f0031f9d7f25d4d29581879f62565a5a565995899adc60213f9e218147c78593

Resubmissions

13-05-2024 05:37

240513-ga48zsdb59 6

13-05-2024 04:09

240513-erblwscg83 6

10-05-2024 08:25

240510-kbge4aga52 6

Analysis

max time kernel
1799s
max time network
1691s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
13-05-2024 05:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MuMuInstaller_3.1.7.0_gw-overseas12_all_1712735105 (1).exe
Size

5.3MB
MD5

fbd9ad001bb2719f574c0705c5de05fb
SHA1

d07e77a490ad677935ac8213b88237e94440e791
SHA256

f0031f9d7f25d4d29581879f62565a5a565995899adc60213f9e218147c78593
SHA512

5724e3f858ae7ea92ba4ce325f3f8f4b90ecc6d7c19476e2888c4b09f0913463191b977f71314300918cceb0a6ae0b80e29d3c70891e8aeb9314da233a929e96
SSDEEP

98304:oeZOuRuvqAgef1ndGaX6tJJQv2FKA75OpVclc02vDRZTEB:1ZOPNdo3u0jc02vVZoB

Score

6^/10

Malware Config

Signatures

Enumerates connected drives 3 TTPs 1 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\F:	nemu-downloader.exe

Executes dropped EXE 6 IoCs

pid	Process
2008	nemu-downloader.exe
2728	ColaBoxChecker.exe
1684	HyperVChecker.exe
4920	7z.exe
1564	HyperVChecker.exe
3056	HyperVChecker.exe

Loads dropped DLL 1 IoCs

pid	Process
4920	7z.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133600523087556104"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2008	nemu-downloader.exe
2008	nemu-downloader.exe
2008	nemu-downloader.exe
2008	nemu-downloader.exe
2548	chrome.exe
2548	chrome.exe
4500	chrome.exe
4500	chrome.exe

Suspicious behavior: LoadsDriver 4 IoCs

pid	Process
676	Process not Found
676	Process not Found
676	Process not Found
676	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeRestorePrivilege	4920	7z.exe
Token: 35	4920	7z.exe
Token: SeSecurityPrivilege	4920	7z.exe
Token: SeSecurityPrivilege	4920	7z.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeCreatePagefilePrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeCreatePagefilePrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeCreatePagefilePrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeCreatePagefilePrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeCreatePagefilePrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeCreatePagefilePrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeCreatePagefilePrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeCreatePagefilePrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeCreatePagefilePrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeCreatePagefilePrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeCreatePagefilePrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeCreatePagefilePrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeCreatePagefilePrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeCreatePagefilePrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeCreatePagefilePrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeCreatePagefilePrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeCreatePagefilePrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeCreatePagefilePrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeCreatePagefilePrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeCreatePagefilePrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeCreatePagefilePrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeCreatePagefilePrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeCreatePagefilePrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeCreatePagefilePrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeCreatePagefilePrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeCreatePagefilePrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeCreatePagefilePrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeCreatePagefilePrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeCreatePagefilePrivilege	2548	chrome.exe
Token: SeShutdownPrivilege	2548	chrome.exe
Token: SeCreatePagefilePrivilege	2548	chrome.exe

