hxxps://youtube[.]com

Resubmissions

25-05-2024 12:09

240525-pbs64saa42 6

23-05-2024 14:41

23-05-2024 13:11

23-05-2024 13:11

23-05-2024 13:03

Analysis

max time kernel
209s
max time network
204s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
16-05-2024 14:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://youtube.com

Score

8^/10

discovery upx

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	aida64extreme720 (1).tmp
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	aida64.exe

Executes dropped EXE 12 IoCs

pid	Process
5612	aida64extreme720 (1).exe
4904	aida64extreme720 (1).tmp
5336	aida64.exe
5548	aida_bench64.dll
6028	aida_bench64.dll
5392	aida_bench64.dll
1504	aida_bench64.dll
5276	aida_bench64.dll
1568	aida_bench64.dll
3016	aida_bench64.dll
5996	aida_bench64.dll
2904	aida_bench64.dll

Loads dropped DLL 4 IoCs

pid	Process
5336	aida64.exe
5336	aida64.exe
5336	aida64.exe
5336	aida64.exe

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x00070000000235ef-1434.dat	upx
behavioral1/memory/5336-1452-0x0000000000400000-0x0000000005CF3000-memory.dmp	upx
behavioral1/memory/5336-1491-0x0000000000400000-0x0000000005CF3000-memory.dmp	upx
behavioral1/memory/5336-1498-0x0000000000400000-0x0000000005CF3000-memory.dmp	upx
behavioral1/memory/5336-1503-0x0000000000400000-0x0000000005CF3000-memory.dmp	upx
behavioral1/memory/5336-1504-0x0000000000400000-0x0000000005CF3000-memory.dmp	upx
behavioral1/memory/5336-1519-0x0000000000400000-0x0000000005CF3000-memory.dmp	upx

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\FinalWire\AIDA64 Extreme\is-FME86.tmp	aida64extreme720 (1).tmp
File created	C:\Program Files (x86)\FinalWire\AIDA64 Extreme\is-5LE1R.tmp	aida64extreme720 (1).tmp
File created	C:\Program Files (x86)\FinalWire\AIDA64 Extreme\is-977OE.tmp	aida64extreme720 (1).tmp
File created	C:\Program Files (x86)\FinalWire\AIDA64 Extreme\is-6JIJD.tmp	aida64extreme720 (1).tmp
File opened for modification	C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida_helper64.dll	aida64extreme720 (1).tmp
File opened for modification	C:\Program Files (x86)\FinalWire\AIDA64 Extreme\storarc.dll	aida64extreme720 (1).tmp
File created	C:\Program Files (x86)\FinalWire\AIDA64 Extreme\Language\is-IUM6B.tmp	aida64extreme720 (1).tmp
File created	C:\Program Files (x86)\FinalWire\AIDA64 Extreme\Language\is-F4GKQ.tmp	aida64extreme720 (1).tmp
File opened for modification	C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida_icons10.dll	aida64extreme720 (1).tmp
File opened for modification	C:\Program Files (x86)\FinalWire\AIDA64 Extreme\ssleay32.dll	aida64extreme720 (1).tmp
File opened for modification	C:\Program Files (x86)\FinalWire\AIDA64 Extreme\storelibir.dll	aida64extreme720 (1).tmp
File created	C:\Program Files (x86)\FinalWire\AIDA64 Extreme\is-GVRVN.tmp	aida64extreme720 (1).tmp
File created	C:\Program Files (x86)\FinalWire\AIDA64 Extreme\Language\is-1MG7D.tmp	aida64extreme720 (1).tmp
File created	C:\Program Files (x86)\FinalWire\AIDA64 Extreme\is-MC26J.tmp	aida64extreme720 (1).tmp
File created	C:\Program Files (x86)\FinalWire\AIDA64 Extreme\is-V3KS8.tmp	aida64extreme720 (1).tmp
File created	C:\Program Files (x86)\FinalWire\AIDA64 Extreme\unins000.dat	aida64extreme720 (1).tmp
File created	C:\Program Files (x86)\FinalWire\AIDA64 Extreme\is-G2JUK.tmp	aida64extreme720 (1).tmp
File created	C:\Program Files (x86)\FinalWire\AIDA64 Extreme\is-7OM6L.tmp	aida64extreme720 (1).tmp
File created	C:\Program Files (x86)\FinalWire\AIDA64 Extreme\is-GV09V.tmp	aida64extreme720 (1).tmp
File created	C:\Program Files (x86)\FinalWire\AIDA64 Extreme\Language\is-KEBBT.tmp	aida64extreme720 (1).tmp
File created	C:\Program Files (x86)\FinalWire\AIDA64 Extreme\Language\is-DRPM0.tmp	aida64extreme720 (1).tmp
File created	C:\Program Files (x86)\FinalWire\AIDA64 Extreme\is-FL696.tmp	aida64extreme720 (1).tmp
File created	C:\Program Files (x86)\FinalWire\AIDA64 Extreme\Language\is-SPPP1.tmp	aida64extreme720 (1).tmp
File opened for modification	C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.ini	aida64extreme720 (1).tmp
File opened for modification	C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.ini	aida64.exe
File opened for modification	C:\Program Files (x86)\FinalWire\AIDA64 Extreme\storelibir-2.dll	aida64extreme720 (1).tmp
File created	C:\Program Files (x86)\FinalWire\AIDA64 Extreme\Language\is-QVSH2.tmp	aida64extreme720 (1).tmp
File opened for modification	C:\Program Files (x86)\FinalWire\AIDA64 Extreme\storelib.dll	aida64extreme720 (1).tmp
File created	C:\Program Files (x86)\FinalWire\AIDA64 Extreme\is-EDK5Q.tmp	aida64extreme720 (1).tmp
File opened for modification	C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida_bench64.dll	aida64extreme720 (1).tmp
File created	C:\Program Files (x86)\FinalWire\AIDA64 Extreme\is-6UJ91.tmp	aida64extreme720 (1).tmp
File created	C:\Program Files (x86)\FinalWire\AIDA64 Extreme\Language\is-U7PBB.tmp	aida64extreme720 (1).tmp
File created	C:\Program Files (x86)\FinalWire\AIDA64 Extreme\Language\is-VLD6G.tmp	aida64extreme720 (1).tmp
File created	C:\Program Files (x86)\FinalWire\AIDA64 Extreme\Language\is-VKKOE.tmp	aida64extreme720 (1).tmp
File created	C:\Program Files (x86)\FinalWire\AIDA64 Extreme\Language\is-UD70R.tmp	aida64extreme720 (1).tmp
File created	C:\Program Files (x86)\FinalWire\AIDA64 Extreme\Language\is-A0CS4.tmp	aida64extreme720 (1).tmp
File opened for modification	C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.url	aida64extreme720 (1).tmp
File opened for modification	C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida_arc.dll	aida64extreme720 (1).tmp
File opened for modification	C:\Program Files (x86)\FinalWire\AIDA64 Extreme\ROGAIOSDK.dll	aida64extreme720 (1).tmp
File created	C:\Program Files (x86)\FinalWire\AIDA64 Extreme\is-TQQ4A.tmp	aida64extreme720 (1).tmp
File created	C:\Program Files (x86)\FinalWire\AIDA64 Extreme\Language\is-2BELT.tmp	aida64extreme720 (1).tmp
File created	C:\Program Files (x86)\FinalWire\AIDA64 Extreme\is-2TNVM.tmp	aida64extreme720 (1).tmp
File created	C:\Program Files (x86)\FinalWire\AIDA64 Extreme\Language\is-0PVA6.tmp	aida64extreme720 (1).tmp
File created	C:\Program Files (x86)\FinalWire\AIDA64 Extreme\Language\is-AD2F7.tmp	aida64extreme720 (1).tmp
File created	C:\Program Files (x86)\FinalWire\AIDA64 Extreme\Language\is-DJ9S4.tmp	aida64extreme720 (1).tmp
File created	C:\Program Files (x86)\FinalWire\AIDA64 Extreme\Language\is-HBJ88.tmp	aida64extreme720 (1).tmp
File created	C:\Program Files (x86)\FinalWire\AIDA64 Extreme\Language\is-T7FIB.tmp	aida64extreme720 (1).tmp
File created	C:\Program Files (x86)\FinalWire\AIDA64 Extreme\is-BBJHJ.tmp	aida64extreme720 (1).tmp
File created	C:\Program Files (x86)\FinalWire\AIDA64 Extreme\is-C1QMI.tmp	aida64extreme720 (1).tmp
File created	C:\Program Files (x86)\FinalWire\AIDA64 Extreme\Language\is-LGHKO.tmp	aida64extreme720 (1).tmp
File created	C:\Program Files (x86)\FinalWire\AIDA64 Extreme\is-94J68.tmp	aida64extreme720 (1).tmp
File created	C:\Program Files (x86)\FinalWire\AIDA64 Extreme\is-LEL6E.tmp	aida64extreme720 (1).tmp
File created	C:\Program Files (x86)\FinalWire\AIDA64 Extreme\Language\is-Q179A.tmp	aida64extreme720 (1).tmp
File opened for modification	C:\Program Files (x86)\FinalWire\AIDA64 Extreme\unins000.dat	aida64extreme720 (1).tmp
File opened for modification	C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.chm	aida64extreme720 (1).tmp
File created	C:\Program Files (x86)\FinalWire\AIDA64 Extreme\is-69FGV.tmp	aida64extreme720 (1).tmp
File created	C:\Program Files (x86)\FinalWire\AIDA64 Extreme\Language\is-K0U2C.tmp	aida64extreme720 (1).tmp
File created	C:\Program Files (x86)\FinalWire\AIDA64 Extreme\Language\is-I1QLC.tmp	aida64extreme720 (1).tmp
File created	C:\Program Files (x86)\FinalWire\AIDA64 Extreme\Language\is-8SUO0.tmp	aida64extreme720 (1).tmp
File opened for modification	C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida_bench32.dll	aida64extreme720 (1).tmp
File opened for modification	C:\Program Files (x86)\FinalWire\AIDA64 Extreme\CUESDK_2015.dll	aida64extreme720 (1).tmp
File created	C:\Program Files (x86)\FinalWire\AIDA64 Extreme\Language\is-85G1M.tmp	aida64extreme720 (1).tmp
File created	C:\Program Files (x86)\FinalWire\AIDA64 Extreme\Language\is-VLA2S.tmp	aida64extreme720 (1).tmp
File created	C:\Program Files (x86)\FinalWire\AIDA64 Extreme\is-NDJH1.tmp	aida64extreme720 (1).tmp

