asyncrat | hxxps://github[.]com/dnSpy/dnSpy/releases/download/v6[.]1[.]8/dnSpy-net-win32[.]zip

Analysis

max time kernel
1718s
max time network
1173s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
17-05-2024 09:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/dnSpy/dnSpy/releases/download/v6.1.8/dnSpy-net-win32.zip

Score

10^/10

asyncrat rat

Malware Config

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat

Async RAT payload 1 IoCs

rat

Processes:

resource	yara_rule
C:\Users\Admin\Desktop\sheet rat v2.6\Server.exe	family_asyncrat

Executes dropped EXE 2 IoCs

Processes:

Server.exeServer.exe

pid process

1692 Server.exe
2864 Server.exe

Loads dropped DLL 30 IoCs

Processes:

Server.exeServer.exe

pid	process
1692	Server.exe
1692	Server.exe
1692	Server.exe
1692	Server.exe
1692	Server.exe
1692	Server.exe
1692	Server.exe
1692	Server.exe
1692	Server.exe
1692	Server.exe
1692	Server.exe
1692	Server.exe
1692	Server.exe
1692	Server.exe
1692	Server.exe
2864	Server.exe
2864	Server.exe
2864	Server.exe
2864	Server.exe
2864	Server.exe
2864	Server.exe
2864	Server.exe
2864	Server.exe
2864	Server.exe
2864	Server.exe
2864	Server.exe
2864	Server.exe
2864	Server.exe
2864	Server.exe
2864	Server.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exechrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

Processes:

chrome.exechrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133604124663191572"	chrome.exe

Modifies registry class 64 IoCs

Processes:

dnSpy.exeOpenWith.exechrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg	dnSpy.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\NodeSlot = "4"	dnSpy.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	dnSpy.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\LogicalViewMode = "3"	dnSpy.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\FFlags = "1"	dnSpy.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	dnSpy.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Downloads"	dnSpy.exe
Key created	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\json_auto_file\shell\open\command	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	dnSpy.exe
Key created	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	dnSpy.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupByDirection = "1"	dnSpy.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\3\NodeSlot = "5"	dnSpy.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\IconSize = "96"	dnSpy.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	dnSpy.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	dnSpy.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000050000001800000030f125b7ef471a10a5f102608c9eebac0a000000a0000000b474dbf787420341afbaf1b13dcd75cf64000000a000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000e0859ff2f94f6810ab9108002b27b3d90500000058000000	dnSpy.exe
Key created	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\json_auto_file\shell	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\FFlags = "1092616193"	dnSpy.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupView = "0"	dnSpy.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	dnSpy.exe
Key created	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\Mode = "1"	dnSpy.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	dnSpy.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\4 = 14002e8005398e082303024b98265d99428e115f0000	dnSpy.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\4\NodeSlot = "6"	dnSpy.exe
Key created	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg	dnSpy.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	dnSpy.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	dnSpy.exe
Key created	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	dnSpy.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	dnSpy.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Documents"	dnSpy.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 020000000100000000000000ffffffff	dnSpy.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	dnSpy.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Pictures"	dnSpy.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\IconSize = "96"	dnSpy.exe
Key created	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}	dnSpy.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\鰀䆟縀䆁\ = "json_auto_file"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\json_auto_file\shell\edit\command	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	dnSpy.exe
Key created	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	dnSpy.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	dnSpy.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupByKey:PID = "0"	dnSpy.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	dnSpy.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	dnSpy.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	dnSpy.exe
Key created	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\3	dnSpy.exe
Key created	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell	dnSpy.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\LogicalViewMode = "3"	dnSpy.exe
Key created	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	dnSpy.exe
Key created	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	dnSpy.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	dnSpy.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	dnSpy.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616193"	dnSpy.exe
Key created	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	dnSpy.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	dnSpy.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	dnSpy.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Version = "1"	dnSpy.exe
Key created	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	dnSpy.exe
Key created	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}	dnSpy.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\4\MRUListEx = ffffffff	dnSpy.exe
Key created	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	dnSpy.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\3\MRUListEx = ffffffff	dnSpy.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	dnSpy.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exechrome.exe

pid process

2444 chrome.exe
2444 chrome.exe
2448 chrome.exe
2448 chrome.exe
2404 chrome.exe
2404 chrome.exe
Suspicious behavior: GetForegroundWindowSpam 4 IoCs

Processes:

7zFM.exeOpenWith.exednSpy.exeOpenWith.exe

pid process

2376 7zFM.exe
4456 OpenWith.exe
4552 dnSpy.exe
4824 OpenWith.exe

pid	process
2376	7zFM.exe
4456	OpenWith.exe
4552	dnSpy.exe
4824	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

Processes:

chrome.exechrome.exe

pid	process
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2444	chrome.exe
Token: SeCreatePagefilePrivilege	2444	chrome.exe
Token: SeShutdownPrivilege	2444	chrome.exe
Token: SeCreatePagefilePrivilege	2444	chrome.exe
Token: SeShutdownPrivilege	2444	chrome.exe
Token: SeCreatePagefilePrivilege	2444	chrome.exe
Token: SeShutdownPrivilege	2444	chrome.exe
Token: SeCreatePagefilePrivilege	2444	chrome.exe
Token: SeShutdownPrivilege	2444	chrome.exe
Token: SeCreatePagefilePrivilege	2444	chrome.exe
Token: SeShutdownPrivilege	2444	chrome.exe
Token: SeCreatePagefilePrivilege	2444	chrome.exe
Token: SeShutdownPrivilege	2444	chrome.exe
Token: SeCreatePagefilePrivilege	2444	chrome.exe
Token: SeShutdownPrivilege	2444	chrome.exe
Token: SeCreatePagefilePrivilege	2444	chrome.exe
Token: SeShutdownPrivilege	2444	chrome.exe
Token: SeCreatePagefilePrivilege	2444	chrome.exe
Token: SeShutdownPrivilege	2444	chrome.exe
Token: SeCreatePagefilePrivilege	2444	chrome.exe
Token: SeShutdownPrivilege	2444	chrome.exe
Token: SeCreatePagefilePrivilege	2444	chrome.exe
Token: SeShutdownPrivilege	2444	chrome.exe
Token: SeCreatePagefilePrivilege	2444	chrome.exe
Token: SeShutdownPrivilege	2444	chrome.exe
Token: SeCreatePagefilePrivilege	2444	chrome.exe
Token: SeShutdownPrivilege	2444	chrome.exe
Token: SeCreatePagefilePrivilege	2444	chrome.exe
Token: SeShutdownPrivilege	2444	chrome.exe
Token: SeCreatePagefilePrivilege	2444	chrome.exe
Token: SeShutdownPrivilege	2444	chrome.exe
Token: SeCreatePagefilePrivilege	2444	chrome.exe
Token: SeShutdownPrivilege	2444	chrome.exe
Token: SeCreatePagefilePrivilege	2444	chrome.exe
Token: SeShutdownPrivilege	2444	chrome.exe
Token: SeCreatePagefilePrivilege	2444	chrome.exe
Token: SeShutdownPrivilege	2444	chrome.exe
Token: SeCreatePagefilePrivilege	2444	chrome.exe
Token: SeShutdownPrivilege	2444	chrome.exe
Token: SeCreatePagefilePrivilege	2444	chrome.exe
Token: SeShutdownPrivilege	2444	chrome.exe
Token: SeCreatePagefilePrivilege	2444	chrome.exe
Token: SeShutdownPrivilege	2444	chrome.exe
Token: SeCreatePagefilePrivilege	2444	chrome.exe
Token: SeShutdownPrivilege	2444	chrome.exe
Token: SeCreatePagefilePrivilege	2444	chrome.exe
Token: SeShutdownPrivilege	2444	chrome.exe
Token: SeCreatePagefilePrivilege	2444	chrome.exe
Token: SeShutdownPrivilege	2444	chrome.exe
Token: SeCreatePagefilePrivilege	2444	chrome.exe
Token: SeShutdownPrivilege	2444	chrome.exe
Token: SeCreatePagefilePrivilege	2444	chrome.exe
Token: SeShutdownPrivilege	2444	chrome.exe
Token: SeCreatePagefilePrivilege	2444	chrome.exe
Token: SeShutdownPrivilege	2444	chrome.exe
Token: SeCreatePagefilePrivilege	2444	chrome.exe
Token: SeShutdownPrivilege	2444	chrome.exe
Token: SeCreatePagefilePrivilege	2444	chrome.exe
Token: SeShutdownPrivilege	2444	chrome.exe
Token: SeCreatePagefilePrivilege	2444	chrome.exe
Token: SeShutdownPrivilege	2444	chrome.exe
Token: SeCreatePagefilePrivilege	2444	chrome.exe
Token: SeShutdownPrivilege	2444	chrome.exe
Token: SeCreatePagefilePrivilege	2444	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exe

pid	process
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe

Suspicious use of SendNotifyMessage 34 IoCs

Processes:

chrome.exe

pid	process
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe

Suspicious use of SetWindowsHookEx 39 IoCs

Processes:

OpenWith.exednSpy.exeOpenWith.exe

pid	process
4456	OpenWith.exe
4456	OpenWith.exe
4456	OpenWith.exe
4456	OpenWith.exe
4456	OpenWith.exe
4456	OpenWith.exe
4456	OpenWith.exe
4456	OpenWith.exe
4456	OpenWith.exe
4456	OpenWith.exe
4456	OpenWith.exe
4456	OpenWith.exe
4456	OpenWith.exe
4456	OpenWith.exe
4456	OpenWith.exe
4456	OpenWith.exe
4456	OpenWith.exe
4456	OpenWith.exe
4456	OpenWith.exe
4456	OpenWith.exe
4456	OpenWith.exe
4552	dnSpy.exe
4552	dnSpy.exe
4552	dnSpy.exe
4552	dnSpy.exe
4552	dnSpy.exe
4552	dnSpy.exe
4552	dnSpy.exe
4552	dnSpy.exe
4552	dnSpy.exe
4552	dnSpy.exe
4552	dnSpy.exe
4552	dnSpy.exe
4552	dnSpy.exe
4824	OpenWith.exe
4824	OpenWith.exe
4824	OpenWith.exe
4824	OpenWith.exe
4824	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2444 wrote to memory of 4784	2444	chrome.exe	chrome.exe
PID 2444 wrote to memory of 4784	2444	chrome.exe	chrome.exe
PID 2444 wrote to memory of 2056	2444	chrome.exe	chrome.exe
PID 2444 wrote to memory of 2056	2444	chrome.exe	chrome.exe
PID 2444 wrote to memory of 2056	2444	chrome.exe	chrome.exe
PID 2444 wrote to memory of 2056	2444	chrome.exe	chrome.exe
PID 2444 wrote to memory of 2056	2444	chrome.exe	chrome.exe
PID 2444 wrote to memory of 2056	2444	chrome.exe	chrome.exe
PID 2444 wrote to memory of 2056	2444	chrome.exe	chrome.exe
PID 2444 wrote to memory of 2056	2444	chrome.exe	chrome.exe
PID 2444 wrote to memory of 2056	2444	chrome.exe	chrome.exe
PID 2444 wrote to memory of 2056	2444	chrome.exe	chrome.exe
PID 2444 wrote to memory of 2056	2444	chrome.exe	chrome.exe
PID 2444 wrote to memory of 2056	2444	chrome.exe	chrome.exe
PID 2444 wrote to memory of 2056	2444	chrome.exe	chrome.exe
PID 2444 wrote to memory of 2056	2444	chrome.exe	chrome.exe
PID 2444 wrote to memory of 2056	2444	chrome.exe	chrome.exe
PID 2444 wrote to memory of 2056	2444	chrome.exe	chrome.exe
PID 2444 wrote to memory of 2056	2444	chrome.exe	chrome.exe
PID 2444 wrote to memory of 2056	2444	chrome.exe	chrome.exe
PID 2444 wrote to memory of 2056	2444	chrome.exe	chrome.exe
PID 2444 wrote to memory of 2056	2444	chrome.exe	chrome.exe
PID 2444 wrote to memory of 2056	2444	chrome.exe	chrome.exe
PID 2444 wrote to memory of 2056	2444	chrome.exe	chrome.exe
PID 2444 wrote to memory of 2056	2444	chrome.exe	chrome.exe
PID 2444 wrote to memory of 2056	2444	chrome.exe	chrome.exe
PID 2444 wrote to memory of 2056	2444	chrome.exe	chrome.exe
PID 2444 wrote to memory of 2056	2444	chrome.exe	chrome.exe
PID 2444 wrote to memory of 2056	2444	chrome.exe	chrome.exe
PID 2444 wrote to memory of 2056	2444	chrome.exe	chrome.exe
PID 2444 wrote to memory of 2056	2444	chrome.exe	chrome.exe
PID 2444 wrote to memory of 2056	2444	chrome.exe	chrome.exe
PID 2444 wrote to memory of 2056	2444	chrome.exe	chrome.exe
PID 2444 wrote to memory of 2468	2444	chrome.exe	chrome.exe
PID 2444 wrote to memory of 2468	2444	chrome.exe	chrome.exe
PID 2444 wrote to memory of 3996	2444	chrome.exe	chrome.exe
PID 2444 wrote to memory of 3996	2444	chrome.exe	chrome.exe
PID 2444 wrote to memory of 3996	2444	chrome.exe	chrome.exe
PID 2444 wrote to memory of 3996	2444	chrome.exe	chrome.exe
PID 2444 wrote to memory of 3996	2444	chrome.exe	chrome.exe
PID 2444 wrote to memory of 3996	2444	chrome.exe	chrome.exe
PID 2444 wrote to memory of 3996	2444	chrome.exe	chrome.exe
PID 2444 wrote to memory of 3996	2444	chrome.exe	chrome.exe
PID 2444 wrote to memory of 3996	2444	chrome.exe	chrome.exe
PID 2444 wrote to memory of 3996	2444	chrome.exe	chrome.exe
PID 2444 wrote to memory of 3996	2444	chrome.exe	chrome.exe
PID 2444 wrote to memory of 3996	2444	chrome.exe	chrome.exe
PID 2444 wrote to memory of 3996	2444	chrome.exe	chrome.exe
PID 2444 wrote to memory of 3996	2444	chrome.exe	chrome.exe
PID 2444 wrote to memory of 3996	2444	chrome.exe	chrome.exe
PID 2444 wrote to memory of 3996	2444	chrome.exe	chrome.exe
PID 2444 wrote to memory of 3996	2444	chrome.exe	chrome.exe
PID 2444 wrote to memory of 3996	2444	chrome.exe	chrome.exe
PID 2444 wrote to memory of 3996	2444	chrome.exe	chrome.exe
PID 2444 wrote to memory of 3996	2444	chrome.exe	chrome.exe
PID 2444 wrote to memory of 3996	2444	chrome.exe	chrome.exe
PID 2444 wrote to memory of 3996	2444	chrome.exe	chrome.exe
PID 2444 wrote to memory of 3996	2444	chrome.exe	chrome.exe
PID 2444 wrote to memory of 3996	2444	chrome.exe	chrome.exe
PID 2444 wrote to memory of 3996	2444	chrome.exe	chrome.exe
PID 2444 wrote to memory of 3996	2444	chrome.exe	chrome.exe
PID 2444 wrote to memory of 3996	2444	chrome.exe	chrome.exe
PID 2444 wrote to memory of 3996	2444	chrome.exe	chrome.exe
PID 2444 wrote to memory of 3996	2444	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/dnSpy/dnSpy/releases/download/v6.1.8/dnSpy-net-win32.zip
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc3142ab58,0x7ffc3142ab68,0x7ffc3142ab78
  2⤵
  PID:4784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1704 --field-trial-handle=1864,i,775027492689784256,11265335227675768867,131072 /prefetch:2
  2⤵
  PID:2056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1864,i,775027492689784256,11265335227675768867,131072 /prefetch:8
  2⤵
  PID:2468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2176 --field-trial-handle=1864,i,775027492689784256,11265335227675768867,131072 /prefetch:8
  2⤵
  PID:3996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2912 --field-trial-handle=1864,i,775027492689784256,11265335227675768867,131072 /prefetch:1
  2⤵
  PID:3168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2928 --field-trial-handle=1864,i,775027492689784256,11265335227675768867,131072 /prefetch:1
  2⤵
  PID:1424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4496 --field-trial-handle=1864,i,775027492689784256,11265335227675768867,131072 /prefetch:8
  2⤵
  PID:4920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 --field-trial-handle=1864,i,775027492689784256,11265335227675768867,131072 /prefetch:8
  2⤵
  PID:2520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3836 --field-trial-handle=1864,i,775027492689784256,11265335227675768867,131072 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=1820 --field-trial-handle=1864,i,775027492689784256,11265335227675768867,131072 /prefetch:1
  2⤵
  PID:1228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3272 --field-trial-handle=1864,i,775027492689784256,11265335227675768867,131072 /prefetch:1
  2⤵
  PID:940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2720 --field-trial-handle=1864,i,775027492689784256,11265335227675768867,131072 /prefetch:1
  2⤵
  PID:2628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3344 --field-trial-handle=1864,i,775027492689784256,11265335227675768867,131072 /prefetch:1
  2⤵
  PID:452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3260 --field-trial-handle=1864,i,775027492689784256,11265335227675768867,131072 /prefetch:1
  2⤵
  PID:1360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4932 --field-trial-handle=1864,i,775027492689784256,11265335227675768867,131072 /prefetch:1
  2⤵
  PID:1844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3304 --field-trial-handle=1864,i,775027492689784256,11265335227675768867,131072 /prefetch:8
  2⤵
  PID:1004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 --field-trial-handle=1864,i,775027492689784256,11265335227675768867,131072 /prefetch:8
  2⤵
  PID:3444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4732 --field-trial-handle=1864,i,775027492689784256,11265335227675768867,131072 /prefetch:8
  2⤵
  PID:812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=212 --field-trial-handle=1864,i,775027492689784256,11265335227675768867,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3932 --field-trial-handle=1864,i,775027492689784256,11265335227675768867,131072 /prefetch:8
  2⤵
  PID:1432