Suspicious use of FindShellTrayWindow 53 IoCs

pid	Process
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe
2548	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1832 wrote to memory of 2008	1832	MuMuInstaller_3.1.7.0_gw-overseas12_all_1712735105 (1).exe	81
PID 1832 wrote to memory of 2008	1832	MuMuInstaller_3.1.7.0_gw-overseas12_all_1712735105 (1).exe	81
PID 1832 wrote to memory of 2008	1832	MuMuInstaller_3.1.7.0_gw-overseas12_all_1712735105 (1).exe	81
PID 2008 wrote to memory of 2728	2008	nemu-downloader.exe	83
PID 2008 wrote to memory of 2728	2008	nemu-downloader.exe	83
PID 2008 wrote to memory of 2728	2008	nemu-downloader.exe	83
PID 2008 wrote to memory of 1684	2008	nemu-downloader.exe	88
PID 2008 wrote to memory of 1684	2008	nemu-downloader.exe	88
PID 2008 wrote to memory of 4920	2008	nemu-downloader.exe	90
PID 2008 wrote to memory of 4920	2008	nemu-downloader.exe	90
PID 2008 wrote to memory of 4920	2008	nemu-downloader.exe	90
PID 2008 wrote to memory of 1564	2008	nemu-downloader.exe	92
PID 2008 wrote to memory of 1564	2008	nemu-downloader.exe	92
PID 2008 wrote to memory of 3056	2008	nemu-downloader.exe	94
PID 2008 wrote to memory of 3056	2008	nemu-downloader.exe	94
PID 2548 wrote to memory of 4632	2548	chrome.exe	99
PID 2548 wrote to memory of 4632	2548	chrome.exe	99
PID 2548 wrote to memory of 1556	2548	chrome.exe	100
PID 2548 wrote to memory of 1556	2548	chrome.exe	100
PID 2548 wrote to memory of 1556	2548	chrome.exe	100
PID 2548 wrote to memory of 1556	2548	chrome.exe	100
PID 2548 wrote to memory of 1556	2548	chrome.exe	100
PID 2548 wrote to memory of 1556	2548	chrome.exe	100
PID 2548 wrote to memory of 1556	2548	chrome.exe	100
PID 2548 wrote to memory of 1556	2548	chrome.exe	100
PID 2548 wrote to memory of 1556	2548	chrome.exe	100
PID 2548 wrote to memory of 1556	2548	chrome.exe	100
PID 2548 wrote to memory of 1556	2548	chrome.exe	100
PID 2548 wrote to memory of 1556	2548	chrome.exe	100
PID 2548 wrote to memory of 1556	2548	chrome.exe	100
PID 2548 wrote to memory of 1556	2548	chrome.exe	100
PID 2548 wrote to memory of 1556	2548	chrome.exe	100
PID 2548 wrote to memory of 1556	2548	chrome.exe	100
PID 2548 wrote to memory of 1556	2548	chrome.exe	100
PID 2548 wrote to memory of 1556	2548	chrome.exe	100
PID 2548 wrote to memory of 1556	2548	chrome.exe	100
PID 2548 wrote to memory of 1556	2548	chrome.exe	100
PID 2548 wrote to memory of 1556	2548	chrome.exe	100
PID 2548 wrote to memory of 1556	2548	chrome.exe	100
PID 2548 wrote to memory of 1556	2548	chrome.exe	100
PID 2548 wrote to memory of 1556	2548	chrome.exe	100
PID 2548 wrote to memory of 1556	2548	chrome.exe	100
PID 2548 wrote to memory of 1556	2548	chrome.exe	100
PID 2548 wrote to memory of 1556	2548	chrome.exe	100
PID 2548 wrote to memory of 1556	2548	chrome.exe	100
PID 2548 wrote to memory of 1556	2548	chrome.exe	100
PID 2548 wrote to memory of 1556	2548	chrome.exe	100
PID 2548 wrote to memory of 1556	2548	chrome.exe	100
PID 2548 wrote to memory of 2180	2548	chrome.exe	101
PID 2548 wrote to memory of 2180	2548	chrome.exe	101
PID 2548 wrote to memory of 4128	2548	chrome.exe	102
PID 2548 wrote to memory of 4128	2548	chrome.exe	102
PID 2548 wrote to memory of 4128	2548	chrome.exe	102
PID 2548 wrote to memory of 4128	2548	chrome.exe	102
PID 2548 wrote to memory of 4128	2548	chrome.exe	102
PID 2548 wrote to memory of 4128	2548	chrome.exe	102
PID 2548 wrote to memory of 4128	2548	chrome.exe	102
PID 2548 wrote to memory of 4128	2548	chrome.exe	102
PID 2548 wrote to memory of 4128	2548	chrome.exe	102
PID 2548 wrote to memory of 4128	2548	chrome.exe	102
PID 2548 wrote to memory of 4128	2548	chrome.exe	102
PID 2548 wrote to memory of 4128	2548	chrome.exe	102
PID 2548 wrote to memory of 4128	2548	chrome.exe	102
PID 2548 wrote to memory of 4128	2548	chrome.exe	102