Drops file in Windows directory 6 IoCs

description	ioc	Process
File created	C:\Windows\INF\c_monitor.PNF	aida64.exe
File created	C:\Windows\INF\c_volume.PNF	aida64.exe
File created	C:\Windows\INF\c_diskdrive.PNF	aida64.exe
File created	C:\Windows\INF\c_media.PNF	aida64.exe
File created	C:\Windows\INF\c_display.PNF	aida64.exe
File created	C:\Windows\INF\c_processor.PNF	aida64.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 17 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\LocationInformation	aida64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	aida64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\LocationInformation	aida64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	aida64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	aida64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Address	aida64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	aida64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	aida64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	aida64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Address	aida64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\DeviceDesc	aida64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Driver	aida64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\DeviceDesc	aida64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Driver	aida64.exe

Checks processor information in registry 2 TTPs 15 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	aida64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	explorer.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor	aida64.exe
Key enumerated	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor	aida64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	aida64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	aida64.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	explorer.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	aida64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Identifier	aida64.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	aida64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	aida64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\VendorIdentifier	aida64.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor	aida64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	aida64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	aida64.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVersion	aida64.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\Hardware\DESCRIPTION\System\BIOS	aida64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardProduct	aida64.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133603429085945548"	chrome.exe

Modifies registry class 42 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\HotKey = "0"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "2"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000010000001800000030f125b7ef471a10a5f102608c9eebac0a000000a0000000	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 1e00718000000000000000000000e4c006bb93d2754f8a90cb05b6477eee0000	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 0c0001008421de39050000000000	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Rev = "0"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "18874369"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\ShowCmd = "1"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f706806ee260aa0d7449371beb064c986830000	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "18874385"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\NodeSlot = "1"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = ffffffff	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Vid = "{65F125E5-7BE1-4810-BA9D-D271C8432CE3}"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "6"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	explorer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-540404634-651139247-2967210625-1000\{516B7B76-4A4F-406B-A46E-9AD57C2E7632}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings	control.exe
Key created	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\WFlags = "0"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "48"	explorer.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
5904	explorer.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4792	chrome.exe
4792	chrome.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
4224	taskmgr.exe
5336	aida64.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
652	Process not Found
652	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4792	chrome.exe
Token: SeCreatePagefilePrivilege	4792	chrome.exe
Token: SeShutdownPrivilege	4792	chrome.exe
Token: SeCreatePagefilePrivilege	4792	chrome.exe
Token: 33	4120	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4120	AUDIODG.EXE
Token: SeShutdownPrivilege	4792	chrome.exe
Token: SeCreatePagefilePrivilege	4792	chrome.exe
Token: SeDebugPrivilege	4224	taskmgr.exe
Token: SeSystemProfilePrivilege	4224	taskmgr.exe
Token: SeCreateGlobalPrivilege	4224	taskmgr.exe
Token: SeShutdownPrivilege	4792	chrome.exe
Token: SeCreatePagefilePrivilege	4792	chrome.exe
Token: SeShutdownPrivilege	4792	chrome.exe
Token: SeCreatePagefilePrivilege	4792	chrome.exe
Token: SeShutdownPrivilege	4792	chrome.exe
Token: SeCreatePagefilePrivilege	4792	chrome.exe
Token: SeShutdownPrivilege	4792	chrome.exe
Token: SeCreatePagefilePrivilege	4792	chrome.exe
Token: SeShutdownPrivilege	4792	chrome.exe
Token: SeCreatePagefilePrivilege	4792	chrome.exe
