dcrat | hxxps://mega[.]nz/file/wncXiYhZ#ABJEpmoiGH0hIeVVKQy7V_ALtGclDnJ4rFrDjwZ8kDE

Resubmissions

25/05/2024, 20:56

240525-zrdfpsab51 10

25/05/2024, 20:56

240525-zrad2saf38 5

25/05/2024, 20:35

240525-zc65gaaa44 10

25/05/2024, 20:24

240525-y6wp6ahf58 10

Analysis

max time kernel
452s
max time network
454s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
25/05/2024, 20:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://mega.nz/file/wncXiYhZ#ABJEpmoiGH0hIeVVKQy7V_ALtGclDnJ4rFrDjwZ8kDE

Score

10^/10

dcrat infostealer rat

Malware Config

Signatures

DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
rat infostealer dcrat

DCRat payload 3 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

rat

resource	yara_rule
behavioral1/files/0x000300000002a836-193.dat	dcrat
behavioral1/files/0x000100000002aa98-207.dat	dcrat
behavioral1/memory/2004-209-0x00000000009E0000-0x0000000000B48000-memory.dmp	dcrat

Executes dropped EXE 5 IoCs

pid	Process
3168	aimstar_cs2_13.05.2024.exe
2004	bridgechain.exe
4864	aimstar_cs2_orig.exe
2356	bridgechain.exe
5684	bridgechain.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
88	raw.githubusercontent.com
110	raw.githubusercontent.com
111	raw.githubusercontent.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133611431140499545"	chrome.exe

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings	aimstar_cs2_13.05.2024.exe
Key created	\REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings	taskmgr.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2994005945-4089876968-1367784197-1000\{1F8E96DE-8FCE-40A9-A7C1-57BC3BFF264D}	chrome.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\aimstar_cs2 123.zip:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\dnSpy-net-win64.zip:Zone.Identifier	chrome.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
5556	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
480	chrome.exe
480	chrome.exe
4864	aimstar_cs2_orig.exe
4864	aimstar_cs2_orig.exe
1132	msedge.exe
1132	msedge.exe
2828	msedge.exe
2828	msedge.exe
5500	msedge.exe
5500	msedge.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5964	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
480	chrome.exe
480	chrome.exe
2828	msedge.exe
2828	msedge.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeCreatePagefilePrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeCreatePagefilePrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeCreatePagefilePrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeCreatePagefilePrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeCreatePagefilePrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeCreatePagefilePrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeCreatePagefilePrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeCreatePagefilePrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeCreatePagefilePrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeCreatePagefilePrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeCreatePagefilePrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeCreatePagefilePrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeCreatePagefilePrivilege	480	chrome.exe
Token: 33	1752	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1752	AUDIODG.EXE
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeCreatePagefilePrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeCreatePagefilePrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeCreatePagefilePrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeCreatePagefilePrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeCreatePagefilePrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeCreatePagefilePrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeCreatePagefilePrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeCreatePagefilePrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeCreatePagefilePrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeCreatePagefilePrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeCreatePagefilePrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeCreatePagefilePrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeCreatePagefilePrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeCreatePagefilePrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeCreatePagefilePrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeCreatePagefilePrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeCreatePagefilePrivilege	480	chrome.exe
Token: SeRestorePrivilege	3644	7zG.exe
Token: 35	3644	7zG.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
3644	7zG.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3168	aimstar_cs2_13.05.2024.exe
2008	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 480 wrote to memory of 4264	480	chrome.exe	78
PID 480 wrote to memory of 4264	480	chrome.exe	78
PID 480 wrote to memory of 4624	480	chrome.exe	79
PID 480 wrote to memory of 4624	480	chrome.exe	79
PID 480 wrote to memory of 4624	480	chrome.exe	79
PID 480 wrote to memory of 4624	480	chrome.exe	79
PID 480 wrote to memory of 4624	480	chrome.exe	79
PID 480 wrote to memory of 4624	480	chrome.exe	79
PID 480 wrote to memory of 4624	480	chrome.exe	79
PID 480 wrote to memory of 4624	480	chrome.exe	79
PID 480 wrote to memory of 4624	480	chrome.exe	79
PID 480 wrote to memory of 4624	480	chrome.exe	79
PID 480 wrote to memory of 4624	480	chrome.exe	79
PID 480 wrote to memory of 4624	480	chrome.exe	79
PID 480 wrote to memory of 4624	480	chrome.exe	79
PID 480 wrote to memory of 4624	480	chrome.exe	79
PID 480 wrote to memory of 4624	480	chrome.exe	79
PID 480 wrote to memory of 4624	480	chrome.exe	79
PID 480 wrote to memory of 4624	480	chrome.exe	79
PID 480 wrote to memory of 4624	480	chrome.exe	79
PID 480 wrote to memory of 4624	480	chrome.exe	79
PID 480 wrote to memory of 4624	480	chrome.exe	79
PID 480 wrote to memory of 4624	480	chrome.exe	79
PID 480 wrote to memory of 4624	480	chrome.exe	79
PID 480 wrote to memory of 4624	480	chrome.exe	79
PID 480 wrote to memory of 4624	480	chrome.exe	79
PID 480 wrote to memory of 4624	480	chrome.exe	79
PID 480 wrote to memory of 4624	480	chrome.exe	79
PID 480 wrote to memory of 4624	480	chrome.exe	79
PID 480 wrote to memory of 4624	480	chrome.exe	79
PID 480 wrote to memory of 4624	480	chrome.exe	79
PID 480 wrote to memory of 4624	480	chrome.exe	79
PID 480 wrote to memory of 4624	480	chrome.exe	79
PID 480 wrote to memory of 4272	480	chrome.exe	80
PID 480 wrote to memory of 4272	480	chrome.exe	80
PID 480 wrote to memory of 2188	480	chrome.exe	81
PID 480 wrote to memory of 2188	480	chrome.exe	81
PID 480 wrote to memory of 2188	480	chrome.exe	81
PID 480 wrote to memory of 2188	480	chrome.exe	81
PID 480 wrote to memory of 2188	480	chrome.exe	81
PID 480 wrote to memory of 2188	480	chrome.exe	81
PID 480 wrote to memory of 2188	480	chrome.exe	81
PID 480 wrote to memory of 2188	480	chrome.exe	81
PID 480 wrote to memory of 2188	480	chrome.exe	81
PID 480 wrote to memory of 2188	480	chrome.exe	81
PID 480 wrote to memory of 2188	480	chrome.exe	81
PID 480 wrote to memory of 2188	480	chrome.exe	81
PID 480 wrote to memory of 2188	480	chrome.exe	81
PID 480 wrote to memory of 2188	480	chrome.exe	81
PID 480 wrote to memory of 2188	480	chrome.exe	81
PID 480 wrote to memory of 2188	480	chrome.exe	81
PID 480 wrote to memory of 2188	480	chrome.exe	81
PID 480 wrote to memory of 2188	480	chrome.exe	81
PID 480 wrote to memory of 2188	480	chrome.exe	81
PID 480 wrote to memory of 2188	480	chrome.exe	81
PID 480 wrote to memory of 2188	480	chrome.exe	81
PID 480 wrote to memory of 2188	480	chrome.exe	81
PID 480 wrote to memory of 2188	480	chrome.exe	81
PID 480 wrote to memory of 2188	480	chrome.exe	81
PID 480 wrote to memory of 2188	480	chrome.exe	81
PID 480 wrote to memory of 2188	480	chrome.exe	81
PID 480 wrote to memory of 2188	480	chrome.exe	81
PID 480 wrote to memory of 2188	480	chrome.exe	81
PID 480 wrote to memory of 2188	480	chrome.exe	81

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://mega.nz/file/wncXiYhZ#ABJEpmoiGH0hIeVVKQy7V_ALtGclDnJ4rFrDjwZ8kDE
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xc8,0x10c,0x7ffbe880ab58,0x7ffbe880ab68,0x7ffbe880ab78
  2⤵
  PID:4264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=304 --field-trial-handle=1812,i,8882760269498317513,9820290105992219924,131072 /prefetch:2
  2⤵
  PID:4624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=1812,i,8882760269498317513,9820290105992219924,131072 /prefetch:8
  2⤵
  PID:4272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2152 --field-trial-handle=1812,i,8882760269498317513,9820290105992219924,131072 /prefetch:8
  2⤵
  PID:2188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2976 --field-trial-handle=1812,i,8882760269498317513,9820290105992219924,131072 /prefetch:1
  2⤵
  PID:4076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2984 --field-trial-handle=1812,i,8882760269498317513,9820290105992219924,131072 /prefetch:1
  2⤵
  PID:352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4552 --field-trial-handle=1812,i,8882760269498317513,9820290105992219924,131072 /prefetch:8
  2⤵
  PID:5068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4896 --field-trial-handle=1812,i,8882760269498317513,9820290105992219924,131072 /prefetch:8
  2⤵
  - NTFS ADS
  PID:1636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=972 --field-trial-handle=1812,i,8882760269498317513,9820290105992219924,131072 /prefetch:2
  2⤵
  PID:5628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4896 --field-trial-handle=1812,i,8882760269498317513,9820290105992219924,131072 /prefetch:8
  2⤵
  PID:2176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4284 --field-trial-handle=1812,i,8882760269498317513,9820290105992219924,131072 /prefetch:8
  2⤵
  PID:1160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2316 --field-trial-handle=1812,i,8882760269498317513,9820290105992219924,131072 /prefetch:1
  2⤵
  PID:6112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4240 --field-trial-handle=1812,i,8882760269498317513,9820290105992219924,131072 /prefetch:1
  2⤵
  PID:4100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5148 --field-trial-handle=1812,i,8882760269498317513,9820290105992219924,131072 /prefetch:8
  2⤵
  PID:1328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5220 --field-trial-handle=1812,i,8882760269498317513,9820290105992219924,131072 /prefetch:8
  2⤵
  PID:5300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1004 --field-trial-handle=1812,i,8882760269498317513,9820290105992219924,131072 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5192 --field-trial-handle=1812,i,8882760269498317513,9820290105992219924,131072 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5488 --field-trial-handle=1812,i,8882760269498317513,9820290105992219924,131072 /prefetch:1
  2⤵
  PID:2096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 --field-trial-handle=1812,i,8882760269498317513,9820290105992219924,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:5884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5632 --field-trial-handle=1812,i,8882760269498317513,9820290105992219924,131072 /prefetch:1
  2⤵
  PID:5844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5584 --field-trial-handle=1812,i,8882760269498317513,9820290105992219924,131072 /prefetch:1
  2⤵
  PID:5164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4300 --field-trial-handle=1812,i,8882760269498317513,9820290105992219924,131072 /prefetch:8
  2⤵
  PID:5420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6072 --field-trial-handle=1812,i,8882760269498317513,9820290105992219924,131072 /prefetch:8
  2⤵
  - NTFS ADS
  PID:1284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4988 --field-trial-handle=1812,i,8882760269498317513,9820290105992219924,131072 /prefetch:8
  2⤵
  PID:1080

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2096

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:4804

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:2416

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D0 0x00000000000004E4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1752

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4844

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap2366:88:7zEvent2147
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3644

C:\Users\Admin\Desktop\aimstar_cs2_13.05.2024.exe
"C:\Users\Admin\Desktop\aimstar_cs2_13.05.2024.exe"
1⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3168
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\providerWinRuntime\pfizRT91LMJoLSDaJvsgu.vbe"
  2⤵
  PID:776
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\providerWinRuntime\j8KzdA7ykRK3opM89o3UPhB.bat" "
    3⤵
    PID:4672
  - - C:\Users\Admin\AppData\Local\Temp\providerWinRuntime\bridgechain.exe
      "C:\Users\Admin\AppData\Local\Temp\providerWinRuntime\bridgechain.exe"
      4⤵
      Executes dropped EXE
      PID:2004
  - - C:\Users\Admin\AppData\Local\Temp\providerWinRuntime\aimstar_cs2_orig.exe
      "C:\Users\Admin\AppData\Local\Temp\providerWinRuntime\aimstar_cs2_orig.exe"
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      PID:4864
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://ezcheats.ru/chity-cs-2/
        5⤵
        Enumerates system info in registry
        Suspicious behavior: EnumeratesProcesses
        Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2828
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffbd4d23cb8,0x7ffbd4d23cc8,0x7ffbd4d23cd8
        6⤵
        
        PID:4540
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,5063983102743136612,11450366662018667471,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:2
        6⤵
        
        PID:1612
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,5063983102743136612,11450366662018667471,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1132
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,5063983102743136612,11450366662018667471,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
        6⤵
        
        PID:1128
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5063983102743136612,11450366662018667471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
        6⤵
        
        PID:1528
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5063983102743136612,11450366662018667471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
        6⤵
        
        PID:1356
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1924,5063983102743136612,11450366662018667471,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5072 /prefetch:8
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:5500
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c pause
        5⤵
        
        PID:2332

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5220

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5304

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
1⤵
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
PID:5964

C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\providerWinRuntime\j8KzdA7ykRK3opM89o3UPhB.bat
1⤵
- Opens file in notepad (likely ransom note)
PID:5556

C:\Users\Admin\AppData\Local\Temp\providerWinRuntime\bridgechain.exe
"C:\Users\Admin\AppData\Local\Temp\providerWinRuntime\bridgechain.exe"
1⤵
- Executes dropped EXE
PID:2356

C:\Windows\System32\DataExchangeHost.exe
C:\Windows\System32\DataExchangeHost.exe -Embedding
1⤵
PID:5376

C:\Users\Admin\Desktop\dnSpy.exe
"C:\Users\Admin\Desktop\dnSpy.exe"
1⤵
PID:1436
- C:\Users\Admin\AppData\Local\Temp\providerWinRuntime\bridgechain.exe
  "C:\Users\Admin\AppData\Local\Temp\providerWinRuntime\bridgechain.exe"
  2⤵
  - Executes dropped EXE
  PID:5684

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:4656
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:2008
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2008.0.1711635326\1658319960" -parentBuildID 20230214051806 -prefsHandle 1736 -prefMapHandle 1728 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c863e2b7-2222-4744-8f91-b5204b3fd4b3} 2008 "\\.\pipe\gecko-crash-server-pipe.2008" 1840 1e8a350d358 gpu
    3⤵
    PID:916
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2008.1.1557490900\1348546561" -parentBuildID 20230214051806 -prefsHandle 2380 -prefMapHandle 2368 -prefsLen 22110 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {26278de8-dbcd-4037-af90-127770d0751a} 2008 "\\.\pipe\gecko-crash-server-pipe.2008" 2392 1e896889c58 socket
    3⤵
    PID:1260
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2008.2.1735343022\59734401" -childID 1 -isForBrowser -prefsHandle 2964 -prefMapHandle 2960 -prefsLen 22148 -prefMapSize 235121 -jsInitHandle 984 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {86d1982d-196c-4b30-96b2-defe8677ff96} 2008 "\\.\pipe\gecko-crash-server-pipe.2008" 1080 1e8a5de1e58 tab
    3⤵
    PID:436
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2008.3.840556635\16144945" -childID 2 -isForBrowser -prefsHandle 3520 -prefMapHandle 3516 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 984 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a927096-5e1c-4a97-af14-49538a4e21e5} 2008 "\\.\pipe\gecko-crash-server-pipe.2008" 3528 1e8a8d54e58 tab
    3⤵
    PID:1344
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2008.4.73866299\932956706" -childID 3 -isForBrowser -prefsHandle 4948 -prefMapHandle 4988 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 984 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5a8c3b4a-0fb8-4d33-a458-bdb346132b24} 2008 "\\.\pipe\gecko-crash-server-pipe.2008" 5024 1e8ab5dc458 tab
    3⤵
    PID:2304
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2008.5.487625276\1449840243" -childID 4 -isForBrowser -prefsHandle 5208 -prefMapHandle 5212 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 984 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {439bccf6-19be-45df-9e32-4a4300f21d66} 2008 "\\.\pipe\gecko-crash-server-pipe.2008" 5196 1e8ab5dca58 tab
    3⤵
    PID:1132
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2008.6.1316931989\721643003" -childID 5 -isForBrowser -prefsHandle 5484 -prefMapHandle 5480 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 984 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c6ce6da9-8197-4750-9697-97024d41e10c} 2008 "\\.\pipe\gecko-crash-server-pipe.2008" 5492 1e8ab5dd958 tab
    3⤵
    PID:3712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002d

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002f

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
a72a8661437562aee7626a2600d62b47

SHA1
0459a00a5eb2f62b4025d97e7a4fc80f65d210a4

SHA256
0f9a0b009be64a6cbd010ef344f556a474bf2a125bdce537f40e420bbfea359b

SHA512
2b951b7e27734ff1fb0c5c71c2d980ca72a868ab96ba1db3f6ea2f74b4dcf36b849d3aee7ec25263aa97b7098a2f50e5f9a38a82412c2cffc9a15c76e181c552

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
0f0a828dbf3c2fa8233728f8f696ada7

SHA1
e2fa957cb8fbe37897d1e8eb45097a60ad6d9e76

SHA256
55aeac2f16eadad4e89795f43a5dec0e729011b8d58f00142b6d5bcbcd2330a3

SHA512
2d033e751b55df46162e68b33b3457bbd79e57df618fd2e36c7ff2858d7dc4654547010a34d12164f36e41b5d8a569fa8287c5043edbd0ef27b2966b4e8945b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\p\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
7ca9f09fb582324c5cc24d9786da0174

SHA1
eb5ba119a14745efe52688925d724b86788de14d

SHA256
5d17135d821d2ec9061d1180760ae2639f3a79082dd4c05b1b737616f0913d6c

SHA512
a9a0a15d8f53950d1731b833594d1950b4e6199ecfdb03b7df9ec5055d9a9b9995e0ebca81b542f7734ba37f352726bad24d8be62c6163ec53796243457c7445

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
f5e9567c337f16a261c4698d97a09680

SHA1
05c56cf6a2265ba421d72472979118be40ec08ab

SHA256
31021a7a7e3ea9437339b0c7baae851634f9aae2bfc899ac2e9495036225f4a1

SHA512
78fcb532f2d52fd3fcf73d7dc6808144d1705284e253433918ef15dc10b7b44ae135653f75209bd8e88bbf69649c094fc0a844df3bb6267faf993f7230a3a97f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
80e2f873138b2c4a28630a74a3622a25

SHA1
ab00b850c2d77bae847ff44968f4d8bc3cebf06d

SHA256
421de8df4268380b2f04c011de64ae5e944c2bf9adfa2adac383f5d6e17f1920

SHA512
63483c08b71b805caea758ddd331b722f632eb99b503ebe0f2e309dd2e1aed2fe267c9d2edb5ffa5785dfa095d301f3ce448956b796c9b251757c2cefd35e7f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3b8286ec3665cdfc17e27caae59751a1

SHA1
86e1198586aa71b710a41cb02831b66b5c07356a

SHA256
6370b65e813eb3a67272835489e076844024e3f641e49d6d985db7cda7dfab57

SHA512
6f06e8782408f885ceb5b70dfa4ec4302c67995e8d7134cffc31c9616afe73b818dacb94c50ec573b882dc76a80dbc20b79a80aaea7d94c600f171a2667ff62e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
88d178aa896530c40753bce2416a0cfc

SHA1
895481884bd00a405fe66cce450a821fdcd20add

SHA256
8955670f73da4093c8c231be457d9ec50e7704159c13e6046dba6bf4fc06faea

SHA512
c074066260d6885af04f36569af07657561239af505f6c071c070688230b8e857158a88e5b01798282b682250973808f8eb82cc1b0c99c9ad61a6ed4c448a930

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
521B

MD5
fd9a7e33f64510c527709b7c63f5802a

SHA1
0ada9e59f820846b840db1311aa8a39609d31733

SHA256
5501232affe261d667ed533abf4459141575fd45c1baa2ef916588ffe6225138

SHA512
52561bd612da4916c11b8522c1991efd16ea0cb3dd24f63625867821549229aac90a1d21645b9150812d2f3c3a655b5cc9e7723f0e83ecd94f3514361163a072

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
327b251721b6e6a9cc01f047795b8467

SHA1
fae1dc9d58064924dc40db7cb2f3c6873be16529

SHA256
a1f530e04a5165bd2cb73801e4d478a75dfbcf4d06db575c7f21361f58f9001a

SHA512
c2875b353bd35cfe97cdebd5cbb7ccfe10730d069e9aa38138650608315c80859b2974f4c791554a508181903b135558ee8aa63df04a067c388877b3dee8b4c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
5d222b0ec058b9d0bab5716ef6f4bf40

SHA1
3d05799b19bf7a6d6ae41aa229749635cb207bd8

SHA256
1b0a9bcc0a21f01a0e251edc736325562af126ce79bcff71905e408962ba2dc7

SHA512
ccae907987437f19ad3fbe919a257d6cddaeac7e7ed03df11f0947be061c3f497bfe23374044932391f249666caeb9f4d24ebdc110ba855ceea7499accfe6b9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b47229eb21b9062c0275d9570e6383e8

SHA1
f3c376329022519b166074e9c55e7d40c0f9af9b

SHA256
85cc2085c87f772f2f9ade54a60cddc24a9ff48246be9fd02de3aa55d373e03d

SHA512
11729f6c49a41e9bd3985c1faf39987059f0b1efb79d7b0bf87d8e9e804dab006b260feda9ff9be0216bd1c68fa670be6b010d1a6b963876064485b39c1c816d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
c08bb80992b0183b19944fae8d5e84f2

SHA1
81ca548ca9f223a7c3ea016fc7a2bafe64018f43

SHA256
fa517ae2d21ce1fdd84e5475e23bf7e681cac62d51aa42cbb7d7abcd0233b0c9

SHA512
5a2abe77b34ede5576673c817eceb3e7f8d55b0f16768f1a0bb13d8c24d40c60a0959ff452309e822f844bb1e9182396c6e01e0ce176604f97585cbce6c4de26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
306ea9bbfe698419545e7d8fb7fb75d9

SHA1
7ac82b1cb3828bef7dfdd008cec420d70d88b415

SHA256
13682b392862c554f60d1797256b766eb461d15c64331edc3981622282cab5e5

SHA512
1d68a8f001ef889b3d1a9aae94eba93fcb4d6b7afffe06c752b2862a8435e3e70b52384e2cfc2d9091cb617104422a380758c0108cae12ac7c8e48807bd75e1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a5332b1de431965b1796ed31ab822a4c

SHA1
e1262c177e25b71d4c2bdfe0b501b59e0d4e8bba

SHA256
2c1ad2e9a6995552db837291043a5a20aa7cccc5f1b3d551ce74038126aadf00

SHA512
f23f49d95d2ea0cb95e62c5fcb9151f28ed3e5c4e31525ce637f1d0e35090424685fbb0e05668316ea4b1cd7bae7ad22d98554ef284d756ac8342b1b8c614d05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
bc533fcdc3ee8f9185cd524e4a7ffbe3

SHA1
f251c76a31361dca49590a606278b83bc3d21458

SHA256
e2d230bb8a1bedf18c8adfd7db5d1f1fe99d2140863b52374e0c1e11d6a4aabb

SHA512
5540178857f5c0e585b9b0b945d360795afb485d0636cdb07a1d65601251afcccf3e39685fb5c7fdf74f3b55fc68f44144ccd515d2aae1d4d191b2c951a2d4f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
af73f62fef6c6a74588a5c984bb963e0

SHA1
7c31d104281ddef72f0315befe8f585256709fc5

SHA256
731a07710ea1f61cc21aabcaf6f67dfeeaa6e3622cdb927e48ad64ea0e13e81f

SHA512
e23073fa2b55ad9c8d167e883f50734e5b52715923975edeff83faabf3d32e02f180263dc9674f0eb58f5c49f7b045799e79a7d282bd9d9730feac703fbc17fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8ee1052aa19cb256f225f4d62d9c00c2

SHA1
78fd1b84b555b1d768a3ced99a0a540c976c841e

SHA256
405668b5981dadc2cd3d1718fc6693af9d5b4a33a670be55e2238c41a5f12062

SHA512
2b73a0af4b41a95ebfd367c891d2fb48671da733d716495a02106abb648a3a9fd9172abc9ba874417c332a03db848342537365db75422a042958b51bde9a2efb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
9ecfb83d47d74f50b4ebbfeffe0fb8ea

SHA1
ab68643bc56bf81af849c4da2ac6cfcc1106fc5d

SHA256
05e425595c683fbe6c386e34b6c4bb7eac4a32fbe421c4dc8f97ddadad456251

SHA512
1d9489ccce03b7189ac17651380ca995b2d8c0c9ca89c26667d78e3c8515e2970d23a492275edcf7adf935aaa2d892ffae4ddec6e551f8679d32152867c39589

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
ed596f6dc7175ffd906ed7d71cdfe994

SHA1
34cd34b6df63b8dcc7307931cee41193d4a57ee8

SHA256
44417d53b1b116e60a1b143be574b6afeb343a113e17ec6de6d3bdcde37f46e7

SHA512
e35c67ed18152ddc424404c4a9179765716d1300f5af5737e14f6b2ba1b8634d678cc3efda35ea369b26ed494673ce9c509c08ea723c413af03c570d284a8835

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
8de5d9a31b34e5c0efb14a984102c47c

SHA1
8ca89d2f70edb7a0167ea48d9b38b818ea5dffb4

SHA256
6da4f160403ced8ca3cb781c9b5743057e9fcdb34e040080496a6ebe46f6c1f3

SHA512
275ece6776cc96e11f71c8e3bdbc20c84b3fa0a2e2a081b34f22c286b669fe716a78b5aad13bbf6fec35d592f499cd9dfb25d769c2874f74bbb16687e5c9bb72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
94KB

MD5
6238f68bff01614a34fa176d97c182a0

SHA1
bb4afb12b86303c02771087dc17a0f5e45eedd47

SHA256
96cf90521bea1b9984ef928a225993dfbb2d8dc4c705e3e11620179976d6d5c0

SHA512
15bc174575c19e7a2e60ecab27bca6fed3527884c5c305e4dd4db132b464845d6300afe537343c191504d46912df2d4582247c243edc3e930f4bfdfe7bb2635a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
89KB

MD5
45fd92b7ce7ce6fb65035e3cd5281810

SHA1
86e8ba0f8c770c1da719d800452d1b9be77af7db

SHA256
a4eb5cc4e15a6717506faed081b600eebdfb83b55fee952e7d1924743ba880c9

SHA512
92b9f641eadffa355f9d306c42c70081714b756ef15229344302024ffc65177cde7ce63f26d8bfec748022bd996066b2580bfc7220bd2a6969bc50b2191342f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5bad34.TMP

Filesize
88KB

MD5
efa1156bb5b378a1acbc48527b586416

SHA1
dc52f259e55418affff7a1d51b62b3dcba89ba02

SHA256
90f34cb3e61eff709f87bd81fc3392d654fb59587a207d177e94f2a564496045

SHA512
a45dd7e8d1720d13031b9d0e041d4d05c23cc01fdb0d9d9397f4a98a5762887990fe8532bcc544da24ad8a50a9e164cef22ef733fc4787bf841bf73ccc356ca9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\bridgechain.exe.log

Filesize
1KB

MD5
ba188ab8514b037519a2ada3cdeb9a05

SHA1
518b6ee233a773b20230ebc226d741961b9bfdb1

SHA256
25effb7a46427c841cf727d6445ed5d8bcd128fdf767080ec1e10dbc8a40bee7

SHA512
fa2ea4f92834e14c5e09ff81c286c1ae7da9de68748a4dcc68da1ee214632386a24b204f4bd6ea71f17ec30d1e0fe8cb456c0c95ee65a07b87c2bef89c6bff08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0c5042350ee7871ccbfdc856bde96f3f

SHA1
90222f176bc96ec17d1bdad2d31bc994c000900c

SHA256
b8b1cb139d4d19a85adce0152fa3c4f6adfb73a322d7253820e848c6f82afc1b

SHA512
2efdb535fa6a06c4f9702b2129f2dd07c330e37fd10b492f2236007c660c1707773c22005d1e1fa580dbf633dc1a700ada3b7b611ef9accd9555a17a244f61ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5e027def9b55f3d49cde9fb82beba238

SHA1
64baabd8454c210162cbc3a90d6a2daaf87d856a

SHA256
9816e980b04f1fe7efaa4b9c83ff6a0fdd485ee65a884c001b43a0cad7c39d83

SHA512
a315e1336c5ec70cbb002969e539068ba92f3ec681b6d863db95227fd1808a778fd994e2fb03f28f0e401677aa5f7c66813e315b6b99a5065384c49586f9782e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
468B

MD5
d515770dd0b0240e8e72b7a655e88482

SHA1
666541350bea98d615f647bffe7b9342b36add3c

SHA256
5486ef5bafad00310fe915e440a77e0146a4cd669a39d403aa4772b6259aef7e

SHA512
532ac9b9238a714ef46d848648a420d53020125079954cebcd018a7e45678524b7446adb12d5f28d53290c1953fd9e93ea596d6d16674189520e1d8d2a9b6608

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1143d0d44be03598e353dab768bd63eb

SHA1
51a9371fc6b9635c2b76f9297edd9a680e4f9f40

SHA256
f8dc25957829fb695f7afd239dac9653a1f35b9d6ff55d8593749646d14836b0

SHA512
c5dda66133a0ecc414e0f2392244b2a4d1cef05f7c71a9b2accde872821eb86d32a384b2a788fa1f4c6b03d71827fe7194f8d694bcfa7d3d1fccaed81a000cd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
332c315e309265580055d24a20c99f2d

SHA1
106519cbc6aab118198773efb44d27126cc4b3ef

SHA256
6712a4ad4e46483e6d1a99fd0b73f18e930f85f9a0eb957487425d4bfaea9b47

SHA512
c518cd96494d72f55c1a48b58cdccadab94048be7e29666e27134eed83ba251741b4e7b44f22ed70b967a95fd317cc51fe2146780f585a002a5e7766a4c339e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
eaa4f94659d56d60d41c99b43fafa867

SHA1
5b4e41aa9995d74d8a5d3b394948e04b117231a4

SHA256
65db464e857adffab40c9da436bb4596c525af766a99ca6ab2906455053a1035

SHA512
abf8a4e60a3b317209611714b7eaab45c551d57ba338634e07da5df141ce7b06210be1c435f683842d39ea8f1b670fc8d93c5a0036421f0f63c010d11ac97285

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6t7awfwd.default-release\activity-stream.discovery_stream.json.tmp

Filesize
25KB

MD5
85e3f9748cbe60ef343de6a7ac836c09

SHA1
048d2f7b9aeeefc31295ac8f93501fb9f5de2d4c

SHA256
762c570bbcc2813d96d2acf4010876f52e894972c5a88ff313bb6d7f8b96dd3c

SHA512
2949f02e41b5bb41e12fa879ac2da997f328644cf9b5c674a683d6a084ec7fdb8c9f9ac0447c04e14ef8d9d00f1532e94dc0f7ed42f0afa87a701c9aa1ab3d4f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6t7awfwd.default-release\cache2\entries\F4EFE37A30D0F14C6AC03FF7949A51CBC2EBC649

Filesize
13KB

MD5
a27136d0a5b3aa061bec8764371bc5f0

SHA1
9a49cd862b497ca08a41f8325ff13ff95b91f9dc

SHA256
5ec7164dcf73cbace06c2ba9ef79a757248ac38f2c740116d78426a518a86b94

SHA512
90c292cd7561d3ab5f87e705b25c78b7fa3198c807887107418c51964f46bab4b33768a7829c7b77b0fdcdf2b247c388184999c7b50b30f96923a918c31d12b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\providerWinRuntime\aimstar_cs2_orig.exe

Filesize
2.0MB

MD5
cd1dceb315a6826526672db73a9f0552

SHA1
57e2286fccf0dd863521f7c9aed25aa55cca77a9

SHA256
61deeb5d84da706d674697112447cd409229d6b7be2a754ce998b94d33359b58

SHA512
0a36aee19ea27161bf33047447a71c14d641e5f52d8ed7bd06bad92045f8b05537be39e39442aa425eba7d868c6d9e6a50c850ddfd8c029513efd17848f50bbd

Download Submit
C:\Users\Admin\AppData\Local\Temp\providerWinRuntime\bridgechain.exe

Filesize
1.4MB

MD5
3c35940e4fff8d4b9f2bc88c91d39fc2

SHA1
518e1eaa6243fa40fe492ddec02483602861669b

SHA256
e08e932ec43fbfc321acccabeceff34e0425e37e8aa1853089711cc38812cf3b

SHA512
6a4f116044cb378eee19fd35f30308f207c27d8d60a1a30e7c7c9534ac3e3d2a3f0e12a9a6172ebc47922cacf968c671d8a22d946d5bb6c104aa86c1f5789642

Download Submit
C:\Users\Admin\AppData\Local\Temp\providerWinRuntime\j8KzdA7ykRK3opM89o3UPhB.bat

Filesize
93B

MD5
1ef3115ab6c9d7a3d01f9160680a1d0c

SHA1
6c33a4bd22117626988ac9a06dad731b060018e1

SHA256
aa9bd40b40656cf0a5cfb814b368a318f4542e53d5f55aa39ed5d94f623e26b9

SHA512
504b72bc9b7a85b59d52e90746589f45f91679cb8bd5f631c431c7dd67fc45990b0c95b515e968d66e33558311ce6748d080c092c2e03a4e738c7d42c7964b68

Download Submit
C:\Users\Admin\AppData\Local\Temp\providerWinRuntime\pfizRT91LMJoLSDaJvsgu.vbe

Filesize
222B

MD5
c6c169bc7e62b2d42c904d7bbd440e76

SHA1
be17ac11b163fd7a16406320f11f93e89dc0176c

SHA256
da1e67a3d98e1e8556fa23772a206b67c8863e22a325e8a26e7a8eae317d3452

SHA512
15aa60507c6f832f3dc934a654b44946d76be59680cac1f6eb86987c728b784cc5a6b898757ba4e0238f6c6792f1f3fd272d95b765908293a499cb294075e242

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6t7awfwd.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6t7awfwd.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6t7awfwd.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6t7awfwd.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6t7awfwd.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6t7awfwd.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6t7awfwd.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6t7awfwd.default-release\prefs-1.js

Filesize
8KB

MD5
477ff9afb51e2a7ad4ce69a6ebe5884f

SHA1
f936356f4ff265c9b2c57328f6c3f19564ff6ad3

SHA256
a37e366d0317e7ed45c6754196e4f28e175a8b84a5072df7367929417d5fe6ea

SHA512
5a22f8febff73ec3bfd89ae7c7c699cc23b32fe6de76009e0a3d55933476b0d15b120c6d5fd6d655a8fbb7d5ec3a9294a628829941fdeb57631edd2997b681b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6t7awfwd.default-release\prefs-1.js

Filesize
7KB

MD5
d91a8da4e7539d801c71cc674cb1dbe1

SHA1
456fbdbb748b7ebd6ff11b617330b1bb74b7ca9d

SHA256
558cd0ccc7b72ca7e7ee781ca6d9e8edadfac221ece1aee8df2e166758fc1e30

SHA512
afa69a937d6a47d10ffe975c02ae3fb720fc0dc88ffda9a573f5ea1ed46b76ace991c2c6a1f3e7948c8d428cd654afdc3f7b2e02357c478542a19c98ca2b508c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6t7awfwd.default-release\prefs.js

Filesize
6KB

MD5
18697fb69873f357a0efcc91d3202ed5

SHA1
0e7528e4e9438bc63b32c7cea48990e52c164e22

SHA256
c60f83fe4c4e4f7abd300a205e853f0ecf3eed269da6f1e743f5b3115dbbe455

SHA512
ead5576d5c55993ae32501f1a276514eb1efdeb41bc22af6c02ae7ace14ccd2f6bc3fe83624ade6959a3749b2e1b4cebc6e1ae25db19dc5b1c15302ec7c65636

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6t7awfwd.default-release\prefs.js

Filesize
10KB

MD5
cc12b0ef00c8c5b40ef9b8de3df718af

SHA1
be56b4e9a8d974fcab29d43f3e080e1f94805c02

SHA256
b6ef398564a259e9bcb3a9ae826c0dd36f46cf935bf3696a4699027c90f30369

SHA512
f0127095cc080d2ed980e6a5def45c129a224899e4e8ad049304bc85ee575e4357cef580c746dbfb074dd5fe00f4dbbfe0b590f50a9ae02b114f25e815e0a823

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6t7awfwd.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
8f6fa23c7ff23300b8595a891c26a6df

SHA1
9fe3845a4216e0ff5cea5fb6d885ae52cc604cbb

SHA256
709b851801ef4f137356ec2dcf2ce3d2a6d2f52d4146c34a6ef4e5d905daf2ec

SHA512
8bc541daaa82109d84baf2245895b01521d8eaf1d5ad741023cc94ac63cd35b0d66e0aac15bc7556f10e1e4bbb1e7a1385b586e922d6cb94b96ecf9519f97de5

Download Submit
C:\Users\Admin\Desktop\aimstar_cs2 123.zip

Filesize
2.3MB

MD5
8afd6be40a7463a79faa3414c8a5a27a

SHA1
f7195f62d0ef7095e1bad99f0bfb44d829eed4c8

SHA256
698310a0795ca9358b4526cb532548c042175667516a1ac3ea88e48e8a30fca3

SHA512
ac0c40ee3c4f845aae3588be12668ed765291950ce7bc239bc8ef3bc1e45df14adf91867c33cab65d6e7cacac71622d9143db81c09369fbab1b689e994fc622a

Download Submit
C:\Users\Admin\Desktop\aimstar_cs2_13.05.2024.exe

Filesize
2.9MB

MD5
35457572e3db0c6cd158f0c3671921f6

SHA1
95c35b7e2c41f8e8efade7d7e569ef2b4ffd12b8

SHA256
b0a1deecc66ce706756af86210daedb3894306a351832092309bd628a5f3d512

SHA512
b9d341ad868be7f390db77527f6f70c430cd73d961295a1f31d61765a86128314284767a696bdbed7af51edff53878edb27696cedb680f273bfa545020803c66

Download Submit
C:\Users\Admin\Downloads\aimstar_cs2 123.zip:Zone.Identifier

Filesize
52B

MD5
dfcb8dc1e74a5f6f8845bcdf1e3dee6c

SHA1
ba515dc430c8634db4900a72e99d76135145d154

SHA256
161510bd3ea26ff17303de536054637ef1de87a9bd6966134e85d47fc4448b67

SHA512
c0eff5861c2df0828f1c1526536ec6a5a2e625a60ab75e7051a54e6575460c3af93d1452e75ca9a2110f38a84696c7e0e1e44fb13daa630ffcdda83db08ff78d

Download Submit
C:\Users\Admin\Downloads\dnSpy-net-win64.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/2004-209-0x00000000009E0000-0x0000000000B48000-memory.dmp

Filesize
1.4MB

Download
memory/2004-210-0x0000000002D40000-0x0000000002D4E000-memory.dmp

Filesize
56KB

Download
memory/5684-2834-0x00007FFBF5870000-0x00007FFBF5880000-memory.dmp

Filesize
64KB

Download
memory/5684-2995-0x000000001C700000-0x000000001C766000-memory.dmp

Filesize
408KB

Download
memory/5684-2950-0x000000001D380000-0x000000001D4FC000-memory.dmp

Filesize
1.5MB

Download
memory/5684-2930-0x000000001D0F0000-0x000000001D376000-memory.dmp

Filesize
2.5MB

Download
memory/5684-2922-0x000000001C290000-0x000000001C2F6000-memory.dmp

Filesize
408KB

Download
memory/5684-2897-0x000000001CD80000-0x000000001D0E6000-memory.dmp

Filesize
3.4MB

Download
memory/5684-2888-0x000000001C7D0000-0x000000001CD76000-memory.dmp

Filesize
5.6MB

Download
memory/5684-2843-0x000000001B9F0000-0x000000001BF20000-memory.dmp

Filesize
5.2MB

Download
memory/5964-335-0x0000019763B40000-0x0000019763B41000-memory.dmp

Filesize
4KB

Download
memory/5964-344-0x0000019763B40000-0x0000019763B41000-memory.dmp

Filesize
4KB

Download
memory/5964-346-0x0000019763B40000-0x0000019763B41000-memory.dmp

Filesize
4KB

Download
memory/5964-343-0x0000019763B40000-0x0000019763B41000-memory.dmp

Filesize
4KB

Download
memory/5964-347-0x0000019763B40000-0x0000019763B41000-memory.dmp

Filesize
4KB

Download
memory/5964-337-0x0000019763B40000-0x0000019763B41000-memory.dmp

Filesize
4KB

Download
memory/5964-336-0x0000019763B40000-0x0000019763B41000-memory.dmp

Filesize
4KB

Download
memory/5964-342-0x0000019763B40000-0x0000019763B41000-memory.dmp

Filesize
4KB

Download
memory/5964-345-0x0000019763B40000-0x0000019763B41000-memory.dmp

Filesize
4KB

Download
memory/5964-341-0x0000019763B40000-0x0000019763B41000-memory.dmp

Filesize
4KB

Download