C:\Users\Admin\AppData\Local\Temp\MuMuInstaller_3.1.7.0_gw-overseas12_all_1712735105 (1).exe
"C:\Users\Admin\AppData\Local\Temp\MuMuInstaller_3.1.7.0_gw-overseas12_all_1712735105 (1).exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1832
- C:\Users\Admin\AppData\Local\Temp\7z75CB6728\nemu-downloader.exe
  C:\Users\Admin\AppData\Local\Temp\7z75CB6728\nemu-downloader.exe
  2⤵
  - Enumerates connected drives
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2008
- - C:\Users\Admin\AppData\Local\Temp\7z75CB6728\ColaBoxChecker.exe
    "C:\Users\Admin\AppData\Local\Temp\7z75CB6728\ColaBoxChecker.exe" checker /baseboard
    3⤵
    - Executes dropped EXE
    PID:2728
- - C:\Users\Admin\AppData\Local\Temp\7z75CB6728\HyperVChecker.exe
    "C:\Users\Admin\AppData\Local\Temp\7z75CB6728\HyperVChecker.exe"
    3⤵
    - Executes dropped EXE
    PID:1684
- - C:\Users\Admin\AppData\Local\Temp\7z75CB6728\7z.exe
    "C:\Users\Admin\AppData\Local\Temp\7z75CB6728\7z.exe" a -tzip "C:\Users\Admin\AppData\Local\Temp\nemux.zip" "C:\Users\Admin\AppData\Local\Temp\nemux"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of AdjustPrivilegeToken
    PID:4920
- - C:\Users\Admin\AppData\Local\Temp\7z75CB6728\HyperVChecker.exe
    "C:\Users\Admin\AppData\Local\Temp\7z75CB6728\HyperVChecker.exe"
    3⤵
    - Executes dropped EXE
    PID:1564
- - C:\Users\Admin\AppData\Local\Temp\7z75CB6728\HyperVChecker.exe
    "C:\Users\Admin\AppData\Local\Temp\7z75CB6728\HyperVChecker.exe"
    3⤵
    - Executes dropped EXE
    PID:3056

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff993aaab58,0x7ff993aaab68,0x7ff993aaab78
  2⤵
  PID:4632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1596 --field-trial-handle=1756,i,15741687523914019317,9264853195952011929,131072 /prefetch:2
  2⤵
  PID:1556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1756,i,15741687523914019317,9264853195952011929,131072 /prefetch:8
  2⤵
  PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2192 --field-trial-handle=1756,i,15741687523914019317,9264853195952011929,131072 /prefetch:8
  2⤵
  PID:4128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3068 --field-trial-handle=1756,i,15741687523914019317,9264853195952011929,131072 /prefetch:1
  2⤵
  PID:4124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3204 --field-trial-handle=1756,i,15741687523914019317,9264853195952011929,131072 /prefetch:1
  2⤵
  PID:3348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4152 --field-trial-handle=1756,i,15741687523914019317,9264853195952011929,131072 /prefetch:1
  2⤵
  PID:2196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4316 --field-trial-handle=1756,i,15741687523914019317,9264853195952011929,131072 /prefetch:8
  2⤵
  PID:1192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4504 --field-trial-handle=1756,i,15741687523914019317,9264853195952011929,131072 /prefetch:8
  2⤵
  PID:4712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4580 --field-trial-handle=1756,i,15741687523914019317,9264853195952011929,131072 /prefetch:8
  2⤵
  PID:3196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4676 --field-trial-handle=1756,i,15741687523914019317,9264853195952011929,131072 /prefetch:8
  2⤵
  PID:1348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4852 --field-trial-handle=1756,i,15741687523914019317,9264853195952011929,131072 /prefetch:8
  2⤵
  PID:3704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4456 --field-trial-handle=1756,i,15741687523914019317,9264853195952011929,131072 /prefetch:1
  2⤵
  PID:2448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4580 --field-trial-handle=1756,i,15741687523914019317,9264853195952011929,131072 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4824 --field-trial-handle=1756,i,15741687523914019317,9264853195952011929,131072 /prefetch:1
  2⤵
  PID:2244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4100 --field-trial-handle=1756,i,15741687523914019317,9264853195952011929,131072 /prefetch:8
  2⤵
  PID:4664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4468 --field-trial-handle=1756,i,15741687523914019317,9264853195952011929,131072 /prefetch:8
  2⤵
  PID:1448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2764 --field-trial-handle=1756,i,15741687523914019317,9264853195952011929,131072 /prefetch:1
  2⤵
  PID:3804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 --field-trial-handle=1756,i,15741687523914019317,9264853195952011929,131072 /prefetch:8
  2⤵
  PID:4952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5376 --field-trial-handle=1756,i,15741687523914019317,9264853195952011929,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5216 --field-trial-handle=1756,i,15741687523914019317,9264853195952011929,131072 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5632 --field-trial-handle=1756,i,15741687523914019317,9264853195952011929,131072 /prefetch:8
  2⤵
  PID:1968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4528 --field-trial-handle=1756,i,15741687523914019317,9264853195952011929,131072 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5144 --field-trial-handle=1756,i,15741687523914019317,9264853195952011929,131072 /prefetch:1
  2⤵
  PID:2348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6100 --field-trial-handle=1756,i,15741687523914019317,9264853195952011929,131072 /prefetch:1
  2⤵
  PID:3756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=4680 --field-trial-handle=1756,i,15741687523914019317,9264853195952011929,131072 /prefetch:1
  2⤵
  PID:1684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5140 --field-trial-handle=1756,i,15741687523914019317,9264853195952011929,131072 /prefetch:1
  2⤵
  PID:568

