3e2c3fe1ab15b9da1fc1226bdf53bba5c4378daeb4325bbe6110f27a73209aea

Analysis

max time kernel
1800s
max time network
1802s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 12:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

videoplayback.m4a
Size

3.9MB
MD5

639dbd18e363ddec6ff694dc7b429830
SHA1

7e2c882538532a7dbea6fdd15a6f90c728dbb093
SHA256

3e2c3fe1ab15b9da1fc1226bdf53bba5c4378daeb4325bbe6110f27a73209aea
SHA512

ad616bca03bd201d4f12d160a9a685e15a624e0f32d49c12c24f93e9f3c54f31e89ba8822d5fe0e549ce88cd4e0be8bd54dc8249bde82f7623ba1de272507a00
SSDEEP

98304:joiEPPVGvhdEl5mFUDkQWSDJ0iYQ+3bHELd3KUq2MEwJ1:joiE7rnwQWSrX+edaZh71

Score

8^/10

persistence

Malware Config

Signatures

Downloads MZ/PE file

Modifies system executable filetype association 2 TTPs 6 IoCs

persistence

Modify Registry

T1112

Change Default File Association

T1546.001

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\Debug with x64dbg\Command	x96dbg.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell	x96dbg.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\Debug with x64dbg	x96dbg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\Debug with x64dbg\Command\ = "\"C:\\Users\\Admin\\Desktop\\release\\x96dbg.exe\" \"%1\""	x96dbg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\Debug with x64dbg\Icon = "\"C:\\Users\\Admin\\Desktop\\release\\x96dbg.exe\",0"	x96dbg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\Debug with x64dbg\ = "Debug with x64dbg"	x96dbg.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\I:	unregmp2.exe
File opened (read-only)	\??\L:	unregmp2.exe
File opened (read-only)	\??\R:	unregmp2.exe
File opened (read-only)	\??\M:	unregmp2.exe
File opened (read-only)	\??\S:	unregmp2.exe
File opened (read-only)	\??\V:	unregmp2.exe
File opened (read-only)	\??\Y:	unregmp2.exe
File opened (read-only)	\??\G:	unregmp2.exe
File opened (read-only)	\??\H:	unregmp2.exe
File opened (read-only)	\??\J:	unregmp2.exe
File opened (read-only)	\??\N:	unregmp2.exe
File opened (read-only)	\??\O:	unregmp2.exe
File opened (read-only)	\??\T:	unregmp2.exe
File opened (read-only)	\??\W:	unregmp2.exe
File opened (read-only)	\??\X:	unregmp2.exe
File opened (read-only)	\??\A:	unregmp2.exe
File opened (read-only)	\??\B:	unregmp2.exe
File opened (read-only)	\??\E:	unregmp2.exe
File opened (read-only)	\??\K:	unregmp2.exe
File opened (read-only)	\??\P:	unregmp2.exe
File opened (read-only)	\??\Q:	unregmp2.exe
File opened (read-only)	\??\U:	unregmp2.exe
File opened (read-only)	\??\Z:	unregmp2.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
36	discord.com
37	discord.com
38	discord.com
533	discord.com
541	discord.com

Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs

pid	Process
4384	ULoader.exe
1848	ULoader.exe
912	ULoader.exe

Suspicious use of SetThreadContext 15 IoCs

description	pid	Process	procid_target
PID 4440 set thread context of 2728	4440	x64dbg.exe	162
PID 4440 set thread context of 1836	4440	x64dbg.exe	164
PID 2476 set thread context of 1524	2476	x64dbg.exe	169
PID 2476 set thread context of 5016	2476	x64dbg.exe	171
PID 3068 set thread context of 4408	3068	x64dbg.exe	178
PID 3248 set thread context of 2188	3248	x64dbg.exe	186
PID 3248 set thread context of 2188	3248	x64dbg.exe	186
PID 3248 set thread context of 2188	3248	x64dbg.exe	186
PID 3248 set thread context of 2188	3248	x64dbg.exe	186
PID 3248 set thread context of 2188	3248	x64dbg.exe	186
PID 3248 set thread context of 2188	3248	x64dbg.exe	186
PID 3248 set thread context of 2188	3248	x64dbg.exe	186
PID 3248 set thread context of 2188	3248	x64dbg.exe	186
PID 3248 set thread context of 2188	3248	x64dbg.exe	186
PID 3248 set thread context of 2188	3248	x64dbg.exe	186

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133598186448666224"	chrome.exe

Modifies registry class 24 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.dd32\DefaultIcon\ = "C:\\Users\\Admin\\Desktop\\release\\x32\\x32dbg.exe"	x96dbg.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\Debug with x64dbg\Command	x96dbg.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\Debug with x64dbg	x96dbg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\Debug with x64dbg\Icon = "\"C:\\Users\\Admin\\Desktop\\release\\x96dbg.exe\",0"	x96dbg.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\dllfile\shell\Debug with x64dbg	x96dbg.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.dd64\DefaultIcon	x96dbg.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2804150937-2146708401-419095071-1000\{F4B0AEFD-E4E4-4D9B-BCDE-AE55DE3FD002}	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell	x96dbg.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\dllfile\shell	x96dbg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.dd32\ = "x64dbg_db"	x96dbg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\Debug with x64dbg\ = "Debug with x64dbg"	x96dbg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\dllfile\shell\Debug with x64dbg\Command\ = "\"C:\\Users\\Admin\\Desktop\\release\\x96dbg.exe\" \"%1\""	x96dbg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\dllfile\shell\Debug with x64dbg\Icon = "\"C:\\Users\\Admin\\Desktop\\release\\x96dbg.exe\",0"	x96dbg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.dd64\ = "x64dbg_db"	x96dbg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.dd64\DefaultIcon\ = "C:\\Users\\Admin\\Desktop\\release\\x64\\x64dbg.exe"	x96dbg.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.dd64	x96dbg.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.dd32\DefaultIcon	x96dbg.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile	x96dbg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\Debug with x64dbg\Command\ = "\"C:\\Users\\Admin\\Desktop\\release\\x96dbg.exe\" \"%1\""	x96dbg.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\dllfile\shell\Debug with x64dbg\Command	x96dbg.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\dllfile	x96dbg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\dllfile\shell\Debug with x64dbg\ = "Debug with x64dbg"	x96dbg.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.dd32	x96dbg.exe

Opens file in notepad (likely ransom note) 2 IoCs

ransomware

pid	Process
180	NOTEPAD.EXE
1604	NOTEPAD.EXE

Suspicious behavior: AddClipboardFormatListener 4 IoCs

pid	Process
4440	x64dbg.exe
2476	x64dbg.exe
3068	x64dbg.exe
3248	x64dbg.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1368	chrome.exe
1368	chrome.exe
4928	chrome.exe
4928	chrome.exe
4384	ULoader.exe
4384	ULoader.exe
4440	x64dbg.exe
4440	x64dbg.exe
4440	x64dbg.exe
4440	x64dbg.exe
4440	x64dbg.exe
4440	x64dbg.exe
4440	x64dbg.exe
4440	x64dbg.exe
4440	x64dbg.exe
4440	x64dbg.exe
4440	x64dbg.exe
4440	x64dbg.exe
4440	x64dbg.exe
4440	x64dbg.exe
4440	x64dbg.exe
4440	x64dbg.exe
4440	x64dbg.exe
4440	x64dbg.exe
4440	x64dbg.exe
4440	x64dbg.exe
4440	x64dbg.exe
4440	x64dbg.exe
2476	x64dbg.exe
2476	x64dbg.exe
2476	x64dbg.exe
2476	x64dbg.exe
2476	x64dbg.exe
2476	x64dbg.exe
2476	x64dbg.exe
2476	x64dbg.exe
2476	x64dbg.exe
2476	x64dbg.exe
2476	x64dbg.exe
2476	x64dbg.exe
2476	x64dbg.exe
2476	x64dbg.exe
2476	x64dbg.exe
2476	x64dbg.exe
2476	x64dbg.exe
2476	x64dbg.exe
2476	x64dbg.exe
2476	x64dbg.exe
2476	x64dbg.exe
2476	x64dbg.exe
2476	x64dbg.exe
2476	x64dbg.exe
2476	x64dbg.exe
2476	x64dbg.exe
2476	x64dbg.exe
2476	x64dbg.exe
2476	x64dbg.exe
2476	x64dbg.exe
2476	x64dbg.exe
2476	x64dbg.exe
2476	x64dbg.exe
2476	x64dbg.exe
2476	x64dbg.exe
2476	x64dbg.exe

