Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

15/05/2024, 21:35

240515-1fm2fadb4z 10

15/05/2024, 21:19

240515-z58h1acg36 1

Analysis

  • max time kernel
    474s
  • max time network
    490s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240426-en
  • resource tags

    arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    15/05/2024, 21:35

General

  • Target

    Yuqu v_7.98.zip

  • Size

    51.4MB

  • MD5

    ee05bf407cd8ce0e15c06e7127b466d9

  • SHA1

    215a6ff26ae9ab0f97a8abc7ba91c6b9da17ff5f

  • SHA256

    ff61a80e81df211aed7752b338d5efb8298ac047a4d6133cf0b60b0b03f87d16

  • SHA512

    168b55568a2d21075e84b4e9873d3972315b55716faa3e300ab1dbfdae7e652049e0b4bc710f7dd2df8d394052cfcaaf58232e6e0a7da42017861529294037a4

  • SSDEEP

    786432:tQBQ9mlEHBJgDkkK8v9sXyooMePc3wsO5SRw70HiCRnUjBue87jZ/6mE7O:tooBeDkkKmBEBw10mc6Ye87jZCG

Malware Config

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

  • RedLine payload 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Suspicious use of SetThreadContext 2 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 2 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\Yuqu v_7.98.zip"
    1⤵
      PID:3696
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:2660
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe"
        1⤵
        • Enumerates system info in registry
        • Modifies data under HKEY_USERS
        • Modifies registry class
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:2764
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb21ccab58,0x7ffb21ccab68,0x7ffb21ccab78
          2⤵
            PID:3776
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1528 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:2
            2⤵
              PID:2608
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:8
              2⤵
                PID:2444
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2216 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:8
                2⤵
                  PID:4756
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3036 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:1
                  2⤵
                    PID:992
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3172 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:1
                    2⤵
                      PID:1224
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4144 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:1
                      2⤵
                        PID:3900
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3832 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:8
                        2⤵
                          PID:2484
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4516 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:8
                          2⤵
                            PID:2832
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4464 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:8
                            2⤵
                              PID:2688
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4692 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:8
                              2⤵
                                PID:2768
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4852 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:8
                                2⤵
                                  PID:1076
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4740 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:1
                                  2⤵
                                    PID:1852
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=1488 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:1
                                    2⤵
                                      PID:2236
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1548 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:8
                                      2⤵
                                        PID:3916
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3288 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:1
                                        2⤵
                                          PID:1824
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3828 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:1
                                          2⤵
                                            PID:3052
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4996 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:1
                                            2⤵
                                              PID:2652
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5116 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:1
                                              2⤵
                                                PID:1476
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3184 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:1
                                                2⤵
                                                  PID:3116
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5424 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:1
                                                  2⤵
                                                    PID:4004
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5656 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:1
                                                    2⤵
                                                      PID:1840
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6000 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:8
                                                      2⤵
                                                        PID:4632
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6328 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:1
                                                        2⤵
                                                          PID:1336
                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5840 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:1
                                                          2⤵
                                                            PID:3440
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6604 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:1
                                                            2⤵
                                                              PID:2324
                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6112 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:1
                                                              2⤵
                                                                PID:4984
                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5768 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:1
                                                                2⤵
                                                                  PID:788
                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=7044 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:1
                                                                  2⤵
                                                                    PID:3036
                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6884 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:1
                                                                    2⤵
                                                                      PID:1076
                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=7236 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:1
                                                                      2⤵
                                                                        PID:1248
                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=7492 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:1
                                                                        2⤵
                                                                          PID:5200
                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=7708 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:1
                                                                          2⤵
                                                                            PID:5312
                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=7896 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:1
                                                                            2⤵
                                                                              PID:5368
                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=7844 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:1
                                                                              2⤵
                                                                                PID:5472
                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=8276 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:1
                                                                                2⤵
                                                                                  PID:5552
                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=8404 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:1
                                                                                  2⤵
                                                                                    PID:5680
                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=7920 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:1
                                                                                    2⤵
                                                                                      PID:5688
                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=8732 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:1
                                                                                      2⤵
                                                                                        PID:6040
                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=8916 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:1
                                                                                        2⤵
                                                                                          PID:5660
                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=9008 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:1
                                                                                          2⤵
                                                                                            PID:5848
                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=9184 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:1
                                                                                            2⤵
                                                                                              PID:5988
                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=9188 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:1
                                                                                              2⤵
                                                                                                PID:6004
                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=8412 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:1
                                                                                                2⤵
                                                                                                  PID:6484
                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=9000 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:1
                                                                                                  2⤵
                                                                                                    PID:6512
                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=5952 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:1
                                                                                                    2⤵
                                                                                                      PID:6520
                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=9600 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:1
                                                                                                      2⤵
                                                                                                        PID:6528
                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=9612 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:1
                                                                                                        2⤵
                                                                                                          PID:6536
                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=9652 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:1
                                                                                                          2⤵
                                                                                                            PID:6544
                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=9776 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:1
                                                                                                            2⤵
                                                                                                              PID:6568
                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=9780 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:1
                                                                                                              2⤵
                                                                                                                PID:6660
                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=9960 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:1
                                                                                                                2⤵
                                                                                                                  PID:6668
                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=10084 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:1
                                                                                                                  2⤵
                                                                                                                    PID:6688
                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=10104 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:1
                                                                                                                    2⤵
                                                                                                                      PID:6696
                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=10252 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:1
                                                                                                                      2⤵
                                                                                                                        PID:6704
                                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=10376 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:1
                                                                                                                        2⤵
                                                                                                                          PID:6712
                                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=10548 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:1
                                                                                                                          2⤵
                                                                                                                            PID:6720
                                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=10704 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:1
                                                                                                                            2⤵
                                                                                                                              PID:6728
                                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=9968 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:1
                                                                                                                              2⤵
                                                                                                                                PID:3268