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3488

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D8 0x00000000000004E4
1⤵
PID:4160

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:1800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
28218d0dbd6955863ae306dd3af6123a

SHA1
3625cef58a442c0afa5ce9b6adc3005894680c0f

SHA256
4cfb159bafe6b0facf7e353c10c49de5acb9c4de71d2693ef060a0b5a7a7278c

SHA512
cac3470a175294932fa7f629074313ae11579a148b99090ae88980f0fb2c68a98d515bae8e13450bc8977ae387b797539d41350f1dc6a269bb0f43a64e5eccac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
3b3529876aa448c0a793cf78a4e45b35

SHA1
156a138c5fa7a3dc9f28213779155aa3dd7a7b8f

SHA256
b2fe0eb5eb3e81bac0151ae18bdbaa9b615966dbd84871f5c7b31644710c6d08

SHA512
bb6053a5d26bfc5c4e816cb7a3f38eb1399b41c0259eaa81bd590eaf865d1bd1dc2900d87e8453a8bc4a1d9dbc3500edf143efb86cf229dc8193299ddfbc1a9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\1ca9ed7a-3ff9-4816-a522-486fea119a31.tmp

Filesize
356B

MD5
a5433a83b6f7f7ececde3c7f9d26dba5

SHA1
03ace251fcaba4c8c5516ac1bf2b796095107c88

SHA256
0646b724818020a6540fa204475c9c9456416857635f14f20caa601dc9f4a7a7

SHA512
58a69a48d66ef7e5e37ea7d4d08ee57e59b8ab044edd0f0e9283a015bacaf5ed0c0b55911fc91e59efd785778009f098371179aa08f06029b81234694b7d41e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
5c9382f4b2c04cfea03ffc3ce9ea346c

SHA1
224df51a9232c355a543a9375f6b44d25a7b350a

SHA256
9b30019f68b0d1baa91db48b5d413665223853b91debd87c9920ea46e5fe1ba2

SHA512
3f4314162ec201618fac5da9a13a7efdd8809dbca0857ac9f8cb7b933c2b7fd2ce5a1a2a9f5f135921cf388ebaa63514636842cfa09e7bc22c7cf04cf3e04a0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
8d7f3e495fa7999769d09a55d6772edd

SHA1
19ae8aa17b00efeaa694f86c6082ac2f50c72ec3

SHA256
d4c9d0c48e4fd5f40d18bcc5926bba15fb3bdf9184f3c73229c1630ff7c026fc

SHA512
ff90f9349cf7faa3f8a9c792e81e0183aba22eb9257994d0f5618c56431b7f0cada88614b42dc72326a4430e14e71977a233e7bc67da7242c1ba5f2c049bf325

