SHA1
3419ebac878fa53a9f0ff1617045ddaafb43dce0

SHA256
7afb3a2dc57cb16223dddc970e0b464311e5311484c793abf9327a19ef629018

SHA512
f2c722ae80d2c0dcdb30a6993864eb90b85be5311261012d4585c6595579582d1b37323613f5417d189adcd096fa948e0378c1e6c59761bf94d65c0a5c2f2fd3

Download Submit
C:\Program Files\Java\jdk-22\legal\java.logging\LICENSE

Filesize
33B

MD5
16989bab922811e28b64ac30449a5d05

SHA1
51ab20e8c19ee570bf6c496ec7346b7cf17bd04a

SHA256
86e0516b888276a492b19f9a84f5a866ed36925fae1510b3a94a0b6213e69192

SHA512
86571f127a6755a7339a9ed06e458c8dc5898e528de89e369a13c183711831af0646474986bae6573bc5155058d5f38348d6bfdeb3fd9318e98e0bf7916e6608

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit\Reference Documentation.url

Filesize
197B

MD5
42bd69cadcf583341dfb2f3d0934cca3

SHA1
cc607f090f32c0c8e09b587b1c042f576b74b46b

SHA256
77ed09de913aa87c8aaa70eaf8b85a2840e803c0585726ef1b19badb63c48baa

SHA512
308dabf7222aaa4a80a7d4d9a868fc059d9bf6093f8f9019e6ba9c0bc1f9f70020ded419048468e3ac5e670c75353786d92f0d593a59b4ea11023a107d943fdf

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.url

Filesize
175B

MD5
0b7f7b921d15c8f4651075739aa1c64c

SHA1
a2faad6346abc164c037e168f247ade8b3a50c82

SHA256
7f75a65299b7abfad831523c53a38ca4454d63972b7b33390f0e73a070ae73b9

SHA512
01c96b880b77581c9e149e29e8826a3f04a15c0ab5f5bc004988acaa267eef12e584ff7ac3c9294382093d029cc0cfa185596d8467906d80e9d1d4dda290c9ff

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.url

Filesize
171B

MD5
4fbdabfec7f1824eff3a5eac6f063080

SHA1
7183a986222460bbe104aa34a6795bb3ae6fc7ab

SHA256
88a0409faba2aee66c0d0d83a898ed621244d3826ce305a0b9b1f851e302736e

SHA512
bc599d608a9fc5f6b9f675597f90ca7c72d30a137ca256d5efc04f8ebd15c075ee11fb799578a804e8bf8f51806059c3baf0ca64641df534683dd4bebea5c7cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

Filesize
471B

MD5
6f7d4198f10ed256eb253f6bff3b747b

SHA1
3f0d3ddf37cd6f248a82ac691ff737c133b8087b

SHA256
15341ecbe6b8c1dcc259909c63b1198aeb9996a195adfcc5c8de991c6316fba7

SHA512
b3ba0ea2e4ddea61658692da76a54986e046c16c9421ea1107d531044d68d8a12fff9593b1ca4a71d054a3068bfe391f061165eeafd64bc9506d482a99867818

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_466BAFE78D4077069B6C3828315C7C8D

Filesize
727B

MD5
c446f20b026ca2a92fb612eca64b069b

SHA1
1746b082b6598176cbe61eca629464104c06f4c8

SHA256
106dec2c2b8e7a3045bfa773ff988ab47c7371ecc77fb6a892332a23b4858e53

SHA512
6ce7528d13955d9bd0cde4ff2c30072a9006cae216f328ece83bebd01c76ef58919531bd15fcf7ffe7bf92b5e228fcf44c14863aecb96c825d5195b0088f3043

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
727B

MD5
ff274dfacd6e046e1349e47cb5dd3abd

SHA1
0847dc44786bb43c0215605f06d105708b175e42

SHA256
90b00b8a12917d3afc5be8bb3bb2c957943c0449ef555c7d2116379c09b35ec8

SHA512
686e5826da24f0cd27a54d182b98565a96d4b79c5cb35e60bbecaf0a074d126397d5a6bd16734d029df075fdd32d1e6fe3f544f5be80f0620b7669235d81463b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

Filesize
400B

MD5
f9e22aa50492f51f49105ea011c48ecd

SHA1
a20abcd6231ee758853a6aa442ae25d144b6c3a6

SHA256
a20b006d80eb1299c07b6296b288daed919e91d5fc80073e94f3e590c94e9c48

SHA512
9d6f16abbbee90286d610da1b95edf1e20ec26dfce0157cf90f6097e7062abca87f5de9280d19760ee533e39416545d6bbea1e41e066f0961929048f019672b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_466BAFE78D4077069B6C3828315C7C8D

Filesize
404B

MD5
e4158d1e705f39fc0ea8ba71285eaacf

SHA1
0a7cfeebdd5b6442fb373e3231e4ad9326351539

SHA256
bab37d60229c58705ae7507571b5f55143a7b86b073126e246231d2ef00389e7

SHA512
82857e054382f8aad7d66769277ed0fcdb82d226d3fd164ce296d6af701ac988224d55c976badd7aaf85c7229a05d1a6d9c5bcd50f8e03dc32dee94106e99332

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
412B

MD5
7e5d9f5ce4849c971071b4cb16aa1f9f

SHA1
43ea1e62c26a51610ed1d05a81758636fa1d0a52

SHA256
1da7717ff0d6e6898bdf01f3d9aee51886107e84281f39f705942eef0dc414d1

SHA512
5c2a187e8eedeab4d05ff6c23e47cdc429a78cce21b112b29ba4f04b4c5156c034c4357529687f82c1621442cd05fe941606656ae33cd152cccfbdb1b8c33f35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

Filesize
58KB

MD5
bc8ec6d0e3f746a78c43cf4f98312a02

SHA1
22a3fdaf7f8e3176fbcd24c760214736e78ac8dd

SHA256
bfd346deaeb1162c3c5d895c452e104f3824cc8e4d737ca78a4800d0f1c74b21

SHA512
5598235c508347c310348c3fabed174c39f639e4ba3513f4419332aa5d4fa4e925945eeb0f4b56bed923b84504d3aed5d5f5d70e27406a194fdbdb3f5c10cfc4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

Filesize
40KB

MD5
5ce7bdeeea547dc5e395554f1de0b179

SHA1
3dba53fa4da7c828a468d17abc09b265b664078a

SHA256
675cd5fdfe3c14504b7af2d1012c921ab0b5af2ab93bf4dfbfe6505cae8b79a9

SHA512
0bf3e39c11cfefbd4de7ec60f2adaacfba14eac0a4bf8e4d2bc80c4cf1e9d173035c068d8488436c4cf9840ae5c7cfccbefddf9d184e60cab78d1043dc3b9c4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
24KB

MD5
87c2b09a983584b04a63f3ff44064d64

SHA1
8796d5ef1ad1196309ef582cecef3ab95db27043

SHA256
d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0

SHA512
df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
68KB

MD5
f203d75a70ada036423e83070526987a

SHA1
06e072c8d3880fb8cab740f01308fc44cd211029

SHA256
9eba99bb152b450919ff7bddc78c09e5eb0c857659b4fd593c94087d289ab255

SHA512
aba05ffe088c648093719cf2d25fdf46a7055583aa496dc8ef6b15c2ccae8d82c91d102edeec3bca5d6556a90c6d9cb03d688f5ba83f7fa87e1745c06a6d5f04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
324KB

MD5
88358c3a7a7a5906a8173bb9b9ebabd7

SHA1
5b2ceac8c22d4d965427f7288becdee950945f4c

SHA256
fb4c4631f542983c7a16ceff9dcba3b3c349581e657fef610988d94e418beb71

SHA512
85bbe0167bbcf1966ff9dff22cb0c3d7d833cab7910cb7609e87beb74ff8a260fa7b9fdd7c01283f26bcd88a30e581f554329cb09bcce3c7de464d632fa55dd0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
139KB

MD5
0b2e2830b49157b749d4fa079d002751

SHA1
451b221024d9f7113768c362b4d4ba359afdc6a1

SHA256
5abdd199b880ecff2fa55b6be4dd1bbf3764c514afe2d82459789aa3ae0283be

SHA512
b5aeb124e57588cec624af434430d48e3d0bc3cd071196d56d0e65a9ebf2ce41fb254fb88d3ef9449f3d03e5809d56de280db69e1429cb1b9f488777e57d05cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
48KB

MD5
0c2234caae44ab13c90c9d322d937077

SHA1
94b497520fcfb38d9fc900cad88cd636e9476f87

SHA256
d8e6f62282e12c18c930a147325de25aef1633a034eaf7a3ce8de1fb8de09912

SHA512
66709f74b19499df1e06700e1c257e14a82ca4287194e4b177b3f333748d927f413c8c459a35e7e5a2f92d28410b0129f106d94e3dd85bc0dd0b986add83b18f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
44KB

MD5
a4b04ba2b9a56f5911fee0c29629e53e

SHA1
939e8e65e22ae978a6b63dd1400fc6f58c5015eb

SHA256
523d8983d24e050e6e7e1f43d0caca6bd77bef38ec046d181b13bf32702fc025

SHA512
1c3357e9ecd3ac0de53d14f5d4c8d8d0aeafd30cb2e0dd6cfd1be68cca4fd4e178e79938a5ffe9a17b43e4f60f6e8e08c1054fa44160377fea740da70761c80f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
24KB

MD5
e1831f8fadccd3ffa076214089522cea

SHA1
10acd26c218ff1bbbe6ac785eab5485045f61881

SHA256
9b9a4a9191b023df1aa66258eb19fc64ae5356cfc97a9dda258c6cc8ba1059ac

SHA512
372c486ac381358cc301f32cd89b7a05da7380c03fa524147c2ddf3f5e23f9b57c17485aaedc85b413461a879afc42e729547b0c96c26c49bbdb7301cd064298

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
24KB

MD5
8278023fac368f67d8b83512b48cf0f9

SHA1
cfbb90dea9e8a9df721806c7d49eff44166b2197

SHA256
1e62f0399a3c5a499b3c93622608d15d3948c3c335359bc695bf3522b03fd48d

SHA512
e04ba7a9402379c064bf5707a5fbe3e5ea6de978b1ad50d38f9b30bef47dbb761f0f8461de8cfaf7c33779dbb47fcf4df7fe387d12fbbf899f7530f6f63a340d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
20KB

MD5
8b2813296f6e3577e9ac2eb518ac437e

SHA1
6c8066353b4d463018aa1e4e9bb9bf2e9a7d9a86

SHA256
befb3b0471067ac66b93fcdba75c11d743f70a02bb9f5eef7501fa874686319d

SHA512
a1ed4d23dfbe981bf749c2008ab55a3d76e8f41801a09475e7e0109600f288aa20036273940e8ba70a172dec57eec56fe7c567cb941ba71edae080f2fdcc1e0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
65KB

MD5
c82fbaa7e5113d3ed2902a3500ec8631

SHA1
c9b4889980899c0f2aea9ac8d0bae28b59e6add3

SHA256
4f4e25ef0961b656039ed8628951b5ff6c0a197f8866374b5937e182b12ff278

SHA512
fc3227c51b9bdcf0917b040aeaa925795e153c7a78469b7e1c87717c1664f46208e5fc3e413f93724ef0fa94aea655db55f04c5a61dda0df737c25b75393136d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
21KB

MD5
addbac3228beeb9b91c6c82ceb5d0927

SHA1
56a4e1fbe3ebcd9ae8a3d9612716675f5a7792d1

SHA256
22911a92291696a97bd934b37bcb65619dee3548cdd887ab32599e13ccb736e1

SHA512
280c10dc7db1e162234e22e0c922db6939c8b8cb4b12407601baca8df5b762ec9b3866008abf57a3f8c8c0ef9ebc8a8d2e20e1f35187bf046657efcf92c32515

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

Filesize
59KB

MD5
063fe934b18300c766e7279114db4b67

SHA1
d7e71855cf6e8d1e7fbaa763223857f50cd1d4bd

SHA256
8745914e0214bcd9d2e6a841f0679a81084ef3fc3d99125876bee26653f4253e

SHA512
9d0dfc21306b3a56c2ecdf1265392271969e3765e161e117c8765125b34793e24458217cf6514b364f351f47e65baaaf5856be0d13406a789f844d6ba8c7075f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

Filesize
24KB

MD5
4198d48c0b84377cd1f64674dc181d84

SHA1
1cde0394063127fca963b4c1b417020723608641

SHA256
c168d99398ff7ef9cb0ae9d9060cc460c6ce2a798d2ecf85c41c91a8ab0179ff

SHA512
73d6093479c6e085104f423d6c115bceccf6d0c239182fb9052eeef1215c8cca8b3a7a2ede071ad4e6c8f381005cea02ec94d02baa076147bc39d901f4414d52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