                                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=9316 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:1
                                                                                                                                2⤵
                                                                                                                                  PID:6052
                                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=11352 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:1
                                                                                                                                  2⤵
                                                                                                                                    PID:5852
                                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=9748 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:1
                                                                                                                                    2⤵
                                                                                                                                      PID:6668
                                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=5668 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:1
                                                                                                                                      2⤵
                                                                                                                                        PID:6600
                                                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=10536 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:1
                                                                                                                                        2⤵
                                                                                                                                          PID:1472
                                                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=10972 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:1
                                                                                                                                          2⤵
                                                                                                                                            PID:6528
                                                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=10628 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:1
                                                                                                                                            2⤵
                                                                                                                                              PID:7016
                                                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=9648 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:1
                                                                                                                                              2⤵
                                                                                                                                                PID:5240
                                                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=8732 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:1
                                                                                                                                                2⤵
                                                                                                                                                  PID:6700
                                                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=10532 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:1
                                                                                                                                                  2⤵
                                                                                                                                                    PID:7044
                                                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=10308 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:1
                                                                                                                                                    2⤵
                                                                                                                                                      PID:6408
                                                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=9960 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:1
                                                                                                                                                      2⤵
                                                                                                                                                        PID:1432
                                                                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --mojo-platform-channel-handle=9528 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:1
                                                                                                                                                        2⤵
                                                                                                                                                          PID:7136
                                                                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --mojo-platform-channel-handle=11496 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:1
                                                                                                                                                          2⤵
                                                                                                                                                            PID:1912
                                                                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=10372 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:2
                                                                                                                                                            2⤵
                                                                                                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                            PID:5644
                                                                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --mojo-platform-channel-handle=12244 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:1
                                                                                                                                                            2⤵
                                                                                                                                                              PID:4700
                                                                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --mojo-platform-channel-handle=12084 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:1
                                                                                                                                                              2⤵
                                                                                                                                                                PID:4900
                                                                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=11896 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:8
                                                                                                                                                                2⤵
                                                                                                                                                                  PID:6700
                                                                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=11764 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:8
                                                                                                                                                                  2⤵
                                                                                                                                                                    PID:5896
                                                                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --mojo-platform-channel-handle=12100 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:1
                                                                                                                                                                    2⤵
                                                                                                                                                                      PID:4564
                                                                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=12140 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:8
                                                                                                                                                                      2⤵
                                                                                                                                                                      • NTFS ADS
                                                                                                                                                                      PID:6584
                                                                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=11836 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:8
                                                                                                                                                                      2⤵
                                                                                                                                                                        PID:6316
                                                                                                                                                                    • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                                                                                                                                                                      "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                                                                                                                                                                      1⤵
                                                                                                                                                                        PID:2880
                                                                                                                                                                      • C:\Users\Admin\Downloads\Yuqu v_7.98\Yuqu v_7.98.exe
                                                                                                                                                                        "C:\Users\Admin\Downloads\Yuqu v_7.98\Yuqu v_7.98.exe"
                                                                                                                                                                        1⤵
                                                                                                                                                                        • Suspicious use of SetThreadContext
                                                                                                                                                                        PID:5512
                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                          "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                                                                                                                                                          2⤵
                                                                                                                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                          PID:3688
                                                                                                                                                                      • C:\Windows\system32\NOTEPAD.EXE
                                                                                                                                                                        "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Yuqu v_7.98\README.txt
                                                                                                                                                                        1⤵
                                                                                                                                                                          PID:476
                                                                                                                                                                        • C:\Users\Admin\Downloads\Yuqu v_7.98\Yuqu v_7.98.exe
                                                                                                                                                                          "C:\Users\Admin\Downloads\Yuqu v_7.98\Yuqu v_7.98.exe"
                                                                                                                                                                          1⤵
                                                                                                                                                                          • Suspicious use of SetThreadContext
                                                                                                                                                                          PID:3996
                                                                                                                                                                          • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                            "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                                                                                                                                                            2⤵
                                                                                                                                                                              PID:2308
                                                                                                                                                                          • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
                                                                                                                                                                            "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
                                                                                                                                                                            1⤵
                                                                                                                                                                            • Modifies registry class
                                                                                                                                                                            • Suspicious use of SetWindowsHookEx
                                                                                                                                                                            PID:3252
                                                                                                                                                                          • C:\Windows\system32\svchost.exe
                                                                                                                                                                            C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
                                                                                                                                                                            1⤵
                                                                                                                                                                              PID:3464