Token: SeShutdownPrivilege	4792	chrome.exe
Token: SeCreatePagefilePrivilege	4792	chrome.exe
Token: SeShutdownPrivilege	4792	chrome.exe
Token: SeCreatePagefilePrivilege	4792	chrome.exe
Token: SeShutdownPrivilege	4792	chrome.exe
Token: SeCreatePagefilePrivilege	4792	chrome.exe
Token: SeShutdownPrivilege	4792	chrome.exe
Token: SeCreatePagefilePrivilege	4792	chrome.exe
Token: SeShutdownPrivilege	4792	chrome.exe
Token: SeCreatePagefilePrivilege	4792	chrome.exe
Token: SeShutdownPrivilege	4792	chrome.exe
Token: SeCreatePagefilePrivilege	4792	chrome.exe
Token: SeShutdownPrivilege	4792	chrome.exe
Token: SeCreatePagefilePrivilege	4792	chrome.exe
Token: SeShutdownPrivilege	4792	chrome.exe
Token: SeCreatePagefilePrivilege	4792	chrome.exe
Token: SeShutdownPrivilege	4792	chrome.exe
Token: SeCreatePagefilePrivilege	4792	chrome.exe
Token: SeShutdownPrivilege	4792	chrome.exe
Token: SeCreatePagefilePrivilege	4792	chrome.exe
Token: SeShutdownPrivilege	4792	chrome.exe
Token: SeCreatePagefilePrivilege	4792	chrome.exe
Token: SeShutdownPrivilege	4792	chrome.exe
Token: SeCreatePagefilePrivilege	4792	chrome.exe
Token: SeShutdownPrivilege	4792	chrome.exe
Token: SeCreatePagefilePrivilege	4792	chrome.exe
Token: SeShutdownPrivilege	4792	chrome.exe
Token: SeCreatePagefilePrivilege	4792	chrome.exe
Token: SeShutdownPrivilege	4792	chrome.exe
Token: SeCreatePagefilePrivilege	4792	chrome.exe
Token: SeShutdownPrivilege	5824	control.exe
Token: SeCreatePagefilePrivilege	5824	control.exe
Token: SeShutdownPrivilege	4792	chrome.exe
Token: SeCreatePagefilePrivilege	4792	chrome.exe
Token: SeShutdownPrivilege	5904	explorer.exe
Token: SeCreatePagefilePrivilege	5904	explorer.exe
Token: SeShutdownPrivilege	4792	chrome.exe
Token: SeCreatePagefilePrivilege	4792	chrome.exe
Token: SeShutdownPrivilege	4792	chrome.exe
Token: SeCreatePagefilePrivilege	4792	chrome.exe
Token: SeShutdownPrivilege	4792	chrome.exe
Token: SeCreatePagefilePrivilege	4792	chrome.exe
Token: SeShutdownPrivilege	4792	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
5904	explorer.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4792	chrome.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe
4224	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4792 wrote to memory of 3200	4792	chrome.exe	85
PID 4792 wrote to memory of 3200	4792	chrome.exe	85
PID 4792 wrote to memory of 2176	4792	chrome.exe	86
PID 4792 wrote to memory of 2176	4792	chrome.exe	86
PID 4792 wrote to memory of 2176	4792	chrome.exe	86
PID 4792 wrote to memory of 2176	4792	chrome.exe	86
PID 4792 wrote to memory of 2176	4792	chrome.exe	86
PID 4792 wrote to memory of 2176	4792	chrome.exe	86
PID 4792 wrote to memory of 2176	4792	chrome.exe	86
PID 4792 wrote to memory of 2176	4792	chrome.exe	86
PID 4792 wrote to memory of 2176	4792	chrome.exe	86
PID 4792 wrote to memory of 2176	4792	chrome.exe	86
PID 4792 wrote to memory of 2176	4792	chrome.exe	86
PID 4792 wrote to memory of 2176	4792	chrome.exe	86
PID 4792 wrote to memory of 2176	4792	chrome.exe	86
PID 4792 wrote to memory of 2176	4792	chrome.exe	86
PID 4792 wrote to memory of 2176	4792	chrome.exe	86
PID 4792 wrote to memory of 2176	4792	chrome.exe	86
PID 4792 wrote to memory of 2176	4792	chrome.exe	86
PID 4792 wrote to memory of 2176	4792	chrome.exe	86
PID 4792 wrote to memory of 2176	4792	chrome.exe	86
PID 4792 wrote to memory of 2176	4792	chrome.exe	86
PID 4792 wrote to memory of 2176	4792	chrome.exe	86
PID 4792 wrote to memory of 2176	4792	chrome.exe	86
PID 4792 wrote to memory of 2176	4792	chrome.exe	86
PID 4792 wrote to memory of 2176	4792	chrome.exe	86
PID 4792 wrote to memory of 2176	4792	chrome.exe	86
PID 4792 wrote to memory of 2176	4792	chrome.exe	86
PID 4792 wrote to memory of 2176	4792	chrome.exe	86
PID 4792 wrote to memory of 2176	4792	chrome.exe	86
PID 4792 wrote to memory of 2176	4792	chrome.exe	86
PID 4792 wrote to memory of 2176	4792	chrome.exe	86
PID 4792 wrote to memory of 2176	4792	chrome.exe	86
PID 4792 wrote to memory of 864	4792	chrome.exe	87
PID 4792 wrote to memory of 864	4792	chrome.exe	87
PID 4792 wrote to memory of 4396	4792	chrome.exe	88
PID 4792 wrote to memory of 4396	4792	chrome.exe	88
PID 4792 wrote to memory of 4396	4792	chrome.exe	88
PID 4792 wrote to memory of 4396	4792	chrome.exe	88
PID 4792 wrote to memory of 4396	4792	chrome.exe	88
PID 4792 wrote to memory of 4396	4792	chrome.exe	88
PID 4792 wrote to memory of 4396	4792	chrome.exe	88
PID 4792 wrote to memory of 4396	4792	chrome.exe	88
PID 4792 wrote to memory of 4396	4792	chrome.exe	88
PID 4792 wrote to memory of 4396	4792	chrome.exe	88
PID 4792 wrote to memory of 4396	4792	chrome.exe	88
PID 4792 wrote to memory of 4396	4792	chrome.exe	88
PID 4792 wrote to memory of 4396	4792	chrome.exe	88
PID 4792 wrote to memory of 4396	4792	chrome.exe	88
PID 4792 wrote to memory of 4396	4792	chrome.exe	88
PID 4792 wrote to memory of 4396	4792	chrome.exe	88
PID 4792 wrote to memory of 4396	4792	chrome.exe	88
PID 4792 wrote to memory of 4396	4792	chrome.exe	88
PID 4792 wrote to memory of 4396	4792	chrome.exe	88
PID 4792 wrote to memory of 4396	4792	chrome.exe	88
PID 4792 wrote to memory of 4396	4792	chrome.exe	88
PID 4792 wrote to memory of 4396	4792	chrome.exe	88
PID 4792 wrote to memory of 4396	4792	chrome.exe	88
PID 4792 wrote to memory of 4396	4792	chrome.exe	88
PID 4792 wrote to memory of 4396	4792	chrome.exe	88
PID 4792 wrote to memory of 4396	4792	chrome.exe	88
PID 4792 wrote to memory of 4396	4792	chrome.exe	88
PID 4792 wrote to memory of 4396	4792	chrome.exe	88
PID 4792 wrote to memory of 4396	4792	chrome.exe	88