Suspicious behavior: GetForegroundWindowSpam 4 IoCs

pid	Process
4440	x64dbg.exe
2476	x64dbg.exe
3068	x64dbg.exe
3248	x64dbg.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs

pid	Process
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1168	unregmp2.exe
Token: SeCreatePagefilePrivilege	1168	unregmp2.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe

Suspicious use of SendNotifyMessage 44 IoCs

pid	Process
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
4440	x64dbg.exe
4440	x64dbg.exe
4440	x64dbg.exe
4440	x64dbg.exe
2476	x64dbg.exe
2476	x64dbg.exe

Suspicious use of SetWindowsHookEx 11 IoCs

pid	Process
4384	ULoader.exe
4440	x64dbg.exe
4440	x64dbg.exe
2476	x64dbg.exe
2476	x64dbg.exe
1848	ULoader.exe
3068	x64dbg.exe
3068	x64dbg.exe
912	ULoader.exe
3248	x64dbg.exe
3248	x64dbg.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3152 wrote to memory of 2308	3152	wmplayer.exe	83
PID 3152 wrote to memory of 2308	3152	wmplayer.exe	83
PID 3152 wrote to memory of 2308	3152	wmplayer.exe	83
PID 3152 wrote to memory of 444	3152	wmplayer.exe	84
PID 3152 wrote to memory of 444	3152	wmplayer.exe	84
PID 3152 wrote to memory of 444	3152	wmplayer.exe	84
PID 444 wrote to memory of 1168	444	unregmp2.exe	85
PID 444 wrote to memory of 1168	444	unregmp2.exe	85
PID 1368 wrote to memory of 1040	1368	chrome.exe	94
PID 1368 wrote to memory of 1040	1368	chrome.exe	94
PID 1368 wrote to memory of 3688	1368	chrome.exe	95
PID 1368 wrote to memory of 3688	1368	chrome.exe	95
PID 1368 wrote to memory of 3688	1368	chrome.exe	95
PID 1368 wrote to memory of 3688	1368	chrome.exe	95
PID 1368 wrote to memory of 3688	1368	chrome.exe	95
PID 1368 wrote to memory of 3688	1368	chrome.exe	95
PID 1368 wrote to memory of 3688	1368	chrome.exe	95
PID 1368 wrote to memory of 3688	1368	chrome.exe	95
PID 1368 wrote to memory of 3688	1368	chrome.exe	95
PID 1368 wrote to memory of 3688	1368	chrome.exe	95
PID 1368 wrote to memory of 3688	1368	chrome.exe	95
PID 1368 wrote to memory of 3688	1368	chrome.exe	95
PID 1368 wrote to memory of 3688	1368	chrome.exe	95
PID 1368 wrote to memory of 3688	1368	chrome.exe	95
PID 1368 wrote to memory of 3688	1368	chrome.exe	95
PID 1368 wrote to memory of 3688	1368	chrome.exe	95
PID 1368 wrote to memory of 3688	1368	chrome.exe	95
PID 1368 wrote to memory of 3688	1368	chrome.exe	95
PID 1368 wrote to memory of 3688	1368	chrome.exe	95
PID 1368 wrote to memory of 3688	1368	chrome.exe	95
PID 1368 wrote to memory of 3688	1368	chrome.exe	95
PID 1368 wrote to memory of 3688	1368	chrome.exe	95
PID 1368 wrote to memory of 3688	1368	chrome.exe	95
PID 1368 wrote to memory of 3688	1368	chrome.exe	95
PID 1368 wrote to memory of 3688	1368	chrome.exe	95
PID 1368 wrote to memory of 3688	1368	chrome.exe	95
PID 1368 wrote to memory of 3688	1368	chrome.exe	95
PID 1368 wrote to memory of 3688	1368	chrome.exe	95
PID 1368 wrote to memory of 3688	1368	chrome.exe	95
PID 1368 wrote to memory of 3688	1368	chrome.exe	95
PID 1368 wrote to memory of 3688	1368	chrome.exe	95
PID 1368 wrote to memory of 1724	1368	chrome.exe	96
PID 1368 wrote to memory of 1724	1368	chrome.exe	96
PID 1368 wrote to memory of 3820	1368	chrome.exe	97
PID 1368 wrote to memory of 3820	1368	chrome.exe	97
PID 1368 wrote to memory of 3820	1368	chrome.exe	97
PID 1368 wrote to memory of 3820	1368	chrome.exe	97
PID 1368 wrote to memory of 3820	1368	chrome.exe	97
PID 1368 wrote to memory of 3820	1368	chrome.exe	97
PID 1368 wrote to memory of 3820	1368	chrome.exe	97
PID 1368 wrote to memory of 3820	1368	chrome.exe	97
PID 1368 wrote to memory of 3820	1368	chrome.exe	97
PID 1368 wrote to memory of 3820	1368	chrome.exe	97
PID 1368 wrote to memory of 3820	1368	chrome.exe	97
PID 1368 wrote to memory of 3820	1368	chrome.exe	97
PID 1368 wrote to memory of 3820	1368	chrome.exe	97
PID 1368 wrote to memory of 3820	1368	chrome.exe	97
PID 1368 wrote to memory of 3820	1368	chrome.exe	97
PID 1368 wrote to memory of 3820	1368	chrome.exe	97
PID 1368 wrote to memory of 3820	1368	chrome.exe	97
PID 1368 wrote to memory of 3820	1368	chrome.exe	97
PID 1368 wrote to memory of 3820	1368	chrome.exe	97
PID 1368 wrote to memory of 3820	1368	chrome.exe	97
PID 1368 wrote to memory of 3820	1368	chrome.exe	97

C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\videoplayback.m4a"
1⤵
- Suspicious use of WriteProcessMemory
PID:3152
- C:\Program Files (x86)\Windows Media Player\setup_wm.exe
  "C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\videoplayback.m4a"
  2⤵
  PID:2308
- C:\Windows\SysWOW64\unregmp2.exe
  "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:444
- - C:\Windows\system32\unregmp2.exe
    "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
    3⤵
    - Enumerates connected drives
    - Suspicious use of AdjustPrivilegeToken
    PID:1168