                                                                                                                                                                            Network

                                                                                                                                                                            MITRE ATT&CK Enterprise v15

                                                                                                                                                                            Replay Monitor

                                                                                                                                                                            Loading Replay Monitor...

                                                                                                                                                                            Downloads

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

                                                                                                                                                                              Filesize

                                                                                                                                                                              40B

                                                                                                                                                                              MD5

                                                                                                                                                                              a38b2a845a8f9f401af9b64fe3a6e14a

                                                                                                                                                                              SHA1

                                                                                                                                                                              bc25d8c364676ed6d81c1c1fcbb51e4f9a3e0e1f

                                                                                                                                                                              SHA256

                                                                                                                                                                              ec4d3181ecf500896d0aa07bf95fc66cce532a7ffbfaa88408403ffbe55e1840

                                                                                                                                                                              SHA512

                                                                                                                                                                              14884b80bceea87d662ca46e8f8192370ada66c4ddb19c406d44733bf3c0e88ed7bf01109297083643c700090969cfb1b58220bc4804c0287906e81ab969b9f1

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                                                                              Filesize

                                                                                                                                                                              2KB

                                                                                                                                                                              MD5

                                                                                                                                                                              8b355770717af86a559a58236400f21e

                                                                                                                                                                              SHA1

                                                                                                                                                                              25c4e082398fc903e9f083dc016131810ee0f055

                                                                                                                                                                              SHA256

                                                                                                                                                                              c867116fa91eed23a8e3c13c4fd566d37b23b5a2acbe790f76019ab9f103a15b

                                                                                                                                                                              SHA512

                                                                                                                                                                              5f99811d2f96bb6f449e52a3cf1834ebd958d8c3dfbbe9e1d4f7baa86510e7e3e6cc563875d1cfd1b247d7402c9b47be7c218eed48337ed74d5930c10c95c5b2