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1952

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:412

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\sheet rat v2.6.rar"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:2376

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4456
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\sheet rat v2.6\Themes.json
  2⤵
  PID:4064

C:\Users\Admin\Desktop\dnSpy.exe
"C:\Users\Admin\Desktop\dnSpy.exe"
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:2404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x120,0x124,0x128,0x11c,0x12c,0x7ffc3142ab58,0x7ffc3142ab68,0x7ffc3142ab78
  2⤵
  PID:4388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1752 --field-trial-handle=1948,i,4398653384811677729,13909802568780018122,131072 /prefetch:2
  2⤵
  PID:2344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1948,i,4398653384811677729,13909802568780018122,131072 /prefetch:8
  2⤵
  PID:552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2276 --field-trial-handle=1948,i,4398653384811677729,13909802568780018122,131072 /prefetch:8
  2⤵
  PID:180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3080 --field-trial-handle=1948,i,4398653384811677729,13909802568780018122,131072 /prefetch:1
  2⤵
  PID:3720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3088 --field-trial-handle=1948,i,4398653384811677729,13909802568780018122,131072 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4376 --field-trial-handle=1948,i,4398653384811677729,13909802568780018122,131072 /prefetch:1
  2⤵
  PID:4108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4536 --field-trial-handle=1948,i,4398653384811677729,13909802568780018122,131072 /prefetch:8
  2⤵
  PID:4916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4580 --field-trial-handle=1948,i,4398653384811677729,13909802568780018122,131072 /prefetch:8
  2⤵
  PID:2128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4632 --field-trial-handle=1948,i,4398653384811677729,13909802568780018122,131072 /prefetch:8
  2⤵
  PID:884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4692 --field-trial-handle=1948,i,4398653384811677729,13909802568780018122,131072 /prefetch:8
  2⤵
  PID:3804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4184 --field-trial-handle=1948,i,4398653384811677729,13909802568780018122,131072 /prefetch:8
  2⤵
  PID:1380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4368 --field-trial-handle=1948,i,4398653384811677729,13909802568780018122,131072 /prefetch:1
  2⤵
  PID:3392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2624 --field-trial-handle=1948,i,4398653384811677729,13909802568780018122,131072 /prefetch:1
  2⤵
  PID:3804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3352 --field-trial-handle=1948,i,4398653384811677729,13909802568780018122,131072 /prefetch:8
  2⤵
  PID:4636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3448 --field-trial-handle=1948,i,4398653384811677729,13909802568780018122,131072 /prefetch:1
  2⤵
  PID:2092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5080 --field-trial-handle=1948,i,4398653384811677729,13909802568780018122,131072 /prefetch:1
  2⤵
  PID:2256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4964 --field-trial-handle=1948,i,4398653384811677729,13909802568780018122,131072 /prefetch:1
  2⤵
  PID:3964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6424 --field-trial-handle=1948,i,4398653384811677729,13909802568780018122,131072 /prefetch:8
  2⤵
  PID:3160

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4864

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
1⤵
PID:5072

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
1⤵
PID:2308

C:\Users\Admin\Desktop\sheet rat v2.6\Server.exe
"C:\Users\Admin\Desktop\sheet rat v2.6\Server.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1692

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4824
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\sheet rat v2.6\Themes.json
  2⤵
  PID:3196

C:\Users\Admin\Desktop\sheet rat v2.6\Server.exe
"C:\Users\Admin\Desktop\sheet rat v2.6\Server.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\GMap.NET\DllCache\SQLite_v98_NET4_x86\System.Data.SQLite.DLL

Filesize
1.3MB

MD5
14393eb908e072fa3164597414bb0a75

SHA1
5e04e084ec44a0b29196d0c21213201240f11ba0

SHA256
59b9d95ae42e35525fc63f93168fe304409463ee070a3cf21a427a2833564b80

SHA512
f5fc3d9e98cca1fbbbe026707086a71f801016348d2355541d630879ad51a850f49eb4a5f7a94e12a844d7a7108d69fa6d762ee19f4805d6aafef16259b4330b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
d0df793c4e281659228b2837846ace2d

SHA1
ece0a5b1581f86b175ccbc7822483448ec728077

SHA256
4e5ceefae11a45c397cde5c6b725c18d8c63d80d2ce851fa94df1644169eafc9

SHA512
400a81d676e5c1e8e64655536b23dbae0a0dd47dc1e87e202e065903396e6a106770cec238093d748b9c71b5859edf097ffff2e088b5b79d6a449754140a52ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
5158fe7f397414bb749b704723bbeea2

SHA1
8453f55b7188bab1f8968c382dd9bedb2edf012b

SHA256
0f79d70c83d59d5c84bf264c83f7b4c9814f874329a403832b4923f188240336

SHA512
ca554b59a383644ef83bbfa7c1a35f8925d1c7abe892138dc8c978ce1a3add2cf6722abf4fd97417e3011299427d3c8d09791ea58607762729fa67c55ed93590

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
db323b7f7797e9d6b1c2f12548c50f52

SHA1
2fd006fab69b86d31c248b47ff729258b8d3931e

SHA256
e1b30ac5071453bbce55d499ef17f4363240ee53f33d6757212f9290a8ab75ea

SHA512
a03b300b4f0db69a395dc5a68d7d59197c84ddbc2731ca4187017d310352f70bc16973b3295cd2c95bd38699cddfd728ba6ed8ad4e976b0289f8c77d0486e5be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
acd6d2b2fe33c025ce9d56a7a275d995

SHA1
799898697f08dba60bb11cf0967504953dbbd392

SHA256
4902dc63e2a69f9dd6764ac9c799b92f8c59660fb2ab9e1e7534c39827560a2f

SHA512
16cb5a65b5317b935cb9794c8aeb9632015576daab374144cd9f0090da85cdf87af68f1eebe3905aa6e38ffbc9919409204c7935170fcbc5ae09f892e3dc1467

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
9f64016a4c4290aa986c047241fb32de

SHA1
b44713dd40848398753e66b6ed6bd8e551e30078

SHA256
8149863fc202188604608ce6112530386a420f4eb4736b161e4fb8b9207f7db5

SHA512
20b2bdfed8ec88d51679f50736bd395decd73dc01f3866247db60d841e8f3437c704ca0b69915adde81e85ae1a1c5fd4ea490a4deba7508faa90918c12e1cf0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
18KB

MD5
f89c26a8ea94423f4a800d8b7e793b31

SHA1
c2ed13e8980cc7697762d862e7055c3cc620db43

SHA256
1092c325a5fd568994462a40080c0b921e94316662fc9a7e89b75781b0a3be03

SHA512
988cdaa6c922b4fd2e4900275984565ceaeac34bbacfec7e19ee20ce58314ad45dd23149cc0c591f27100510bcffc58e51c41a2b0e976745c4141919b84dfa90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
88KB

MD5
f64473f7f0d77763bf319a920044a5fe

SHA1
085e34089773af2ec9ec67f206d51e9ada6a84fb

SHA256
d0ce3ff70f038c52fd30f79350f60b4dff5c9bf0f327a1389c83c409a1f8846d

SHA512
25a85139b51b7b1e45a30c3cb8a5f53d7c7c09d7a636236a2abe56e7737c5ff1b7481d2d71ccdee2959c480cece1f753acc27998c1cb981c989b5b03aec5a20a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
32KB

MD5
057478083c1d55ea0c2182b24f6dd72f

SHA1
caf557cd276a76992084efc4c8857b66791a6b7f

SHA256
bb2f90081933c0f2475883ca2c5cfee94e96d7314a09433fffc42e37f4cffd3b

SHA512
98ff4416db333e5a5a8f8f299c393dd1a50f574a2c1c601a0724a8ea7fb652f6ec0ba2267390327185ebea55f5c5049ab486d88b4c5fc1585a6a975238507a15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
19KB