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb5883ab58,0x7ffb5883ab68,0x7ffb5883ab78
  2⤵
  PID:1040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1608 --field-trial-handle=1940,i,10161607477277830454,2567961734563347265,131072 /prefetch:2
  2⤵
  PID:3688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1992 --field-trial-handle=1940,i,10161607477277830454,2567961734563347265,131072 /prefetch:8
  2⤵
  PID:1724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2260 --field-trial-handle=1940,i,10161607477277830454,2567961734563347265,131072 /prefetch:8
  2⤵
  PID:3820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2960 --field-trial-handle=1940,i,10161607477277830454,2567961734563347265,131072 /prefetch:1
  2⤵
  PID:2312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2968 --field-trial-handle=1940,i,10161607477277830454,2567961734563347265,131072 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4248 --field-trial-handle=1940,i,10161607477277830454,2567961734563347265,131072 /prefetch:1
  2⤵
  PID:3400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4428 --field-trial-handle=1940,i,10161607477277830454,2567961734563347265,131072 /prefetch:8
  2⤵
  PID:532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4584 --field-trial-handle=1940,i,10161607477277830454,2567961734563347265,131072 /prefetch:8
  2⤵
  PID:3028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4516 --field-trial-handle=1940,i,10161607477277830454,2567961734563347265,131072 /prefetch:8
  2⤵
  PID:3556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4740 --field-trial-handle=1940,i,10161607477277830454,2567961734563347265,131072 /prefetch:8
  2⤵
  PID:2032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4944 --field-trial-handle=1940,i,10161607477277830454,2567961734563347265,131072 /prefetch:8
  2⤵
  PID:4440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4704 --field-trial-handle=1940,i,10161607477277830454,2567961734563347265,131072 /prefetch:1
  2⤵
  PID:2452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4832 --field-trial-handle=1940,i,10161607477277830454,2567961734563347265,131072 /prefetch:8
  2⤵
  PID:1328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3316 --field-trial-handle=1940,i,10161607477277830454,2567961734563347265,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2712 --field-trial-handle=1940,i,10161607477277830454,2567961734563347265,131072 /prefetch:1
  2⤵
  PID:3936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=1368 --field-trial-handle=1940,i,10161607477277830454,2567961734563347265,131072 /prefetch:1
  2⤵
  PID:3132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4180 --field-trial-handle=1940,i,10161607477277830454,2567961734563347265,131072 /prefetch:1
  2⤵
  PID:840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2672 --field-trial-handle=1940,i,10161607477277830454,2567961734563347265,131072 /prefetch:1
  2⤵
  PID:4428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4428 --field-trial-handle=1940,i,10161607477277830454,2567961734563347265,131072 /prefetch:8
  2⤵
  PID:5088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4052 --field-trial-handle=1940,i,10161607477277830454,2567961734563347265,131072 /prefetch:1
  2⤵
  PID:2916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4988 --field-trial-handle=1940,i,10161607477277830454,2567961734563347265,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5280 --field-trial-handle=1940,i,10161607477277830454,2567961734563347265,131072 /prefetch:1
  2⤵
  PID:1064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5024 --field-trial-handle=1940,i,10161607477277830454,2567961734563347265,131072 /prefetch:8
  2⤵
  PID:2316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5468 --field-trial-handle=1940,i,10161607477277830454,2567961734563347265,131072 /prefetch:8
  2⤵
  PID:3788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5652 --field-trial-handle=1940,i,10161607477277830454,2567961734563347265,131072 /prefetch:8
  2⤵
  PID:5052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5740 --field-trial-handle=1940,i,10161607477277830454,2567961734563347265,131072 /prefetch:8
  2⤵
  PID:2392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5112 --field-trial-handle=1940,i,10161607477277830454,2567961734563347265,131072 /prefetch:8
  2⤵
  PID:4564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5644 --field-trial-handle=1940,i,10161607477277830454,2567961734563347265,131072 /prefetch:8
  2⤵
  PID:2952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=5568 --field-trial-handle=1940,i,10161607477277830454,2567961734563347265,131072 /prefetch:1
  2⤵
  PID:3324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5632 --field-trial-handle=1940,i,10161607477277830454,2567961734563347265,131072 /prefetch:1
  2⤵
  PID:2592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3916 --field-trial-handle=1940,i,10161607477277830454,2567961734563347265,131072 /prefetch:8
  2⤵
  PID:4496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5984 --field-trial-handle=1940,i,10161607477277830454,2567961734563347265,131072 /prefetch:8
  2⤵
  PID:764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=5884 --field-trial-handle=1940,i,10161607477277830454,2567961734563347265,131072 /prefetch:1
  2⤵
  PID:3132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=5152 --field-trial-handle=1940,i,10161607477277830454,2567961734563347265,131072 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=5356 --field-trial-handle=1940,i,10161607477277830454,2567961734563347265,131072 /prefetch:1
  2⤵
  PID:2392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4756 --field-trial-handle=1940,i,10161607477277830454,2567961734563347265,131072 /prefetch:8
  2⤵
  PID:3860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5936 --field-trial-handle=1940,i,10161607477277830454,2567961734563347265,131072 /prefetch:8
  2⤵
  PID:4664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=6196 --field-trial-handle=1940,i,10161607477277830454,2567961734563347265,131072 /prefetch:1
  2⤵
  PID:1208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=5960 --field-trial-handle=1940,i,10161607477277830454,2567961734563347265,131072 /prefetch:1
  2⤵
  PID:2564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6260 --field-trial-handle=1940,i,10161607477277830454,2567961734563347265,131072 /prefetch:8
  2⤵
  PID:4536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6512 --field-trial-handle=1940,i,10161607477277830454,2567961734563347265,131072 /prefetch:8
  2⤵
  PID:1244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=6268 --field-trial-handle=1940,i,10161607477277830454,2567961734563347265,131072 /prefetch:1
  2⤵
  PID:3660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=6468 --field-trial-handle=1940,i,10161607477277830454,2567961734563347265,131072 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=6244 --field-trial-handle=1940,i,10161607477277830454,2567961734563347265,131072 /prefetch:1
  2⤵
  PID:3936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=4700 --field-trial-handle=1940,i,10161607477277830454,2567961734563347265,131072 /prefetch:1
  2⤵
  PID:1436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=1496 --field-trial-handle=1940,i,10161607477277830454,2567961734563347265,131072 /prefetch:1
  2⤵
  PID:368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=6996 --field-trial-handle=1940,i,10161607477277830454,2567961734563347265,131072 /prefetch:1
  2⤵
  PID:2068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=7040 --field-trial-handle=1940,i,10161607477277830454,2567961734563347265,131072 /prefetch:1
  2⤵
  PID:3940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7236 --field-trial-handle=1940,i,10161607477277830454,2567961734563347265,131072 /prefetch:8
  2⤵
  PID:3044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7708 --field-trial-handle=1940,i,10161607477277830454,2567961734563347265,131072 /prefetch:8
  2⤵
  PID:4336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7796 --field-trial-handle=1940,i,10161607477277830454,2567961734563347265,131072 /prefetch:8
  2⤵
  PID:4392

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2152

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4ac 0x4fc
1⤵
PID:2772

C:\Users\Admin\Desktop\ULoader.exe
"C:\Users\Admin\Desktop\ULoader.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4384

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\key.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:180

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3464

C:\Users\Admin\Desktop\release\x96dbg.exe
"C:\Users\Admin\Desktop\release\x96dbg.exe"
1⤵
PID:4464
- C:\Users\Admin\Desktop\release\x96dbg.exe
  "C:\Users\Admin\Desktop\release\x96dbg.exe" ::install
  2⤵
  - Modifies system executable filetype association
  - Modifies registry class
  PID:4548

C:\Users\Admin\Desktop\release\x64\x64dbg.exe
"C:\Users\Admin\Desktop\release\x64\x64dbg.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4440
- C:\Users\Admin\Desktop\ULoader.exe
  "C:\Users\Admin\Desktop\ULoader.exe"
  2⤵
  PID:2728
- C:\Users\Admin\Desktop\ULoader.exe
  "C:\Users\Admin\Desktop\ULoader.exe"
  2⤵
  PID:1836

C:\Users\Admin\Desktop\release\x96dbg.exe
"C:\Users\Admin\Desktop\release\x96dbg.exe" "C:\Users\Admin\Desktop\ULoader.exe"
1⤵
PID:2132
- C:\Users\Admin\Desktop\release\x64\x64dbg.exe
  "C:\Users\Admin\Desktop\release\x64\x64dbg.exe" "C:\Users\Admin\Desktop\ULoader.exe" "" "C:\Users\Admin\Desktop"
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:2476
- - C:\Users\Admin\Desktop\ULoader.exe
    "C:\Users\Admin\Desktop\ULoader.exe"
    3⤵
    PID:1524
- - C:\Users\Admin\Desktop\ULoader.exe
    "C:\Users\Admin\Desktop\ULoader.exe"
    3⤵
    PID:5016

C:\Users\Admin\Desktop\ULoader.exe
"C:\Users\Admin\Desktop\ULoader.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetWindowsHookEx
PID:1848

C:\Users\Admin\Desktop\release\x96dbg.exe
"C:\Users\Admin\Desktop\release\x96dbg.exe" "C:\Users\Admin\Desktop\ULoader.exe"
1⤵
PID:1556
- C:\Users\Admin\Desktop\release\x64\x64dbg.exe
  "C:\Users\Admin\Desktop\release\x64\x64dbg.exe" "C:\Users\Admin\Desktop\ULoader.exe" "" "C:\Users\Admin\Desktop"
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:3068
- - C:\Users\Admin\Desktop\ULoader.exe
    "C:\Users\Admin\Desktop\ULoader.exe"
    3⤵
    PID:4408

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\key.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:1604

C:\Users\Admin\Desktop\ULoader.exe
"C:\Users\Admin\Desktop\ULoader.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetWindowsHookEx
PID:912

C:\Users\Admin\Desktop\release\x96dbg.exe
"C:\Users\Admin\Desktop\release\x96dbg.exe" "C:\Users\Admin\Desktop\ULoader.exe"
1⤵
PID:3448
- C:\Users\Admin\Desktop\release\x64\x64dbg.exe
  "C:\Users\Admin\Desktop\release\x64\x64dbg.exe" "C:\Users\Admin\Desktop\ULoader.exe" "" "C:\Users\Admin\Desktop"
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:3248
- - C:\Users\Admin\Desktop\ULoader.exe
    "C:\Users\Admin\Desktop\ULoader.exe"
    3⤵
    PID:2188

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Change Default File Association

T1546.001

Privilege Escalation

Event Triggered Execution

T1546

Change Default File Association

T1546.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\18E6B4A57A6BC7EC9B861CDF2D6D0D02_C3B142D2C5374581DC2FDFFDEDBDEDDB