Filesize
21KB

MD5
279a08187fe6dd2fc9af819e4a104b4d

SHA1
9d3cd1b396cefa97cd2de96a327da6daa457950c

SHA256
ea3b8ac34dd2156a5c83cc7d282db609ac01c87e45d129839630580e7cfefddc

SHA512
9c19e345474f6535253fa4c6ff1a230069752b7c34141924a90c1c54975c26759851cd618d10af601c3b169593b935364fce8b0662d3282ef4520e23c3b0fe37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

Filesize
151KB

MD5
7739350f11f36ec3a07b82584b42ab38

SHA1
d97e0e76a362e5fce9c47b7b01dab53db50963d8

SHA256
d84e9971e8c344b9ff5a5968e7252270757f211f0d408e26c12693729068ed75

SHA512
2cb436985e382ec17390a1f8a7c112bdf18206c66d845934a14f9c84781200828e05c57cef5d4128a9d9b96778042ecb7ba2c031563c78ee9b8ec41accf8a537

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

Filesize
21KB

MD5
80fe74d9f9ccae0733b9074b04abd7ee

SHA1
5eb360c59cad789cf729f385a24c8cfd6b92489f

SHA256
d3e71213254bc6f3f889d63aa5c63439f267bd2a83d20b3a018a6b6c8a31741d

SHA512
fc3ced25b1aa4f0d178238777b0a4831c59fe6655bfe3faa01a04b5ea68433608b0cefaf1550af5f2891a387db0f6550a6224c0117bcd02918389b3f5e2dd4e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000037

Filesize
112KB

MD5
b90fb838c4547fdc10965af365651e5d

SHA1
d496f4c8c08d3076d9d571e5cc6ecbf6ec8eb5d5

SHA256
f5793082c513d05f6f412faaed82f658bc9fb70d6292806a3989079556f41751

SHA512
68e6e88aad6be547f84408eecd2b59c3ef837232f08edf2f51f6d56fccfb934c5b058f160d1b79a85b246aa7880f8fda58bc038641515ae3e155f2ebaf3f7b2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000073

Filesize
151KB

MD5
c8c61e568a630b5ba1dd31c3c8b12d97

SHA1
d6d38cb486a8fe539074d44219bf73d030fd9cb8

SHA256
f1df096db23d2ae1eb24cb4f0267ace790b176861cbb0e3a87b7be34944ab97b

SHA512
97966de8efe7ced60ed66690aef2baf116700f628060fff0fe0f2b1b47fb55da44df0c285f8acd000ef480e8fd237059f263bf3d4b3b4364bcde3d9b379b7950

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00007f

Filesize
130KB

MD5
3820fc740ae484cb53639c089a935513

SHA1
05c6493134eec716b30f95803405ca86b8a495d0

SHA256
548ec58f769a7ea39dab59bf9b4cb46cbd622c0029e1add503ff3cd2c98feb30

SHA512
995e2b445501bf8c3e28199469b939940bbedc547826cbdb4616da003a63922f42fe41315fbb399bd807a7df59b6307b940b2d5b026a8d3964b1595291b57a08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\19d1fefd01cae313_0

Filesize
2KB

MD5
9e78287c046950b394a352c679fe4b16

SHA1
80df1576284e0ff21ac682051560946a9a2ff948

SHA256
7d8072e21bb5d73ab1af1314f77972a180ecb3c7ca68b763e0a11147ce1826ec

SHA512
3a8c996b35d316906de781b52ccac599e30650643a2e6252c41f336f1631f7a5dd04d5ab4ca89816041fbf7271bdefc84d3f5e382caa9461e86b4e9a512b4cf4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1c20db12e49829da_0

Filesize
1.3MB

MD5
8867d0ae62c6dcf05cfb45ee87d96ce7

SHA1
1a381aa833effd34ebd22102941e564087b78bfc

SHA256
f4908e686bc6670addc3c233ebc7432c73fb32bdf42a9ec70bcbb03168ddf9c7

SHA512
c149c6d8248a0ee392f254b174aa3cf67fea19b79d8525d95e62ef7e85f7d74c76b4f483c7556bc1cb5617bcd9a5fbc325a80dd3208269524439230cfb5dac2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\7721987a8d3c7e4c_0

Filesize
226KB

MD5
7929a25e0ba4b8c1f2a432bea44296f8

SHA1
154ead833065b2666c8505a6dd7ec08c5847b01a

SHA256
431d052e449658bf5bf50fc68c05cbca37a3cde8c85da4e2250063d58027ed38

SHA512
0cb392f11cb7020c7dbb215507f033c6087975d3e90e7d94741b930b4d6968510b798bef2079075dad427b5d459b37497ae486b75f831c3d252544727efe638f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9441bb93ec653ba3_0

Filesize
1014B

MD5
e20c6cbf7c5dd165f6f0cc9b46e3c71c

SHA1
06585a327890dd6a4a9efecdfcc0a808f444e3fd

SHA256
ab2789df8b853fcfbcbbd4dc1abd56d7b1e04ac06f586366cadbbaa5cf1abe4c

SHA512
8bcd06f22ea8164a9496564b4616d0c8341e1bbfce07b08f8b7a322f5c742ca7cb3765ae8acd9723612c5bf93e34a37ed09a1a6bfe96d1576de47030d698b362

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\dac519eebb4a7a0f_0

Filesize
1KB

MD5
55132cd5edb5238ddf5fa6df45ce3ba8

SHA1
c94eadcc5c17de0f3b84b166c1b040f133658c49

SHA256
e1bce4250657d75765dfc164c31fcf3cc56f896f2dfae14e847ed26b40f28f30

SHA512
1fe8b5775464944850725b50e5de1312b7736ab4c55a81ea59d15f5ad1ff47527cbcef73b687de9b742f7e1c6430dc1e46ced35e256520722404e7912bacb320

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e4028435ec11a506_0

Filesize
347B

MD5
f396e673d8822944bf8674896209d22d

SHA1
cc877548a144a9ac891926e57adccc056c4e4aca

SHA256
07752eb2a12ae37e7c2f5c5d99a6b34bb89d4391456ce399b0ea0aedee8ff77e

SHA512
fc0a048ef707e1caa233ce1d0b0bfbbab479501cc80fc925f4bc4caafde7f4bcf8ae5e550eeb526dd979333f60b2999aef0724615a8950d79b54fa484f7d576d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\eac0bd50947a10f3_0

Filesize
3KB

MD5
1c88e593fa129d1a3be03a6172a69cfa

SHA1
66a7ebf7015c3343fa1055db14df420001685cdc

SHA256
618106f29b677679a3db4cf2428c7ad2bfcf349c4197d7d90ed404e7adfb7be8

SHA512
4564ef31917ef54ffb539b30b22f83511269a55c321cd174466e951febfb80b19c159910970a9f57ee14f68289f9515fdfe80125cedbf1c519dcd5b3de67cb4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
4KB

MD5
381dd5aee2d85664890aa3d4a5fe3708

SHA1
9cd15f3567b242b7f10669de12f4f5b82f3c9499

SHA256
89a742eb6c80fb10f6412dc278a720654b210538422d28a16a1249402f9702d6

SHA512
babebbc17a6bc1ad62a07ad0df1235b4f3cadb54ff6539be1b039143fa82bc08c993814986376dd673d26a06fdd91df8b5d428a52987ef5647f79311c3ec6071

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
78fb8b66d0756e6f17d70101797779a2

SHA1
ddaf907e4d9591eed95fc64738e17ab2a2a59244

SHA256
e4be97b7880296fdf628234e4cac631dd528e64ad053b0680bacc1db6c96bdcb

SHA512
0ab7c03fc9b97ccd2ca0f875abc5775c6425209e47cb34246f7067514c7d5b933a5749cc7b4bb9ac89c8ee6a93016b89d8acdf0b7d70ab51270149d3ae69264d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
df313498746a75ba972ff9b8386387c5

SHA1
773dc56799bbfbfa43bacdb924896c0afab158c0

SHA256
4e5e1bde4d9372e36a29c1ac41be70d9c817a8b9a0ee2e378d1ebcbc897a7b39

SHA512
1134b0fda2265b9e10304ee384ec00dab4b942c43021ff76d889b92a871352f82b4b43f86978ddb5f8471778e1f4536f04ac3aba5cd8747f2278285019f58936

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
55310a1916c2019fb61367fe488a835a

SHA1
4e9a89a7928e59a08fb08800a88f5208983f6d6e

SHA256
a8b7adb64be17a30a3d27c223891f65bfd433b88191305cb6c4cb639b609feb4

SHA512
584d6d56b97224c4bee6d82c4c5bf5a3674e4894f6634581c712f705396a78142c8d9fdc6682fbab3e8b0b9b106954b8b401b7b80fdd9d16fbe3998a7a434eeb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
48a4603e477d31a8db8a6c7dabc690f8

SHA1
0e629babd56a64109b2659bb6434abf63914abbf

SHA256
ef8405313eaa5b5f4f7dbb70a1d1fe5a8891a1ff34b3b1f25a82c4beb853348b

SHA512
76ee1afd20a687bcb72d435238bc3b33e3144023760a7b063baa1ab97a1969aabfac11fdce345ace10ddab63363b88b18313ab7fb9484a30b4a0fa3ee6669e5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
580af73ddee92b67011dbf14138521b7

SHA1
6dd8b11214d74e310d76816e4f993580a5e685b1

SHA256
d1a36cb96096e42048338f09d6995f57655bada628301743ad83537625d8aee2

SHA512
6de8f28e964486301dfec857925f95d58b5bac2c6fb1c8eb93938795bd7e81f07a9b3701fa7d2084ee63d341ae802379b76ff28105976cca50685f7dbc200648

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
04fdef5f0a7423909abb64fa54b181c0

SHA1
a901d2484f25af2195aa25c8668523a05310f37f

SHA256
7a6f5cab533963b03ae019ead0bc5a7c7e55ea4057479cd32e0345a7466aa672

SHA512
acc9cf1a3b462bab01dfad9061199f24f7a377f0d42d30c7fb1ecab6f818fbbac0588e192936698b5bcc5fa83cf5307cefa4b4c4cee475031103ca941474ac62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
db292d8e7432e831333006db020a995b

SHA1
b8699fa631cc3560fb0aa5bb5624cf1102be7713

SHA256
a2faa8dd22af480b001bf012b4074caca47cc77a76f2458353a21c09b46b8e79

SHA512
ac420403138ebd418a660c07e1b0e11b42a90abd25ff84b75cea9c2d20c41e9ebdbbd6c94e8cd08d696200d809258a9700d5fffd443ed0ae56002459bf5121cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
8f9bad3c3d396fb9fce0db06ccdba812

SHA1
10e9dc11926258cf16c0b23ff09dd437ec98bf23

SHA256
505ac20c17570ce432fafbfe80ecc01f1e6aa6054ed9229c21911c288073e01e

SHA512
152e1d8878a71be07dec5ca6690a633bf0bd49a1ed5be51394990f491db1b9880b70e9a45e0867dcb2304c048460eada120f1836e6a71dd8c7ff182a4c7fe55e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
872a792d5e9123a80aaff870f3d381e1

SHA1
1fd470c0ece819e2c96cf68ca821853e68eab220

SHA256
441883a05d0ee6a1fe85f65de4015dfbb5e9397dc77875bf3e574f2cf0d47e48

SHA512
23f3969f7bd4d217342aaf848e739777997785b8bfba0db1fe91f6b250a621a57aad87435b109fe6f1056fa8f215f53e0e1af4e185c3a1e1faf5a16b2ff71158

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
ef4d6b68fec79b4083ac68d6d7bcc9c4

SHA1
4a0e98791bf8988a371096b508b7540502342c3d

SHA256
21b9001c90755f5140c6d5f5359aeec569df897d6d7f439eadb0d7ee122b2a30

SHA512
ab6681bd272b4f4d783a18f88679e2dabc2394d6d74f7d1b365bd0dcf3bfd8d9959e97f0183899fecb77787546ab2ade5238177eccdbf975c29ac76db170d317

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
5636dd7e4a2e578e19ab3e1dcba1e43b

SHA1
6668f21ea51b4be9ea6d76b6c92d617e0de6f572

SHA256
10b8d66baf218e1c8bd46e49d9951d71ed65b51f150c1f64c064bd5af0f1e5a4

SHA512
5c81c5fef378bdc7a51ad6ef873951756c7c9efb549ed7416b11b99a7e864830107dbe4e9a928817383106a90217f55362787a4c1c91141ed5a0fc7325ac6b68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
bc59fe01cb96861fc751f9a1127dbfac

SHA1
9086082b2da14c5a2f5aecc9b0836958f300baa6

SHA256
00b2e84475811af4be422f987ea2de48d448f900181e7caf74423fd0d563f961

SHA512
891d751c417027ea5bccc88fa894c65f9b6ebc7dc38e789cdd1190ffe0d65c1b1c7df8721b37832ce3a5e79fe09fb1d25365e5ec9dd73006226970cf7fd8df94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
6af435520968a4da5e7922af2a44d778