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://youtube.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff87912ab58,0x7ff87912ab68,0x7ff87912ab78
  2⤵
  PID:3200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1604 --field-trial-handle=1832,i,16295739440989787605,16381810441832658903,131072 /prefetch:2
  2⤵
  PID:2176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1832,i,16295739440989787605,16381810441832658903,131072 /prefetch:8
  2⤵
  PID:864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2180 --field-trial-handle=1832,i,16295739440989787605,16381810441832658903,131072 /prefetch:8
  2⤵
  PID:4396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3012 --field-trial-handle=1832,i,16295739440989787605,16381810441832658903,131072 /prefetch:1
  2⤵
  PID:2496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3020 --field-trial-handle=1832,i,16295739440989787605,16381810441832658903,131072 /prefetch:1
  2⤵
  PID:3920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4268 --field-trial-handle=1832,i,16295739440989787605,16381810441832658903,131072 /prefetch:1
  2⤵
  PID:1704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4420 --field-trial-handle=1832,i,16295739440989787605,16381810441832658903,131072 /prefetch:1
  2⤵
  PID:908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4056 --field-trial-handle=1832,i,16295739440989787605,16381810441832658903,131072 /prefetch:8
  2⤵
  PID:828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4624 --field-trial-handle=1832,i,16295739440989787605,16381810441832658903,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:4520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4992 --field-trial-handle=1832,i,16295739440989787605,16381810441832658903,131072 /prefetch:8
  2⤵
  PID:3528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 --field-trial-handle=1832,i,16295739440989787605,16381810441832658903,131072 /prefetch:8
  2⤵
  PID:4176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4108 --field-trial-handle=1832,i,16295739440989787605,16381810441832658903,131072 /prefetch:8
  2⤵
  PID:5192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5384 --field-trial-handle=1832,i,16295739440989787605,16381810441832658903,131072 /prefetch:1
  2⤵
  PID:6072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5752 --field-trial-handle=1832,i,16295739440989787605,16381810441832658903,131072 /prefetch:1
  2⤵
  PID:5864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5620 --field-trial-handle=1832,i,16295739440989787605,16381810441832658903,131072 /prefetch:8
  2⤵
  PID:5132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5636 --field-trial-handle=1832,i,16295739440989787605,16381810441832658903,131072 /prefetch:8
  2⤵
  PID:5148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5560 --field-trial-handle=1832,i,16295739440989787605,16381810441832658903,131072 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5708 --field-trial-handle=1832,i,16295739440989787605,16381810441832658903,131072 /prefetch:1
  2⤵
  PID:2224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5316 --field-trial-handle=1832,i,16295739440989787605,16381810441832658903,131072 /prefetch:1
  2⤵
  PID:1080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6056 --field-trial-handle=1832,i,16295739440989787605,16381810441832658903,131072 /prefetch:1
  2⤵
  PID:3356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4576 --field-trial-handle=1832,i,16295739440989787605,16381810441832658903,131072 /prefetch:1
  2⤵
  PID:5876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5132 --field-trial-handle=1832,i,16295739440989787605,16381810441832658903,131072 /prefetch:1
  2⤵
  PID:5620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5928 --field-trial-handle=1832,i,16295739440989787605,16381810441832658903,131072 /prefetch:1
  2⤵
  PID:5992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 --field-trial-handle=1832,i,16295739440989787605,16381810441832658903,131072 /prefetch:8
  2⤵
  PID:2796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5332 --field-trial-handle=1832,i,16295739440989787605,16381810441832658903,131072 /prefetch:8
  2⤵
  PID:5412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4836 --field-trial-handle=1832,i,16295739440989787605,16381810441832658903,131072 /prefetch:8
  2⤵
  PID:5296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=4744 --field-trial-handle=1832,i,16295739440989787605,16381810441832658903,131072 /prefetch:1
  2⤵
  PID:3296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5608 --field-trial-handle=1832,i,16295739440989787605,16381810441832658903,131072 /prefetch:8
  2⤵
  PID:5480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5776 --field-trial-handle=1832,i,16295739440989787605,16381810441832658903,131072 /prefetch:8
  2⤵
  PID:5452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1784 --field-trial-handle=1832,i,16295739440989787605,16381810441832658903,131072 /prefetch:8
  2⤵
  PID:6060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2184 --field-trial-handle=1832,i,16295739440989787605,16381810441832658903,131072 /prefetch:8
  2⤵
  PID:760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5860 --field-trial-handle=1832,i,16295739440989787605,16381810441832658903,131072 /prefetch:8
  2⤵
  PID:3568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4756 --field-trial-handle=1832,i,16295739440989787605,16381810441832658903,131072 /prefetch:2
  2⤵
  PID:2188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4836 --field-trial-handle=1832,i,16295739440989787605,16381810441832658903,131072 /prefetch:8
  2⤵
  PID:2556
- C:\Users\Admin\Downloads\aida64extreme720 (1).exe
  "C:\Users\Admin\Downloads\aida64extreme720 (1).exe"
  2⤵
  - Executes dropped EXE
  PID:5612
- - C:\Users\Admin\AppData\Local\Temp\is-6QM9M.tmp\aida64extreme720 (1).tmp
    "C:\Users\Admin\AppData\Local\Temp\is-6QM9M.tmp\aida64extreme720 (1).tmp" /SL5="$B033A,68485996,56832,C:\Users\Admin\Downloads\aida64extreme720 (1).exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Drops file in Program Files directory
    PID:4904
  - - C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
      "C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe"
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      Drops file in Program Files directory
      Drops file in Windows directory
      Checks SCSI registry key(s)
      Checks processor information in registry
      Enumerates system info in registry
      Suspicious behavior: GetForegroundWindowSpam
      PID:5336
    - - C:\Windows\System32\ie4uinit.exe
        
        "C:\Windows\System32\ie4uinit.exe" -ClearIconCache
        5⤵
        
        PID:3924
      - C:\Windows\system32\RunDll32.exe
        
        C:\Windows\system32\RunDll32.exe C:\Windows\system32\migration\WininetPlugin.dll,MigrateCacheForUser /m /0
        6⤵
        
        PID:744
      - C:\Windows\system32\RunDll32.exe
        
        C:\Windows\system32\RunDll32.exe C:\Windows\system32\migration\WininetPlugin.dll,MigrateCacheForUser /m /0
        6⤵
        
        PID:5488
    - - C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida_bench64.dll
        
        aida_bench64.dll FinalWireBenchmarks_MTMBW
        5⤵
        Executes dropped EXE
        
        PID:5548
    - - C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida_bench64.dll
        
        aida_bench64.dll FinalWireBenchmarks_MTMBW
        5⤵
        Executes dropped EXE
        
        PID:6028
    - - C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida_bench64.dll
        
        aida_bench64.dll FinalWireBenchmarks_MTMBW
        5⤵
        Executes dropped EXE
        
        PID:5392
    - - C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida_bench64.dll
        
        aida_bench64.dll FinalWireBenchmarks_NGMemLat
        5⤵
        Executes dropped EXE
        
        PID:1504
    - - C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida_bench64.dll
        
        aida_bench64.dll FinalWireBenchmarks_MTMBW
        5⤵
        Executes dropped EXE
        