Filesize
765B

MD5
fc54491426ec080d9fb51ee8be67b28f

SHA1
96c553e74d768d09461fa4c59cf7c9190fa616be

SHA256
b296e5f5133d1080b46205e21e9fa944f314ba7e84e6cfd2e233ff80755b2ff3

SHA512
8c6aa7cedea9489797d686b399c7324444e838439c7e9030d71939c44854c9f38ae2239280ad57e50502a34a8ef32fcfbafd4f65e25aeafd96d2307bb534533b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\AEACCDA8653DD8D7B2EA32F21D15D44F_D7AD35232628FABEF0C3E04565DD2D7A

Filesize
637B

MD5
82d6ce0e617f9793046b61c1bf7847b4

SHA1
b2b48235d2536e4503c44a61824a5b05ad42256b

SHA256
17da48251a87317e482b66ceb4ad7b31b1676325c560439ec2c76498b8833b07

SHA512
ddda6f7a56e544e067fa5fa40fae995116a9f6fa0394e512214b2befa448ff7da265cc246c31ba5d2f8b62a7bc306d559f95a0c3c7a847c74648151a750c10c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_93702E680A5530C052C8D2BA33A2225F

Filesize
1KB

MD5
543f380bb5a4307e72b011e9a015564b

SHA1
26a06119b1257d5429f8a8e03faaca711059383c

SHA256
45d445a40f93cdf26a15a1376e2656cae9d2dcce8a0b21fcd57cfcd6d6272760

SHA512
89d765811aad21ca748b249dd088b0a57a0a50cd59677f721971f7c084dc44fa2c66bc1f56a0f53dac6c13ba78fefb35060bb8988f1a2a400a5fa0de270e5d0d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\18E6B4A57A6BC7EC9B861CDF2D6D0D02_C3B142D2C5374581DC2FDFFDEDBDEDDB

Filesize
484B

MD5
d475d739868ccda6ec801e410300cba8

SHA1
7462fb4f2f71a95334da436ff41392a4227ad87b

SHA256
f5c70356cf0159050da69d48717744428f38d15037a45c4d82ad2ec0ab6709f8

SHA512
1f0715ed90ef5f5abb0058af03d1b04fa8cc5456e55b26f920d8989cc11546defd97ffa8a0c81e72ba873087ff303e82f1216ab99f56fadc9e113a996aee4bb7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AEACCDA8653DD8D7B2EA32F21D15D44F_D7AD35232628FABEF0C3E04565DD2D7A

Filesize
484B

MD5
e7b14f04211b420f8f81e2c83be3a278

SHA1
cbb04ff635014125fa37f759e013ea957c146e8d

SHA256
235e49c3b38e23047ec8edc893d8d9181be1ffdb22ed2ecd28cd57742df3714c

SHA512
6d1b3276ca782e295520b776c34389758992647041ca6f430b0fa0742d08fe0ded80979af50d26dde19a6930315ca2f97023668bd77bba6ad0d39052c691a5d8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_93702E680A5530C052C8D2BA33A2225F

Filesize
482B

MD5
27dea135cc767974ad5bcfa1d7f6b830

SHA1
6ea6bcad0bd7e2eccddd6bb75bfcf4a29f094a0e

SHA256
755f6edfe07c9ec03c13deeffbb16b65ad8d7e210e984971cd556d8c21ea5a87

SHA512
21f5d8bd5c70d990261f30ab98c16a5b5e2c0d0121e95067159aa3bfe8cffeca1a3926ae1443d0d4f902f8d98717f2dafe328d644c9fecc39de172c70dd8e2a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000031

Filesize
57KB

MD5
c9021c91d077a8cbb5975261e81dccd9

SHA1
5a9d67eb10388f79210d7c662bf9a13bbb4bce2f

SHA256
2d66ad38334596758a271c562250d291e4c62ebdcf9ab5c2afa652814b7e5030

SHA512
6afb7c8c94f175d7625fd32258f9eb8b4062545c789fc8feff1a2ca554a2cc5d5072670771fcccf4a4bb49f641f6b50c31818980bbf903bd0137856bf80e7bec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000033

Filesize
100KB

MD5
f82729c3af0c1fbe949404eca4e472a3

SHA1
a273dc3514fc46e9ad172435c4e306ea5cd325fe

SHA256
565e609ece56114596137732575f4a66ffa74b119dba8f8b7d6994b2bc38e0dc

SHA512
d2c6b04f986519d6445fcb27d5cf45ea25dc8a02a744967af16c6574ea0dc384922e92a23d0de5628919a7517bb79fa8d426949b3dfb2f3314d94654956e895a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000035

Filesize
24KB

MD5
bb734a39dc2e8831e4ff608cca465ffd

SHA1
72f1e49b172e5368b4094ab3146762647437f2a6

SHA256
d005bdd1fc8688729497eb40f393262adbeaa0c69fc3b4b938bf6428a19f2101

SHA512
2f520dd371c6c628d71e5cd1705a51c9097853ef30c35d4d52652311782544e5cde32d329de57cd32787e8df35d73b67cbdc9132b38995c97e87eb05ff3c0804

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000036

Filesize
110KB

MD5
8b97c2fa208ad8358f2b19c0cbc8dd52

SHA1
82aefc1ead81a1891f4254453fc5bee558f2a380

SHA256
abf2fcd1ee9b3b38ecea083e8e29730c44a37726b059caa8a2e3ca12a7d32cec

SHA512
5c0b447a67e16af541ede8afc096dc220b9b8653e5052e83df101939e9d1aea5c6e76dac2d06c25bc193de95e51abdc938b7a699dd441d481ed0acb3a8e884d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005b

Filesize
199KB

MD5
585ac11a4e8628c13c32de68f89f98d6

SHA1
bcea01f9deb8d6711088cb5c344ebd57997839db

SHA256
d692f27c385520c3b4078c35d78cdf154c424d09421dece6de73708659c7e2a6

SHA512
76d2ed3f41df567fe4d04060d9871684244764fc59b81cd574a521bb013a6d61955a6aedf390a1701e3bfc24f82d92fd062ca9e461086f762a3087c142211c19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000076

Filesize
24KB

MD5
344ee6eaad74df6b72dec90b1b888aab

SHA1
490e2d92c7f8f3934c14e6c467d8409194bb2c9a

SHA256
a3cf4861c7d0c966f0ed6564f6aad6b28cbd3421a9ca4f60e2246848d249f196

SHA512
2a9a9162d610376512a8fae2cf9eb7e5146cc44c8ebde7a12e9a3985da1718c62ae517c25b00de7c0269efab61b4850a0becfbf04382a25730dbe9cf59825a62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000077

Filesize
24KB

MD5
5366c57b20a86f1956780da5e26aac90

SHA1
927dca34817d3c42d9647a846854dad3cbcdb533

SHA256
f254eb93b015455a3c89aaf970631bc989fe2bd387f79e871b514992359651aa

SHA512
15d7127970436f2510344600f3acecc19c39a05f8e82c8a7950095386382b2e2da55883a5a9faa97b84452e67315b9ac1693b6592274c8c1c35c813dfeb543a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000078

Filesize
39KB

MD5
fd93a665db48a2b77737a3c0829c5e54

SHA1
6e7faac7da87e0fedc79915858dcd6e67b4c4a90

SHA256
a613a3b5e418fc4fef1aebcd13651c2bf6cfe3bb5325dc70520a7d53e98ffd1d

SHA512
15c76c51d4dc4451fa68511fbde140889af868b684df2d80e7ff7b11308baa3e7044bd6d7d13fbdd589c33419c705f265f2b624e79da72e3f444bd2ba4101b5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000079

Filesize
65KB

MD5
76e76427d75b126e2a57242fc9f1532d

SHA1
05cf37b3ff4d38dd182f224276295db0bf314439

SHA256
6a2464c4b7f09e6294c9a1ce1bc9a684aac9d8c85b3b53db0ab4fdd15588cbbe

SHA512
cada7924cbcf30428e08a3d0fbd159450c577107f03827080d1c3eeccea682990ae8f0ac8cd1077a3f4f2fabd4303076dd5ad12c0bd8ed9bda86f12093e0bf57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00007b