SHA1
0c27f6d461ed6c7f5b7553b30051c7f231566b6a

SHA256
1e69b22a06d7e57eff1f8d8665e0bd24e67aeb7cd2fcfe4ab257cfa3f01c63c8

SHA512
4453a806d7a3f2e8314d62d35c210e3c98ac90e6d5dd0d4b53b9e9c0247fb7fd6a4c0336cfe0a82f9a57ff0df8262353a320395e624d2ecb81908a3ef6ee7a4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
2f555ebcacf47ff5db783b17dc7e5941

SHA1
b7acf66b3e7e02be6dd5160a245b39d410fac65d

SHA256
b7de1c7de13a70be52363d75dfd585885125b2b87be1e9d0f00edfd6d161f2a4

SHA512
f52c0a78d141a36948da40e697a4e70bcb678a06f82ed1f332cfc163e8e569ca1b7d48d9818350065309328cd4e7efb80f2792dc0e9fca82c893efe4ab6e67b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
ed0d5362aa9aa9591cc0dc998b9ce648

SHA1
dae5ae18abf11820702f664e222271a98eee5d8e

SHA256
c9d0d5125bfe3fbf95b51198cefce5de14a04dbb2f4f83af74a367279fbe016f

SHA512
dc86b8951d3d63ae86af6d6d9689f19704a777e4e43bd80be50f148c6da58732fae8ad64f14c24cf51b9955846cb38a22bd7dfc10c46f496fef2628e00ee5a20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
3eadf2a10785c06379e328940a80712c

SHA1
dc1cafcf5550f71d0bd12f2bab3897a3f53956a0

SHA256
96fa533d359bb9f913f5f0a3556cdd7cac18f0299aed638e46b4d31249a6ad4f

SHA512
6f09b220eabe4c52b8851729ed063f855ce466df9515da6a4f2873820e98ef435fb43e21292397ee9724a74264be6b1f8e1effa251af7f216960340a90070cc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
1b847af3fdf7dcc4333bbf7a2146da20

SHA1
ba02522d360336335fe87dfd2b35cdf9ebc460d5

SHA256
0e4fd22434261c6390af3431d1b44ab7f07c5e6c1c0c104510702f204a7cbaab

SHA512
f6d2a07b709fb94b8739cdd5c8c46050966d6136916ab7fdfa09391b895ef6733a934c4e87d221651eb362c529b54eeafd0e1e6d67331d7680588300b53fcd58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
c4208b12f8ce7c58edfdf053035d42fb

SHA1
264803fce98eb876b94eb05b75b8e239f3972c9c

SHA256
9eccdf29d2688f7bba1f035aed2c1ea1480ba05cb986c2988656f5fe87177d2e

SHA512
0557e5eb4b34cc81c9786cbde2635a1cb4af18de3972291204e80b64a2eab2f2c5555b12297f9d1a118bdc643675feb1f7aa71642d7fa9fe9a7ffb0e20c1fe35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
57af0bac28427eea3631ce418ec924c8

SHA1
c6dda6c8cc766317dc3bb5e9d5015de54e4a2de7

SHA256
3f4b9e17dbdb6cea7d2ef171a62fd44bbe9e54f8e9449bd756e6c723654dc070

SHA512
9e0b542520a0474ab226538d819b8228198f8dcf002253c32dba86224373ad7a8ed3e5d1ef386b013747b5c09fe1fc61cb279af3bf6d17f4bf5f6289114c05b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
1d44192a883bace35f59d0421fe713d9

SHA1
c2244a31d838989e14db1f206e8ab6174d7a62df

SHA256
86eeb0fa43f4f287a268a99375b58e6fb8a5a2cea5e4050beb4c95fd62b3fcba

SHA512
51e053b4561387312e98d93b09fdd71583c25131d651b0625f52a03e69e49b1c91d924bdc6b854b588a16913da4669f1e482a3bc4eff54f4c763dc5b7ae7b2da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
178f4b1fe104e8cf185d4910c68cfef8

SHA1
bb5b18fddde524cc2c0a5a8f6739ace7381d3322

SHA256
ae777d162cf73ac01689459195bd6467696f7b240bc00b64b128e2a17590e3ae

SHA512
0296257071fa2f39624a94bdb53aed0d003686b971bb61e6e9563e24a45935047bdda27c40c3561b64063f242aea4791bd40c22fc3eaa3def486aed615500bc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
2556177c5cd752b65f304bc68bd0e481

SHA1
07996c7dfc0008ece8f8efeaf2a143cb2977b5c5

SHA256
9c416567fd11997ad65e4ef7649e76da324515a40af3814ba2bf98234664a66f

SHA512
61615a1cb236173465c50b421db7ab6146e560d98257705d5ef548f1a9df377115b6eebce423edb187e400ceaf75a89c265a1a62f7c26f6549ed2662db1a650a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
41eb0f3a2e8fd90b987d780734530852

SHA1
93dfd003229c07a10e464fe4149ed53f58c4c110

SHA256
e36b00ce2bb7232130c74522e69fa085ecc6c88904dfe0690ffc357012ceb02f

SHA512
0aebfc87f647181d31dc047b5098cdbae67f3bf1b1dcefaef7aee01c6b15588212647a44b764a09af5af8acfe58a5b0a44321ef2dfa86c8760da682da89bde54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
624c2754340ea9cc63e4d851c0a5f874

SHA1
4411ae05275af5e3747cacd51068a56dc0b8212f

SHA256
8fe6915c5f915d4884976ae574ea417f74878b0fdd998daf5336bb9d40112f00

SHA512
0ae6428a5bd99e6db9cfe61cb54f8bc1d7d33443976605ae1229cf344c09180c922e017f5c6769b00f680797406abda63e40ae160d5e27d11b118f5610f5667d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
586abdedb4b502daa78a28731ef15351

SHA1
742e1e276edc296145d627d0ca8aa0b9f5bc980c

SHA256
760ca2bd48946c536de450dd123e5573c60ad6ce5ad8a3f492f56b3f02f2edb0

SHA512
456441952abd8f3214da83bd24721b615ddd9df7a9066e85954b4f9561c95dc41d1df0cb8e67e0e802a4c799fccdac98c5393d71098b8d1cd36f3ecd2fd91ed6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
29f9860df2a9b5c91ff8b5e6b3f0d5d9

SHA1
3327399c29aa0f00c5687f4ec13905218b79f797

SHA256
f4f9a14d1d694e0c49b86107bc890fc4aff591ab117d6dc6b65611160ed1ba25

SHA512
d09b07105a33f8e3ad0c7bca442d4bd74a2ab839577382de09aa0500fce45322c9095962c69d8b8632964a87bd974069d9eda206f01f1f059dbf9dceb3c7726d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
4c3183ec1c4e272cfb83c3f4a25c3a28

SHA1
15791189c4ff7a94f70b89bb8b52368c970ac1ef

SHA256
47178562da6aa768d1cacb187ca408f04abbbf87862a51d2363daf0b81ec0a8d

SHA512
ebed9f14a0a8ae3e7d887bfd97e4aa25779f0d5667fb4cd65566fb44c2f9354ec5c198968f47dbd203941df45a3b1fe7ec04a0d5dc627ea3ad236ef7a0d85e5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
39de98e578d3775151e4a76bfc5949e4

SHA1
68f2d1bbb869c2c8236c514114620e60929efa53

SHA256
a74e7f89770d02e28a7372d5e59613dfcf6e75d49af8ec5ece5ae0bbc135e5b3

SHA512
9b6d3331134ec128228d79a2be9aea05e3eacea0bfcfd31988a466f1ee9d8742eda72a16bfe95b6afea0fdacdcbaa912c8d8040b1bf16c61f11205890d03d317

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
17efb279cff43ea52c5ebb51fcfa9420

SHA1
d3c3a7248fac2f407803e5ef61671f099d8d6ffc

SHA256
4def3a4b885c377916aeb57d1aee7bbd7a41c2a3af69e0dd5fb6f4646796ff0f

SHA512
5350601187d0b2d0693a5781482cb71df7d1705bfce35090bd372c1e5d8bdc180362c64b0b17613bfdda6a31d28a840789ec70d9b3036c43deae6610ce543b4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
f137e8cad647dc411fdea0a31019a647

SHA1
08da6a8e842f6f2fd1a004cae2c87122484c6e2f

SHA256
fb0691d0ef24e93c30f38d34090517fe7e04de846eba3575712aa7029997a899

SHA512
eefc3a08513632495b658e236757b6cd4e19f157946d374fa4672150352c9f28d8b633fa0e9594733c76316d0b34a0789abaf0d6680a9fdc0ff721b479e74828

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
5a6047ead135152f5103dae2b2ff3251

SHA1
d4159cbffc0d9ae82e030ed5c38601c6000aec76

SHA256
9da13db50accec911a641c72b59b87a8a2b8606e3d81df947a22229bcd6e97bf

SHA512
30399bc903d78807ffa3bfd7a9369b04f32f9de91e468dbb1db40f230580aae4aa9260764dc963640cc7f2c87726eac7757c8ce7c1da345f04596916dd76f294

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
0493eb8d784a214df0b8bb445bd8d9b8

SHA1
ea44b32766b181b9be9b45301b5c3bdeda5e81f3

SHA256
9820e6aa682d0b41dbab73cf35a341b6ce1c92d6e683406766af69fe3c80f7cb

SHA512
08be351d1260e66bed6ba7accf79c554551a7a665df88cc6305d87343204a470ae4e2e0187cd8e7755a9b5a4a2658da35337aa3210a62c48ce03cb30caf7e3ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6bf4ea907d696ab7bd3f396711664537

SHA1
9cca1f7224adb225bd83f8b0b00fec90346c4403

SHA256
df71433089ed8b258cbf86edea0c9f663c7faa06610f6342add24dc56141fe2a

SHA512
4eccce3fa8f047ac2099618b70651a760d4c7c6f0bc71ebb404acb808af19d6c9fc0fdbc6d9bec2b6d8ef3870f56294ea3031b5a169534129f2cf009e08621ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
81b1ebe384ac94d6530734e48146aa86

SHA1
e17a730c7498e9cdf72405d508d3ec84fcd906f9

SHA256
3875d2b0414dd1ed5acf770c77cbcc36fcfa8a19362121400e47bed4288cc010

SHA512
ef2bf40b27b4f16cf221ea614fe3fce5f9f8b5d86387a1c27998c981267de751c395e8cf551297bc0065f4a6a9ce0d42014aa28360365129eb82a03c54214175

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
3d0ff556560a6b047ad797b9c86245c4

SHA1
7a57f1b12c58d86cbff22dbc65b7ee9ac0369684

SHA256
1d9021a3979583c00333586a8712e051a8d459f19427289cc2c5e1ec010d7c2f

SHA512
981f53c4ab73e942c6336ceb23a9c9924d74730e05389b8a35ab641ad140f4a45303adee5740c86860f449faaadcb3f61aa31da1d7ac3de2e7cbaca1ec82b1e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
1197b1a963a5d6e98b69f231f85bb787

SHA1
c0ad1814dab2ca6a8bdc5692804f18fe3683a419

SHA256
2da8a1d40ce368ba1d30936facd5b57fc594e2dd6148e268f10c8b2ad4cfed14

SHA512
4552caad14b92b410116e957284c6a52cea581cdcdb0abd801ed9562dc131dc16227c8cc6f0069d6897697d92edb371f6d220e8f702ea5f0baa57ace2ee3316b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
fc4d36098ef223f3315a67de4a83afb3

SHA1
638a3c0b1bde37bfa2383ff2f117d74c70444144

SHA256
ad32a2a9fe97f1d31aca75ed1b65b4ba81c9597b1b30e5b5c2ab3037aa6b1ed0

SHA512
bc8c57f69e87c1bcc814a2e5a54d075ff58340d7970abd073d95d99a338b5f47af0798d04c16146848e0fbd606e72b88ce9d6ea3f0a13ecfda8461f7c9d28ee3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
65b590aa6adf6056a30eaa9a67f1da47

SHA1
0a12a802ec00bc8c86e0c00f35e64cd049126da1

SHA256
075b7cc1353a1d028eab7f50287f82dc0e28954a69b45abb033f448280434be9

SHA512
bba4a3a462f886bc040fd4c4c435e9672345af3e0b4ff5bf7d4fce3bd210ae278a7c09c1d0652ce9447e6c3bb44881296212c2e167ea20155f998813ee2b45bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
14fcb9afcba551025010e98e779963eb

SHA1
1f34f79d22c8f22c208934a5abeae3ff1fb88c48

SHA256
db11e0b12fa66ed62f6a013aa44bec5b19959fa187eee2ef6a483dea952bc785

SHA512
567a8575ea9caa6713f22232b9f724fe1cb14efb0e94998690276e267ddbdba4b8bd516f5a6f02eed1f98e4ae0a4340d6d679a12114f6d5c60336e398c844051

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
3606dd76a957282f63f4e0b877d099e2

SHA1
64461ebab976937845db4a54828be096aa655b52

SHA256
7486f85c6a185324a8f07c69c2ebe3633223867eee3b9a61381270997e88068e

SHA512
6d27a609749312cebbc4434cc458f154bc6c96a47e7fa45f129bceb8d57da2721e925e25f155ee15c67620ee361a3124788902687005f849c137a9fe1afc88a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
148f955cf601d36dce401ad245e3da69