MD5
d37ece4290313a264b5e235c0dadf2fb

SHA1
9ae09bed58122b3d3c4914c45e682dce63993e14

SHA256
e08d9d0fd918211315836b13807379efdf0a22ac163c96f96c5a14d1212781bd

SHA512
28a9ebb27fa73557ed24458864558fca4666cfd53766795b2c6785202fba4ca67a29a25f48d3e11ff9bf462b070349571d67a92b1202ae42ca8583db3a781a9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
20KB

MD5
e648b4f809fa852297cf344248779163

SHA1
ea6b174e3bca31d6d29b84ffbcbcc3749e47892e

SHA256
637f545351fbed7e7207fdf36e1381b0860f12fffde46a6fa43bdafcc7a05758

SHA512
a2240d4a902c8245e3ffebd0509e25dd5005d0e6f075f5c78a46095b9a52d86ed483583a2a8b39f1ad4e610d2f7ec63e4ef8eab89936d30da937690936ef4f12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
31KB

MD5
8e2a0e56ae25b282b437f9d5bd300d96

SHA1
5d4ba26731ee84ba9bbc5487312162b826ede550

SHA256
b48a7837a73459a7d6f545cb45a810533d9bf006a54077b2ca3bd62dd6f6315d

SHA512
a2529efb9941f92a6c84c40214bc9c7c97ab70dd69040238b82f9422bfb5424b41e3f56146017c4a9fdb545b17f84058e03c8179fd4f6385e542d799df5d7a4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
33KB

MD5
6421402a1cc524265d011f6f60391c48

SHA1
c8d4043da71ee2b80f5b6047744a8e73e059212a

SHA256
b49790fa412e26717ec0ae193730eced4f821a720f8f2728b45fecf9786aa02f

SHA512
3ae39ac80878faab23aa3d3b1d43837c918e1b3ca23d48be4b036b30337d9eada0b8485f47c4e7736ae6ac6b69485e1c43cf00ee3d16145b9141a5ab857997ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
72KB

MD5
ce2f90b81ee3a43f46c29223ad1d981b

SHA1
b82b68c892bd7c8b0bf06a883f1bdcd8ca0121e5

SHA256
7b5c7bc066eb345c6c48189f960ad13fac80add5b5769e2d7a1f59d82a382505

SHA512
85333d169f9815e608eca91d3ba07b18ad6d121806caec0474fd73bcdf22cd0ec032058ae029fd8ac650667df7a382c1fe186ec15f2e13b224a253e7d7c3c674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
37KB

MD5
f0194b64008c20ab1665e346927ff79b

SHA1
e3e7159c808e5c5bde1508b48b1a490b91ff5938

SHA256
6608702e97ce70473dc6d7dc872a783de340691bc948f83ef2452661f3047ba2

SHA512
6a8da217b7d0e055d61918aaa27b511efc2ae3589b7138928ac83725c56662e72db3c2693cf685c335dd6f1795c835d8a3862719c24183d7d8e2295aacb00b63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
22KB

MD5
e06663079c2bcb952833d800f0574a71

SHA1
e95a70f56f3da7f5c2cef1ac5b5033e7767ff448

SHA256
ad75e197660eba081e7ec7bacaa0cacb9787a98f9138bb786927595a4153296c

SHA512
9642a811c37d74b29de0a862fda3fc7522171f0e0dc72ef34bd57e76c5c72153f976bafbccba7c06063815a232928206f1e2a8fad78aa52e03d79878671b9231

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
42KB

MD5
b12a51f97e25c747336afc3f3958c89e

SHA1
bb7f9288f577ed55e2d7d6ecae300ebece99bae8

SHA256
62184772b9e1fbb336ff46ce4741c642bc6c30ed48dc80c534271a95d35ca35a

SHA512
93853f4fc8358f1adf07978616b452103358b0f8e4d52fbd458cc4118e3beb6adfa62a591b58ac5d9c2155fb6d83dabbf3788f56ba960f0afb1657cc09a566c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
44KB

MD5
7ea3a7685d37ada753d75eff793a5615

SHA1
0bfcb0cee5f098a49b780acdf5015350a95d6484

SHA256
655815c67cd44f95f701a255d0280e4cd16b5c08b60134bb114aeba0952b9b7f

SHA512
39bb809ce09e47149503e502fa2e6438280f2e5ccbe4d81f4323caa19912fddc12124051032e7ab89a98c3f5950120a815bdbeeb9e3622051188914e0b32829f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
16KB

MD5
77c80c8dacc59734ff6a53a185f43bbb

SHA1
ca6da0e81e6ff28ad71209c2be7bab9e5e537acb

SHA256
c660ea51ddcd6e34b0152d4e334f6e8f4e6fc730ebbf48e92fc9de48db3e4054

SHA512
caee0f44ee7801d4e46a58ee59bf6f2a2f424663d4db06d157a04132f2abdd3bd1f7083d5f634ae6638bb9abe68f22ad0d52e67abddb8c68d78ac02ac73f62e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
20KB

MD5
4588208961b6b7ed6cd974687346348a

SHA1
52085a4f6c875b6949261704f05050c1727e9c55

SHA256
95a95b07b4e0d051f83a51b680810572bd1244b42cb6e640d3b29b98f3e92885

SHA512
a9853353e68286f62535548ddbf1a97f1b39c1b6200161a660b1a4eac6864a1f6e93ab72d2cfe61249bf4543e2317f04babb3be211a37c12a55d55ee08b2b515

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
23KB

MD5
cd7b3e4dfecea7028bc1bdeda5a47477

SHA1
5c37dcaa4ed3c2a4051e4dc1714a342ac0de8365

SHA256
4d401337713e7f1c9f6588f8f7d79721e531c837b5f2f73c0b3cb372fd8f9b87

SHA512
ea11eb8d8347a39a1aa990a05cce6543e47145a1e618091750e2ad77497449e12e8b4d5b1e3385c9669cdd6a66e7dac96ff0e67913730c27c0ef2ff40a669f2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
23KB

MD5
82db06ca267ac7fdd878a1df35f41f4e

SHA1
9dae7f1ae60d7b83dbdada64fd1b4296f8f20051

SHA256
3847721350fd764d4d21cb4d2e02ab95c4ccdaa9d8ffefeb6f1078bf169ac6fb

SHA512
6e9beeca7caa94fc5dcf929d5af18d24acfc2a56612840b7084fb6057785d85b272eec8acdf4457c7dd1de9bee5e03fefc082a170131002229da0c01da9a8fb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
29KB

MD5
28198fab85f1ac98f664600f670ba43d

SHA1
ee0dd46d793071270130c08412258d8c32194a32

SHA256
81bd52c3dd2417f30deadecbe5412bed404a86e05233b7b7ba6b7e8f682b5b49

SHA512
a1b3ff8361213c15bb077a3b9d31e9cb8b7705d04f2815395c13365972ca94e798f11532df48583fb3792df329d2a98ec903aa0457841da34f062f170de5d921

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

Filesize
69KB

MD5
805d4fdfc3d3e5ddd5391b8f361fa519

SHA1
5425f05d27964bc57cd879e16914bce5053ec743

SHA256
3924dabf7b129ad34cdd665768bff84c6ffa449b942cab5df2e30b0ea9efb659

SHA512
7a64df530a77faf100ba32d9cf82ca5d57f6f11f40a1e6688d695d3b726b807b6f7e34853fb2b7ecb30c137465618f09077031f42b24eb80ee90ab5c3a0bd8ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028

Filesize
325KB

MD5
90041918dd0b774734064105489a3c93

SHA1
127e40a8d8e4f675aed1cb7544402bb6d9c17ec6

SHA256
8ecd8216108f826bb3ed15b25e96a644b8b0907320c1296e48a95143901ab343

SHA512
c4e79a8c10db6222aa995f5ce5524d9baed348d95261820b7c462355c2395791f28b47a7d12a615419effb7f81e81ca1ebe6efc7d1643d96e5f6493d504f4a5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029

Filesize
141KB

MD5
dd6132dc1f31a04be271b6996dbd785a

SHA1
201d83791a05c0378b6afce33759fcc10fe8f53a

SHA256
f861260c45678dc6ac43c3eab721214fa255274b3b48a90b86a2a289f1134d09

SHA512
48e7af30a6cc847e71ee98284546d2e41fd77f974b134892edb2b9941ebe5fbd70eed97f122e1ca42fabbef3cc352153b998c3158196fed65bd730f52a6a45af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002f

Filesize
248KB

MD5
cc3123a4a0b99f17740c967863a97383

SHA1
a2a2608a05751cba6ed6526dd9101232e9c129c8

SHA256
2ae81b226ce08ff9568e23b20fc6fde5806889137e3fb33c58ea0d69ecb92452

SHA512
d31515e88c3d1bc7e478b75dd7aeed6140dffb364ea8304d9d16f11b757789bf799e2c74d13ea71011646308aad1ee5e3e41f1d22fc126192596648acbd73c0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000030