Filesize
90KB

MD5
add93900cde9bb65a856ff06b0b5dded

SHA1
f70c048573f5338d876e30ee0a775cb22d83ad9c

SHA256
d2d45f5b10d8350316b7428692b1197b2563e4c0e3c2bafad703c493f17ea8b0

SHA512
0ff057122f0dd08a46e23c4476ad5720a0267e3489b5d8971431b4bc3f5800846c2bcd88f0dd75d4b8d3397598fe6c80d9ad8932c709e8bfc4b5f1d1451bd42f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00007f

Filesize
17KB

MD5
3ddd515cdb5d28dfe40d65179ddda12a

SHA1
dfbaa0bba38f987b4db1ea796c6d2745b6655c8a

SHA256
74a10d0ebbfda29ebb7f645134bfc766021ba7177cce2311c8ff895d323c8372

SHA512
3c653633612dbecefe889add56b3d1918ca32b53105072d5ee70d4d9c5dbda736ca2f15cd81f88d61aecb836488c6c463037618224f5af2f0352018d057c631e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000080

Filesize
18KB

MD5
aa9fdaf2c79cd0d95c534d51e299a218

SHA1
12bf0402034739a08185d8d96b63a35b83badcb1

SHA256
74aedd130f62e5536542c3745390758b858f5a023b72b83892b022aa132b88fc

SHA512
70a61a8ce00a0835f819073bf5c90596f604447ea1d98732552fb345bc82da6e7a33740de0a6098c5917421da7b5ba0ad835fc86e201550e0b42241859c3e0a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000081

Filesize
29KB

MD5
ae4cc633a1734aac15f03b2160e3125b

SHA1
e7dfe7e532f89cb097207e252e1e8462ff7a2b31

SHA256
b20c699ff72b3bc4269abdb0ae2ab704d89c45f65b37f1da084e5eaf07c36cba

SHA512
c3545d02fc938a41207fea67b44c037fb589122b7d437366fb8b0c9c85ae107b96b8344d17c94168de4fc2cea2eae7d1583243bc006d762648eef6908b380f1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000082

Filesize
140KB

MD5
a830585f82a3cdaf1eb9e59c29ae3695

SHA1
8be6ec3f4cf4c64a0b2bc0fe257d0e02f176a03b

SHA256
987d6efab1de6f91899e4cc44dd5393ddab7f2447b84ff0cb6f3d86819cdb93d

SHA512
1de58b203e74f0567310ccd19543bd784890a30a05c502142e4aef2bada9d2176c303dd9e6dacd9f926a12b2a4dbfa74cfedb9acc322bc94c37ed8df62a81dbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000083

Filesize
63KB

MD5
34d5015941e4901485c7974667b85162

SHA1
cf032e42cf197dcc3022001a0bde9d74eb11ac15

SHA256
5c166a5d40aeefd0679a14f95e47ff28824e66abba82adfa30be41803cc25632

SHA512
42cef1d6847f535a6e8afc0469b9f5ef79ce4ab21512ac7eeda8ef9667d5f24bb33b30aba9a29824b3d853d41d4addf6bdee2042cf4fbd0a033b61657c671f0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000084

Filesize
54KB

MD5
81436adcd5f1066ea9c715dcae02f693

SHA1
8cb59e7abcbd7992dfee284b9730180388bbf28c

SHA256
ae4c30f14a6d50ed46cc4218d5071d3c45e1e1fc570c783e059e1e00bf24da44

SHA512
1791926fa16bdf5b9c7e31dec3bba435aed9d2b33992158ae244d5d35ad7ef523c5e81542f0b23b7072da4921a2e17b3106f57ce462a9dcb67069efb97889dd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000085

Filesize
28KB

MD5
974c159e70b711b491f1738a84558f47

SHA1
8875d116f4fd66d2eafcbc7f8a40516b7b506137

SHA256
dec160fa56f2be03898c190060c11da82a2eab754a1a5f4e965795c0f6cd8841

SHA512
415c7455d2af49a612b7d5d1f25422093a70ac7a0330279cf490f9f3d5d4b7c96c6a5b021c140713b9d44cbe37077852f1fd09008ddc3fda66a756ac107261d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00008d

Filesize
24KB

MD5
f782de7f00a1e90076b6b77a05fa908a

SHA1
4ed15dad2baa61e9627bf2179aa7b9188ce7d4e1

SHA256
d0b96d69ee7f70f041f493592de3805bfb338e50babdee522fcf145cb98fc968

SHA512
78ec6f253e876d8f0812a9570f6079903d63dd000458f4f517ec44c8dd7468e51703ea17ecce2658d9ea1fdb5246c8db5887a16be80115bbf71fe53f439d8766

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
864B

MD5
247762f426c7aca8264a23b1bd5bc580

SHA1
b6524a0a64eec87cc639d58dc8417dfa587ddcb5

SHA256
918885bfd2c5ced9ecfcc95bc4906a16f3b9121a69c22735185b61f4ddeffe7e

SHA512
e6a5e03490e83803b8b63d75aea2f893e905afcfe01a1cf7a999eeeffdb02d465f16a167992751ed0d2e431f2461bdc96e5a3f35340fb8a67a72323408276d43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
3917b8535bb881664222acaa64772d8e

SHA1
1250b2ec61c5d4b7aacb1eb2380bcaa27b885f8a

SHA256
e26c3d2b4c583e0e8f172f8260febf971c815b54a7986af48084c93d866abc2b

SHA512
3a1034b0b55eb90bccd96b130e472f6440f764899032d65508e5a805331389e198ef168994ab9e3a32389b431e01e3a34b718eac3cff324d45f88a19504f1261

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
80df32bacb48468d63d7c6f00cf8d20a

SHA1
c4a21e4a85bc75c9d071300ba5358be927497a62

SHA256
7e505f4dbba9e73017aa710209fcb2e057bdf01a13d070db1a0f691fba64f5d5

SHA512
3a5379e069e4e8e58bb9260606899f8e72448cbfff5e93279464b63c846efd85fe3088e7cf609879bd28af7fdde69418e1ea2ca58c824f8f205459afcb6efd11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
d524a5dd0138e22f302897cd31acf552

SHA1
81f50a9b7bcda3ca7cf20ee3090659adf477a0fd

SHA256
8651c1a52a882383346cd4fa93ec95fc89cf830f8e97783d22bd6229ebcab1b2

SHA512
471ee10d930075c5a97231f6b63534e24f7d35e4acb89fd79ebdc5992c81a7bb90cff1ce33f8a09f3090e618331f4d44398843196683cbc434e355ee6b3f3a9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
526bdea42445d98983b9f94bbb67e5da

SHA1
152dedfecd1c44f2ab066254ad743b20e5eaec31

SHA256
63ce3362dca2094fe97698fac853607b020caf68bb65eecd2503472b1cbb10dc

SHA512
13ee99b3294b3219fd1a3933e6d84a963abe2c4f7c2d2e03ea9218b7abeb1b8ba052ebc620a8b04cd739afd1f5e0caaefcca9ae1ab93fddb4fcbf0b3d828c680

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\09c2f6a3-4d32-4687-9435-484fce578e8b.tmp

Filesize
3KB

MD5
cd5062df583d7a061ce784a8ee4e06ac

SHA1
1bf54f2c591b0849dc0446a1ebefbb008eaf7cbb

SHA256
ddcce487285837524679da16e3781ef9ec692a051c843b1c4260af62c026637a

SHA512
ad77c64b3c7595e6e5ca8401bbcbbf8b1474c4e3035c5f1f6736cfca3e5456260b20b7666c1786fb4f009d17ae8598cecdbc5fa3966865ee20796099963ffa31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
d62809a1a80f175798d1445577941e96

SHA1
a2cb5657011de28d79483ff3d15f77591d587a36

SHA256
7c1d6cf8c5527026a5ecd25848de0bf4aeca2141c29ef45614e65e5a0daba172

SHA512
5aef71139a2760c0f33463042a6867d4f43a88b2c001551fb8d50a175c9d0f4c78dac6c192745d74c361ad6d8c8c6b5166c2d3d7b5d6869df6b27c005c72ecc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
9ca4d55c6e8d3fa01babbf01e2245d88

SHA1
620698cce6eeb90cc9bbe69538fb93fc28693434

SHA256
f12780c06dfaaeb1ab43d55ff5197767202200328adae39abdd60901a847f9ce

SHA512
0f86fb525c26ed4d5e3e2a14b88dde762d58f35b79a2ac8da5bb15a15300136b6e698e252a57c5113f1a2fa66b5e1d5dad23171475c30bd8610057c8bac2f357

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
d743a918b07591c911e9551fdeb586fe