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                                                                              Filesize

                                                                                                                                                                              2KB

                                                                                                                                                                              MD5

                                                                                                                                                                              00c04248bd1ea9bc09ba10d9e0baadde

                                                                                                                                                                              SHA1

                                                                                                                                                                              f1142c41377abb96b03a1e01006aff88691d41ce

                                                                                                                                                                              SHA256

                                                                                                                                                                              0149bcf478c0407c861afc3051a14f62e11029d64f6f2a413542717acd9cb7c0

                                                                                                                                                                              SHA512

                                                                                                                                                                              127442bf2adb647fbb4066e818e04b98d437d9f2353abfd7c4beb79d2b3e941a768170076804b2bf76935c0cb336a03e319e6d881e877f0bb1fa226d42b26077

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                                                                              Filesize

                                                                                                                                                                              2KB

                                                                                                                                                                              MD5

                                                                                                                                                                              9afd92683b7c178af04d2d77a3151918

                                                                                                                                                                              SHA1

                                                                                                                                                                              62bee78212bb22643cd4690ab9a8323473e4e024

                                                                                                                                                                              SHA256

                                                                                                                                                                              c73253fa4e1bc4fc3b9311180c66dc4aab5ba2688ba4ee7bccc351406c0f2858

                                                                                                                                                                              SHA512

                                                                                                                                                                              9d05df596cb50ec9801f23e7459cb404d1a84ffca1d1569d6e3ee1599aef91a1a2825168f91b45a7fd553d782f6a3c8916da372e0c10940a4e9b01f91f45720b

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                                                                                                              Filesize

                                                                                                                                                                              22KB

                                                                                                                                                                              MD5

                                                                                                                                                                              89e31d8b9f827c7110a2a83e525bbe68

                                                                                                                                                                              SHA1

                                                                                                                                                                              15885ed2124e1a1a29a6d5e4cb516af46e2a8852

                                                                                                                                                                              SHA256

                                                                                                                                                                              d3399c9ed3db649da4a3cde27ba86bae06ef54bea8f7460531c52e4cb5169bbd

                                                                                                                                                                              SHA512

                                                                                                                                                                              be3b935f2e071c3432a9afba536a457c5efa3d8c02ec111cbec7983057bab75fa298af575bd6de75aebff29b2569c43d0c6481beb9b568f08cc9d19ff9ee9648

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                                                                                                              Filesize

                                                                                                                                                                              21KB

                                                                                                                                                                              MD5

                                                                                                                                                                              dbfeb5d9458c071a18e4092fd3fb1a03

                                                                                                                                                                              SHA1

                                                                                                                                                                              61cb277b28912bab8c53aab8162b39fa81f83da4

                                                                                                                                                                              SHA256

                                                                                                                                                                              98eb69fc51382c51bb28b1c6e2e2e51dce334db1ea423745071f57a3842a640b

                                                                                                                                                                              SHA512

                                                                                                                                                                              47bae7df4f1ac23241bd3981098d7745ec80634d3c76872ad9c1c03a7109f305860e887b1a762b032e28266d2dca56e169144b484ea3eae97529b14cafbb254f

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                                                                                                              Filesize

                                                                                                                                                                              20KB

                                                                                                                                                                              MD5

                                                                                                                                                                              e322af56bb7679f8b19219948a53f8a4

                                                                                                                                                                              SHA1

                                                                                                                                                                              a2a33ec13791008325c1fb4c728ff9a8dac7da22

                                                                                                                                                                              SHA256

                                                                                                                                                                              8e19c13e75cc6e04c559bd3cc9f5bec5808d87ba5a95541d370e4619a5f69505

                                                                                                                                                                              SHA512

                                                                                                                                                                              9997818a27981a4896be95d08a39baf00f74ff1c435d95fe1d4a3683bf9510272919b14fa9a6ea4acd23844771acd4c2d8af992050275c3c727c761ba878f376