SHA1
9b49989b5461640e96db1fc2cc1e629498c27cd5

SHA256
caec083dc7dfd9557070571c992e68a5d1a88d276419ad7670199670f53567f6

SHA512
8f0a676b4899d587957d852c5f2db97952b4fe0f500dc68a5dd5e1b82d60c130407d786beb13353e03b8ffafd810bb8462727556d2fddeb6f22fa146fd5bfb15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
490f142b2c557024cb97b2551702aabf

SHA1
a31bd747a305a2f879de2b5d770679f5c2688dd6

SHA256
766179a8252c608a3b49d2fddba28cb792efd192ea2040b59c7dd2a9d7272bb0

SHA512
837050621eb61483162d587bd71e9ed4f5d73af84c2c241b9d5640cc36c795d23c6d54abbc01bd1fe92947a4f0d566211d6df8af372e1d6f5a48b59ba50da39c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
e3a1a2402b8e57ec33b39a08d4f794bb

SHA1
a4e38f20fc3519c267087b7290253364bf901ae1

SHA256
528cbae834a9f1f09d0842aaea92ab6092581c938c6981d6c305ce9cfdcac222

SHA512
84e838404eef403e9a76a552669985be53c55d872d3894b4d52ff4233ab12908170bc1a0019df183e527f6f288864466d68aba0b7ed4a3c747bf295081615f8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
14370cd852a32156d94ce7a64e8e9235

SHA1
fe9b3053c67937ba9b0013695c22f724d5d00b56

SHA256
52349e093471e97f7e59a1d86b54acd9e4d513af90f7bb53dad24c7b8647664f

SHA512
d5e66b9808ca1d1ee76da3eb17f63ae2b04b71a151d8dcf26f4439a6db0b95bd3d0502acbeeb4b4cf8c2a84bf416de3d90eb3c6e39cb61fcc5e2898b3a8e587b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
65af2c96bef783965ae09e9a87898f6c

SHA1
0539c899c46831a4ea3380d15c26f9702c7de71c

SHA256
12fcaed6640078ee19a91cfe44ef11656191915eeae9cb33dd0c2b9ece7f5414

SHA512
4403744b18d01f8427473252701f1fb2c2dcccf781985a2bd8a44364d5a3b445e1be0bf1d28ed4372f892aafaa4d7503bbbbd0dec247b7808c45b4852875e034

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8f45fd94816883d882a5a4a6c29c6848

SHA1
f9399da5a7a9790479e75e4b3cf38171b521eaec

SHA256
e812ce18358662ad40d4677052268f1e3167db477a671839fe5220429e4e297e

SHA512
91349497cfc26fefff3344e46a006409ffa5249019324f9bf5bd1fa5cc85b91c082d6d4ec298b5bf65a79fa9bc32e5be5ca32f66159e85a010a57d473d4a2202

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
73eb20b5cf2b692ed5896faeb207e24a

SHA1
4eb4d3eeaab6ce434624b8b513e280036162b5f5

SHA256
3d3551dc29b1fbffa46b6d8ad90a00d238da864dee9385a514499b441877d355

SHA512
aed83287a18617420a01a4e9654886f29597fe281cb1dd4f5a750b855de43dcdf3d6ac6ff141db614e099e649065d33bc48791edfa0ffee18b698544a89c2ffe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
636418c8d4723540c1d66b6064e79d3c

SHA1
4d60b680960ceec8c190a356b9369dc8401d985a

SHA256
3e0a6bdf6ad88bb9b28535124d8dfcdfd407027d717631b5a3528fc387820ee9

SHA512
ecdcce0d4611beca0ea9b2345662732c01829a30a474ae7bc5ad33e256a7266148b415f178dc21cd86c5bbdb01d0b125c0e3912da6efe2e6297a92df04b2bff4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2d88eb36711cc011e3d4554ff186a61a

SHA1
6b3dcd36dd7b70adaa6a6203ca5e6fdfcbba85bf

SHA256
1b5f3392571c2e34831dbdc03dccc10df156fb62bca18ffd371868fa25fe7868

SHA512
05adb2ddf0a459d874d36d91e23a614dc0c0502a1549bd331ab65ca3c499b9866a43e43eecd43d217331e51737354ff2c98983c96281c1d8f586df63d3d8f4f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
540649a45193e8175c076313387063d5

SHA1
7219ca47f0866e06437778c7300f19471bc7265d

SHA256
cbf1b9208a6d78207389ce7228970c5ca793723102ff297bafce308c265cb0e5

SHA512
cbda7e011b22f30fee754ed240c4158c125e083e7d78408b4a9b60d0f5dddf13ed1a825d328a6473b42e143e8bc173c2fdb9e851f11ff7769be34a5f0f192c5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
652051a61733c00083373a7a452c0c1a

SHA1
448718d84155ffd2ea105860057595fabc2abb8b

SHA256
d60e9fe367660a171e5de9535a4a3d2181bb367b0b505d1cb58c051eba775abe

SHA512
3e1a68b1181c2132382bf0a8bec7d4969ed985b9fc946b9b644669b7d498e501de9c074004d5ff272db6ed96453f36801b6fb038f4f09a8d05cdcf4058123074

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5f3817db1ad83993a5abddd1ed1f21f2

SHA1
16af671f24938a365214fe583c8a3fd868519c2f

SHA256
d600e22da6a9392a90bb2453f0d1a50894b696b7f936d8f67bfb6a056f3ac67f

SHA512
91b3339182e672e871088f469a749700cb22ff2abf4456bd31d4db999a3bf221aa6c301246d65b15fb9bc622dc1f2052c0d61eeb9eb497471d916c91d2be6788

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
1cf1d769633a6aebe7bf1be7fc311ee9

SHA1
be0363f72c9c01cac15b8619faa215fa38aa2a4e

SHA256
1bbd6f4b38dfa91d5840ac0f9f1f10b014bef28d8b65bbaeb637ab6f1f281c3b

SHA512
49db043947d0d49b212b01c87f599fc94fa1ccf3a966e765f50aa852d4d1e0cff6e543a8873b89c3a0b448947f8e311653f9a2c2c59ee70085236103d731d9d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
17dee8f2ae7ef14db16c3605309f6a56

SHA1
1fc342a609d4f22400241eaa480aa23866d2f634

SHA256
f6d71b3971fbe879140fb462ca28eb196616b5ac0ad272e9a8666d2aec9a5259

SHA512
29f09c411e27f43702fb43fa488654c45f46884b2b1195ea4c19dc65713de0e36ff3b3c293145a703ff967ccaaecf6197409e9a1722c6744b7cdc6022be4dafa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
5a39b9a5cd5e304e58257d156fe9f60e

SHA1
648d75d13e3623cb32ea812966aa2bd37524e25c

SHA256
74ff1556492da4deab84a6911b9acf95bfab6b920e990c16860488f32170085a

SHA512
3a8811bc8a2170f83c05ebb1920345dc7d65e9284c384f33b1283bf684ea02440af9bae994a3a46c945f21cfc777559173ee48e8691052023751956305274191

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f0b688bac035112fbc4cb4a96b1149fd

SHA1
d7e5716de4b4029a294452fe226f63c8ccffcda6

SHA256
d0cb74f92945b32f2394e4bf60bbf68ead6bf9bb9797a389a8acfaf629841f33

SHA512
3b71bf2808efc072cd29ae4f043cde7ab4ae56652d53e36452ae3644500e90045efa61e60128449541965c4132748f8a5667735eebd369f3ebeac1474766c606

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
14d8d6b7caa79d1084f77c943068b7ad

SHA1
7245b1bf3dd134b37f3e2bff3b046508ed0877ef

SHA256
6ca9b3ba6381a85d247ead7de07a8076a514f078854ca7e722f1a01f159da70d

SHA512
1afe0b5c73f5f89169ce77e9849be4453128049b170c740ef09b61ab632af0e33df92af1bca3795ba2a248db946ae1abe3ddf3bde61b0806743d07889e1cb81d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
58f0097759a8eed81ec1309b56af7f6d

SHA1
e46dcf6a2b6be2de3191ac4765c65fd5ab256428

SHA256
3d40166436569f5663e2d3ecdc4fcc7151111de6962450e07415b1068288a04d

SHA512
333214433b18668b9756319806ca6e436baf13ce3df8a5d8aaafd77e7977ad1753ea11048704e8bb9226780f97fdc015ca5b55e21ee62e80d253c3d5940c3b8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
43ae86f62a6d992096556e689f1848c8

SHA1
ef0fbc2768e0acdaa8d7473380bbff295ce2538b

SHA256
4b47a5239f1fb1a9a1ac57619a1ae84fd037c8c76050e61f3e03e9cffb0afd94

SHA512
9f206e626269de45bc765bec02d367792cdc05dbde6fb381bb270998bfd05521affe0eb1ae1d4e1da93ed65e78bdbe0f691fb011265a838465222d26fad5ae76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
a9d74bcc48a9f185a88996245ff9b9af

SHA1
0496f21e388771a59e7ebe5d538bc6c87ece7f5d

SHA256
9820f1357e9721607d447b6dee8adb7ea0d9134eb23cdb048ce572813364dba0

SHA512
9dd50288bc821a3a6ddfc62ced5fceb4e6155b73a6918f1fb78d20cf2c5dec9350a997004c33c4f9ccbe0d4f621a8a951c8e779a8e1c99b5c54fd7e41de3dfbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe61bd35.TMP

Filesize
120B

MD5
d31311139f1155cc74ce54b97f7762df

SHA1
f2c4ee6d4dc41628eadbb2ab1e68eefabf15ac1e

SHA256
5f28c135311ebb10f43c55648a93c1f367970873e914dc1ab0f69eff24ef0d7f

SHA512
10477032d361d064f22394c15149c6027e8277c762d29f083c2f2ce91c2a91dd07a04c7e940c339efafbce3dfc99a14f768af44e6008f40111351e67fd2bc9d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
da4a660b2a9c9269861edff7591f6d67

SHA1
ca93216ae09d4aa247008a80acdc1dbb45d3d5d9

SHA256
ddabfe974af208d4b39b30e60fec80e46b6f35eaae15793e4e63772845eeb4fb

SHA512
bc1ad423528cd4fa62d19c3d86ed92813224f27e90ba708f39eefefc12e8fe45628a552ef672c043381aa9df8cb64aa806eeced282c2b3b225109114cd434695

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
f1a1ecdf3739dc479e60ac1d51f732cb

SHA1
8a5b4cec54dc1809a6e1de62e15d14c4f374251c

SHA256
5d0cb7622d1adcf60f6281c983fed98deafbc514754f41161033443fca30c080

SHA512
3e0cb62cf2357fc3d290e7a3dcb68b06268b0962e53abd50cbbd1a507222f46c7e5731759a9225db82d49f0fc16101bf77b6265430d9b42070029f0cfdf3a3fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
8612363e639754aa4f4eb2db70b04ccf

SHA1
584c1885a387d86d51fa75ac743b7c788c41e65d

SHA256
78426da5de2c4be4b2cf7e2f4ed5eb29fa45368b904702f89a264751a82d419c

SHA512
07373c0457bac37c00484e36b938277df27bed60dac4cc1d48f98c8562e70daccbccd3bb6e63a43831f7d827ac6c778e3fa120557cb01d848a3fc097c9fac212

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
b4babaee6fdf0a00eaec8f2cad9de4fc

SHA1
085e2a8d5c40ba8fc56fcf5ba97baab3f4624637

SHA256
7fbe73f2bf19014af60256b70abd4531003525d721a55a445a7fb8863f235b5f

SHA512
28961381e6d23aaebcb6b24d5168092f1e18833a2c725dd64f8da8f490c0127b69f1765aed2ac81cc78db8292aa3fa07132095b8cea954aabb224cfd5be6f741

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
382bbade5eb852a420f0f7c69416cc15

SHA1
b6977365788bf240b5c73c58ff94d94618dfcdfd

SHA256
d9294e850d8b61e60800136113ba31f4d73ae96961679a58bfa97d3b20a032f9

SHA512
ca30519554b16bdba5e13021cc3a9ceadd3f5f9e2394c0a1d8c8c6fe212ac3ac50f58b23bbb7ea6b8a2c98549ec4c2e1d512ee9c7cf0524c3e4da8adcd6dec9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
2ef2453948dde5b68dc0ca23c31f1bc6

SHA1
8358531d1ab9402941bdbe5af3cbb4839871eece

SHA256
4eea2cb2680fac688ae0a42f2255f2ecc0daf3e69b9aecf380ebb15df6a3a8cb

SHA512
756d8204cbc91036ab61acc0b6d67c52373ee93cc52b4edf9645bfcff2301f435d3903a1d47e5ae2efea309eec89937233fedb08b6ae704211963339a723d716