SHA1
839fd0472cecebb3ebc5d22d6a4b0785b21ea8a3

SHA256
24cd7857b7b1c2d9eb6fd9a8ec6cc4b2f764160103ece0c629d9ae3825a81d16

SHA512
e08e7e41e311a2fedc789969e4bacc21cde535193583bca52aab2228f4eba7ba39673cc4a3e358c75ea8e75f50eb601b75d3c646274dcb2e3fe17f74b2a554f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
13KB

MD5
1af959202afadcfbae4175129c4dc016

SHA1
364778d1e9d374d99f39605bc5558114868b0156

SHA256
7699231e04337873383b4b74649d4c1f378bdd6086f90b1e89bdfaeff69dac2a

SHA512
b28586ba67b611a2de51c6a497e78b6432b187f103c3a987b5f3fc910682c6caa60c4c71d15533fed903dd544712d7069aa9393dc58b34cc80ff0474ce4441e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
52db4f28f02abf92921c4d6d2a6298a7

SHA1
51dea7ff039904bfdcd219db667b9272bbce8f56

SHA256
80e34a494f57523edbaa50b99fe4c6c40a3f3d21de1d4aa11d4eec34ceeef76f

SHA512
e071a52c35167eea5d8568460d1719b66758a9c5d3a7f99245c824d0c0aca93e6d97ca60dc23817b823341780c217b29c9bbc4a172c3590f7b8970b0c45e8500

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
44615607f86c8c01de4d444b25dc85bf

SHA1
2eec991aa9fd3e5235d0253141fc94278e4e0b97

SHA256
771e0751e17ba1689769b6d0ee06b33a2c63d90c55d59b36e73017f45a48208f

SHA512
6e781032c44c62a72b7bec5d99e1df87be908342c3423718ec019fdedc53fa3dab4b68bf57bfad159c1ca99f6ec7f21a1bf9899afe9770634545e3ea9b118404

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
8ab7d5c5089a091739e0ec002167a4a4

SHA1
c21ed897cf14df3d0fcbc99797a06358ba1985a8

SHA256
00aa2e252a945c9d5b1f398f489d20e6a792f392b4b7e1249f901b610397d4f2

SHA512
4b4e4d7213aaaca35e3e377c4ece8987d434b6957cdb1547949abd79b9b2da2a2e9e17d747d4a8593495f0592963883341f4d9e3d9507582fbe5df6dbc8ed85f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
d9d74f260edbd1f9d02c55e9de78bc89

SHA1
417acf2ab33cbb6461c0526b313505e53fcf89d5

SHA256
c10d0f8d71c7485eb157317980eb9941fc38605ab9e890241c6212e36c95543b

SHA512
5b964775a323d7acd5689356270881f0b7e355e3149e956ce8ba35e82676313737ec33cc0cac3221be1871cfab2db34ce2d8903964773eadd86978ad13e8088f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
92d9103e99441b4b2edcdcea19ab7ebb

SHA1
955822060efad3a23eb884773e5498a57be2cbc8

SHA256
d863513b334e7de1170d8199b0befb70ae660ae52c1f4f37af5d4ece35ccc1e1

SHA512
8de5b49bca3f41ec61dd00d5f7d3b4571a66592273ae844d8983f8354146938e46e48e3a1b9e51e36f12b8f82a42f2e93d0a7fe48c6f069434f291ff4e1125fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
6cdfac38bc91f93d4f63cb4a41b5f307

SHA1
bdb0cbf4ff7d940098536dab7480d21fc3a32f2f

SHA256
dc12a2d14cb7b6c5139653de7e6659e226538970ea86f819986b068d8c018729

SHA512
ed2f7cb4456daf7a15ea906c6666f291610b808096d5e51d299ee39c58766c75ad905ab594005e12babc61df5e857ed14311fb495ac8e978a5cc10dad7b2ef91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
f72f85548691a0a3e4907b609f788098

SHA1
582b5bc0f3e789b07abb021b903d19917f78c8f4

SHA256
d57bdc948f7cb665934d499a2d039cbed13eee23d2840c925c58db48039647be

SHA512
07dea3efba1815748ec72f7bc2b6d49397261128cf64414088c96fbafc61714a546a306546497eb072c5eebdf77701108e037a66dfb26b32f29ba0ccb45493b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
6090478aef5df902ea32263751fc7f38

SHA1
6a1f60b9d9634b7feda3414c3dbe11bd86d85cdb

SHA256
b78d9f1db2f003f2514dfbea28aa1153e890a12f5904694d3fce7abef821f5bf

SHA512
a128252a9d3534ff71dc6b3b18720c488f6c338df106480f2cf204d05197a021d150ced6ef74ee6402ddf17a41172e48d46747f578fce3e4343d6530862f8de2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1024B

MD5
0e14ed95d79399efe69018bc643b420a

SHA1
281c5e091ea4de1cb8df66cf7445a390048c6667

SHA256
f910b83286d2b4c4775adb467fe2f11ded34d3fbef3f70efdc348251545a99e1

SHA512
fefde378d7e0871bd519565d14a27feb3cd94bbcf8654a08110daec3462d0bcc6b7a3c2ff5f08a13f7c8a28b993b2f7aae6faf5b81e0a74fddd7f17b3f7bc1d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
b2ae3443f03df3d40e35a2688a2db682

SHA1
626892b71e9fabe615e50e5b42653884de088295

SHA256
f15d3b853b9a7f2c054ac27f6064b12ebdf4d1d54034da7f5a1797a7925278f4

SHA512
fbfcb4ee4c18778ae6a6d820f07d6d3e7c691532d688ad08a4ad3d906614c20ac2d6f888a19282b8796eaadd5141f297193249100ce907146aa782f36f1a4852

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
71247b668eefc2ab559177dc6f2f192c

SHA1
e05d952ac2442eca6979046f4ef6decdc3038fb4

SHA256
ebf8cd3c84d61a505596f4a6f177a6dbf7157c2eb0cc9293da6db199ed0775a3

SHA512
26d46b827c39f0e7f96fb3ff232c6894de386e2d600687db23c9820d162976e2270e247f99f29fc157d7ef64e8c38f673d1bf149d21311d68dff0bdc313d2015

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
9863d49d5b54abf8ff86be151815302f

SHA1
b197ee12ac6efb2ea16d502adccf250fc8192c66

SHA256
ff4e75554c700af30fee17c841b536b471409b1cdc1f3613cefed90413352520

SHA512
ecc560bd98809085e52db340fb197052aadfd60fa874ae1e3dab2c7eeca24fa68eb711015299b1f103023e27eeaa81cbc609284f3e508f1bb11b334309a045e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
fd2cc153f454443b2c6ebb0657a9791d

SHA1
ac816e3a916d54931a9ffe094c8135e6ffaa5f78

SHA256
dd1975c29d55f342b50385ce06eaa3af77a66619213569786cb8ad56565a3bb6

SHA512
fc7d8550663f8356f842e3e6d1f622a1cb737a634abab3bf4ec5d5c113eef7b03cf117ca5720fbe41fce170536b9e5bfe3e75a0169cc2a010e0e9736240d37f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
2e0f51e8fa110fabca5cbcd5008529e1

SHA1
b2e94a67e9ae2a2cd5a5f5d49f79eb2214623c09

SHA256
2b6287b66410d6567868f51ebb734928ab1db568705822abd55c150ac502c18d

SHA512
58ef077facc721c857128a123ba52540ac2c6388c7ba6a2aa88586c77442f592bb9e630ada7cb2c5c436339429d11e1eca682da2e5d3303348c5f98675bd7968

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
b65ee012dbeb93d1055e758b96d80054

SHA1
4fde06ba929144e9f10d8f62db3c5012782c59e8

SHA256
d8bbc1cb90328a285cddbaf73d9dc541b6288a3032ee9a274e21a45677ad283e

SHA512
e9d6c7f549effa8d390376a2aaf854c61d81e315389bd7e599b5c585bcafa89f60513be766c02fe986dad368c490db25e0699c414007185eb87a9e384667ee41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
0bd5b7980be6269c5161ce3a2246472b

SHA1
f4320ad87f73c216e474b3c4e984031070b1417f

SHA256
37baab834486e6676c1434e93d0f54c9479e14d084aa3c0c54700483a7d150ad

SHA512
052839128b2cbd924e7ed23d43cc77437ee42b575e7500745ce5b8f939f37adc547ab9b7f220984700039b4de0dffbd476398ae73aa7050e70a53360c40e872f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
21d158272db737f7b9df848e9a3207dc