        PID:5276
    - - C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida_bench64.dll
        
        aida_bench64.dll FinalWireBenchmarks_MTMBW
        5⤵
        Executes dropped EXE
        
        PID:1568
    - - C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida_bench64.dll
        
        aida_bench64.dll FinalWireBenchmarks_MTMBW
        5⤵
        Executes dropped EXE
        
        PID:3016
    - - C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida_bench64.dll
        
        aida_bench64.dll FinalWireBenchmarks_NGMemLat
        5⤵
        Executes dropped EXE
        
        PID:5996
    - - C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida_bench64.dll
        
        aida_bench64.dll FinalWireBenchmarks_MTMBW
        5⤵
        Executes dropped EXE
        
        PID:2904

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4148

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f8 0x4f0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4120

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4224

C:\Windows\system32\control.exe
"C:\Windows\system32\control.exe" SYSTEM
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:5824

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:5852

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5904

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.dat

Filesize
2.0MB

MD5
f4782c501823ae5da0d8925e8abb111c

SHA1
92a0b9f137bc717282f6b2d94e8431d94978dbed

SHA256
173720bc665fd31a0d31a802f2fcf2415bb8e4821811075052346d2408c9dd87

SHA512
07239752efac5c79cc9a27f2eb5b175cd6011a21f9a2af8355e982acf952c97ab3433a7ca5aa39a796d600698ee06fef067970063e1462c4c45798c2f86c82f1

Download Submit
C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe

Filesize
35.6MB

MD5
dd9c49318d711bdf8247754468962429

SHA1
234c9de9c5ed029a242afd0e8600b3c2d5a3a5ce

SHA256
09405f50afb4021f844a4466d0b9f6326a8a2813c427ea62fd0e63866e578c58

SHA512
27dc441d0a48f177d0d6346a45f3b94fb202fa27c71b0ba1f5c2d275e2153a290838e6e162326bf73bef207a5cc273fbb33bcebb24a55f21c5db36b82b860b14

Download Submit
C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.ini

Filesize
24B

MD5
8c09e8f9095560e4de01b72bebe0959b

SHA1
ebb1dc545601bd8fddcb82c1bede6ee47ee185cb

SHA256
68116e13c6f27126c7e019f7d7e29328b5e8b60f00464bfb6559b9399a9c8205

SHA512
549191d3e3be9c53c3c0e18448fcfa4817e9d5149acff4914eac8c697a6e4bbd4dedc46128616b513cd5755fb3fb6f02cbf56202508adb6a26b21f27bf552022

Download Submit
C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida_bench64.dll

Filesize
11.8MB

MD5
9b1e424633b91664b8bda5154f57abde

SHA1
f0e6ae5860c4318834dbd108010023901e5413eb

SHA256
d0be27273b9db6d2536d51f846cef4b1fe970b9e0468045e8d7a1b079bf0c464

SHA512
86ea6cb6768f4cc7b006280df3866012be76556ba5963f7b2633e306fd7f506f531b20397c92680a831bfd0c48cdc63a7c0c77d28ec5a65a78ceacd4f88f130d

Download Submit
C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida_bench64.dll

Filesize
1.2MB

MD5
1892bf30844e5a4e6594e8ede9f4c97b

SHA1
a9cedeae101385f4cf5cf762a0b4e83583a6c6a3

SHA256
457fba3dfc6f3c86e8ec4d08d2b2d8533f345a2afc4e25ce6d4a9a3ae883ada4

SHA512
b82547dd45e06f644a8467e0b68eb4a7a36fb4d35939b820aca478f4d485064da0a99e11cdec4a1cf8d2151333537b8b2519af06f38f6fb0f56d8e0d33626d1f

Download Submit
C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida_icons10.dll

Filesize
9.0MB

MD5
18e08c85087966064354768b627f33fa

SHA1
89b46ab00257296bc2752d250e5114c27b3c99c4

SHA256
806b536eb8c9b76b9bb34c3da2a0a80a25d88017098335eca01c226d684eb5f1

SHA512
97bf6f77f6deeb5f2c93160b1c2660fe7043ea09ab48ddec7a8db14e5c7d02fe10beb0ad0c9472d3c0008b063b50e40141cdfde0db7aae9112ba93a841ccee91

Download Submit
C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida_uires.dll

Filesize
3.1MB

MD5
81d6c537b3b7049b1b262adc7930b1e5

SHA1
b843fa7220c4921e75d4008a046636812ed14c26

SHA256
201ac6ec8fa6e07f40a2e4047e191a66bb01148e885236f567a0c4116218fef3

SHA512
94e08c37ee2fe238b240ff0740ee59c6e71dffe24507a68a2b9e84ebd981526b0600a777c6a18d71557f1b00611834308cbb3ec50660f7e2b79f96157ba0037d

Download Submit
C:\Program Files (x86)\FinalWire\AIDA64 Extreme\kerneld.x64

Filesize
66KB

MD5
ee01251e1105aa37a3ba8889248d3340

SHA1
06a7869bebd1fc8320586d7f4ff542e18abe161a

SHA256
eba3233869c744271d5c22e4c1011ce866987d444a00bb78e4089637b7ed794b

SHA512
58f2ea4b2dc127d211bb66f240a028679a6f905880dcf488ab115d5c5db9a4c39f92fccd80134bc15fa11355f5ae201088cb881d0051691684476290ac8dcecf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\9dc3bc89-d0b0-4ad9-945a-cc99e30de6c5.tmp

Filesize
96KB

MD5
7978a4782fe0dc4c7ea14b158e58c56f

SHA1
52f4cfd9ce38e910d9dcaf19caf8f2445af3a13e

SHA256
6262bb04fd332302ff8fc94383b575f9d04f7c562dbecc455a91f9f6f3d05817

SHA512
ae0bd0c0e73bf765cce84b3824a03899cc7756b04f5ce8f52a2d45e948781f63342408c33aa247103dab5c67e3100ab66164fe90133888b5698891bcb06b635e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
220KB

MD5
c758a89dcfa620f9bc138930fe891ca9

SHA1
f68be6d49724806db8f0fe1305e6d573d21b47ef

SHA256
c7807a5a766842371b12966dda2640923bfce3e17b06e553c4057dd5ac7364b4

SHA512
1d0f2b06adaeedc53d8519a88d354af6f3918119ce03edc9133eb037a03beaac2f3970dae333b64abe46936a89bc66bec0ec3fe764029982f43698fdca311490

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
46KB

MD5
f0d81b309d4441d6dc22bdcb9e9e7d01

SHA1
77e7510fd01735991f8eb242a8a20acf5c7326d6

SHA256
90b890766ed0dfc173b119f625e4bde7785d509a76d27354148bf0a80a09889c

SHA512
79d3758017eb11ff478e0c258405aeb66eeef77b6041689708667948c85c1ff27688491eb8fd7efba3e5d392e299c055b3ae54fd212a0f5caaca3d91c425829e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
796KB

MD5
4519631388f92d71f67093bacff1dd35

SHA1
021a5a025dde022771995fd6b328af451340e68d

SHA256
f41a9c7401f3227e0d5b9ee08ace82d4522c247b1994a10788c5350c8adf8269

SHA512
dc0279b40524d4e89e5715e3ec44cc8cc86ef8aff8a0dd401df8366203abda1743d65185780bf3f7c7d540006fe73ba31be7a859d66ff1d31b88cf67144e4e4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
32KB