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
137KB

MD5
ec8503e74be2c485a2012536e96d6b13

SHA1
21a2b51d09f6463dbeeb5ed137747539963bf7f8

SHA256
22015b0673bde3d7d5c0a56497180cc879b88cc9f3de9d612e30718d71a2e2e6

SHA512
6a483581ffd29bc3401daa13905760d945c588582963824eea765adb2ca671d6f22393f2922c00f5e531a3abe155dcb75f81869d5bc3dc564b0ad530f9287c05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
137KB

MD5
c1f7179a3b6ae04ab9e848a8411693df

SHA1
3086bf75b01f0064e931e25fd17629643133d3fa

SHA256
684e5e5c6b38aeac6a8d173a75f1d642a049895abba4b28d52fc687fab9fd854

SHA512
deb5459d3fb86c71f728267f9ab64cc2200050bcd6efb1f4fae04d9a8d0ad6ffab91e857090e64faa37d402a6b8b40626b24acf86a9aea4e9e736e51fef7df44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
28b74ed0726b06bd7e0e99f2ff8abf5e

SHA1
0178260899f2b2a27e3e4192bedd93d650bcf9f1

SHA256
82c7c0eb61b8d412383ebfd7d141f849444392a1de925f6553d4e47c17f40bea

SHA512
ec3de15a56055bdfc361fcb3bd08b011322fb9b35931f71906662316c1078e159512f3e9bd17cc32f70615d678ea3b75556f1bcb9b7e16c8ac946303dd4a5324

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
137KB

MD5
8d5b8ff75e1c37ac9179491eb3c33b21

SHA1
ab7f19739db67e587b23615df6c47625c4c7f2dd

SHA256
36e9b2eb919997f2e92b8474508895bc36954dd4ce73e4afbbd0fd3f1b385d0c

SHA512
dec1228308c34a7a747654265f8ceb1bd06f8482788da96aff8fa1a427a6c39a3ca954424e8a78da19420cb1f999cea7700d36a5fe8948654c12caf2b8d1f2a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
137KB

MD5
73c653cb8ca861ebe6855a37c63a8768

SHA1
fd163fbfe3e8806c570267cf5c7e2c5d054b36ba

SHA256
0f7d3fccf4e96a892d8dbe86360cbe057c253d604c42544bf901bbd28c9fd115

SHA512
3498d32711d060f97ff9b5fcb046576defef3fa740486233bdf67472df689fc40de6107c42b87238477fc92cb52e3421a0de91c278023bb75bb24d25786a810c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
137KB

MD5
9e9b410d2a9391cae0d0d552362af912

SHA1
facfaf408615b29511bf2bbd3ffd5d443a7fda92

SHA256
25caa8a6bfc9c09485f9121df0e1c8d678f50a3ed329b5c4edc28011a3e92a76

SHA512
554083a38119d42db5aa26d3b04fe2349fcc9016c284c350ff74640ed75e64e3c3caaedf7eb89cc24d27809b0def405fd7276d683ce2291eef480ac20d368843

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
7d5eee460a952cb59142ae590493a9a7

SHA1
9af6fbf340376e26d2254672f7f2707e80721430

SHA256
61c9b6f2cad61ef0f30fb1654a7015c579259ccb1e26f27a7bcf1358e49cf56e

SHA512
57a8c5a82120d73f7966db835a1b9729df34fc5f57781d90c8d69a7f2d56c2041ec5b1301fac8bf60f2ef84360ed1d205fd27847f7502d7b61a637bf36908669

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
34dbddf821dc54712147fc2cc4822771

SHA1
20f746a3e5eba60b4c788607e22fbc321c6bd20a

SHA256
f9891cf8efb71604a2af418daa4f9e8f1f9808182393d53c3fc8b7594327712a

SHA512
deff3c6bd2d1668e58c1a553e80534fde5e23b07d9ef730728a3088c273dcb58f3b49fa161222f97ca7e6be77792f3caa0032f915b0cd51aca5c9d76bd0dd575

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
e47a1dc11fd93611189a7bca1bfe1b48

SHA1
f5de4f9966e6c219ce4e76dda95ee7cc64e6ddc1

SHA256
887e3d15c20c1b61f16561c9de95ee8fed4f4ea52c7a1de5750a48997ef98703

SHA512
c39f4c1cbc154c583034486fb9c0d998fb98878f19cd4c9cc46a8fc69b74d6386b706551ffe9bf93c66cf0625fe576cb0f884e2bf6f85af688a38e1eee740b75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
160KB

MD5
15e84cf0031b313dbf197abd4f477acb

SHA1
f709ae4d1f6efbba547353cc0b03664b4833d031

SHA256
a6fd1d37171e612447f07a163b77aa70fe4d30d868ee7667ab9755ec2e5915d0

SHA512
a0635097eaf41baf451f8f41119205a906daa73d1356f220b7edb94f96abed878c72835f50003f64004b8522a697f1e1bd6ec8b25199232826a00bb4834814b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
7909cc1fff70bdd9941e5653f9d27591

SHA1
a5b1bd0108a082b457203821f82abab7f97e46a2

SHA256
6979160bee823bace52f4834b976c517c36f102cd128c931eeac28308d5eb363

SHA512
0a1c6fc152f08afe2f1e14dbdf3ca14c1b24214efd1a7e3d706104e7b541df864e7b332705dcfb0dd2beeeeafa3283ed3dd34b942b2f4add20c375593134811e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
113KB

MD5
d94e1de7ec29c484b7f56ba93499bb5c

SHA1
c1f47e12b2fcca60b2e3e79c9c26ba3ea8a854d8

SHA256
036fa273c2976d455bbdf8ec4eec157cb3b9b7a440d779a3969de296ccd5f08a

SHA512
82a2f88e92af6322eacdf803d987d4b52d563129f1c6514e05c0e9c84a823cb5f398e3736ada896160104a97ca083f831b4754d62d324cc59aab1b99bf797f73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
114KB

MD5
a17ffa725207de09fb6af0fbad3cca90

SHA1
08bbb4f92211e284365df379f448145faf019431

SHA256
32ed183b9062292bf08d17264bfc9e01c7e12245ca08922675835118e5c12e54

SHA512
bb9e3c4d46f3877746ae10e80dffeb22e07f4e0397e5a41278420b80263779b07d491eed9c0412cca450384f94c6d2be8178e72b78c80e366cfe688abdcf6912

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
110KB

MD5
21c524b7c8bd7725860ddd528e5e3458

SHA1
d790aa3fd52d7c5eeb79012267067d7e544438a1

SHA256
5b61f2d99a19d4f14e649758be2c43f6be46eb0f65e1b50725d3bd4c5f92c41a

SHA512
bda424b53c60aebae1f1395d9fd8d257c4c4917e54bb7b16dbb5bb83db7d2dc0b709ff7101203ce11e7159362132a33707402f6afcfbf0a626f4d2068ee49c73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
111KB

MD5
91faa906a3c3d4a6f9c434ae9a66d2e4

SHA1
e82fd0ccb00ca76b822b9f1908e27a735b3b9d1e

SHA256
bfe8497799c5b1891918b84def1e2d423167ee85efe425a093ef1bd284785f21

SHA512
46c3fa453ff6a55a4c16bc78ee6e372010595a7246ca8b1e3c15221887d5ced028e94e2f725d62f266c2ffbce4c13d5409fbe2c36cb889a72ee2f32f411e8035

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5bce39.TMP

Filesize
105KB

MD5
ed5784d14fa08fd2011602ec03fe3b99

SHA1
7289121ed08b6aece66c00790c6f3e77c6d54b72

SHA256
713b40e1e023295eb4ef2451a5919521d28b695980bc1fcbeae48b7c7af9abea

SHA512
1451374ca92ac383be8a3ffbf0f1be66b174bcd724a79fde381081d57b8bbfe8141de6389772f52fe71174020b00ca0c59714548f9dfa6840261d028cd94334c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Programs\Git\bin\sh.exe

Filesize
44KB

MD5
8d59153c5032b8f92969117e1175b091

SHA1
a8696512e60d9234dcf9088f0bbe897baae6cd05

SHA256
6fdb591a90c8b1f48795d02b8d7e9cff0ab349c4087edc90305f97a5fe8d968c

SHA512
7a7adbf78c84ac963f79abe055dcfe7a606c740f7d29168243f2754f83409004c76fec6b47b11b0dfbfbf1e32edac6b74f283faf0423565d3929a276cce2170c

Download Submit
C:\Users\Admin\AppData\Local\Programs\Git\cmd\git.exe

Filesize
43KB

MD5
a81e4d64ebd9556a30a420a2a1cef3c1

SHA1
a217a81c17baec4033f4a6ef5e2bcce824370048

SHA256
66bd1a041f1dfebf05902c0900f8cf4bd7108fe18ed62494254b07b7d5128ea5

SHA512
5647c6b6df3685a1a14c0a41e2a78ca6d16e691fde7235aa9e5f4a4ec23725a436c3d12aed4e27493975b0bba68c80ab86672189138161f2f37d0f9ab0edfe47

Download Submit
C:\Users\Admin\AppData\Local\Programs\Git\mingw64\bin\git.exe

Filesize
3.8MB

MD5
379780e7c6430b8aef3673aa22f5e343

SHA1
5da04ede910b4f1632bd201dd98d210dcbc122a1

SHA256
50fedf1a213ab70f3c9d07c33b425fa85649c37f087d258da2ca19ca06975a44

SHA512
b461873bab0ab642e9b1285706f46cb4c3fbb24c038314b2a9c3fb814483a2f8456f4fd78f22f24422c95276e3481c6a4c18d7b39c821ca7e27b9079253832b0

Download Submit
C:\Users\Admin\AppData\Local\Programs\Git\mingw64\bin\is-8QQPA.tmp

Filesize
90KB

MD5
4dfe451f5a938c708cb3aff67568136c

SHA1
8c3664917880673ffce5eb39fd3e4e0373420356

SHA256
8448166d1157c1cf8c48a585da5e4d174f1eae3fbbe7a38157a2af8e80b29621

SHA512
1358a692cb3db1e49b6cd9f89909133735ca3d7a66f50bf32643f0e694fec49f6bcf1e622d29c19ee4a130689a561c519aed1961c0150589906fc55e5cad6fb0

Download Submit
C:\Users\Admin\AppData\Local\Programs\Git\mingw64\bin\is-8R2P0.tmp

Filesize
44KB

MD5
1676954005cfa9b864a6bfcce189f99c

SHA1
17c760c691ea07eeae1c17cdf722b2f5013686f9

SHA256
5ccc7c7f401a676e0c332d3fe181d4ab2bb3a8ecd233a16440a7332cd91c8dc8

SHA512
62c8c65405e19bc7fbb3ef9dc6ed3ca4a900e14d7e99be922804a5d2e0cc6d2bb3612aaf0fbfdf723f126eaf872a638c6615a37203bdb85fb7b8de4ea2051c1a

Download Submit
C:\Users\Admin\AppData\Local\Programs\Git\mingw64\bin\is-B8FTH.tmp

Filesize
2KB

MD5
3edb2e00504ce044aa1bdb71e8a6c32f

SHA1
9804181215d0dbbe5df59981e21437f7ff4eff34

SHA256
a8e368a31766c7862b8d0feeffe274c3bb43b969e3ccb4f9e77d13bfa447a5c9

SHA512
475bbd71a9224e54d5ca69d81c55f95b3f5b5b4fbe169cdc9521ffc040689663bfe21b3075ab41920cf16179ee76b19e76511c827a5b094f57cf644560d3e70c

Download Submit
C:\Users\Admin\AppData\Local\Programs\Git\mingw64\bin\is-CU7NA.tmp

Filesize
69KB

MD5
690898c148f72b5f65b482998edd0ace

SHA1
3ef1356afc65865c7242fd3a83369c7d144cf2ed

SHA256
4dd06837ccca65bb3be00d9f10bf4350143551d22a068e29345acff290a4a6b6

SHA512
ce6952501a70e5192e3f5c39c99cb73bece169c7b79b2018e8b5f1f4ecc6a84deddd0a203e3e0b12c08d87c717520ebdeb5b19373478f09b0dc670a93e4d472c

Download Submit
C:\Users\Admin\AppData\Local\Programs\Git\mingw64\bin\is-V1CQI.tmp

Filesize
10KB

MD5
5bc339c5da9dc783da29ace244b9d874

SHA1
f6ba6bc7b5702a66a781563771c91e19e8846ddd

SHA256
15b4bf50c1f9f19c718fe751fdf9a8f82d8fb9e4d9a53dc494e3b29de138ea84

SHA512
1c286d401845b3f8b43793b40eab41897ae39170effea25c2efb63cb071b51061914843509437f957067c07a2bd430310aa9cee2ef4203fed0dda78517f98bd2

Download Submit
C:\Users\Admin\AppData\Local\Programs\Git\mingw64\bin\scalar.exe

Filesize
13.6MB

MD5
7afcbda97f66625b44e2a7dd6d22c144

SHA1
920079c0ec6dd9bcc8ebf4e913d8c0df102a9aab

SHA256
b5ea3fe2b7f519e78ce8b48de86382d2d20ec9b3f8062d84373fb246ff8a7ab7

SHA512
9c4f2c66358fe603180780328d9b304ce8ecab315a18ae621811dfc71371751f96a124e8b112589f7f5e626897e75329af9f5d71e6f7dd1ba84f8f54a4af537e