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
69e1bf96f9b1c5e47c203b48af264413

SHA1
ee5221c8a1106a065e15d5dcb8af950a4723388b

SHA256
1a8a66cf0a187715ce640a7b2daafc3e334243e6adeba3ba02b46dcb34f5417c

SHA512
d1de9a013bdd59a53c0fa06b1161ec4b7deb6fdecc2d602ad4e653a900b416ec9c5858dffea6f10b541f3a603718aea5544c9616c93cf2db2c8c2aa05d135eb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
8011d67eccd59b622fe29ce4b8973c67

SHA1
b889242977021a346d451d6ff27563eeb3b13b48

SHA256
f254e7dc16037d75895f8c2437114acce5ed2823263335a3acd5ccca9308dace

SHA512
8ddfaeb5d0904503030407c2300c9ab96a5e1ff104f4f3447f4df4be24de89802cb92a26ce4a9571e97c036b852492c6e4e5440ee3f0940c38d7f8464d4f2161

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
293a8ec402ce1a44b3d2f630ec3da13d

SHA1
fadc3545f7a174a618b457075920295767d186a7

SHA256
bbfe8a25c785cd13e6c1c17fe4f56918a7a2c34560a79801fc6f8dbd3ba139f4

SHA512
0cdcc69f9b00335a1e2c0ce5198110823bf2b64354b38892c85f0007408328039f13b7e9f0cdae850f029ea9692db29e267520d85e3324759a88723a12555551

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d47761d6862f52cbee1d8b6975c998b5

SHA1
7610b4cd3169c29d748e5b6568f2c6bf5c06b180

SHA256
d00df92eeec59f03f747e546d376f345c192568f4b0f9624e3d712ab84b4675b

SHA512
c2fc8909b4c2260c83160a931d19658df19f3606f13a7e28c7b16b325181d0cc3ef49a1d98bf5d6999b54dd97f8016c4f04f7ba15cdc036edd5b17926f2de640

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
45577b1fc2b8a1ed5c6b05782781ab51

SHA1
8bf50db07957190b2a726e0af639915c13f34c7d

SHA256
29b68e7aea706084a0da4c57067ad7a02b1380b18b3abb49868dca5efd98e702

SHA512
7c7ad0e570f5bb467bac9eb999f122fdd6d8b1a212be9dfdfa81bb50c07e48da581db08932b8deac35e297e1cf237d46d1438322fbd9566239221a98266a195e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
256KB

MD5
7d5d705e528fe32c09f690c2bab201b9

SHA1
fd747b2b3c265dc5b382ee389ef4200033bf4b5a

SHA256
1e80820285946d116d3eb369e53d93d5d82f0b7a383132cdeb3b0bf433f35d17

SHA512
1b122ae5f3c04fcc055351c2c5866238d006f76eb02e579ba413b4bcf98bf6d2479fabeeb25d5b1ef4ded84bf8d7ea369b9b8d0d616a959f1ac02f05811526de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
256KB

MD5
adee6120856bc31056d846cc7b9755cf

SHA1
57adafd30351cde116f8d585c86d179a685c39a3

SHA256
e91df537d768be261f1597f92c083466c83ba20ec8263c2fecbe1d790071d700

SHA512
704613f7473a8bbfd080fc1f0f770fbb6c8037678906edc5455314065239fe56c75379b47afde037b31731df9fc9f89d11a9c3d449ff775b794d5be1645da4a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
256KB

MD5
8ca6db754cc679eda2e61bdd9dd24f4a

SHA1
81b65a2868f63ff675922a98d9bc084a238d2d1d

SHA256
c2d698c2809cd0c89c269188f753d2efff1660966cf1b95b2dcb4e25b3293cd9

SHA512
43e7eefe24d6849ecce724b0ff04d36201ffe0d13e471f733775607b789bc7556eec701141d728a58ed6180780dd05fcd6ddfced35c3722cfa5cf263dc02c7bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
256KB