MD5
f1d46d46890fea3d157d1e7ac140958f

SHA1
b113f52cef561ccf308c5c95fef376f2ff1283bf

SHA256
92c56ad492f5d744f7951ca1502ddd438ddcf56ec3f0a8425ba78abf95bcd164

SHA512
ada00fd8ec502e2aa7cac82b2634de53fb0526e7e3cccfa07715b4c1adfbcdb25ad21b1b3b27c618b8c5ca3e3e0151d529603771eedd12c12471356117673e1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
32KB

MD5
38288a369294784a5369e7abf03a04e3

SHA1
b078a4e77e8f92ef8ebd52ad508258314dc46359

SHA256
ab2fca2ed379d5f710c7a741b41aa0657ad41d53f70d2e1741417b22e4ba516b

SHA512
169fc48ad74690dacff887171eb5e5db9b1c51e8bcdb57352803da80643a3ccbab55069060f6628298f134714d107122cee9e66f34c276a7eccab33d3036faca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003d

Filesize
12.3MB

MD5
0a6663e5550bcd92a4589bf20aaf8d5a

SHA1
50209e12fbcc05418cc6741acd408f91cd8bd562

SHA256
5f719304ea2d210bf0263918b59741872252a22f1ac09e930e837eb459719d0c

SHA512
8ae2fc9d4842d27290fa7c163d75fafd3f68243cef48dabd5471ffd9d5521da682cf0a2bb8b1435a38dc3ae7606552ddeb7c21cf0fb6e99533cb24c57ce88724

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
ed5bbb48b49c336815c82d2cfe9b0df6

SHA1
d30d4f44e20c4d20d4a9eadc425c84575a12f16d

SHA256
dc8f3f9ccbcbc67a4043d0764b71d0ca3dfe2718132263bd4362d94fa747a6d5

SHA512
6f7f749af173ebda33c3cae58599270e8f1fe5610355e27190442bcdc164c1bb540042abb74b28b1d7c22d4eac962a269d4d5a6fad4748c7aafb1ab436e4efd3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
f7d28120ad1666a3081e252028a0a3d0

SHA1
b1a5bef0d6b562cf7f339ba1c6e54459d25266b6

SHA256
9a680368691dde8b33f94bcfe3dd749e0b2e2017d5a6a3c0e4bce5d8b50318ed

SHA512
3248b769324c0e9c56d370f7c9f92e562448cb6ce1209d3663b56560fdc985bd7c294a0f6f7d7c19f4d73e85616ad978ce161ee67433d06628e6b07d2f1eb842

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
fedd4eb02134e74a9d89cf5cf7124edf

SHA1
f9e51380f7dff580e17021e00d5a4520f21776cf

SHA256
81f968ee68166c79bc0ffdbce921b6be04c84021b1791bd50d64c9cc079c79f8

SHA512
019918a6d01ad8983f5169db75c82b9c9c1914ec7e24be3231e7dc4c374b182b3ab11628bdf145a7e987950f59ee987fbf389c9eb458d48a47e8f8e3a992abcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
7d4db0dd3505c141d19a3436318ce8d9

SHA1
0d81d6936d61fa629bf76570bee40c8131926b7f

SHA256
8381a2eab5e0197ee0d15eeeed3dcb56ad64bbd41cc821586dea21eb016c9c75

SHA512
c18da2af2181e4d1945a5012fc87e90223c8d298cad374db6d5e34ff8a87eb906e1cdb16d1fa732f0a536c74acc46555eb44b7e18a87c2facf28cbe907092355

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
1757dfd651f3f17ac8573e3d1e8b0d0c

SHA1
525f5d40e11644dd094f97df45eab4a70af209f0

SHA256
beedb85c8b5cfa2b247db6c3039502fa5c66c6566425640b497ae011df711b63

SHA512
874b659c2a39949343cafa3ca06139a036d5fd328f9d4ec063e30c1326dad8211b1787f4d14115d73315e51868e0aafc2b65a7e9062443cefbae55e9c905c10c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1804b4b6e0901d358a04736bf8c61b07

SHA1
de21896b304f7707da00018663d98910ab7e8abc

SHA256
bd137640191ca855e3d2ff903d89049f92095fe238d6e730feec81dd63133ca7

SHA512
3f248070fb9b8152e2f324b60147f9e0c563996edb7054472b375ff191fe15eaa1e3eee8d78cb5d109baab9fa5ff64d6fcb872931b03a2964ebbd90c820eba22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e9b69328eadc0f3c65b6d8300a6e73f2

SHA1
a68127672e742a47fe7cc5aea5823af87dd25a9f

SHA256
e9dea0d3d685e7d64b26786ec86e22d03adc8046353c8691e11fcd9d1c5b6cd5

SHA512
637748fd777a89e65295f4f38a7e7921deec1b0127e4bffec2889262916e49d9bb44ae35ffdc6db08bc467f6b2a745475989f17742b146c2db5cdc41ca2f5f42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
945a66946547cf554eab0d65d44fe5f9

SHA1
f536d2c135bdba6f77f4af79c17bd6eed86cf742

SHA256
68524494285a431c9fdbf109cbc42a4b7a159cc0ed8f9f2c0828dd83603c91cc

SHA512
5bd04d7bb0ceffb288c7bda9d359d07deb280d5f398aa7b61b04e6a609dd30b6b7ec3ced153598d515c37ddcdcd6fcd61d583bb5de2669fa67124abc8e29d0af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
aa30664c96d4b4c9154196d51cddde53

SHA1
c879630762f2bd39c83d1d93d064c270bd34469c

SHA256
bd1993ed174f6add8f452cf3d0ffab24ad2f7889a142c976ac68f7529bde5739

SHA512
66099a2d9759cb30302d7c982d0ffd3dcc8b3c27eb2103166d301a7831850f5710f5322a36b6670efae4e61a7440632849c09cb513474e390614210309ec323d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
1a5e6ab1d9a5e5a518f6fbf7227f0a0a

SHA1
563a63cb016b3ed6cd3c8f16af1aff5cc12c0113

SHA256
e2225bd26f3bded6b6a7c3ba4a7bfcc2d9c95ac6b2d6cff253a83e14c270a399

SHA512
e5dcd38f2e30d23a89e1b664ad2704f8d3bbc06b47053075a9b654ce72582b444208cae141f92f8e6f1feade11cafaf3f3a119570f85fce06a368ae13f0ce066

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
09eb9f120afd5749b13a52ad3352bf3b

SHA1
6c524c8dd5c69711659202b19eea2e2ff5b45ad9

SHA256
724085f636dea94a50c1f6283a7a34c71dcd81125aa3b8b44a0920ed555e19dc

SHA512
b2133a50e6880fbfc9771c5d633810424e8fb5a02194a758f5b68bc38c8cea57bdfe1d61feb329f27e1debf6c89da54ee2792f1705017e33e7b2cd90abe8baea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3770e963f0fd13b3380870893b251115