Download Submit
C:\Users\Admin\AppData\Local\Programs\Git\mingw64\bin\wish.exe

Filesize
65KB

MD5
6a84a8288071a3b65bb432149a255237

SHA1
b16f7943c7768c108c6008b37e0e0d02f2a5a8dd

SHA256
1d4337ac96b558a3f31ed901b799bd5fd73a5ff0f48746c2c246b4cae23b833d

SHA512
70415ad4b55069d536ebff839f2e734878732bf9afd0f36c084b7764a68245e7e5111def5801191e68ac2ead6a7966bc8bdc816211e2a26febebc72012575ebc

Download Submit
C:\Users\Admin\AppData\Local\Programs\Git\mingw64\etc\ssl\certs\is-OUADA.tmp

Filesize
259KB

MD5
544cad78ac902087121c9f92cab994aa

SHA1
0e63eee2dd56eb1f3be003ad5731c577344274c8

SHA256
80f520fdfae7ed96ecd10250bf164e13a27f8edc403d07db2bd6245a26f33c8f

SHA512
bd7f4e63955458b4e245debfb77850d147d26d2b8fcbb95f092429415213712c163918be48b87a9092b9136245cbdeecbb03f277ea5a8d33d984e6882e8fcbec

Download Submit
C:\Users\Admin\AppData\Local\Programs\Git\mingw64\etc\ssl\is-6003M.tmp

Filesize
218KB

MD5
2d22d09ab7598075386abc377041a93f

SHA1
024e6cdf35e9a3d0080a314ea6005c114b0e2ebe

SHA256
73d34a874eb28b5e7bf2e721a7c1322a6847d5ee4f1044f721c40054db8aa97e

SHA512
9ec1e3510cdb23d39ef19f7c7aecdf3425d20aa27f1767a0b2d452f20dd9304e838b934d05d51097f5b28cb054ed9e2844f3fe0ce6ddb2fdd1d2eec3ef2597ac

Download Submit
C:\Users\Admin\AppData\Local\Programs\Git\mingw64\libexec\git-core\is-O3D51.tmp

Filesize
2.3MB

MD5
89142bce7233f432c6efb81976d72af4

SHA1
2031c7c7d92eee86bf70e9f39849b33e7096a15b

SHA256
f8d19297685de9e1e6b1f5fb2dce19c5c88fdcbdffd8e0b31e5562b798f70d06

SHA512
79f871041e02c7d874b767e98c26917c61ff147aa72451e5c794f47f176536442d5e2a2f794f87d7c2f3dc5d1fd3eff0b36bcac858e1602d60656d9061fe57e2

Download Submit
C:\Users\Admin\AppData\Local\Programs\Git\mingw64\share\licenses\libtasn1\is-2LJEJ.tmp

Filesize
34KB

MD5
d32239bcb673463ab874e80d47fae504

SHA1
8624bcdae55baeef00cd11d5dfcfa60f68710a02

SHA256
8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903

SHA512
7633623b66b5e686bb94dd96a7cdb5a7e5ee00e87004fab416a5610d59c62badaf512a2e26e34e2455b7ed6b76690d2cd47464836d7d85d78b51d50f7e933d5c

Download Submit
C:\Users\Admin\AppData\Local\Programs\Git\mingw64\share\licenses\libtasn1\is-DNT66.tmp

Filesize
25KB

MD5
4fbd65380cdd255951079008b364516c

SHA1
01a6b4bf79aca9b556822601186afab86e8c4fbf

SHA256
dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551

SHA512
1bca76c9f2f559a7851c278650125cd4f44a7ae4a96ceee6a6ba81d34d28fe7d6125c5ee459fef729b6a2a0eba3075c0841c8a156b3a26f66194f77f7d49151c

Download Submit
C:\Users\Admin\AppData\Local\Programs\Git\usr\bin\bash.exe

Filesize
2.2MB

MD5
6a5808e6dd3e4ae18acee85a1eb7cd02

SHA1
e9441175c3f0561137cf885bbb85733917813fa8

SHA256
19af3e33574ff81b86da0679e3e81e7051ab2ece082ee10c1887f7aaf9e06bb0

SHA512
5a22b3a5fa7f3393eb42c94c0d50cf470eccbc9b93dc164baa6872634203e77c5b530f4f8fffbcaa86bd6dda4e42c9bcb4e2e75c98d227bd0b4237087fcb63f1

Download Submit
C:\Users\Admin\AppData\Local\Programs\Git\usr\bin\is-5U9QL.tmp

Filesize
90KB

MD5
8d87dcdd2ac38ce037afd0aba6d80259

SHA1
5313a2fd333a05fa471776bc2df1b159b922ea06

SHA256
ac027e648f7d4bb8172d13a1bc27ac71784d193109aa48e76eff703aeb0f520d

SHA512
981476177942a7afe194407bfc57196d7a42a648975b7ea63e40fc2d6164e4c81416cad9625285185c304d392c9958dc412dd2b303bdd15ab18cb90159524d39

Download Submit
C:\Users\Admin\AppData\Local\Programs\Git\usr\bin\is-AII52.tmp

Filesize
3.3MB

MD5
c45e7ac87f4466f5a74a102060ed4f5e

SHA1
0d89a6cdda8c054359abcf1fccf82dd5404f570b

SHA256
7de2164749d642d865a44fe3993c50763727bdc5b985b4da89f1846f45780632

SHA512
6c775a6f22b3b3d59711674ca2c3c5fc916a9d59b351cc8a3df52b4ab7605a937909d36fc62922b20cd9ef57d564f62b8324081e7b2460bc07da682590680767

Download Submit
C:\Users\Admin\AppData\Local\Programs\Git\usr\bin\is-EHV30.tmp

Filesize
612KB

MD5
850a4dee8799bc92fc454aa7eb75b926

SHA1
611f5640295cda4c03b989ac315c9fda83d735d0

SHA256
6dad72258006dc40a68c8c4b3841387198071cb833e843e01bcfa7fed72a0766

SHA512
6175e7afcdf3824a24f724884f7dc0f8f4250ec20e712d91c7c8c742ee5e8b230131ce6d4c30e024accdde9e04bcf369c984fb91095a540f2168c51329e5c9cd

Download Submit
C:\Users\Admin\AppData\Local\Programs\Git\usr\bin\is-GQ3QI.tmp

Filesize
52KB

MD5
c70255d8f9ab5e83c8ef8bccdac73a8b

SHA1
147c79a90c5aea3ece4891af2a012671d551fc2d

SHA256
e2b5ada1f7434022e8e65a668ff831b564372f5c762a07c84c0ca23fd8dc4998

SHA512
2360820ce780085d5adf3fdbb48d575076d8fae78cb205d6d6f70f962ea9ba8e0219984d89ae7bd932135d42088e6702b4b96d2973e127f5214781ff17f99a0d

Download Submit
C:\Users\Admin\AppData\Local\Programs\Git\usr\bin\is-IM31G.tmp

Filesize
1KB

MD5
e243255b6cf3b9403df53cb9cd6176e1

SHA1
c90132a93c5cb1196e6cb10be1d6171c8f1b1472

SHA256
0e7ca63849eebc9ea476ea1fefab05e60b0ac8066f73c7d58e8ff607c941f212

SHA512
89262742db7bc927e72d55d7ff8ef57468ce9c518d9a284023c05f39373840db5697a314e6fa26c7c1fc920837c9b925759bc905b576359ffe975523eb8e65ab

Download Submit
C:\Users\Admin\AppData\Local\Programs\Git\usr\bin\is-T4LH0.tmp

Filesize
2KB

MD5
e786fc0d18a8c8679897afec7dc20f81

SHA1
b53283980b78efb04ba9f0b0ff38d055bd3d751c

SHA256
1c1f96193cdf14b85ea65f140a7557a07ece8783a53ec5ba6b5c30644a9d3012

SHA512
c5421c591c25a0e7858e20d3211293898ec9eb77a766ece887b173dd1b5dc5ba331942006ee546fa98430a3f73e00ccff7b8332065988d86a7145f4ecd24065e

Download Submit
C:\Users\Admin\AppData\Local\Programs\Git\usr\lib\terminfo\73\is-SL04E.tmp

Filesize
1KB

MD5
d61e0247845f1340f61c2b20ca9577d1

SHA1
712d0420d53174d9df9e4f032f3c63a78bbe7472

SHA256
4ae4f1c39f9d159347192ef24f021459e30ca7d45f22e47b9bf850842b69c566

SHA512
928aff88cfe4d713cac70f947af59e1e8ec015dbd0aa0d3a321ccc6b16d56f3ab7f94ce01445e82591b43a98f160e8a954c6a29f61f6b31249b53a901ec554a5

Download Submit
C:\Users\Admin\AppData\Local\Programs\Git\usr\share\gnupg\is-AF7LP.tmp

Filesize
9KB

MD5
14a267cde4ab3ba9bf15d6bac9eddff5

SHA1
6acaa6d2d24416aa079ee3d87ac87ddb1d6744a6

SHA256
05cdf5a33891882a1b96e007c0ac8dc9f99592f3667f79d83904a38e38e8bbe2

SHA512
4a41044d63b7d1eded892b3f0bd1c60b6b2c6cf2c4fdee273149b9790c21e08dd829b5ff8be8731b029cc6a4cf4d15a4d531cff4033d5fdc545a10d6233df11e

Download Submit
C:\Users\Admin\AppData\Local\Programs\Git\usr\share\terminfo\73\is-EFDLH.tmp

Filesize
3KB

MD5
0d0d447c0fc79f2c14d951a1f3048756

SHA1
e4ea0db89d8916dbaec00b2cf6eaed93fd8cdb5c

SHA256
39405b64b02046063ce0cd0f90c7fbe1f8dca3ca4f9507cacb06586174bcd520

SHA512
04697618b7c0c7431f5de65d156666410198df385aea07180845f9f786b5638a571aa72567054a4c1d05330aa9b08c1bcd454776d86628cb6c91770717f23e26

Download Submit
C:\Users\Admin\AppData\Local\Programs\Git\usr\share\terminfo\73\is-RAA93.tmp

Filesize
1KB

MD5
beb90a8a51c147c861736467cb681b60

SHA1
40106a041df0f978906a6da09bd0651edb411c1e

SHA256
f0f79f15f1e6399f89c588fab95672ac30b8e302909af932419b8f9a51a310a0

SHA512
2799982653ac5c9795d051fddc16369833331090274962105abcded3f069fd0bedf57e4a7350991623ce5982332adedae5687375f88c6149c661667f4d3d269f

Download Submit
C:\Users\Admin\AppData\Local\Programs\Git\usr\share\terminfo\78\is-ET73E.tmp

Filesize
1KB

MD5
421e93882325345ede2d9125c03a0a3b

SHA1
71d9182c41ac9561d028f29e992177664f904c13

SHA256
e17163cd3ae3d993aa459d0d5c1e321f64a50733e8889f6143ad140a200f64a7

SHA512
710daa2b3293a2cb56f9c5e7007239c07189ad4e6b3dfd65e67154a26de1f644bdfaebe66a3e423b6ccce739d1babfab343806542457aa5debce1b0dff0f7046

Download Submit
C:\Users\Admin\AppData\Local\Programs\Git\usr\share\vim\vim91\ftplugin\is-VRGE3.tmp

Filesize
383B

MD5
4c05fe363a567f6f07c9f51b7db47b7f

SHA1
3770811af2b5f6a59f176ca38f089712f7d93411

SHA256
7e324306b8898c97f934dc4e7a74ad8c4f8a2d8638ac9307aaf378868a3de469

SHA512
bcffe4b93ff033bcdfaca9c96450b216a3ff61c96a3b9043cc9800f8e31dfb485ccb0890d0b10f1ebd8bb59a6326c46cebb9cc988e95bf601d737bc1d2d2b284

Download Submit
C:\Users\Admin\AppData\Local\Programs\Git\usr\share\vim\vim91\lang\is-UUFIE.tmp

Filesize
89B

MD5
22f0b13b13fada6da47bd9ba2dd46bc9

SHA1
b37d79ab8a5d12dc280089ebddc50640324cf32e

SHA256
d0e02926e0de40f38d7e65c92bcfc26028614c4529a794dbfed8e5f75f001095

SHA512
d17925a64fb80409368a59c0c6b4a7c3f244c6db5b3bb2dde5927af8b4359fb6fd27f8e2be58e11f061353b15ddc80f59fa3186ac3aa62a2f3493cba28b8f133

Download Submit
C:\Users\Admin\AppData\Local\Programs\Git\usr\share\vim\vim91\lang\ja\LC_MESSAGES\is-7J16J.tmp

Filesize
316KB

MD5
833cdce09b5da0f0355f73a1c20eabc3

SHA1
0c1f04eb1a7a06aa4aedb06b4da589c775e2fc56

SHA256
8a329722aa3f78770e6fb1e1d398049f1e255f7b57e683161e4e5c8cfa3f0601

SHA512
c6af86a63dc7783bf62a1a582951e97f69e35488937ed30166cbf377b25871bbdfe3d6fa5ee1f67f44d9ccb94b7cc9a3cbf20d6bd1110bd1e9c42ffca655af3d

Download Submit
C:\Users\Admin\AppData\Local\Programs\Git\usr\share\vim\vim91\lang\pl\LC_MESSAGES\is-U18TR.tmp

Filesize
161KB

MD5
99361b27633e2e520515f78b89eea343

SHA1
714bc5416a31a13bf85dc2ebefee861b0869a657

SHA256
6e840422fe85131250becffbd5e9dc3be30dc826bc8bc85f9462d9df6f000a05

SHA512
1a3b0bdfd0b7ee17243606428a1da82904cc4f4d75f19ee997e6968a99d62e8f5c9c1521a1c4050a55414d5c4df0551eca948fb1cdf6fa548b82c5b65e4856e5

Download Submit
C:\Users\Admin\AppData\Local\Programs\Git\usr\share\vim\vim91\lang\uk\LC_MESSAGES\is-DQN7S.tmp

Filesize
352KB

MD5
a5dd099a1d4034dbf500da8428e86201

SHA1
ad0cda6deb3d6ed2a3f956d705d992ae7d590fe3

SHA256
06092b191baf9b716586704e7da8cb228a7bdd9bffb2ea8a042bad13a39ddb26

SHA512
77d948455c9023a36ff2758563711ad53b8fcc65c13343125f9fa8f6476b7c464e42c785cfe8ee10fd83ef98ac43a24cc9f07c8da97b040137cc8804a4077119

Download Submit
C:\Users\Admin\AppData\Local\Programs\Git\usr\share\vim\vim91\lang\zh_CN\LC_MESSAGES\is-P86CA.tmp

Filesize
227KB

MD5
1c3c73da82ab1f835982bcc4cce75a89

SHA1
fe8f4073d9b384f91eb3457f60d6ed6bf1364155

SHA256
6a916bd5118bc85e17d9d9439f5ba58cecac85c82fed19e53ea5763bdf1cbe22

SHA512
be73c9277b0fc2245ac2ee94e125252d841b42211448f0d61304c4a9a43871d028d346c5639b1cf40cf438972df3a43da08c2ddef43ef8da44924eb4ab11b669

Download Submit
C:\Users\Admin\AppData\Local\Programs\Git\usr\share\vim\vim91\lang\zh_TW\LC_MESSAGES\is-TVC63.tmp

Filesize
105KB

MD5
e498915038eeb85d47e393838021674a

SHA1
67fff2e8b0184e9871108088e908400a0d896d3d

SHA256
8023b8cd02e1798f3aaf0ef067fd752756895cad6d192a6108aeff1797635537

SHA512
b37a5868d97523ac2e92840374825fb4d9701dbab9c0b6140af3c7429495178ebdd7ccc613b672b3e12c717079ae7c2e4a564975d9c6fd5307e65a350aeccaae

Download Submit
C:\Users\Admin\AppData\Local\Programs\Git\usr\ssl\is-7LNUI.tmp

Filesize
412B

MD5
5b561a90362b8eb9127c792c3f5902e0

SHA1
a2587c4e97408b64274e5e052b74e3754892c13a

SHA256
f1c1803d13d1d0b755b13b23c28bd4e20e07baf9f2b744c9337ba5866aa0ec3b

SHA512
ce307f87b90e0a0d09335577283ab4509802b43d14725d76c65139f6625f7e4fe636f41c9c398ccc9a2c70b229a34fd796b8ae0e9f5f3720e43f727a60232167

Download Submit
C:\Users\Admin\AppData\Local\Programs\Git\usr\ssl\misc\is-60ODE.tmp

Filesize
6KB

MD5
e02fb89e1ba600cbb4ea2f5840bce0eb

SHA1
d5aabc6235d87f3b7f083f20c022e2d2103cb315

SHA256
63930c8d3f5d516e809e40015bfec6380f7a2df8252103d668cb665658430a45

SHA512
5a4574cb1d98a61230601fa444b3b0174c6fc23a0ff03a9c3f682b326ea714eba266aa385fe34d2d3ccc04e376b69673cdd3b46420e782a4cec9797a902029f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\JavaLauncher.log

Filesize
5KB

MD5
ec3cb213b6d4fb181968bb9254aa9306

SHA1
6bc4db1fe4f122d490dcb5620c61f3906635628d

SHA256
96b072fe7c378ca6a0a615790681f355810a6487f32210dcc376baad7700e48f

SHA512
d6abc69011138f9b977c9f059de2373a66ca79388218336985f36e8fc899d83b8d5a5b878af148122622ec9998df69c683a75a6afc7165070803a1d558ba1fe7

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI57F3.tmp

Filesize
947KB

MD5
29a1955c398e5ae790a1172665f1656b

SHA1
d34dbc09c4ec41a8fe4c1f5177b82b6dd0bae0a1

SHA256
844eab894777c13bcf8bb1efd25cd9d1076b106059fbca4ceb8f88803749cc0f

SHA512
54cd18caff25a4765066820da256a213e1000c0e9d371021f5e894592927d5224b025d8109d82eccda4cbdba56d379d00678b825dbfd0e399cec963bb3fd3dad

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIB8DD.tmp

Filesize
104KB

MD5
f54bffe4d54c0b794c5389bd2c7baac2

SHA1
c472c6a4bd6510b02244d53819ef07882bc101e0

SHA256
3c06f5beca24d0edaeb63bdd5e671386ffc66807e323ba6bcb893260eb52d433

SHA512
a722d4770d605d489c14fde532cacd031b11467041c5ff304c4c63a95efc21896996cc6eeef45bc462f7c72361763885f763ed732b75436e4bd191eeed829441

Download Submit
C:\Users\Admin\AppData\Local\Temp\ghidra6362513466699852551.cache

Filesize
32KB

MD5
cabb5751c7ef8c5a236b45596629e596

SHA1
e7bcf13135f48bb45f254afd57fc0acad41a83c5

SHA256
cc9c9af2696f85059aa0917e35634ca3353a6070c6429e0498f7f686570193a5

SHA512
e92cddb4f59d0b161ee3ab9cbfe6ceebff0356a513ebb27b77e448d493726cbe468abc017458512646aee1218a8f28f527427ea365068f393e6c3d8934315953

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-AL0S9.tmp\post-install.log

Filesize
267B

MD5
6614300e9d2da66cfb9b26d1bb237de5

SHA1
198e86c14939ffa3abc70983d7d6fb8d7f996f92

SHA256
d1076e8ae2603afa456b17bad9857743d9bc724ebd467aab0cf84cd88b717321

SHA512
1566d4db026f39a939c3f5d8ca00a78ffb75ea26fd6fd79c55604c02290d73263711b1d43b232844846a0d29040bb83cab6cf9ac36c5830a5fc5b85f58c95038

Download Submit
C:\Users\Admin\AppData\Local\Temp\jna-63116079\jna9619317927411015064.dll

Filesize
241KB

MD5
e02979ecd43bcc9061eb2b494ab5af50

SHA1
3122ac0e751660f646c73b10c4f79685aa65c545

SHA256
a66959bec2ef5af730198db9f3b3f7cab0d4ae70ce01bec02bf1d738e6d1ee7a

SHA512
1e6f7dcb6a557c9b896412a48dd017c16f7a52fa2b9ab513593c9ecd118e86083979821ca7a3e2f098ee349200c823c759cec6599740dd391cb5f354dc29b372

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log

Filesize
155KB

MD5
12658fe9d26a3d0f66d13f5eeb15a701

SHA1
5da0aabbeb89b119b8e330a801befc204b32ccb6

SHA256
186b8aa841aeffdd0fd9090fd8e1687b23eaa521adef8879871e085514cb9ebb

SHA512
57951614afa208715892af960b15a0719c2ff6aa6f4e985cab54b3ec804aed7e1d043489685589cdcd00dc99bdc324d5a94b58c104fc06def3959a19af3f9af2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
8KB

MD5
f4d702e213a6ffc82374b818af559be2

SHA1
eef748ede1b9fd116cf0f556b9d589ae559deb46

SHA256
4c6b84b3a6ca44bb5ef4bb35ee7f5e4fb93259cd5d3cdebe22bf2aa6988cf7ef

SHA512
fc6eaf9512fc194707e41dde7002fae1916d4e0837f8bd3a3926de13cad188b997151a5d6d07666a95f87be7217117b7b4a6cff769b86a986f5aca43042a8818

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
10KB

MD5
f83035a22875e99cf9bb0c22de07bf4d

SHA1
b0b4208c15d96161ab611afd5a801e079e44d6a5

SHA256
3085b8b54e5930811be9b63fd6ac0e665f74796400dcd429ba0e13efab9d4bd0

SHA512
a4383f102474ce299b827ccf4317a500715eb70db866d6a594f35dd7c97ff1f72be0d05b04ab20e1d65c8530dc0edb8ccddef6954a4654557d4773e1f885329b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
10KB

MD5
b0b10ba4a0dd3ef205d55ccbb2a09dfd

SHA1
5470917e34a2a64a4e9f25cfbed2bdd6c3db6389

SHA256
485222c77408a75c4407a249f886d2501d27b8cbef0cd8d82d37984c1d638742

SHA512
3484b89f90dcb9fa73653aa000f7580f817629af727d08570726204dd6789deb407193ebe82f0afaeb837248d3e5aad405b8322045ce9abbd00ff79c74c433e8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
10KB

MD5
0bfa601132b742a680d572791ab5ed57

SHA1
ca097dd6497b7a153d7fd4dd077b6ae9ffbf86bc

SHA256
2696fa3ab38a34726d673b5b8695c33f18c32b1e0e4aea989d71a0e4a5a2e06a

SHA512
3d1e813b5ba6b62d51bfaadd8896883df30111810efe4646129313092dd601843cbc4f06c01a0a43c289deb2e384caea65f68cb05cd9959486aeb04b12970c00

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
10KB

MD5
8eb720e40658164ae732574e51a24ff5

SHA1
65023827ea4d0fbbb1931efaa47e8ac2253f411d

SHA256
d51c342f4da8696dc1e7b039e05f7cb260f99d30e2fe92bc89373148648dd0ff

SHA512
48056a99831f3750b2f89bbcb0e3a1b6e5b1f230f170c0e0e4b9ac10a8ae80e57c135588e72a3b27b21b356f97ed438d3bbd7100e973a84dc4f74108c34dcf53

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
10KB

MD5
98bb826afaced13844f4fef5e0f64a6f

SHA1
60638a8a21b7cb789de670b3a00b51a6fab9d836

SHA256
cfcafa349080875dba2a8dc807e3d45fd8aaa5863ea5822f69083889680d4364

SHA512
d792832c5441fb51a459ca23c4217d9da7d65af43ca3821f0c68c3c31a53308b6d84bd6ea39b8869c332f7b760343082134672d2843e7e6351be1cfb2761a720

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
10KB

MD5
e6a01e01b36249fafa7c8802a6c8df5f

SHA1
0da4bd013862839e9486ffbee6752eaacc0e8b82

SHA256
4810440d75d5abc275331ee37cbe71125cb18685f64e0d37a318d7ef9a8dfe18

SHA512
2fac7d925d4f634b8eb1b5bf4f6d12b4d59234c7a38e0989cc3ff8305add53adb4be7ba07e47cb834ac987fd171f12ad6393f72cc73ed8d859eed1862d378e14

Download Submit
C:\Users\Admin\Downloads\exeinfope.zip.crdownload

Filesize
2.0MB

MD5
5347fe141af4e89a126cdb87f8c7b1b9

SHA1
87c982b8e4dcaa77986b1d0a9f80c55ac893b3d0

SHA256
0898dfaa66b19285cfb019f76fa31f1401d0c253376c52fa68f2fa74a74c27f2

SHA512
b89b4e79d03d60238f30f4142d48090c08409fc5ef3c03f723071fb2bb1c92a605acfb508238e59d274ad5ff48fb2ef1f9e76b797ab4ec706b9bcb9c8f16622e

Download Submit
C:\Users\Admin\Downloads\velocitysniper.exe

Filesize
18.6MB

MD5
41c4c52511f0115774ad2d728477a3be

SHA1
4ca3ef696009e87144a1dd4bddf8e5364f6e3a7f

SHA256
b68ddd68738856ef5d529b64479f61f654515ce3d6fd60c058ddbb8f14cd5456

SHA512
a1faab0efc9c0e802c82aecd5525af6aa70e12cf9589798a646127bcf64b10b75bdf8a94c10ebc15e076fabfe313c1916586f83242e96b82fb35dcb3e501953b