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                                                                                                                                                              Filesize

                                                                                                                                                                              2B

                                                                                                                                                                              MD5

                                                                                                                                                                              d751713988987e9331980363e24189ce

                                                                                                                                                                              SHA1

                                                                                                                                                                              97d170e1550eee4afc0af065b78cda302a97674c

                                                                                                                                                                              SHA256

                                                                                                                                                                              4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                                                                                                                              SHA512

                                                                                                                                                                              b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                                              Filesize

                                                                                                                                                                              2KB

                                                                                                                                                                              MD5

                                                                                                                                                                              130dce2fe610acc81f021c2ee544b0d5

                                                                                                                                                                              SHA1

                                                                                                                                                                              354d22bd8f26538649ad1a6457e19dff39b20fe0

                                                                                                                                                                              SHA256

                                                                                                                                                                              a40f2a3d690ae1d3d6151785060887c8442b95caa70655b0dcefb9c693baa7a8

                                                                                                                                                                              SHA512

                                                                                                                                                                              231ecb301826748e2bfc1b0a73d3be98f4c7f723dbe671962986faff8e3c2a90f5929c4db2005b265ad365de5050c9afbd5a9a449e6c29ce455c15e36c19fda4

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                                              Filesize

                                                                                                                                                                              356B

                                                                                                                                                                              MD5

                                                                                                                                                                              aa82f4bfa342673cdcd80ccf9454e3b8

                                                                                                                                                                              SHA1

                                                                                                                                                                              ee3440c87660ebab2663369ab9eab67bed0a9a3e

                                                                                                                                                                              SHA256

                                                                                                                                                                              8fb20b9e0fdd79f0d209433b0ce7b9cd56b5061f1cd7bbe64f92fb683a59a9f9

                                                                                                                                                                              SHA512

                                                                                                                                                                              430bef8c199cb351a535016f81d0df7d1d8a222c4d76acd5f6945af8996ff7921194a9707041899ed3619e49bbad3f8bbe7c1fbe90a7edfbe8497868f6f89d61

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                                              Filesize

                                                                                                                                                                              6KB

                                                                                                                                                                              MD5

                                                                                                                                                                              98bcdb65d183de0fb78846372b59ade9

                                                                                                                                                                              SHA1

                                                                                                                                                                              82c8092cb3fc0ee412a67d02ae66d2a0cb5fe681

                                                                                                                                                                              SHA256

                                                                                                                                                                              2791c719ac14659b7b4fcafb87dd6ac352180d95f270f39d83bb1f20d97c5af5

                                                                                                                                                                              SHA512

                                                                                                                                                                              45cfec4fb94e15fe4f1a0711dbfaaa99960d3120a6e671545f26a3015a0b1c7f685a436a9f458840ed36bf52b0809e6f9fd857dc11de7238b4d573a16a8cd142

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                                              Filesize

                                                                                                                                                                              7KB

                                                                                                                                                                              MD5

                                                                                                                                                                              5d0d7ad18c814497b864809d0d7bf26c

                                                                                                                                                                              SHA1

                                                                                                                                                                              30ebca9bf99625c8dd65e670fb3019f5a6defd5d

                                                                                                                                                                              SHA256

                                                                                                                                                                              3657929b5b462df7caafc2562f0450ef21c35a07c11bdf7d47332a134785a997

                                                                                                                                                                              SHA512

                                                                                                                                                                              7bad261bba35c8775ded1ced0fd4f4eda3965ed72a351b7f501e3dec9ac17db05b77b657b9221eb70ddd89a7d6f50276aa8bed9a76bd0e3fdfaf0f003d787a85

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                                              Filesize