SHA1
a1399b51c3fd5e7232f26352f7bec7b59a3dc86c

SHA256
02e737f9f810e1f4975ce3ace7dff7a967dee8052c4a4cac7f908b8dd898b0c6

SHA512
daa4fc194ae67fbdd035811534793f2242e2c82baa6681ee68101ac40d1c9f5eeed7773bf67cc29a2e2cb56d6f22b5b186d648e165e0018f605e66dbbe6fe54e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
96f3f448d3041bb429d85ea57f9f9c41

SHA1
239b64991ab6b2175a16fc3230323bee3e5dd37d

SHA256
5901527b91c068264c89abb537881dc68bac57c4ff516429840c0e8199f14ecf

SHA512
002a364dea6fc9a1e15be756e0ff9b8f157587cc4417fe58af5248c2bafe03184e3148350ac419ed13261da09cd860a2bda359ddf4ea7b19d2634e5e4620c413

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\41db702b-0c96-4bed-a7e1-0731e072acf7\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\41db702b-0c96-4bed-a7e1-0731e072acf7\index-dir\the-real-index

Filesize
624B

MD5
5bc538f25bed6dcd63625737115d59eb

SHA1
b1a5c098c5d35bb85fa0a6328fa9616075901cb7

SHA256
be62b1d99e8bec47cb20fca72f8d08542ab72ff4d8ff8af0c0ce76001d975b79

SHA512
644e1fb4faa7129ea29ec9d126b2061ad79e807552d182a1566d5800ede3c4fcb920b6d0949fd3a50e7aee15546f489d840d54e882f9c0c06fcc8008156f5257

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\41db702b-0c96-4bed-a7e1-0731e072acf7\index-dir\the-real-index~RFe58141f.TMP

Filesize
48B

MD5
add27a04f9040a4f1dc1217653955313

SHA1
77ac67b38f76c207ac97258a7693f03af2e25296

SHA256
ca4a3834b8558d42d702ee702b3a2d080ccdbb70bfabfde14d5433c6a96edc5d

SHA512
bda82e16d398ff4ab06d6c330e531650aaa503b5790755f86698617d8609c6bd89d0be30f993e8f3f00f643425bf1f0e09fd8d7dc21dbd1a1d88332e9a65c487

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\5da24517-abb6-46df-b6d9-89614f47371a\index-dir\the-real-index

Filesize
2KB

MD5
0f6904550783ad64048293e927e2cfb0

SHA1
6eef14e9e745bb822ec421b5619478786cdbeb6f

SHA256
a6ba923c53f89b4bbeb9fdf08a7860fbc277df06ed64ec320bac41e90e7ed280

SHA512
23e1ca668832249f8041027e835c88c321332609a03f5e7b22f55b2f69ad1282ff37888ee134c21a793afcc77346447a06dab8596c1d84a1b9ed796998bbe4f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\5da24517-abb6-46df-b6d9-89614f47371a\index-dir\the-real-index~RFe579a5b.TMP

Filesize
48B

MD5
62d1074ce13de666dea77334fc49a369

SHA1
86246f58963f342cefce16e44e0fdf0b32aa4222

SHA256
fd9062218d3511546ab6f2949740995141a884ab26b3fc759a0fad9848f7e20e

SHA512
a2db45ceb737c18df849dfdfa197510de4854b662cffc283e4ef8795d565bc3969a01874d33738aa31448ed2d0ae01541592db1cc5187359d40cb864be1261cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
13acfb8b9d7f65a4898afe37640e186a

SHA1
c3dbd95db6a9e8413f7e0e345c96cca8940dd4d6

SHA256
e498fe11d65862178957da36a1615e64d53eeb0c0cabbe9ef41151364f57677c

SHA512
8e3a31031277b721ef09a283c3600a774d06e023fbd7d7a53477eb6a60e55fd4b7789e98419cab793f6d29eb80365cfda84f2188279dd47dc5e41693995869c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
178B

MD5
74935ae8fbc48494b909c30460c66985

SHA1
73a09230caaf69869e4822b08990417c1221b219

SHA256
c5b8e2ff524f5e918ebf448bb8c978fee4ecf56c99e1173e616d11315091bc1e

SHA512
9736f6dbbe7101b862ac80d1d73d78b2de09d6e0fe51154b7206d78058e419e0c29d10298093dcfd072d8b5d40ee9a5687b9cc6179b05ed65cc95291b20d3396

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
187B

MD5
1e49c91129a4ae99671ec00a658a4a2f

SHA1
9781f3d90e817aa89a07d64f16a7d021c168cc8a

SHA256
b9120e395a048db5a050a01ae8a49f0adbfa61df277bfe4a0572a56e2ea160a9

SHA512
5c92f133e68a1f2efee3c5bf0f3efee02d28ac1b10d5f80af4ac9a1c36346f4f2218cac9bb10f567ce677d0d918344a0b1f5abe551901f282a47f2be38b112bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
f8c76850fc522676b711a4bfdedc7088

SHA1
5bd5b994f22b86ee6ddd6add9348db12fb201477

SHA256
d0d00e5de4bb0cab84bdbea6bfcdd11382bd85bae88b73bdfb305717a4bc063e

SHA512
779079ce19f32cc57ff13dde2453cdd04f3298bfd8017a9df2676ece89dd2ec4641b7651edb4bb4b558dcf1658cb8b09ec72487eeeb1e2a1ed2640aafa2bbbea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
517204192208aa69d38dbc6e5770f8bf

SHA1
821d830e8eeb8c83d088e575e9e7368a5babc581

SHA256
f892ffbdffcaf1e41581b3399eb8691a7b14bd51130100c2943cc0fcd45af3b9

SHA512
308b1b24930f3f1532cf507cc0947e7ee36ba6e6dccc4821e09859fc4df61cea98d2ead9acc9793ae35e7e5083e87da77351bd889d094c6a7e30405fb94a0d36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
183B

MD5
01a85126eb4ba5ed0ca39dd5f768ea42

SHA1
8fe5b55055726840e0214f3d1ffa2a3b48efc8fa

SHA256
323bf927063b5e9754acf6cb6b79ff2adf8ae6d0cfd5ed2ff066eaadd9485885

SHA512
356f6585e7315b55d1a06b97f1f9dc5b7dbee002deca1008db6516970f90975d8392fee08f367caeeda3cf9b2381de070e9b788e32764910b32fbee7b4a0f276

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5742f4.TMP

Filesize
119B

MD5
d7e2075666965776538ca238f96b3aae

SHA1
1f6ecca7557a262318d1ac7212f554dd68c6389f

SHA256
f4a53be6b60bd3e7f49b8f1bfc0b037d73cb999d796c24d90fad2a14ae2b3475

SHA512
be78c3aa5ac58bad28b570d83d6a7aed49fb6c323c4d0aaec86e43f588666098648a9644e09cdeaa190ce507d534f9a1c72ec35f642a6650668c182b53ff7ce5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
476717d120bbf231b236a4b5dbece356

SHA1
8f0d2917e8cb2b6d1571b0292275858fe5440e4a

SHA256
ab5213d0dfb46191737f75f3ff4009da9d771a67047a9b65fa7090eae1f26179

SHA512
847bc75e32dc872bdb1d9c486df21b76e6af1659208fda51b8bb2bf0ec08017f8c2c9087f73760f05161813558a06107d61293323ddd4c086e116e08609260ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
17589ce78e48b1704caecbafec48950b