MD5
f17c4d66174dee76071c5a13c16e2fac

SHA1
2fcf599cf677f7e6306c0bc08c9505995263da7f

SHA256
f2119558e0248dd9e49e10d7400e4f6aec912ab865d9f00df1e4a0cac5714dee

SHA512
391b7f6c5a5bcf82ec022fa7861c1153ba4af928b1a50c212de80a41b11c3f89323d38cae97b62c5d32b0a3bdb45459b3a4696020935cb3bd4bd4972d4e91118

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
86KB

MD5
0db0e32b7ee74ea1491b3aef400b594d

SHA1
5fa491d89093e86fbc43ffb3f10bf0e6d488cc60

SHA256
de32c6e721fc0c3e21b187458b6a71c04708587b4d0ad0995ce87805736ad5fb

SHA512
1a0aae9133ed579daf2c854ea8f8fc0b6e158c88e7252eacd75e56c713e42f6eb6855661ba72b1b608b31b68a17e9434b7a235b89a3a946adf862e9e22fee1dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
85KB

MD5
732898fb7d641517d6451d0f177689bf

SHA1
ab7171438efc762998c51f36cd56ec4bc69883a4

SHA256
beca883f973ef516be1a950293857b148f0c05468df969ffa4b09b341e44c85d

SHA512
02e681e2dbb01967e7f0eabf8963131a2a360bb7088c128e3a593a9e087aa39e225ce73f2c3641d8f54d02db9922de96b87daebbd3ef108579e6476526cbccc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe589853.TMP

Filesize
83KB

MD5
fc4216a5e1f5e9bcba1b1d4890666834

SHA1
670db7d7a4ad71f3e6642c880665e7b410b0bc30

SHA256
b8b492bbec7ad364e1bf09f6b15f2988610108477617d64a52cbd268dc1f8e6c

SHA512
751dc344f4e7ff2ef4edd881ffb725308ca595703e919c710fad54f360903f009926399ad4d3fcd4c19f804355026f8e3c1286391c97f7767e2c28d8128233a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\d88433e5-aa34-4c1f-876a-60faf5e4616b.tmp

Filesize
256KB

MD5
73d6100c7e6391a56d0cfec3d3887971

SHA1
6bbf6f417ca9eb60991ffba833892d3841b23167

SHA256
069bded99b6d3c5db1351a4615203c0286860f838b875506e750cc3fabf2486f

SHA512
d0725adcf5a39e45f08cffcca2917c79175a7638d4eb37c4600c350561250eb05354c3166a887e7024340afafe1c8ccfc17c761ce927616fca10c4618dd45c4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z75CB6728\7z.dll

Filesize
1.1MB

MD5
0ffa2bff9e56e6122aec80d3c1119d83

SHA1
09b7eb124b8c83469ae7de6447d1b8a7f5c98c61

SHA256
609cba3a8704aa6f5e2623858402bc048de7198a3567a53183bf97de091a3e48

SHA512
42522bf850156577de397e527b8515b1bf0bdeceb170efae71d87c39a25c72c155a2fec6a88b5c3ae443752046f8840cd8afac9c42ed7bcf67aeb9e78aeb5f2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z75CB6728\7z.exe

Filesize
292KB

MD5
97b382235264f18a53eff8e891997920

SHA1
cc0f3ad9411f54f70a2b1a1705e24048b06ea65c

SHA256
bf42783c293279c65b00e4f8b72be39e1cb0fcbe14d6679151b0d5e27fd8572d

SHA512
1e780698dbc0963ccbd73976da6898b3c0dc4b4e655a80563585518abd37a1a5561a980d035123011213a83c76320de6c08541caa71bfd6582eb93ff57672a83

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z75CB6728\ColaBoxChecker.exe

Filesize
4.0MB

MD5
839708e3f96cf055436fa08d6205263c

SHA1
a4579f8cb6b80fe3fd50099794f63eb51be3292f

SHA256
1373c5d006a5dbcd9b86cfff9a37616f1245d1333c4adcefc7cd18926b98d752

SHA512
ece67e031e06a0442d935e7d81d0eed57ae92b348b5d104423577478ce226e4a4bde834c54e31d33bfe6f574fb7798ba96886d9e8edb738edee6e7c9c43054cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z75CB6728\HyperVChecker.exe