Filesize
160KB

MD5
60d33c32ce7ed08303cf9eacb22ac646

SHA1
2abc8aa7fc62e82e9a9aa40d052f2ba29f217520

SHA256
36a413b120479a8319a660dcd7e3d724fc07f01c02e09a84820cd7eeab5237a3

SHA512
a5009b4f1de5d55042415b4c66b91d14f0dc38fe5d2ed084109713d0ce56e8e240a62141bcf5b0361e081f717c2895dea1742bc493f40385edd9211f8dbaa2f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000057

Filesize
204KB

MD5
41785febb3bce5997812ab812909e7db

SHA1
c2dae6cfbf5e28bb34562db75601fadd1f67eacb

SHA256
696a298fa617f26115168d70442c29f2d854f595497ea2034124a7e27b036483

SHA512
b82cfd843b13487c79dc5c7f07c84a236cf2065d69c9e0a79d36ac1afc78fa04fba30c31903f48d1d2d44f17fb951002e90fb4e92b9eae7677dbb6f023e68919

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000077

Filesize
43KB

MD5
79a6c3e0a66e747cc844035571f9dfb2

SHA1
e09cb95e29fe4058f5ef984599531adbee10c12c

SHA256
f7716dc0b813767205f7f5e66e205d2c88c408bdaa5a0003e326a06030af6951

SHA512
0def82e15993c0296d62d70e5449f131b257a197d362b5964da76733de840462dad04c4ec436cf22fc003e5a07625fde1edb4b9cb5b76ef4bd3dc837f6a56afa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
15b99600a02d44553c5d8bb19464583f

SHA1
670e63b40079d182ac6c0900868ff99cdfcf5eca

SHA256
875d5ad58b3198e97c18e57fbb03f7e497629eaf5c1865559eae7d0d7ffded56

SHA512
4fbadf569517c5df235c1e7e9174f709cebfad5b4db732220274592a6ce5c713de0395958e740b4437a9d40c3f0fe6a2beb6be1ae315a9302981c24b1801c449

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
888B

MD5
46e3aed06ce82331da97c59db3c8f863

SHA1
ee576299c637109651e9b625d84c8233ba4acb50

SHA256
eebc5dc8b79d50ba163e909bc337c2d9c94df1057f03b016654b2b1badbf0fd5

SHA512
6f22a2dc4b57746bb0fd65ab9b74b87b8f95b2c9ad19f70e583c4521782666949e77aaabf6fe15fc417deb2ed3698019fa6a5d1da7a1a320951933914b4013d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_download.oxy.st_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_oxy.st_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
6bf1a2158d615cd4b73bad75db4750d3

SHA1
a7edeeffa51ab64e47da0c56e1c232284db0afa1

SHA256
624bb92cc0ce9b69aab59cc7503e1de435f31455ef648424eb415f68a958089f

SHA512
aeb62616edbf0c18f0c3ea0a3d3ae858ac3d0c238344d681e18d880754c7e762730826a56150b95f3a0741a670ef9de8d34bd417542dc7b3534cba316eb964d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
71347b6904857222b3dd1d5b6111d7a0

SHA1
77a904eda52a15c70753ac50b2961b076cb8577a

SHA256
6797df9c03a19b8c68ee24f18a2e8fd45d6cdf8eb2fba662c1e2f8c1ef323ad9

SHA512
5395a4fe8190d722f1ded10b429ec772721373c5c0367637aa207ee81bc0f2a06e02d1b562bd7561f8e06ae4ac390b1d20ba4eb825d883a59839a5716749fa59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
1f4a03cb55fb309c3746c57b807ecf9c

SHA1
f273dcf30a6820eca4a1bac095cabfc69ee874f5

SHA256
b504856eb5621d9b6564934868ca185ea0ca604804140da9f35ea456c400cbbc

SHA512
212c89358a73218a2e692fe1dae31be0fc4370513c447ba466f698059a6db903f05a01b6dece1b8ca339a6305f554a5f04a99d1648b2d6550a3688aa06008687

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
a05731ad85d5037f200e5d2fcb2f7db6

SHA1
79c3f9fd4b0bdd52fc007478c2400f1c96bb1e94

SHA256
c0c21555d0b8d099d98d3cddd5ece9e35bc66e35242b606715888441804d7cc0

SHA512
fe3cf8422eb7dd57df55e7f0c6d3ece5a99a0122f911855b8098e8396041091480c3687f639c0bf035c89e30db02b18d92f6ae9071eb39ac0cf8ba056d01951b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
8e9a5fa98e960e50deea4039a50d4563

SHA1
f4395d65ee2bb9590aaf479a9a476d9bb5a4a374

SHA256
828ce4bd8e19a4bf9329aa1f2487858b24603e63ddbcf4dcae266ccbf118dcfa

SHA512
c6962be7ed8c1fda0e323a656d24c1bcd58f708098739d04a81654f0415f772c49e37511e27b996ee8031967fbff01ad8d75bc29b602dd0648784c1284175137

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
521B

MD5
001054de510ad28a12a13f917029e72d

SHA1
be1696ba5ef47f3c660fd17f7e610460cf7e4e5b

SHA256
b1b5e6c5419f412461779d570f4c1d988236adc250f3ea5c344d773f5ceb5e2a

SHA512
d1b75afc73eaa6b7e35d17ee8e5cc3fdfb7e761768348ccb2a00a969658dab2facde5169aff732fb653e55c74ecd02bcff5084daed800d8d991c382fddcb6e0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
5df001c05a3bcafe42ffd0be75bac656

SHA1
9d4761a1e418f64a04b49aa7f1bc0759089e4532

SHA256
d8740932bf244895e8d24eafa311954e1f675c148b445c64ab509190012fcc9d

SHA512
44acf651b6263de8b5c01ec8486f37bf5352c3c5f105dde0635046a8a2f2710048ddcb719e59e1c292c89545cde2b2e7dbfa3d4a15d4f5fa8a66ed73271bf094

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
db70828a5fd3b9899c3f125befc14289

SHA1
4fe7537c70e4736c0bbd715b69f79af9d33ace86

SHA256
8d246fcf2b78ae887b7b9734e451d7631fa80e25a67e497f7e21c340f8e7aa5d

SHA512
d4591aa126944d012603363183a0a80afab19e41147ce7fc3d15816366cb587a3b3d9331b3c9dac8b3b17a9a1a4bc339fe789c8f7230bf274323f9aff7b7d2eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
0c6f00a5337bf86bc19acc75650edf82

SHA1
677d0436326b0dc52a74fc1c8c92db693931e9f5

SHA256
edce2c502076b249afa944e3c79a3d313a0f4cefbd9e5cb4c92a283e1eeae822

SHA512
c2a5637d6320d33d1b77d987c1d87cc7f3d0418eed37502deec648455527f470f4839fcbbcca8279ee314f0540da7c4a56639a7f97431940fa5e1d9c026cddef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
29616edc98222a33c05129a574406542

SHA1
45a6637074662dd78c1403c587ce9bec9f6ad8d3

SHA256
46c02e98d65d90a9151e8030ef245ecec81cb1c5f67bcad25defaac311bde95f

SHA512
bf2e1fd42fc925e94da3a62e8a7e9d4ea23248184d193d93f673c96dd9147c934f0dbd38fbf5dbccc489c19cfade1534d6529eee96cdd902c7022034a214dbdc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
a0f305b67c3afd570c0267ce428af66e

SHA1
6441d49e8f5879dccb1d1a8da026a309ed581c9f

SHA256
c0db39e76065a2af1877bfe1b4d3ed189502ee10e985f52b133218b20d061d40

SHA512
f6e5302a2b11c36c8853e58dc253748f6ee59c408233bbf7a86ae58b10a37875efb21e36beb0f5961c26cd3258a083cfec7a189cbf606edd22acd00b2f76310f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
aff06436e6efe928a3debbb0c78add8c

SHA1
889fb19b89dc4767176a27a09c0d837b3785d5ef

SHA256
13ea9d6594ee6d74546204b0016520e514c87b8bb201eba6d6f875c33d7d5e9e

SHA512
80a82b6f7e65e0896e8c74d65f9819c1364ba98be4e663413e64f4563dc0d12ea9659e1154ccefc8b46f8711a87f52166f32a9b1f5e4cb5bae78962bdf12bc22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
747b7aaa152ddad59319b36d03d2a195

SHA1
6ee4e92dd7dbb6eed400a6c23917df4d27c2a9bf

SHA256
3456b09309db20aa726c093e6b3ff7a17ec49cff73c449ad82e579a3146a02bb

SHA512
c5c15f6f8c5f2848d440466f272c2cbb060bf1693fe22801328e14fe906b96a03aa769ecc4683852c2f552dca4d21ebb4dcc66d0cef479822664ad2ffc8082ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
1576d15d5dff494d583aff87ce88dea8

SHA1
4cc08717d0eecda9f2f3f00dd84bc4472f40891d

SHA256
aeabf8aeb9e62972d89321956a0b560dc3b06554aae9e1d66325514db40088f0

SHA512
a46db8c6e1eec1a5628255e7bff72ee3c1ca25842109557b4f4bed7372f42bbbbc8450d3d8a925607cf3c49bce41f3f6b956bbb73cd95672c9f2d94c1fd2cd40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
7f268cfa0170289e9e9be158261c0a51

SHA1
87a584bca54e5b02dd9cb7d31f8f5afa7cb76c52

SHA256
488c5f510f459d972e662bc6361e08e9a71b3c3d9009cf708bf22cee6cad8275

SHA512
ae3f8fe9b83c7aab467f3f10f899240af425d52db392e29aef5d94fe2c4d5c3cd0dc694afd39cdbaaddd6477e8989c9612fa7b70981a7dcefd27cfd7cd010d65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
5d28ddc4a8502a69d27a0bb9511ccf2a

SHA1
9bfc8cdb6bd96612391131c9dd1bfc27a9db736c

SHA256
4ba82a628176ae4d8ffc98ad14a6942ba446e53b39f53e484f6f62fe56c2ec44

SHA512
837cc0a97fac74947c3f5d7a289fc0ecd40dd5cb5605b26fad4c7a78fb60b2444b98651fd8635fc6fcb907dff9971e8a66a3396ed770bdf21130f258787296e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d45e6b474d760b4f2e9d46c9ea3a44ee

SHA1
6edc344865eac84b8becdf47d169d71957f9c2cb

SHA256
68dffc725099238f84d834c212abfcea5cdb286f991d08e5bed45acf1feead79

SHA512
e384943775d0a7c85430aeaed05131f22de75d205c08fba02a16f8f8572eae29b174393d72ef03275a0c1a64a74f124e023d54d7b543b628c33bbed591c235bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d2ef28f1551886e521ebf16c532ac20d

SHA1
8bd05339d3eb6a94364c122cc185c5ae26833eac

SHA256
e06b5a802e48daed8df6b293932d5a9941270ac6d294d3314be5add38eb02f8d

SHA512
587d401b8394560143cc995f119f493d22d2a294797f6445fcbd80e9c1ac7c2a451346eee6faa1c99f48068d1a383d36a71ab7a016d705564e1e11d22a3713af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
4df194dcfb7c822a6c70f3a11f613e86

SHA1
ad04ad213f160308d8d6b5a94087ad103af8cb5f

SHA256
39f106fa5753e493493e4632f8a4ff2c32168513465deae239810657dabfbff1

SHA512
788889f9f4696e29eb05eec53b0e8478f9f82f22f93a81c2955bd5447055f101bb13ca6f837967522d2663fc2d7b721414248e2e05861eaff4218f1a6461d6ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
5d306585e2faf9bbe8e6d99234492034

SHA1
64e7707b0ed4a11aa3998fc97f13370adfc5fe77

SHA256
157a16695f2e2bc6c941763e7a240466f426f36e515e6ce37461edb6d3e32dfd

SHA512
ccb0b092af2c70a84039b568b2fa5930ad581464a584fa6dfcef2f5277957ebd736657e980651c0733e0dc37c06dd4ed1b91e0f4b40b35670f727f553a6f2ddc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
a775a2603cfd29d09cb44c1306de5a27

SHA1
7cf4501107037b4c3fa7d61cb717dd9665d5427a

SHA256
705062744f880f0966d72d6b491d52e2eabe088356612b15a154df8fc2ebbed9

SHA512
62d336ac09a7f68c6c319911333636326804d9894fa06f65ea18fb92bdeda956b2f01d589d6ea8bf24aad985723cb2abb632f99d4031922e2835425d779b348d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
9a1aadacb00850d6a3ab418abd28aa00

SHA1
7c16234c5a589d7db707fc40985c13532091101c

SHA256
fad85accf8bce242429f3e7e7f1dd7be1f8101a0e5123e1dcc761705ce918130

SHA512
ec09f36a7047bf8abc3b1b5478d2555abac6f938fb420f0862b285f9f7188fdf76fc4e7a02aa2d7ee32aa05c2441e150f7ebe8f018fc1ca36900a1793f4b658b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
82df555ff340ced32f4ce4a80f0deb06

SHA1
a5747783cb8cecba345df836e47b33ba7c690610

SHA256
41eb4e039aa6d9019249ec4656393500109f092d25477bd6f18fe4b7e384b36c

SHA512
f4b3fb00ff5d345334759fd37980574366a971527f22bee216324e14e9f0599e220b563f4d62b1637649156a40fb1eb663045e904d6dd5b00631b1be7631815f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a614e3701b416d7e0b8fb8b19026faa3

SHA1
ba049794f892fac1099d300e7489469f93a1f11f

SHA256
1dd499b6851f90f1e3decc8f8d06186e2bf116c4a363caf5412c05ef28d0c7b3

SHA512
468c8576ed79efb76d40bf5b60f665d3da839caecaf85a7799453ab31c9bb1eb3c51c943ea6dbde895d3a297f3487ae3d4d43fc4cffc5f6dbda679860e3c08b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7cf24729a083526e90182710e8799e97

SHA1
59e2401bfd8f79b74aa7b8788f3551052cfdc520

SHA256
ba9c72fe5836cd7950c81fdfed41589c71766b024f5b72c25ffa3b4f3808ebb0

SHA512
221ae6cc86012dc22e696c2f6f2d4e83df62a66c9547761b48dc5e9d1c6d160cf21ce6dc16106135ecc5e81c438406314b1023b2a4ddc6ee29a6a38bd5e2bde1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
63d49eba610e6435b74c4c453056175a

SHA1
6cf72e836c64ab7f089ef4858bd92695b49b7413

SHA256
679ed8e56a3dd40619605d783aae71ae09c798102d5c38cc479a9f99c911b167

SHA512
95f60ec88310765f6dd2b3dbed6351bb1f6f73ef1902f94ccc0f3075a540504c064cc5e02ef50ce4e28704571d3a92b177ad56ea271236c8cc28c01a2b4be014

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
6c1b884acca23dcf4ea1d0b5b584ebee

SHA1
d7fa57b588a77be5808367992ada5dd5cbe71c1b

SHA256
6e85093ad1a7a83da85d8f75cb2f09727264a130ef474e75ddd916a7de25e20e

SHA512
03ab23bbb96ffa29e7c514daa07b0ed29e810d7f3c15c620c9c7fa496d4f2d511d38e99efe3b7db7e140f844f8f91048abf0f23a32498619ffe1f2814183fc38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e6bb35091c49b7d7c977a60eccba6c31

SHA1
94402870db4a8cd458ad81f5456dfdf23c329055

SHA256
22c1dc7317066a715b12942716a2b38f5217d03bc312e5f9c11bf5d1a2244b61

SHA512
9c5a0834fd7f86e2b0eb82890f3e783f0077eed4bc1fe5d0d9fac9bee2277dc74c52ac28d04a8372fdcac8ddaec1c49905671e8946dcd4afed4aeb061f06a2f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
870a672bc8c046ef4de5ed8c8dd59c12

SHA1
3560ba983b69ea3427ad2fe44eb477b7decd9053

SHA256
9d02ecec9ad8999f01a6462a25ae2c1ae0d4bfe42c4317afcb4d844891f73405

SHA512
ec3991f8e8479a12a16808cb7e6580541186d4d182a0b7fe12ba6c666dedb0473d20fe3ed5a7f879c8b4d9b6384fbbd8209c089a6020c9c3560874a55b08af06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4c3f4a5504d1cf64ca60eba7e6b2a9de

SHA1
a5de45c04800d36b1d278e966732adb51c5bc31e

SHA256
73ac35a183f74f760c3bd2dddde946755aca049faf542c5ad1567230009577d2

SHA512
719327700702e034f3dd953588a2fb1df2923c26e82b5053118c904bf5a7e7ce5d7f3eb3a3071c4d51bfdcfa3753dc0f2183757afbac07856d2125c04d165434

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
47fe95ab11c9a154be866192000a2a7b

SHA1
1a4b0402cb322ec17a79d7c007d1778446a4e89c

SHA256
2ba816116b97f3ba7b06b8f63fc107f8f5c95e69e6f7897601ba3b7328a5b117

SHA512
03896c34b3c9725a4a0124ae35c59275a2561a2e76a821f7c8c76507330e9c03348706ee94c19b09c1d9ade7605749a61a71cdf139101f47eff000d44690661d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
009b9a2ee7afbf6dd0b9617fc8f8ecba

SHA1
c97ed0652e731fc412e3b7bdfca2994b7cc206a7

SHA256
de607a2c68f52e15a104ead9ecbaa3e6862fdb11eac080e408ba4d69f1f7a915

SHA512
6161dd952ae140a8fb8aa5e33f06bc65fdc15ce3fbfe4c576dc2668c86bce4a1d5c1112caee014e5efa3698547faad3bc80ec253eedb43148e36e1a02ce89910

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
259KB

MD5
77a6fc96236e0f69c97e44cea35ec3c8

SHA1
da3e90340d935f100525f9f91d90dc5ac65d2c48

SHA256
04c823f326c89cc614c2f25a40ebf9498482a32fe062fe29b698b556a3f4d739

SHA512
20b227c09a5bda06c263e1b548025cf46344b6029fb481f367eb4d869752d2a2e61170347ef682a95af4f93d2f422cffa6a9ffe2b9d08d6b2ee70c1576c0b1dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
15f57d736cc943e9d9781e44043fa414

SHA1
311807bf9c4bfb2437ae3c2c5e9a5ac87f2f8e4c

SHA256
b581522b155ecffb6c07baad610c8a3a2c2fd222dba1ee48d5b58312976bfd0e

SHA512
a2c85fb8d35126aa971c9f17e23517f6073fa6ef2e523aedc7e2d574922077201458a25f6f02ca174b189f623777839336812cc1efc1a61d98dd89f38ba64e3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
259KB

MD5
93b775a1e2a99dc509844bc802c7eef2

SHA1
6f7016e6ce505c0fb54a757b533b616a29ef0a1f

SHA256
86343ecc05b3b54432751ef0416a3a79181ef1e09748d4b6917f2f68338645d5

SHA512
597c617083094364f791dbbfaafe8215c82baecdde6425caab5ba95dd81a3add8e1ec254c67e9364ce756a7dcd1f60c43e42562e2756dc3548b827d780a2738c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
3317847a1d66b09ebd5c7a13d2beea9b

SHA1
64e137d5a65063b6122eb4bbfc20632082c0e93c

SHA256
6747ba5f2c52b987323662b4eea38eafd8dea7f771e0f9de242028ba055b03a7

SHA512
e650f21aaacfd525fb90ba4763adc8f1d320d3f2693768b883851d162ac2038f0ec70f06152b07fe35a70da5a65811db7d8a31ff1e5c51339d4b67aad70f1bb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
100KB

MD5
32931151204494f34566c6878c96620c

SHA1
1be3a71fae6143e2549d5f75c6fdb1cb62b461ab

SHA256
25df9bbb1512065c6d245597a9026c9a10e95fc64b7d2a295a78aeb8598c030a

SHA512
6475037a14fe90176d01b8e3afffa160f2cf8a1f549038230978188a3bdfdb2a9daaf50b8dcea4259632fbe6e08d58a6bd2925ff64f613446317ef963cb5ec7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
380bd26fbecca600ac84e1067ecfb74d

SHA1
beeeef1942b4cca9a59ab66eff423b2c6a57b5c4

SHA256
33a5d14f9aa3a27b216adb6fb1b416fa2e12794bae37f93616e96f96531b6944

SHA512
fa5e739a27616d4e2f76a486894821ba7f3d353bf956ee6b60d842502e11955863c927370b6a6a8a10c83dc54f38b8a0d911debb168de83eb63f1ff30eb2f0c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
2f809e2e3f2dab07cc7a4962639ac951

SHA1
4dfb05ffc7900a01880902be40dad059c7304382

SHA256
5ec4c2acca2a434d639de1ee5f18472626dc3d9e724184f20de0fbe4088d736c

SHA512
7e878adf6e26dab108f57da2de40c203d3237bddc2270f0199dc8d0778fa2a0d6efba0e0242b6ec242e491823d4d51309eacdcd22ac2d98bffba926784831e0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58b34d.TMP

Filesize
94KB

MD5
700a2091b6d66f695808c8a3c8fbdca7

SHA1
f50a3378440fd0d37285ed1a1fb3794c69208fef

SHA256
45f8b7afe3fbc49100bf7d7783bea05b15c59e5d1b8df44249c8812d3cc64f48

SHA512
882ba8c83e819bc968b90ea6a163e180f9008a67fb9cbae6497f11f44b45cd33d43ae58a58b05ece438a499bc623aa25d85072fc7ee659741d3fc12749cec736

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
8a7def1d44f8a79e4201efbeb8dd9c11

SHA1
bc396081e1995e637efc5d070eddd797e92b0018

SHA256
49266ba98ae4338cc13896535c9537fd7fc3f40181c425904ab07e9e5ee748f8

SHA512
a5b71250a2875210b537f2a1aa397af5f1f2bdb843254d20ef0c4ff73cd490ad6a2891b449e1f3ce73f1adce3fec8504eebb21ad3a7eb4aa9a524e1b18e0a607

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Server\Server.exe_Url_i5cm5l3jhkqbqgcva4ebc4kkrfcdkh51\1.0.0.0\0ya2daua.newcfg

Filesize
434B

MD5
cfcf8e91857f364e002065c52ff8f91c

SHA1
8407ecb3c33a1f3fcf18a723e6884acf7e5a0f4a

SHA256
572dda8c7f211dc6a4efc7aecb4a54cb4e0ced1e4c9a4b9f96bb329c983c64e6

SHA512
364fecac3a051441b4fefcebb2cc9e38632f99dd04593cd5d9b148986afb09b195e88cdbfa2e778b8934564b76d04fe053f919f0a60769b023f2f753ede06d1e

Download Submit
C:\Users\Admin\AppData\Local\Server\Server.exe_Url_i5cm5l3jhkqbqgcva4ebc4kkrfcdkh51\1.0.0.0\user.config

Filesize
311B

MD5
a35bc67d130a4fb76c2c2831cbdddd55

SHA1
66502423bba03870522e50608212b6ee27ebf4c5

SHA256
e94a97e512fbc8ed9f5691d921fdeddbff4cc16b024c5335adf66bff3a7a8192

SHA512
4401b234d7914afa860e356be1667cc5f44402255f7cc6cc3d8df80883167f6b55463e62156df57be697ee501897fac61a71f97911c6fdb6630272341ac8a07e

Download Submit
C:\Users\Admin\AppData\Local\Server\Server.exe_Url_i5cm5l3jhkqbqgcva4ebc4kkrfcdkh51\1.0.0.0\user.config

Filesize
561B

MD5
2e8ab7cdc2081c09a98f6c5593909409

SHA1
282769c943f8ab0429315869466d042a99de95f4

SHA256
17eee8708a1bbc35422e6ad9b6eff3bec4f8a8b8a87cce8e6cc0da2d94c9b3ae

SHA512
b815e0deaea5348d5ec68cdba3e4b5018e6224299f170859181f90961831b7d14deda144b32d64b11f8da7f4cbdb0b86a8d253b0ee179df68baac274a363ef2a

Download Submit
C:\Users\Admin\AppData\Local\Server\Server.exe_Url_i5cm5l3jhkqbqgcva4ebc4kkrfcdkh51\1.0.0.0\user.config

Filesize
687B

MD5
b18785caae8834f89e34cde89b93cafc

SHA1
cee194149b484295ddba88111a251986bdc0c7af

SHA256
105971bbe15f24f50dad97d466b55222e52dfdb4a71b1b3a6452cfba28a10811

SHA512
fb108e2997a0ea7bce21113118997f358d73a43a40e2b4b9962738cd88dc6d9dfc17e17e63c8ba8c5a5504e5775fbe9e8084ee8e6086cf0eab709335ed8b282c

Download Submit
C:\Users\Admin\Desktop\sheet rat v2.6\GMap.NET.Core.dll

Filesize
2.9MB

MD5
819352ea9e832d24fc4cebb2757a462b

SHA1
aba7e1b29bdcd0c5a307087b55c2ec0c7ca81f11

SHA256
58c755fcfc65cddea561023d736e8991f0ad69da5e1378dea59e98c5db901b86

SHA512
6a5b0e1553616ea29ec72c12072ae05bdd709468a173e8adbdfe391b072c001ecacb3dd879845f8d599c6152eca2530cdaa2c069b1f94294f778158eaaebe45a

Download Submit
C:\Users\Admin\Desktop\sheet rat v2.6\GMap.NET.WindowsForms.dll

Filesize
147KB

MD5
32a8742009ffdfd68b46fe8fd4794386

SHA1
de18190d77ae094b03d357abfa4a465058cd54e3

SHA256
741e1a8f05863856a25d101bd35bf97cba0b637f0c04ecb432c1d85a78ef1365

SHA512
22418d5e887a6022abe8a7cbb0b6917a7478d468d211eecd03a95b8fb6452fc59db5178573e25d5d449968ead26bb0b2bfbfada7043c9a7a1796baca5235a82b

Download Submit
C:\Users\Admin\Desktop\sheet rat v2.6\IconExtractor.dll

Filesize
10KB

MD5
640d8ffa779c6dd5252a262e440c66c0

SHA1
3252d8a70a18d5d4e0cc84791d587dd12a394c2a

SHA256
440912d85d2f98bb4f508ab82847067c18e1e15be0d8ecdcff0cc19327527fc2

SHA512
e12084f87bd46010aded22be30e902c5269a6f6bc88286d3bef17c71d070b17beada0fe9e691a2b2f76202b5f9265329f6444575f89aff8551c486eafe4d5f32

Download Submit
C:\Users\Admin\Desktop\sheet rat v2.6\Ionic.Zip.dll

Filesize
451KB

MD5
6ded8fcbf5f1d9e422b327ca51625e24

SHA1
8a1140cebc39f6994eef7e8de4627fb7b72a2dd9

SHA256
3b3e541682e48f3fd2872f85a06278da2f3e7877ee956da89b90d732a1eaa0bd

SHA512
bda3a65133b7b1e2765c7d07c7da5103292b3c4c2f0673640428b3e7e8637b11539f06c330ab5d0ba6e2274bd2dcd2c50312be6579e75c4008ff5ae7dae34ce4

Download Submit
C:\Users\Admin\Desktop\sheet rat v2.6\MetroFramework.dll

Filesize
345KB

MD5
34ea7f7d66563f724318e322ff08f4db

SHA1
d0aa8038a92eb43def2fffbbf4114b02636117c5

SHA256
c2c12d31b4844e29de31594fc9632a372a553631de0a0a04c8af91668e37cf49

SHA512
dceb1f9435b9479f6aea9b0644ba8c46338a7f458c313822a9d9b3266d79af395b9b2797ed3217c7048db8b22955ec6fe8b0b1778077fa1de587123ad9e6b148

Download Submit
C:\Users\Admin\Desktop\sheet rat v2.6\NAudio.dll

Filesize
464KB

MD5
2e68aeb46e26a29ffe74cf97b94cbaf0

SHA1
9384fa2946f744be3b47e131df14cbc0632052d2

SHA256
8e347abc9301d67dd7493a0fbbe5cc1f912900c204a84220cc8cdf0e0b8df0de

SHA512
39e56b0dd316e9a927ffeff486969f2a472f9b262b6a131afa60c34baa01784cde9cc6944f1a46ee73f3cc7135cb0049cc5a4bdfa419fab37667829522f6e7c9

Download Submit
C:\Users\Admin\Desktop\sheet rat v2.6\Newtonsoft.Json.dll

Filesize
695KB

MD5
195ffb7167db3219b217c4fd439eedd6

SHA1
1e76e6099570ede620b76ed47cf8d03a936d49f8

SHA256
e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d

SHA512
56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

Download Submit
C:\Users\Admin\Desktop\sheet rat v2.6\Server.exe

Filesize
1.3MB

MD5
dd6667db55acaefa2d7e99dcf5d97a26

SHA1
c1b281ef573df4da584294c61b5322edfed589ad

SHA256
ce8fd5ec0b2ee4e5d87d35622eeaa022ee971801c97bcb3726ca6ebe4b576238

SHA512
916c8b63400c0a8e495fc59d8e348499a6f04421e79599803c7ac4cd828c82f389bfd733471de27cc1643c03723429f8544446d9adc69082e6a5032139a1f1f1

Download Submit
C:\Users\Admin\Desktop\sheet rat v2.6\Themes.json

Filesize
33B

MD5
fdf6d963491b41d9ba798f60fe27ef8c

SHA1
4908bfc78d191f60ab583fe093bc579fd5ff06a3

SHA256
bfe1437218dd94ccd078a8683f59b65e28d8d63defa7f419b2cef81bc031a7bf

SHA512
96e5981739a3328387aaf80b6b6a071dc7a2135d5bdaa99b638527b9cd82eb514d21d27a26445a01082a4ba8811ac130a671690e51cf780fd66acdd3a12a3c25

Download Submit
C:\Users\Admin\Desktop\sheet rat v2.6\Vestris.ResourceLib.dll

Filesize
76KB

MD5
22fbd571c82399e06e0a7321eedef722

SHA1
ed5aa859dc8141d93a2bd8a8dd14fc50391b66db

SHA256
c05a6f13106e2dd10ae279c3435fb63fbabdc328f94d8065231c3cacfff5fc4b

SHA512
65aa846054a2b0c0dcb2db15273269d8514e000ac67e71542f910d8f556a0ea11e5ab5400b7f2026e5e51fef185d8e12379ac52fa4788c8940727a3721d134d0

Download Submit
C:\Users\Admin\Desktop\sheet rat v2.6\cGeoIp.dll

Filesize
2.3MB

MD5
6d6e172e7965d1250a4a6f8a0513aa9f

SHA1
b0fd4f64e837f48682874251c93258ee2cbcad2b

SHA256
d1ddd15e9c727a5ecf78d3918c17aee0512f5b181ad44952686beb89146e6bd0

SHA512
35daa38ad009599145aa241102bcd1f69b4caa55ebc5bb11df0a06567056c0ec5fcd02a33576c54c670755a6384e0229fd2f96622f12304dec58f79e1e834155

Download Submit
C:\Users\Admin\Desktop\sheet rat v2.6\protobuf-net.dll

Filesize
278KB

MD5
9fbb8cec55b2115c00c0ba386c37ce62

SHA1
e2378a1c22c35e40fd1c3e19066de4e33b50f24a

SHA256
9f01d9f2ed07e630ec078efa5d760762c3c8ad3b06e9e8a9062a37d63d57b026

SHA512
da0211d1c9ba0a59616bc15de80a1fed62b0405cad3b11ae4220ef1488c7837634aad67cbc8b484621a2a6288ef5e424cd816a2523bdb6167abcab76f3ac1a04

Download Submit
C:\Users\Admin\Downloads\sheet rat v2.6.rar.crdownload

Filesize
33.3MB

MD5
b15eca36ae6692663c06ec209574acaf

SHA1
db0cf96689b92e770f0d408b3d0f71254bf10a63

SHA256
7f57436a0c7e4ace755a5e3e06ca9b50ce29e4c4b2eef19873600dc4569ac60f

SHA512
1c43223b57ce4e7d63e5b30ee63ff181aa337fe1c440b2aa322d47b8100c1b35e1c1fd108f9c63df2d6f670b4b6cc3e5bd59749180d17189115e1c1bc0871302

Download Submit
\??\pipe\crashpad_2444_UKXDQEFEFGSAVWLD

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1692-1525-0x00000000061A0000-0x0000000006744000-memory.dmp

Filesize
5.6MB

Download
memory/1692-1529-0x0000000005F90000-0x0000000005F9A000-memory.dmp

Filesize
40KB

Download
memory/1692-1531-0x0000000009B70000-0x0000000009B9C000-memory.dmp

Filesize
176KB

Download
memory/1692-1532-0x0000000009E90000-0x000000000A172000-memory.dmp

Filesize
2.9MB

Download
memory/1692-1533-0x000000000A460000-0x000000000A7B4000-memory.dmp

Filesize
3.3MB

Download
memory/1692-1534-0x0000000009C00000-0x0000000009C22000-memory.dmp

Filesize
136KB

Download
memory/1692-1548-0x0000000009DA0000-0x0000000009DEC000-memory.dmp

Filesize
304KB

Download
memory/1692-1530-0x0000000008CE0000-0x0000000008D8A000-memory.dmp

Filesize
680KB

Download
memory/1692-1537-0x0000000009C40000-0x0000000009D8B000-memory.dmp

Filesize
1.3MB

Download
memory/1692-1528-0x00000000069B0000-0x0000000006C02000-memory.dmp

Filesize
2.3MB

Download
memory/1692-1527-0x0000000005FD0000-0x0000000006062000-memory.dmp

Filesize
584KB

Download
memory/1692-1526-0x0000000005B20000-0x0000000005B7C000-memory.dmp

Filesize
368KB

Download
memory/1692-1524-0x0000000000FF0000-0x000000000117A000-memory.dmp

Filesize
1.5MB

Download
memory/1692-1587-0x000000000C850000-0x000000000C871000-memory.dmp

Filesize
132KB

Download
memory/1692-1586-0x000000000C890000-0x000000000C8CC000-memory.dmp

Filesize
240KB

Download
memory/1692-1597-0x000000000F510000-0x000000000F5C2000-memory.dmp

Filesize
712KB

Download