                                                                                                                                                                              9KB

                                                                                                                                                                              MD5

                                                                                                                                                                              c5f23c426ce4f2bbdf54f5fe1dd01cf8

                                                                                                                                                                              SHA1

                                                                                                                                                                              185f0edcde6a4e9d26c2407895ac8890295c9eed

                                                                                                                                                                              SHA256

                                                                                                                                                                              8b87211023339b2011ad40220bbcf17b8892b95b63b5e6316ffc479b852ff962

                                                                                                                                                                              SHA512

                                                                                                                                                                              b9b0730b82ba0cde332daa5541cd79455b214f5134b996c92d281795a334c0aa874c8ebda41ceeb2db34cc4e931bcafd004a7580f391305ca67ae80802b5f30b

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                                              Filesize

                                                                                                                                                                              9KB

                                                                                                                                                                              MD5

                                                                                                                                                                              2c2d02833ff281cea4dbbf0cdbb87c95

                                                                                                                                                                              SHA1

                                                                                                                                                                              c767f8f9a0dbfe00cda2ad303e85311f5020a3c2

                                                                                                                                                                              SHA256

                                                                                                                                                                              7a36cf4755efcb00489e6a95356aed18ed3f66915fc221a8ac3082420b2d1998

                                                                                                                                                                              SHA512

                                                                                                                                                                              1c2924f96078dc46e12a152032034f2ca0d9f5d3beb22cfbadefec82ac5039b39cdf30204be311f560ca5dd8ec4be31e119ffbdf7fbff95fc14b574277c0add0

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                                              Filesize

                                                                                                                                                                              8KB

                                                                                                                                                                              MD5

                                                                                                                                                                              e93ba2075197fd48dfdcbb470f385e81

                                                                                                                                                                              SHA1

                                                                                                                                                                              cdc7715417b6a9cf5a02e6967dd559ab2a6769fc

                                                                                                                                                                              SHA256

                                                                                                                                                                              e89c8c96d66b32dd45809b72dad8b8db863ac3f422639ba43a97c91d35353dee

                                                                                                                                                                              SHA512

                                                                                                                                                                              f7f4c6ec02b0f03f0453d80dbbbb6a93656b04cc83830c57c6365c0b70fc8a266f78c67037bbd937ef6f164721e3148db557eda6d2e8914fc37886db0be6e772

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                                              Filesize

                                                                                                                                                                              6KB

                                                                                                                                                                              MD5

                                                                                                                                                                              4bbd7b207c094ab3dbb315f39c153faa

                                                                                                                                                                              SHA1

                                                                                                                                                                              29fc1c4906ece2ebc50dc7d36c011f2a60ae8a49

                                                                                                                                                                              SHA256

                                                                                                                                                                              fbee73fe23f644da9d28a6bfab9d60f78aa75788e4e0380a8a459be86a90d577

                                                                                                                                                                              SHA512

                                                                                                                                                                              a6c1578e7b3a7f615324e8b41cc4ef5ba8a9df2c41ba4a3c59e5986378a3d4c36fc7c9506493f183c40c8704a3af0c0ac1e886a89ef0316c4980785e3ba275ba

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                                                                                                                                                              Filesize

                                                                                                                                                                              16KB

                                                                                                                                                                              MD5

                                                                                                                                                                              67d9e6542884131bece846f0e867bd8c

                                                                                                                                                                              SHA1

                                                                                                                                                                              4e2bc23411a2dac7514ed4553ff38b30ab3925ce

                                                                                                                                                                              SHA256

                                                                                                                                                                              a1ca26750433e8603afd1edd20205b811e2f68fae6322119890fe3590767515a

                                                                                                                                                                              SHA512

                                                                                                                                                                              82bddaff911004f88c949cdcd06cd35a5c0a8052d0e39ca3e89c234c184a6d4383c730607d4f9e67ae3185d04eaa2f0771506b60a7d5b2cbd7d465bc4eba3987

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                                                                              Filesize