SHA1
5b7a5f340339761aff0167b8fb44aab1b8c4b15e

SHA256
9996151acf14a899f17e40b30aad960556dc3fbd6d45803c77cc9ddb9704d619

SHA512
c5fa099fd3ab3a9c204c8e2c69c8cdeb216c86d5a5ff68172800a6d8bfde1871dbce55c1c11bbe4e6a16ce2e195aa6672496f4ac8c53f2c1ec772b8301b5856c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\32.png

Filesize
673B

MD5
88dfa96f9642297ff88909ca4e0f7330

SHA1
ed8655bf13e6cc49395da4c760168c4148454b7c

SHA256
5e5eb084cf1a650b2e122f53d36f85b67ce6e39069e399a46a25dbd34f7be286

SHA512
cc2deedfeacf9f26e48cbb26e222a219905888b95634c7d91d6393b84248305ce8940816bdb3bff0f5384b9dad90f4e3905b229e06ce4b1023a1439293b240dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4792_1729995527\Icons Monochrome\16.png

Filesize
216B

MD5
a4fd4f5953721f7f3a5b4bfd58922efe

SHA1
f3abed41d764efbd26bacf84c42bd8098a14c5cb

SHA256
c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3

SHA512
7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4792_889642821\Shortcuts Menu Icons\Monochrome\0\512.png

Filesize
2KB

MD5
12a429f9782bcff446dc1089b68d44ee

SHA1
e41e5a1a4f2950a7f2da8be77ca26a66da7093b9

SHA256
e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37

SHA512
1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4792_889642821\Shortcuts Menu Icons\Monochrome\1\512.png

Filesize
10KB

MD5
7f57c509f12aaae2c269646db7fde6e8

SHA1
969d8c0e3d9140f843f36ccf2974b112ad7afc07

SHA256
1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f

SHA512
3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
6049768fe8e41932f9ff7e87d9a9121a

SHA1
de4d3054d5566fd57efcf318d3d8de3a509ff0ec

SHA256
7d5f7e24da0a506a9917c85fc4a6e89557f0da7ddb2ec6130c940fb7e90ea9cc

SHA512
ef12e5153db2a7630c6a468e8a78ab25b450929b8e3ecd15dd073a0727a3c835707c0e3128f46166b713ff03df29516fa5f818dab2802912b15f857ba909a3d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
e0c1650ecd887479f174d3cb72281639

SHA1
c0a6e934205cf8bdf6f8d1ae354960e2468e1775

SHA256
86d5aec2ab13bf2ef59a9d63e5766e59fa2ebd04c3bf9085a9ef6d3ed6744410

SHA512
34a9bd8a21427bda1377f05a00b40cb0e8888398406ac92d412b086e775926bf2b8f70a2a4ef07402ede22fc8dcb311edb10de9a670f5c37887c3092bb102431

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
2c813d1bcfd0da540ca97d7d1866c627

SHA1
f320ac903ac69f190bae73b52a83ec63afec4cd5

SHA256
431910f9c08fc06fc2faaa756f72e2b5aa248f9f00d8d2a496d3aac7a13e9043

SHA512
4f757b165a8dbd816e126fa1d9f0a72c467ad5cdf7fc7022c0c16fbd439e5e9bd7a022bc695adb780aac6a5622b637115d43b66d0e6bc0f931b48969c268a29b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
104KB

MD5
9e1708c54c34028cbe5cfa0e0112f4d6

SHA1
d3f05851086b975478e63cf70f53e6b30fdd7378

SHA256
832402c8fc131ea6104f13def9093013c021a8e2289f4fbfaa411d8e0d746650

SHA512
72bfba066fe7f1e777b9b603bd7e07a1a503be7abcccf566ad09eedea27fbeed30cff6232c72343de9c3b20d4e43cd8aa50787ff7f8ec17ce0cd62a6f3d627e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe584159.TMP

Filesize
88KB

MD5
e43c2fbc3aab33c89f4d2a0f1782ad99

SHA1
33c5e1dcb32f87b117870b5a800d7fa5ba61aabd

SHA256
14c4de220910e6d73c30e4f8396fcbf50c2ccca6e653dc2f9fadbd5bb1f63856

SHA512
39fac69c5d198d58e8f95836949d06f3e59b05616495b75524a1e0094520d650a3d6f2ddf6235fe1f583480cabc62bb5562557b5a385ddb5e766f36b30ca7a7d

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-6QM9M.tmp\aida64extreme720 (1).tmp

Filesize
701KB

MD5
619666a8a2b905e70ee7d66d4d9dd5dd

SHA1
e00edfa4538cf596def2f80a4fc9092c8926f0af

SHA256
0ab6912e8df064cc2965a18dc3ef6efe1417f2b31ab0e8a6f5360169c02ed2cf

SHA512
82cdc7bcaeb8b87e2657f86bc87dfd3c72f56641fa2e98b6addab959fc81970983d8d45bcdd6e0d9082761441bc98e9aad763914493c61dab9147a815cae2ae8

Download Submit
memory/4224-293-0x000001596A770000-0x000001596A771000-memory.dmp

Filesize
4KB

Download
memory/4224-285-0x000001596A770000-0x000001596A771000-memory.dmp

Filesize
4KB

Download
memory/4224-289-0x000001596A770000-0x000001596A771000-memory.dmp

Filesize
4KB

Download
memory/4224-292-0x000001596A770000-0x000001596A771000-memory.dmp

Filesize
4KB

Download
memory/4224-294-0x000001596A770000-0x000001596A771000-memory.dmp

Filesize
4KB

Download
memory/4224-290-0x000001596A770000-0x000001596A771000-memory.dmp

Filesize
4KB

Download
memory/4224-291-0x000001596A770000-0x000001596A771000-memory.dmp

Filesize
4KB

Download
memory/4224-295-0x000001596A770000-0x000001596A771000-memory.dmp

Filesize
4KB

Download
memory/4224-283-0x000001596A770000-0x000001596A771000-memory.dmp

Filesize
4KB

Download
memory/4224-284-0x000001596A770000-0x000001596A771000-memory.dmp

Filesize
4KB

Download
memory/4904-1287-0x0000000000400000-0x00000000004BD000-memory.dmp

Filesize
756KB

Download
memory/4904-1460-0x0000000000400000-0x00000000004BD000-memory.dmp

Filesize
756KB

Download
memory/5336-1452-0x0000000000400000-0x0000000005CF3000-memory.dmp

Filesize
88.9MB

Download
memory/5336-1491-0x0000000000400000-0x0000000005CF3000-memory.dmp

Filesize
88.9MB

Download
memory/5336-1498-0x0000000000400000-0x0000000005CF3000-memory.dmp

Filesize
88.9MB

Download
memory/5336-1503-0x0000000000400000-0x0000000005CF3000-memory.dmp

Filesize
88.9MB

Download
memory/5336-1504-0x0000000000400000-0x0000000005CF3000-memory.dmp

Filesize
88.9MB

Download
memory/5336-1519-0x0000000000400000-0x0000000005CF3000-memory.dmp

Filesize
88.9MB

Download
memory/5612-1461-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/5612-1239-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/5612-1286-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download