SHA1
849b5d1dc1429353032f9e8219213db504eadb9a

SHA256
36e4e83f3d3738d21e4dcf5f535076f30da2c63dc003cc122ccbb23656e15c6c

SHA512
2965f3b9305ed3bb6936bb0c162caf107fd908fa7d4d699fabb279a75947e21ec9bfa7365ea332c7bcd760628a95c6a6c9ebbc456269bbaa115c981263b6e651

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
8b54f3258e13b6f890fc6935623bb7e5

SHA1
5a775b5dd0577b9ee45293177ee4296a66dbd52e

SHA256
2596b77b395773ff5ec21df3173aa9922599d5293a4f4e238ff0453b6cbd313d

SHA512
351ae6c1a24659477faadf8a633185b2d5d322903b06421be251cfe44061e85d10ffc9c4199984be23d78e53c5694a1df9aff0302d7a099e583828769a0367d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c263d678b7d6d2a9130fd7852efee8b3

SHA1
e088d3a6c416ce737cace831b6355f558f7eb646

SHA256
f4128cc6941aff6cba6f54c845b5ec9e656420293ab12cb6712e45664701aacd

SHA512
b921a3eb243aa510c231106471ae619168b68fde0e9e35031156519a20ec9efc375cadb17e7a0ed3181d918abe71e436382efaa1241f6ed3a34058d94abc4a76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
efb4a40aa8dcfbe222681d65b2132cdd

SHA1
b07c4dda399711396a5e949181eebcdd502ec736

SHA256
ff52d93d6b4e6723024f3a22bb04cea4747b99bd082cce9fbdf3d33c87f85efc

SHA512
ff7e36de9d55e79a20e3216012df6c399dc3f84c2618b6ca52a43dd399feb30252ff109a88ab34773eb05fc35915528734e0d46fb20d7c80a571d687e739294a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
f8b570e0f86bcacd1e2eed8c77aa3f8d

SHA1
7cd7bcc36d1674cba299654a287f85557c6f2af5

SHA256
6a34ab9b226b4c169ecb5ff62e0be52512d38e8e414004e137b1eaed5072aeba

SHA512
2bb1e77f1117f78ff02ddd2193f7b1c924a340c4d4d223c9769b044e07e08850408a61e8f4948ed5354efd9219573ba239913d32b1adc451b58b0ab92201eb8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
09adb207af4b0d811f5c4913035d721e

SHA1
a663c48a530e321d41aa827262c994f9baa5cde7

SHA256
ef2624384570dcdf11416031e1053b9cd03b254b981f1e5c89653fdca3e0bbf0

SHA512
42a67d99585a066eed884662674070c034003f9f9cb68861bdf8a4d93ac28b876c5de2f13b6e8d13e62b4a43cb386a84af890daaca15ccb5ab9fb606a7f412e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
0d529ae5a0fb658385137003bc631333

SHA1
f22a9fff2d3f1c86c8937dffaa0d343e9390e97c

SHA256
a79e5fdff6cf832a9f876656f3433a8db909338e6ec2243e042f801b0d4167a5

SHA512
4f9421a3cab506a4c6193c7f5e1324527abe483b0c7959a19327c9ce480354eaa7f572064eca11ae65a3d47cb75f151cd507183f4e18a93dbb953b52deafb850

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
5771304ea7f598103395b9825d9fbd83

SHA1
d8f93e3a4551788520072b4de76b4f723622d030

SHA256
5111c8312a647d5e3a4b43a976383bd78a2e2e78e4deb08dc69ee5f640964611

SHA512
cc1a426bd86c37603378f6bc6563e3533060928c0e03c82f2271d398e0de96023371447eb1daaf2218b364614fff587bdf35541ee16ff2918d3a1f340055c234

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
ec9e34fdcba217dae200099a45e7e697

SHA1
34f9a7201138349e3862164e232439b5cff77fb8

SHA256
4cf92a3bdf9c86014109d030e7afced1f5cdf28b31a34e6b0acfd5deb224eb8b

SHA512
0603004ff9d0c447c4c6ea6b901d12780963f0c25efbc52458935dc254b3b1a8cc230d4b89501e35d5c28159fb8c55e934ab0db9b0381c6babd3f896caad2bdb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
606a1b5a13d60f2971baba3a2ac23c13

SHA1
89e2aa3b6aa53032dc9f50664fe590504146b8a6

SHA256
e35dcef36d5a2954a444329ce1b610a5b54cb4e0335b4b50459b49e9bde06340

SHA512
ca40c9dd5fb6be589c397f3c8c2e5f3c68ca4151a91f8e241b328e742983802273ecf9172ba5271111fc9d53e587037e74917e95281c08cd2cc563fae9f09978

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
085fc2f88d6f373f69523905f63cf313

SHA1
b2c05d6305b1f9caf6fdd04d1238546d375552bf

SHA256
566d77695918e96cdbd6b5b684f188fee626b3f353b6b363aec8f37c3043acb6

SHA512
4d663514ed8b4e29e2fd0cb562706d168940a7ca0069ff23c0c93e0df620469e4199f6ed3c87f78082c54345eb0d7100b0e751de0c7d22cb63438e0b1f161974

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
ef2e0fe67eae5028711b15d668ef69c3

SHA1
dba013804767862d1c8290e4d8b1d87c72483072

SHA256
da6a805abd365330f26ce116889641fbdcaffea3e3868ba37aadfb49eb27586f

SHA512
4ac682192ef7cb35191c35417a497c2a2219ba73e646c1412075b2f7f9d528299beaa27f0f4a847bde913b3fb9183cbaa449743f9bc4afa13170a189d9b07df5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
1c7755cacb5782d2901d0809f4344f63

SHA1
e4c8e4c77e7111804b1b683bc9aff11d999f93a7

SHA256
5966c689e58f2f846bf4407ba7a3143be62a00c259cc9d019c625e7886e6c14e

SHA512
2da80d6eec06e04c8a0ef391a4a3984c5e421298082ef9062061bb1d13627a23a94971cefbb72301e6d9fe034439272c2bdfd4bdf72254bb249499dd0eb47be1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5a0baa.TMP

Filesize
48B

MD5
1fd46c9f56e8fe05e98a59742b7d97de

SHA1
e219d6fcb3f6d3fcd26ce1c30fda54784aaad6ad

SHA256
7cdd5285b65d218d8c9e06d5a7f143f6c30fe3e9a2a7946b592559b64475db6b

SHA512
87171a369e2525de6e19f8a62cc95ec7a052c4d11c19e488410b49303f0145f9bf73771d95737e0f1afa20c9032a7f18987d12c4ea558eee1d154e1a4a50c599

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
256KB

MD5
4a6ce2cf9cec2b66d019f80de9d78a8d

SHA1
ae5b8bc609add88fb8bc0c2e12f1dfe8f1052e79

SHA256
b2a8e66075cd366611223750b82671565b17f30bfff8e6f071203d5b4e56bcff

SHA512
0d0700a7bba01982b4cf575844288acfff47290cba2296d9211a6769da521548025579b6b00a55cd1572398cba5fcdb89118982dab69c8e0f826005dfd49b83a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
256KB

MD5
8eb999e3b3fb5119568161fd89eea1d5

SHA1
7fbaee8b034f328a8be0e39d694a57ac9fe4f1d8

SHA256
7ccc1cae22a27b710a0ce1046e8f95d26b01409f8d95643a015799df3f72ba79

SHA512
08a56ef85e259e821db77283797e701adf87918e65e7ad08c9e07b65efe40011430df7fbf354d86e4326d9d7144ec158c7a11bdbb3550d0c54e7fc6b22471fd0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
256KB

MD5
0e082e4f00f81b9a6289dead7b9ab979

SHA1
c40e59d6f05e2850ea518bf5293deb4411b13fc9

SHA256
72ce1925a67896457100b45eb70442ddf8d7ed87eb0271a06c5797cee4b81e8c

SHA512
5f6cf663341ee574ea66cc64a75f00f3d66063982a255c073861d1d06de0b33214c1df59557e37acc56fff890af607022a4f308aae31405632c57f95bf7ec636

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
256KB

MD5
d23f51a21355b308f81021a21271700f

SHA1
62f7345957e2855f4a9f68830f22d9ab4fdd86d5

SHA256
81fc5ea9086027715b5a36660704f9f5cef262fe8c9e19daadabe9b5515efe74

SHA512
e625d902da2d7118ebca0179fa8b8987ac2e9f22dbda6da7c49c41945318f044df538be549abc63bcb09f36657fd6871cabdebfb761d4a551a14f02c49d1f0f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
104KB