Download Submit
C:\Users\Admin\Gyat.rep\idata\00\~00000000.db\db.1.gbf

Filesize
29.8MB

MD5
54d60c19063a6b0d2bdf8844a9b1610d

SHA1
936660f2b72cabe3b3596e8020d73e92a2bb2551

SHA256
bd298a32253759149cc2def2e843f366a6c89800e06cf9f9040aa150fdf6a5cb

SHA512
bcc817e467c6ba0b228df3a4c5fd5c3d3c73b2ce313617ea3c74bd617e0aff0174d0538b3dcd98a7744661022af9ab1086b23711c00b97d8bf9cfcbeb8b34d41

Download Submit
C:\Users\Admin\Gyat.rep\versioned\~index.tmp

Filesize
63B

MD5
f206172c9a776fc9834abe664d766f07

SHA1
5e7e4ea51688af1a7ec45b8778aa226a2167af32

SHA256
afed071b228a87fbbb18d8bf39667792d6912c1d1ad2ea2f4f41dac320db8b2f

SHA512
a34af2fe1b4ab7919a655c1c56fcf973774de478791d1a2c3a26712828a8a7d6e9df0a906f24ca07e425395c94b5041f52ca7641278e85915efe43cd3330476c

Download Submit
C:\Users\Admin\MegaDumper\.git\HEAD

Filesize
23B

MD5
4cf2d64e44205fe628ddd534e1151b58

SHA1
acbaef275e46a7f14c1ef456fff2c8bbe8c84724

SHA256
f6f2b945f6c411b02ba3da9c7ace88dcf71b6af65ba2e0d89aa82900042b5a10

SHA512
76b199f1bffdc6d21547895431b0f85f3857df400225cbd1ae55e7ded09786a8a44e1cb21f1feff4951cf57c893043a0be696dcb0e4f5758a4d6081a833eb6cf

Download Submit
C:\Users\Admin\MegaDumper\.git\config

Filesize
36B

MD5
8c534af220c6e2de8dc8662364427eac

SHA1
5ff0531d73ce971ddc5fde6e80700639f99574ce

SHA256
3fcc3a7ff5b8273d86f9cff108bb48a7449601f70a4a4d0e19d89411aa812f85

SHA512
8d8eeaa84f075696d9309e49fa47f0bcd172708721e8e8420d99286ff39ab39bdc5272bd9fa5f5aca1199552bdba4e106c6424883d52884a6764dd7dad52bde9

Download Submit
C:\Users\Admin\MegaDumper\.git\config

Filesize
54B

MD5
606b0d057ba0a8f2520de6bc5cb872ae

SHA1
7ffbc6a70b16bf64c1608d75f425a67184bdf58f

SHA256
e13b754e006cac590da9e5f26abc95035816347304bb0bef62d7c4c53d41b708

SHA512
9e2347a4863322b637754bce498c4a7ee00c695492920b7f3240fd51f9a3cc3f6fa6973a4a9ea625c99ff79d2b8928b0f761468d8fa54d1ded6b51414787cf14

Download Submit
C:\Users\Admin\MegaDumper\.git\config

Filesize
130B

MD5
5f649127850970bc9531aaacb07cccb7

SHA1
6d649de4c56af5b33416b9e1b3d386f0fa59de5d

SHA256
e9c98ee8fe00b4fef801e441e295de959c08d523c381d73d35fd1a363982d126

SHA512
3fe641364a20d7efc14acf1e606480a1b371f06103af0d9a5463ee212db4b07b9642a61a9e28eaa5405484018147811e555c1003d0877d34fd5f50f3c2dafe21

Download Submit
C:\Users\Admin\MegaDumper\.git\config

Filesize
203B

MD5
1b7427b070905993fbe0aeac79aef872

SHA1
59b769ee7eee1fe1af59e43f0aedd778aaef565f

SHA256
7e940fbe7c4f2705f5a14b5d1cac0e4eac4c9accac7bc63f83c410216d4bad41

SHA512
50d3a4a76a24993781a09a83252430e524d5163492812d67e55d32306db99968a91b91195a1dbb213c00eb39557549945b3a1fbd7372696f2d7077b34eb41c69

Download Submit
C:\Users\Admin\MegaDumper\.git\config

Filesize
68B

MD5
3386bdccce841938d882cfd7a155cd30

SHA1
4ee7a0efd17896672c57798c9d5f59f9cd2cf2ba

SHA256
2779793109b88db4ddc1f399586cd37fb6d238ac89b83cb1a9e95d42241c68a2

SHA512
2583970eef19a2dadc635502185d80203187c2dfeda82b84d8407f6e5a81ed2edca5121087ee72d94fae08aef4d14a71a765bdb007a257feaf13e01007948bcd

Download Submit
C:\Users\Admin\MegaDumper\.git\config

Filesize
93B

MD5
e4f821133b798a11df61c827e289815e

SHA1
0cef25acc2a94c540e22062dd871597dcfd70da5

SHA256
9dbbdbab1e106f5322578649b8582428f176266c5233a549a0b2da9213253741

SHA512
b844622db54e59e1fea13d3ce08cae7c0329ce44eed3d7772fef5cab90c2dbd5bfc33642afd2e553c25624f2da49a50a14327e2fc715e2fe5549cd39948dfc64

Download Submit
C:\Users\Admin\MegaDumper\.git\config

Filesize
203B

MD5
b432cc153b5e6db24651047aa66825f2

SHA1
2f481bdcf3ef49a3a57778f86895a2dd55dfa3f8

SHA256
cb4a5d1964187a49da8fd2fe00deca68dfb8729f5e6af692106841e285b356bc

SHA512
3da484679f5811e2426de0083637e481874cc86c7184ca314645ba038496122c80470739f2f19b0661662d5a94ba78dba96f5fb8b30de9d2b454746e24916a5c

Download Submit
C:\Users\Admin\MegaDumper\.git\config

Filesize
130B

MD5
920a11de313bfb8d93d81f4a3a5b71b6

SHA1
80de82dfd57795eed1fcbc83b7a9a318eb9e3b20

SHA256
05becdb83bb897f6103c8d91439e2e9092144edf5b3955a746fce4975c12bfdc

SHA512
781356042a25bc6a701a201280513b5eea174d8f5425831e09847467e012610b2ed5f2598e33a02406b816b7d2c0b137fa0766f58a59e9d08a0849ec8f7fe7d6

Download Submit
C:\Users\Admin\MegaDumper\.git\config

Filesize
111B

MD5
f3eeff3fabaf2bf6afd509406aafbae8

SHA1
a9637c217a90dab2be93ab8bd0e332683b243d04

SHA256
ff399a979951677457048a4112441f7262fbe8b69eb344592ff160259c44dd62

SHA512
0b819eae0cc382da3110434c43c097a5d148938865ece160d3da660a5d00c4e26efb98b08b6385d8194cf1fa74e04f432ff231d65e3116a0d75cd0df519b9450

Download Submit
C:\Users\Admin\MegaDumper\.git\config

Filesize
283B

MD5
ab95297d82020f56d5ca2bcbf4dd7db3

SHA1
8b8519e648d272f86f0cb85361ddd8d8e4a03494

SHA256
2c6ba54eee9faaac722d91959ed613c907f53b703bcd999c63bcc0ac5babe710

SHA512
9377dcea7ebecbe46d81110be680b708f897322cc61df74e32b799dbd9ed4cddc072395155a127d7b5c0ef2cf2b2779ba8e42345d06dce47b6a13d3b358ff1b7

Download Submit
C:\Users\Admin\MegaDumper\.git\objects\pack\tmp_pack_6i1eGR

Filesize
132KB

MD5
f74a40a2452c283647bc322bf8e84733

SHA1
090fa8363ea8c23dbe670376015fc8d3ab04a020

SHA256
8fa8d1b74dca2bbdd8fb98428b3cf2596d496231196f0df6c6ce26b4fbcb95bd

SHA512
491cd2347b07a64e386572c6a598201895fe6c1c42f381f6b690cdde3faf7b1e74eeb0554b4039d9883e1564cd4b809716d1cf1b29e85733772e5ec22c722a94

Download Submit
C:\Users\Admin\MegaDumper\.git\packed-refs

Filesize
186B

MD5
c8016551091bbb79e54fad5d24f1eec8

SHA1
811809434ff93fd2dbe16e2c3d10ada3bf963bb4

SHA256
2fb7ea0eca5e0c240d545e96b802c5a919190e653de3c5afe61147d65c1a234e

SHA512
0f47d119c5bc66e87ca41bcac708e802645d8c2517b7df47f58036983bc2d9870345fcbfc16a3167b26d970a7d8f5fab2b2b5017a09ebb0ab15cf638e2c20d88

Download Submit
C:\Users\Admin\MegaDumper\MegaDumper\FrmModules.resx

Filesize
5KB

MD5
0cacfaf76fac82eb6f76876fc148be36

SHA1
326c4318aff4d4b5148b5642cc0e5d9b91e1bd1e

SHA256
a6114f2ce7ae0d615292ef342989830fe05df67852e3bd1e4394aab0539e3e3a

SHA512
230b912f23d03d971701878ae536f4dc698f608c85d7a5a1772bfa372d7430ec439e7e831f98883d5f226a446bf039aaf0d367da7baf0d9fd10d0742fb163b2d

Download Submit
C:\Windows\Installer\MSI7DD5.tmp

Filesize
202KB

MD5
ba84dd4e0c1408828ccc1de09f585eda

SHA1
e8e10065d479f8f591b9885ea8487bc673301298

SHA256
3cff4ac91288a0ff0c13278e73b282a64e83d089c5a61a45d483194ab336b852

SHA512
7a38418f6ee8dbc66fab2cd5ad8e033e761912efc465daa484858d451da4b8576079fe90fd3b6640410edc8b3cac31c57719898134f246f4000d60a252d88290

Download Submit
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

Filesize
26.0MB

MD5
3cbac836b5a5e0cbbd007dd2f282bc3d

SHA1
9f43da46f72df3c26cad999751650d749f0de066

SHA256
89563f27a14ca58869173d40d13a59e7c53c5346bdd3dc3fafe491786dbd0fd4

SHA512
72c5b0944df610c748eb1c3a39346a5351b6b34edc721986987e05c780624cad3bb7870c990b73d840e75974204a00cb5a30e6585dab76e68be88b53ec48ca8f

Download Submit
\??\Volume{38fc7460-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{4e5e4873-04f3-4707-a227-e6b7398d3af0}_OnDiskSnapshotProp

Filesize
5KB

MD5
1766c94c6aa5ddb0ac3b4f8a8f3dd0a9

SHA1
65a84bd498a11752da62567e6367d2a6c17a9157

SHA256
33337191e9dd9ee7ca60ced2e5deccc84753178230ea896629a2932671b7d4e5

SHA512
f5fea0c1ac131c7ff9f333040fad232cfaade513432d874eb7ff1f7f2bafb259fbba4c550bf9d5d0300871640dde5d974c1c6e62c62956e4d390bd34a21763fd

Download Submit
memory/1028-13681-0x00007FFB3C360000-0x00007FFB3C394000-memory.dmp

Filesize
208KB

Download
memory/1028-13683-0x00007FFB393F0000-0x00007FFB3A4A0000-memory.dmp

Filesize
16.7MB

Download
memory/1028-13680-0x00007FF767ED0000-0x00007FF767FC8000-memory.dmp

Filesize
992KB

Download
memory/1028-13682-0x00007FFB3C0A0000-0x00007FFB3C356000-memory.dmp

Filesize
2.7MB

Download
memory/1436-14268-0x0000028A157E0000-0x0000028A157E1000-memory.dmp

Filesize
4KB

Download
memory/1760-14235-0x000001CBE70D0000-0x000001CBE70D1000-memory.dmp

Filesize
4KB

Download
memory/1980-14270-0x00000292B5A00000-0x00000292B5A01000-memory.dmp

Filesize
4KB

Download
memory/3452-14281-0x000001E917BB0000-0x000001E917BB1000-memory.dmp

Filesize
4KB

Download
memory/3452-14343-0x000001E917BB0000-0x000001E917BB1000-memory.dmp

Filesize
4KB

Download
memory/3452-14286-0x000001E917BB0000-0x000001E917BB1000-memory.dmp

Filesize
4KB

Download
memory/3452-14330-0x000001E917BB0000-0x000001E917BB1000-memory.dmp

Filesize
4KB

Download
memory/3452-14328-0x000001E917BB0000-0x000001E917BB1000-memory.dmp

Filesize
4KB

Download
memory/3452-14319-0x000001E917BB0000-0x000001E917BB1000-memory.dmp

Filesize
4KB

Download
memory/3452-14324-0x000001E917BB0000-0x000001E917BB1000-memory.dmp

Filesize
4KB

Download
memory/3452-14320-0x000001E917BB0000-0x000001E917BB1000-memory.dmp

Filesize
4KB

Download
memory/3452-14307-0x000001E917BB0000-0x000001E917BB1000-memory.dmp

Filesize
4KB

Download
memory/3452-14288-0x000001E917BB0000-0x000001E917BB1000-memory.dmp

Filesize
4KB

Download
memory/4768-14257-0x000001FDDE0A0000-0x000001FDDE0A1000-memory.dmp

Filesize
4KB

Download