                                                                                                                                                                              258KB

                                                                                                                                                                              MD5

                                                                                                                                                                              4db184dba8b2761cdec23fd9d20e58b3

                                                                                                                                                                              SHA1

                                                                                                                                                                              cd352b6e53fec407347e4c92ff096f2e86f6f81d

                                                                                                                                                                              SHA256

                                                                                                                                                                              ee1f6c0c69ea25cb8f424a5a817070504f55f595bb3d8bbae2ece96fad5413e2

                                                                                                                                                                              SHA512

                                                                                                                                                                              36613bd721b49481a6041708378cb363e9b5b949805f66b390bc6b23a7b0df1058bfaba085fe46ccac86ad98c86d300d53c75a5c2bef5276f32106c200478e22

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                                                                              Filesize

                                                                                                                                                                              258KB

                                                                                                                                                                              MD5

                                                                                                                                                                              f659c5c05ec65f6b2138f05d32c91b7d

                                                                                                                                                                              SHA1

                                                                                                                                                                              3161955af788dbffe6bb93dadc03212c86a9f80f

                                                                                                                                                                              SHA256

                                                                                                                                                                              1a9b033723dcd8d0ba87fc32bc431a5f254365ba2c331946a4be3b4fee594b7c

                                                                                                                                                                              SHA512

                                                                                                                                                                              b5a13f022e86a37bc4ad11e7d5808b09c02a5cbd03370ba58cdfed151af4b984a3b498c718d0584199831479ca93abb7e69486479257e378183edcfe9cc04d53

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                                                                              Filesize

                                                                                                                                                                              258KB

                                                                                                                                                                              MD5

                                                                                                                                                                              bb7e3a1e53479e4db9b5d088be1381e9

                                                                                                                                                                              SHA1

                                                                                                                                                                              4ecd663d17abd33fbe986344c59b5e958d7d0911

                                                                                                                                                                              SHA256

                                                                                                                                                                              b11450929de629573ec2ba33a14809c66f4c2b56cf32f6bc8f63afebe38252a8

                                                                                                                                                                              SHA512

                                                                                                                                                                              bbc8043f143d9ae4c257cab8c7fdc054b5d1d94c67d545ae6e89062cc0d4fcfb0f7527f2ca8c99f3938bc31000f37f68373f21f5d64cfa6340d7c3aece108875

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                                                                              Filesize

                                                                                                                                                                              258KB

                                                                                                                                                                              MD5

                                                                                                                                                                              e7b09dcdb93461cf5c1667bf92ece7ed

                                                                                                                                                                              SHA1

                                                                                                                                                                              405bb80d138555af2bb2fd60dcc79fb3c62b9681

                                                                                                                                                                              SHA256

                                                                                                                                                                              a353d5bd8bc84286377d4a9258f3434a082c6793c4c278143b959e830fe099f6

                                                                                                                                                                              SHA512

                                                                                                                                                                              cf157c23f1e8e9b748887136f56a5bc616ec6bed49660bbb1b9cb6de0afecc691a5519926596b82939109498206bf672f8d041797cbbcb38f44597beaabde48b

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                                                                                                                                                              Filesize

                                                                                                                                                                              95KB

                                                                                                                                                                              MD5

                                                                                                                                                                              f966f662a99b12d1df3a5cffee02e1ec

                                                                                                                                                                              SHA1

                                                                                                                                                                              5c58e5b9b9622cfcd2f1b68773009aacdd873dda

                                                                                                                                                                              SHA256

                                                                                                                                                                              96852a596704e5b96ea553e631e52454f31b1bf3059d862001417a48fe76d2d9

                                                                                                                                                                              SHA512

                                                                                                                                                                              8f513e12dd6e024b597f17afd02879aa3f2b0a220707acc8a0382494a78a57e65071313a92639769f8f7dd34dfd5fd214d1d499bdfa701979f02625d26ebf847

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                                                                                                                                                              Filesize

                                                                                                                                                                              88KB

                                                                                                                                                                              MD5

                                                                                                                                                                              fbffc7ccb04d807376a2f2fc2e0fb80d

                                                                                                                                                                              SHA1

                                                                                                                                                                              ce010e275a02e33fadf3d1da1762a0bf48329a60

                                                                                                                                                                              SHA256

                                                                                                                                                                              b733f84c925ad205cc100a6d9316a3e051406270bd2b3d9c60e0ad35c3552d79

                                                                                                                                                                              SHA512

                                                                                                                                                                              90c939fe3759f7dc76fc43ed51a0a9f5e3f66aaed1be406a877f7bdaf46bf35b92c12f4859c8b6495e4281a23d161a3c898867014edd621ed247b25ed88a191a

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58f9eb.TMP

                                                                                                                                                                              Filesize

                                                                                                                                                                              83KB

                                                                                                                                                                              MD5

                                                                                                                                                                              b442bf1030891f760bdece96e63a7b19

                                                                                                                                                                              SHA1

                                                                                                                                                                              9dcb4f3885951f6e3f0eae59b7b6bac6d28552c5

                                                                                                                                                                              SHA256

                                                                                                                                                                              7bc1abcb6edee38d55ec231a2fc04cfd408150f041567d35eefb32d1f0c1f391

                                                                                                                                                                              SHA512

                                                                                                                                                                              6434528d7eb254e5b9aca1dae6146beee8f5f59706243ea0187539789845633f00e179c91fcbe8dc54f45d643f370cb334edfdde13aff04660db6db6307be610

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

                                                                                                                                                                              Filesize

                                                                                                                                                                              10KB

                                                                                                                                                                              MD5

                                                                                                                                                                              2f23663111658be2ba0b273463ff5e60

                                                                                                                                                                              SHA1

                                                                                                                                                                              c2af77369b83a0177bfdb90c11fad4c5f897a983

                                                                                                                                                                              SHA256

                                                                                                                                                                              eab4709a1ad32b0b87a53d307893899eb3ee26c6a59a1b34fe83062c79817513

                                                                                                                                                                              SHA512

                                                                                                                                                                              e0fdfe555a47709cbf14c4c22498c89c3e8fd61c5b40806b9dd06aee20fbdcd3d9c4f7861d1183df15e9c64ed25828f97c8292bc6b4a700d3d4586433bf45bd8

                                                                                                                                                                            • memory/3688-677-0x0000000006840000-0x000000000694A000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              1.0MB

                                                                                                                                                                            • memory/3688-680-0x0000000006950000-0x000000000699C000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              304KB

                                                                                                                                                                            • memory/3688-673-0x0000000005C30000-0x00000000061D6000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              5.6MB

                                                                                                                                                                            • memory/3688-674-0x0000000005720000-0x00000000057B2000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              584KB

                                                                                                                                                                            • memory/3688-675-0x00000000056C0000-0x00000000056CA000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              40KB

                                                                                                                                                                            • memory/3688-676-0x0000000006D00000-0x0000000007318000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              6.1MB

                                                                                                                                                                            • memory/3688-685-0x0000000008EF0000-0x000000000941C000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              5.2MB

                                                                                                                                                                            • memory/3688-678-0x0000000006770000-0x0000000006782000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              72KB

                                                                                                                                                                            • memory/3688-679-0x00000000067D0000-0x000000000680C000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              240KB

                                                                                                                                                                            • memory/3688-671-0x0000000000400000-0x000000000044A000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              296KB

                                                                                                                                                                            • memory/3688-681-0x0000000006AD0000-0x0000000006B36000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              408KB

                                                                                                                                                                            • memory/3688-682-0x0000000007420000-0x0000000007496000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              472KB

                                                                                                                                                                            • memory/3688-683-0x0000000006A30000-0x0000000006A4E000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              120KB

                                                                                                                                                                            • memory/3688-684-0x00000000087F0000-0x00000000089B2000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              1.8MB

                                                                                                                                                                            • memory/3996-691-0x00000000007B0000-0x00000000007B1000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              4KB

                                                                                                                                                                            • memory/5512-672-0x0000000000570000-0x0000000000571000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              4KB

                                                                                                                                                                            • memory/5512-670-0x0000000000570000-0x0000000000571000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              4KB