MD5
7bf324ce4818b00ab33fa0ed47293ee3

SHA1
564c1daa0509ba50c0c643e00b5ee0144c9c54b3

SHA256
ebe72aa0a1f8bff9fc85eab99cf4c0d9b824a7edb509de1cc414110926b94894

SHA512
6963b91534ab96b3f782c2d611562720683a8510ee460486e55db2856000fd59976daed48a0efd4b624bc0cfb7287d1373a54c7f6d96d3ee784a967b42fb6091

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
b16361ae1c6331fb20a2c30f52aaefba

SHA1
b987ad0a96db1d2ae28e13200865998b42b5007e

SHA256
1cd1749f2b15ab8ddccaeada5ef9206a30ff64c0335a08fc770bc8cd91f115fd

SHA512
d4e721ef8d34333107d54837cf499ad093aed873e9a86ea6697c25b38effaaaf731c42e7cc1b0dec7c0e0a55d3b3ea6cff55120acce13a0b510f423a41be41d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
102KB

MD5
6e703c763463bffc8722cb482223e70a

SHA1
c3c0f37b40724c036aab3c5755ec1c0f69b1fd9b

SHA256
f11ea6eb424cc6d93bf1e2331ee9fbbf8e6e3ac9decf385c1e346ec9f56b1c87

SHA512
cb59bbc6bf267abb660adf3f368de7b1825dafe2276df561def2c07471f86bc64720d6f7823174c3039a3fe1ee2f1188b6880837473a04dde439af10d6b68a67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
97KB

MD5
1800498608d6a42903119cb92fd269e6

SHA1
fa21f14a4188b41ab4c326bad47b1a0c11f24ffc

SHA256
a57a011eae0bea20015a4aa5e89fb48a6fc81b9fa32cbfc3fbbd2fe8b1869fb2

SHA512
0fd80e440266d0aeec6ea1dd153fa8ee72912320610629186eb89959c785ebb73531217fcf65dae98b33af018cb43eac41829894df3bd81de93a4c9fa7a4b48f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58bc85.TMP

Filesize
91KB

MD5
4eccaf77743365e5dea149fb193825d9

SHA1
aeea607d8f6e1620bbc141672369491855fb7b66

SHA256
3e50f1e6cacd94365fefb61764b9cd5147f2a17ea84e9334ce04c84311f17f4d

SHA512
4cedd4d9b8c9902983d2ba85ea5b46aba830253df180163c12c4a8db5994875ad52762c18b7af6a3baf9b40826b2b7f62cb5f420fe08ae4d89db440c2ea58507

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
256KB

MD5
a9582cb9912fd847e8bbcba947ce4987

SHA1
c05ee133c580bd97ad8c050b8b3a8f3fbd9b7566

SHA256
9d6d60adb6cbafe9d3e0af91ccfe8bae7f105db861763292ba777c3684056465

SHA512
5cb7dce29e9802d86f78843aec0907da4ed704989d3a1a507e5424c9386ebfc6f27115399cd9d12e8738e647099ab03b4e281065dba98d2e06100aeb34ab35cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Temp\wmsetup.log

Filesize
1KB

MD5
b31f6e09ee563f92660385d7397a31cb

SHA1
bb48f84cb7a6acb754be49f5c12be68bad5e585a

SHA256
f94cd5a8d8e2f0fe3de5a9a7ac53e948a19a1ab675a694342650e25e1eb71a7d

SHA512
3b5890ea985aa655a216a5543bf5a2fa3f582642d74165663b3799b50e4601cf911d9760151fc24bf8f77e2bbfc448e0edcca08b3f529d2ef7a2949fc847d22c

Download Submit
C:\Users\Admin\Desktop\key.txt

Filesize
21B

MD5
a3227afe5a4f38e78e3c790bdc14922b

SHA1
08bd0d4a6059dbf64246820e1e83f36b81d71042

SHA256
6bf9a468bf79848cc05128214fb685986b2536ec19f5be5ba67c84abbc6263ae

SHA512
a4ed13eb5c179cb4197926e0d197cf2064dbb3ee05e7dca2a130affee2070f642c4f34f270aff5516f50ba0193e39936a4dee42c0ba98102d7fc219ad8ea2bf5

Download Submit
C:\Users\Admin\Desktop\release\x64\x64dbg.ini

Filesize
45KB

MD5
dff247fd8cece6ac4c1e543f9d68e6ab

SHA1
b27ad4a1945bf40a3bdc818a8cdfeb7eead10269

SHA256
add1490320d4e02805cdbfc02c67e55993480b8d6d2e1700d32d7e46285e1ea4

SHA512
549af5475b685c8a2e724fca94caaa5849b014ab30cee34c68ab51999865ed4647464812694100d60949bd0a49027997ac0f75cc4c78e2e517f2857b22d208ab

Download Submit
C:\Users\Admin\Desktop\release\x64\x64dbg.ini

Filesize
47KB

MD5
f2a650c7c7b6dc95b507c3ebce3718f6

SHA1
6aa18e833c94015949bc7d528d69a64d406de9f5

SHA256
ad4407b75b288851a625891adccb8b2bcf2338a1be92cd8b06fa02479d777f10

SHA512
ef6f6e271b8f08ff8842705af0e77f9c5ca9b86ac966ec23b38a2d5dbef7a5f9dae00211aea31f2e1325ee806c5ce76c4dab4da9beb6837b4b3be6aa507a4b02

Download Submit
C:\Users\Admin\Desktop\release\x96dbg.ini

Filesize
122B

MD5
45c1e010baaeb6b086b93c73cbfa1433

SHA1
6570b66b77103aac30dc7cccfacde1e42413890a

SHA256
672875a23347e407ff4a54c6baa35090c7041fa45568437f12b86b50bc2fbebc

SHA512
6b00d4050ad80dc575b056e40b3fdae831e57d1b035fc7500c1523c70c7f03f344e8b53b070ec3c8482fcb7c300d401260502ba4c04076ee23db66c236d3ad50

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 285440.crdownload

Filesize
6.7MB

MD5
cb03bf6c875430e2cc019ff23fc6ee51

SHA1
e4a6aaa366244121085563d8e4cdd0bae2821aa0

SHA256
842267f89c8f27e40eb08585e8081e199caf51632a303268a0222f6cd9ae1d9e

SHA512
c8a9137e79d4235e0ab36cc8f746b4746447530dbf11175533f053b7008126b6b69d7663e2f7661f5868f296128e397cc43ec3906b7e957c440abafc993a8583

Download Submit
memory/912-1613-0x0000000140000000-0x0000000140F0A000-memory.dmp

Filesize
15.0MB

Download
memory/1848-1585-0x0000000140000000-0x0000000140F0A000-memory.dmp

Filesize
15.0MB

Download
memory/2476-1606-0x0000000077E40000-0x0000000077E55000-memory.dmp

Filesize
84KB

Download
memory/2476-1563-0x0000000077E40000-0x0000000077E55000-memory.dmp

Filesize
84KB

Download
memory/2476-1558-0x00000000772F0000-0x000000007783A000-memory.dmp

Filesize
5.3MB

Download
memory/3068-1596-0x0000000077E40000-0x0000000077E55000-memory.dmp

Filesize
84KB

Download
memory/3068-1592-0x00000000772F0000-0x000000007783A000-memory.dmp

Filesize
5.3MB

Download
memory/3248-1626-0x0000000077E40000-0x0000000077E55000-memory.dmp

Filesize
84KB

Download
memory/3248-1621-0x00000000772F0000-0x000000007783A000-memory.dmp

Filesize
5.3MB

Download
memory/3248-1636-0x0000000077E40000-0x0000000077E55000-memory.dmp

Filesize
84KB

Download
memory/4384-982-0x00007FFB766F0000-0x00007FFB766F2000-memory.dmp

Filesize
8KB

Download
memory/4384-985-0x0000000140000000-0x0000000140F0A000-memory.dmp

Filesize
15.0MB

Download
memory/4384-983-0x00007FFB76700000-0x00007FFB76702000-memory.dmp

Filesize
8KB

Download
memory/4440-1543-0x0000000077E40000-0x0000000077E55000-memory.dmp

Filesize
84KB

Download
memory/4440-1523-0x00000000772F0000-0x000000007783A000-memory.dmp

Filesize
5.3MB

Download
memory/4440-1522-0x00000000772F0000-0x000000007783A000-memory.dmp

Filesize
5.3MB

Download