Filesize
117KB

MD5
dbd84c6083e4badf4741d95ba3c9b5f8

SHA1
4a555adf8e0459bfd1145d9bd8d91b3fff94aad0

SHA256
9ff467bc5a1c377102d25da9fa9c24dcc4375f456510f71584f0714fdfb2af39

SHA512
fb5fe74f64254609e07d6642acf904562bb905cd7c14c6f85ba31bcdbaf06686c0586609ec4f5d2f8f55ff90334dcbb774a3a6e78df74bf1b1d0cd03dec21870

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z75CB6728\baseboard

Filesize
114B

MD5
fd2b568791027bd0ce2dba3a25442db1

SHA1
b609a60f571728ecfb9277a8a8b8e7e98c953c6c

SHA256
ed60dbc12bae9c8eac10b9637e076e35cfaf1afd9332cdb05574d4b8db0f850c

SHA512
d4abea40375a7775dc992200289170f8152e3e5374253158a8dbc5a3f79bb5ceb593d3b441b929e3332603b0f73ece7d3f02c8d41af369e4082871fd1016a200

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z75CB6728\config.ini

Filesize
346B

MD5
d00fb4c61a255b58ff09886c6c72461b

SHA1
4e4f7d7ae36f67a4d6fc8479f8400b3eb769e978

SHA256
77dec4d79e1e844a2156f101defc0fc81c138a989e8ba1c722c58feb91b3cd4a

SHA512
8494ab9fe0594f3ff7b0893ca3e25d6d0a706e546e92c5b662aa864affcefe5f9721a6a95f37f40cdacf39d27a23e2b3cd5dbca4d7b8909cd7c186209d4b46db

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z75CB6728\nemu-downloader.exe

Filesize
3.2MB

MD5
cdf8047ceae80d9cd9eb798a57bf6084

SHA1
8e7971401fada3099aed61849745fda37e1c0d32

SHA256
1f01a9abac64fae72e0a253ad9ffe2d62cd2967c1c2bc90fb956ac446fe2b11e

SHA512
ac366f38f39b935110192d1355147392ced5a21966cc22386804356dce24b2da7971a6a60d675689f93d74014d961bfb3b0c13cf06809b9f9feef580045e20dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z75CB6728\run-checker-log\baseboard-139348715012720910.log.log

Filesize
4KB

MD5
698a7ce33a55fdec675b6389534a2e37

SHA1
3e0dad2acfbe4e22c88156dc9f60d29e502193d4

SHA256
7b146a78c0351ffc76bfbf464acef8bef344d274bcb469f516da1ea0786258fa

SHA512
1f32328cd60dce2974cc891022745ba9aa6011c5bf906dafb19b6b275cd8447f3ddb4d2c1b29635c7dcc3a3fd94a530385fe14f394e6886665cba196ef619a78

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z75CB6728\skin.zip

Filesize
509KB

MD5
ecb43530caf9566c1b76d5af8d2097f1

SHA1
34562ada66cd1501fcb7411a1e1d86729fd7fdc0

SHA256
a12381f97aee2d91568f44b23e866ccc99f0ae5e5961f318ed24b72f4f5da80a

SHA512
4a243c0bc4dbaf892bee91ea7eff9e6a7732d3aa2df5bebd9a4bea2859a30a8511945ce3bb823f7ef921f2e1a98906fb676fce85f25fd5908646b3a2f5d02563

Download Submit
C:\Users\Admin\AppData\Local\Temp\nemux.zip

Filesize
22B

MD5
76cdb2bad9582d23c1f6f4d868218d6c

SHA1
b04f3ee8f5e43fa3b162981b50bb72fe1acabb33

SHA256
8739c76e681f900923b900c9df0ef75cf421d39cabb54650c4b9ad19b6a76d85

SHA512
5e2f959f36b66df0580a94f384c5fc1ceeec4b2a3925f062d7b68f21758b86581ac2adcfdde73a171a28496e758ef1b23ca4951c05455cdae9357cc3b5a5825f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit