2c848761a6f0a696ea850d8937382e5782c097927ab86419eaff41f1a4b87dbd

Analysis

max time kernel
247s
max time network
346s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
31/05/2024, 13:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SoundID_Reference_KeyGen.exe
Size

908KB
MD5

b5ed1b54bd1524d06079bb58cff47630
SHA1

74767688ea2d06b3ea16d62fe19a09cdea4be7ed
SHA256

2c848761a6f0a696ea850d8937382e5782c097927ab86419eaff41f1a4b87dbd
SHA512

45d37a1c7666d50e2924b881fc497efa70c76038b486a090e12374e1d53b9fca26651ced4f6f33d055133b3fd7c433b058a42f73163738a5573554d1fc8548bc
SSDEEP

24576:XYkcL5fBSkmeeM4a1x3KyC2LjIBxk1Ckb/RjhKhhmNYz:okALmaNT6yCa03MPb/RjAm6

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2856	keygen.exe

Loads dropped DLL 4 IoCs

pid	Process
2084	SoundID_Reference_KeyGen.exe
2084	SoundID_Reference_KeyGen.exe
2856	keygen.exe
2856	keygen.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2372	chrome.exe
2372	chrome.exe

Suspicious use of AdjustPrivilegeToken 38 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2856	keygen.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2084 wrote to memory of 2856	2084	SoundID_Reference_KeyGen.exe	28
PID 2084 wrote to memory of 2856	2084	SoundID_Reference_KeyGen.exe	28
PID 2084 wrote to memory of 2856	2084	SoundID_Reference_KeyGen.exe	28
PID 2084 wrote to memory of 2856	2084	SoundID_Reference_KeyGen.exe	28
PID 2372 wrote to memory of 2320	2372	chrome.exe	32
PID 2372 wrote to memory of 2320	2372	chrome.exe	32
PID 2372 wrote to memory of 2320	2372	chrome.exe	32
PID 2372 wrote to memory of 2824	2372	chrome.exe	34
PID 2372 wrote to memory of 2824	2372	chrome.exe	34
PID 2372 wrote to memory of 2824	2372	chrome.exe	34
PID 2372 wrote to memory of 2824	2372	chrome.exe	34
PID 2372 wrote to memory of 2824	2372	chrome.exe	34
PID 2372 wrote to memory of 2824	2372	chrome.exe	34
PID 2372 wrote to memory of 2824	2372	chrome.exe	34
PID 2372 wrote to memory of 2824	2372	chrome.exe	34
PID 2372 wrote to memory of 2824	2372	chrome.exe	34
PID 2372 wrote to memory of 2824	2372	chrome.exe	34
PID 2372 wrote to memory of 2824	2372	chrome.exe	34
PID 2372 wrote to memory of 2824	2372	chrome.exe	34
PID 2372 wrote to memory of 2824	2372	chrome.exe	34
PID 2372 wrote to memory of 2824	2372	chrome.exe	34
PID 2372 wrote to memory of 2824	2372	chrome.exe	34
PID 2372 wrote to memory of 2824	2372	chrome.exe	34
PID 2372 wrote to memory of 2824	2372	chrome.exe	34
PID 2372 wrote to memory of 2824	2372	chrome.exe	34
PID 2372 wrote to memory of 2824	2372	chrome.exe	34
PID 2372 wrote to memory of 2824	2372	chrome.exe	34
PID 2372 wrote to memory of 2824	2372	chrome.exe	34
PID 2372 wrote to memory of 2824	2372	chrome.exe	34
PID 2372 wrote to memory of 2824	2372	chrome.exe	34
PID 2372 wrote to memory of 2824	2372	chrome.exe	34
PID 2372 wrote to memory of 2824	2372	chrome.exe	34
PID 2372 wrote to memory of 2824	2372	chrome.exe	34
PID 2372 wrote to memory of 2824	2372	chrome.exe	34
PID 2372 wrote to memory of 2824	2372	chrome.exe	34
PID 2372 wrote to memory of 2824	2372	chrome.exe	34
PID 2372 wrote to memory of 2824	2372	chrome.exe	34
PID 2372 wrote to memory of 2824	2372	chrome.exe	34
PID 2372 wrote to memory of 2824	2372	chrome.exe	34
PID 2372 wrote to memory of 2824	2372	chrome.exe	34
PID 2372 wrote to memory of 2824	2372	chrome.exe	34
PID 2372 wrote to memory of 2824	2372	chrome.exe	34
PID 2372 wrote to memory of 2824	2372	chrome.exe	34
PID 2372 wrote to memory of 2824	2372	chrome.exe	34
PID 2372 wrote to memory of 2824	2372	chrome.exe	34
PID 2372 wrote to memory of 2824	2372	chrome.exe	34
PID 2372 wrote to memory of 2608	2372	chrome.exe	35
PID 2372 wrote to memory of 2608	2372	chrome.exe	35
PID 2372 wrote to memory of 2608	2372	chrome.exe	35
PID 2372 wrote to memory of 2516	2372	chrome.exe	36
PID 2372 wrote to memory of 2516	2372	chrome.exe	36
PID 2372 wrote to memory of 2516	2372	chrome.exe	36
PID 2372 wrote to memory of 2516	2372	chrome.exe	36
PID 2372 wrote to memory of 2516	2372	chrome.exe	36
PID 2372 wrote to memory of 2516	2372	chrome.exe	36
PID 2372 wrote to memory of 2516	2372	chrome.exe	36
PID 2372 wrote to memory of 2516	2372	chrome.exe	36
PID 2372 wrote to memory of 2516	2372	chrome.exe	36
PID 2372 wrote to memory of 2516	2372	chrome.exe	36
PID 2372 wrote to memory of 2516	2372	chrome.exe	36
PID 2372 wrote to memory of 2516	2372	chrome.exe	36
PID 2372 wrote to memory of 2516	2372	chrome.exe	36
PID 2372 wrote to memory of 2516	2372	chrome.exe	36
PID 2372 wrote to memory of 2516	2372	chrome.exe	36

C:\Users\Admin\AppData\Local\Temp\SoundID_Reference_KeyGen.exe
"C:\Users\Admin\AppData\Local\Temp\SoundID_Reference_KeyGen.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2084
- C:\Users\Admin\AppData\Local\Temp\keygen.exe
  C:\Users\Admin\AppData\Local\Temp\keygen.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of FindShellTrayWindow
  PID:2856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef70c9758,0x7fef70c9768,0x7fef70c9778
  2⤵
  PID:2320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1192 --field-trial-handle=1212,i,11907302939211842831,11926954176619921893,131072 /prefetch:2
  2⤵
  PID:2824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1512 --field-trial-handle=1212,i,11907302939211842831,11926954176619921893,131072 /prefetch:8
  2⤵
  PID:2608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1560 --field-trial-handle=1212,i,11907302939211842831,11926954176619921893,131072 /prefetch:8
  2⤵
  PID:2516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2164 --field-trial-handle=1212,i,11907302939211842831,11926954176619921893,131072 /prefetch:1
  2⤵
  PID:540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2176 --field-trial-handle=1212,i,11907302939211842831,11926954176619921893,131072 /prefetch:1
  2⤵
  PID:792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1480 --field-trial-handle=1212,i,11907302939211842831,11926954176619921893,131072 /prefetch:2
  2⤵
  PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1452 --field-trial-handle=1212,i,11907302939211842831,11926954176619921893,131072 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3472 --field-trial-handle=1212,i,11907302939211842831,11926954176619921893,131072 /prefetch:8
  2⤵
  PID:1532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3588 --field-trial-handle=1212,i,11907302939211842831,11926954176619921893,131072 /prefetch:8
  2⤵
  PID:2636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3656 --field-trial-handle=1212,i,11907302939211842831,11926954176619921893,131072 /prefetch:8
  2⤵
  PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3728 --field-trial-handle=1212,i,11907302939211842831,11926954176619921893,131072 /prefetch:1
  2⤵
  PID:2448

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:584

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\2bfc8d72-a95b-46d8-9d4d-572ce132726f.tmp

Filesize
271KB

MD5
b3dc2acd730fe88b2b271d3da4520a87

SHA1
48fb649c87891983cb68d65b21395f1a773d2491

SHA256
40afbde8605d2ff82d38136caee121aaeee217e2d867e827fb912564daf55d64

SHA512
909d6eda037d1dc14dd79b483a15f6af6546294a96e7d004e51d1e29ddef1dacbeb1f361b2f65c58955f4965b939970afa588492b64307ec97662dfed4c858bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
3784717f5bd1786029c0bbad33d6ab7c

SHA1
964c246f431b173741a3f56093590b0221e6e34e

SHA256
1a423abdcf899654df4796fc3cfe6deb45ff52d55c7ed2b7803fe079628ff823

SHA512
a524784f1f8bffbed791b162042a4c80649cea4623182103bdb42dd0bc87ee253ad4ecb91fed777e89469689026461b77e0ebb891ecca9bc5c991f3d3a959564

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
43fb1b30bf9431d5852d0de9ea0aaa82

SHA1
7386faa3cafe3d2c3a74866037632e76fe8dfed7

SHA256
d222e4492b57908167a952c074b7eb423fe609dd30f90253475ea4fc1ecfa90c

SHA512
7be5a5c1eec73659d71b34f1ec1193bc27a00bfe06fc0e6d8e98e55a18a595909db0a65a9d4cb9f97eac40aca2db4b603ef13accfd4fe6573bbed81c5180a9e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
361B

MD5
a85d4f9ca471594638f3636ff01a1219

SHA1
8cf227cc218ffa47f8d9e73c775be1cc750451a1

SHA256
52419a6752fc7fa29a7aad3558ffdcd35ee9fa0b551dfc1771a67aef4ab360fe

SHA512
669068724cc14ee4847311cc9a7f84fd7947cebe0f78eac018e4ab3f8e8ec4141117a92d4a5fe53d999dd80898a9bc706a9b5b97c7998ce55894d980ced8b41c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
361B

MD5
b4a1845caa1e68513e41f738f3e82fe6

SHA1
cf68d0b06eeccf2f92b07dc001acb366209a7567

SHA256
c5288e6585b77cb68ae2064d466a7fa31d451f76393016364e8d0b2f22987f30

SHA512
cfdf73a406f679a591bfec8f5811e2e8e34bad706a17c50728af927656a3afd2596a1e2e04b66938f1c15896181de8ab66ae620279cd00c33d5acf80ab865a78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
29c609ee69e9f176d755591a7b4af484

SHA1
8bfbeea87cb139143b120cda14b9ffb5e7dd514a

SHA256
f9f8f7d0221ce6556cbc2ab6921098756a1abbbfbb9f602c738b59edbbfc3e41

SHA512
4ec231742d60d026fcba9050be877806a8148c144f3c62b16618f7313170367564d76a44466af48a01e96b2f72f7fb5ffee905e58c13875b91334b62678efc0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
db7ff0e0dda2da5d07a2914ef6c43a9f

SHA1
6364b01282c8a6adf74f318636ff4d25a41edd08

SHA256
583809c3e91ad341a50174027d9fe2109b002ca1ccdb7ab78f04191120b0189a

SHA512
cfcf0d3475ed2b9e5f8fa66f4d00e905ad6c197682b508d31f7af5516ad0814467952693a134deaae3c8728cb0a7847828aeea5fa0ab2bacd4e69857da089a32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d9bcd6a4c9e33a2b9cd756d809d76c31

SHA1
147eb18abd6fed2213826d8ff99e9e6d6f1e7c06

SHA256
fd0b7b976f39eab2ac1803bb5a967fe0d803ce80d7b4ed6ba6b623d6bab9094e

SHA512
7b396d81a2cb9095c267ee95ca1f717122a055e6ab2b14ade6b66de2fc5e47d98f7c6bd6cb0a1e2251698dff6e448413a20ba9a60828da5b21a1c6d4ff568f01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
271KB

MD5
6d60d6068e468594620f20413413730d

SHA1
37d8c9a6181dcf1f2d16f20ebea4735fba3364c5

SHA256
ddd76bddc3beb159debd1a04d7179f6954cf96be9c4888e82bbeae898b8e491b

SHA512
780d4966cad179319c1342d48714c04e42a3fad79eed8df54da13bba8f1fea74ee35ed66cacfb3277a2372f19a1a99dbcee83f78f6a9bb598c04de571bc24df2

Download Submit
C:\Users\Admin\AppData\Local\Temp\BASSMOD.dll

Filesize
33KB

MD5
e4ec57e8508c5c4040383ebe6d367928

SHA1
b22bcce36d9fdeae8ab7a7ecc0b01c8176648d06

SHA256
8ad9e47693e292f381da42ddc13724a3063040e51c26f4ca8e1f8e2f1ddd547f

SHA512
77d5cf66caf06e192e668fae2b2594e60a498e8e0ccef5b09b9710721a4cdb0c852d00c446fd32c5b5c85e739de2e73cb1f1f6044879fe7d237341bbb6f27822

Download Submit
C:\Users\Admin\AppData\Local\Temp\R2RSWKG2.dll

Filesize
33KB

MD5
0755d77fed72b371793c9a09caf4d1cd

SHA1
12a784611f3cedab5185f8234cab78248f407554

SHA256
15068bc7feb6331d79efae0904f190b8721e8f7e97235a91e2fdc851885dfc04

SHA512
7481eb1f9624b69a7e319ac698eb1d8636f4e58142b894652ee2f00548f5523c9ae8da2fb48b41f69f64e49305b36bd23e88dacc5396ff3fcc521f9604056fa6

Download Submit
\Users\Admin\AppData\Local\Temp\keygen.exe

Filesize
696KB

MD5
105fd0a9d72509dacec917d3f98a0d92

SHA1
860f0d425f59c0d37065f0b2b3b747b1454c8427

SHA256
0ef10d0349d5be86cdc1ba8326e278155a6ae4ddb2ef85bdf850702cf1439f45

SHA512
12f838e9e579aaf608912a12e7f6800d695f0db1aa049649c6c2e309e7dba63f9706290c743bb96c33ffa7f849adc7a594b9bcdf0a5fe72ae687a16cc43266e3

Download Submit
memory/2856-19-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/2856-202-0x0000000005EE0000-0x0000000005EE2000-memory.dmp

Filesize
8KB

Download
memory/2856-17-0x0000000000230000-0x000000000023B000-memory.dmp

Filesize
44KB

Download
memory/2856-18-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/2856-11-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download