hxxp://prntsc[.]pro

Analysis

max time kernel
600s
max time network
452s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
06/06/2024, 13:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://prntsc.pro

Score

7^/10

discovery persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation	setup-lightshot.tmp
Key value queried	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation	setupupdater.tmp

Executes dropped EXE 17 IoCs

pid	Process
712	setup-lightshot.exe
1596	setup-lightshot.tmp
1524	Lightshot.exe
3068	Lightshot.exe
3276	setupupdater.exe
2324	setupupdater.tmp
1700	Updater.exe
1592	Updater.exe
2944	Updater.exe
4940	Updater.exe
428	Updater.exe
2260	updater.exe
3120	updater.exe
1012	updater.exe
536	updater.exe
5320	Lightshot.exe
5248	Lightshot.exe

Loads dropped DLL 3 IoCs

pid	Process
3068	Lightshot.exe
3068	Lightshot.exe
3068	Lightshot.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Lightshot = "C:\\Program Files (x86)\\Skillbrains\\lightshot\\Lightshot.exe"	setup-lightshot.tmp

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Skillbrains\lightshot\is-PDIAJ.tmp	setup-lightshot.tmp
File created	C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-L0R6D.tmp	setup-lightshot.tmp
File created	C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-8G3QV.tmp	setup-lightshot.tmp
File created	C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-BF93P.tmp	setup-lightshot.tmp
File opened for modification	C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.dll	setup-lightshot.tmp
File created	C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-JL6OQ.tmp	setup-lightshot.tmp
File created	C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-0OU2D.tmp	setup-lightshot.tmp
File opened for modification	C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe	setupupdater.tmp
File created	C:\Program Files (x86)\Skillbrains\lightshot\info.xml	setup-lightshot.tmp
File opened for modification	C:\Program Files (x86)\Skillbrains\lightshot\unins000.dat	setup-lightshot.tmp
File created	C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-2Q1K0.tmp	setup-lightshot.tmp
File created	C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-5VK60.tmp	setup-lightshot.tmp
File created	C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-MT3EI.tmp	setup-lightshot.tmp
File created	C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-RJJPL.tmp	setup-lightshot.tmp
File created	C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-J0O4M.tmp	setup-lightshot.tmp
File created	C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-0T7ID.tmp	setup-lightshot.tmp
File created	C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-Q9PN7.tmp	setup-lightshot.tmp
File created	C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-IFLEN.tmp	setup-lightshot.tmp
File created	C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-3QFNH.tmp	setup-lightshot.tmp
File created	C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-LJLR3.tmp	setup-lightshot.tmp
File created	C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-5PGRG.tmp	setup-lightshot.tmp
File opened for modification	C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\DXGIODScreenshot.dll	setup-lightshot.tmp
File created	C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-3FD5G.tmp	setup-lightshot.tmp
File created	C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-O19U9.tmp	setup-lightshot.tmp
File created	C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-6HAFQ.tmp	setup-lightshot.tmp
File created	C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-35FVR.tmp	setup-lightshot.tmp
File opened for modification	C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe	setup-lightshot.tmp
File created	C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\is-B8JJO.tmp	setup-lightshot.tmp
File created	C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\is-8697J.tmp	setup-lightshot.tmp
File created	C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-ALKQK.tmp	setup-lightshot.tmp
File opened for modification	C:\Program Files (x86)\Skillbrains\Updater\Updater.exe	setupupdater.tmp
File created	C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\is-CLJJA.tmp	setup-lightshot.tmp
File created	C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\is-R6QVV.tmp	setup-lightshot.tmp
File created	C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-EKVAS.tmp	setup-lightshot.tmp
File created	C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-QDR2F.tmp	setup-lightshot.tmp
File created	C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-B1B9V.tmp	setup-lightshot.tmp
File created	C:\Program Files (x86)\Skillbrains\lightshot\is-OBETS.tmp	setup-lightshot.tmp
File created	C:\Program Files (x86)\Skillbrains\Updater\info.xml	setupupdater.tmp
File created	C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\is-4DHED.tmp	setup-lightshot.tmp
File created	C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-VQT19.tmp	setup-lightshot.tmp
File created	C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-E095D.tmp	setup-lightshot.tmp
File created	C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-3SH0E.tmp	setup-lightshot.tmp
File created	C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-RH5AU.tmp	setup-lightshot.tmp
File created	C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-ISFTS.tmp	setup-lightshot.tmp
File created	C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-TT9RU.tmp	setup-lightshot.tmp
File created	C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-BT7CO.tmp	setup-lightshot.tmp
File created	C:\Program Files (x86)\Skillbrains\lightshot\unins000.msg	setup-lightshot.tmp
File created	C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-EMJT3.tmp	setup-lightshot.tmp
File created	C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-LLK1T.tmp	setup-lightshot.tmp
File created	C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-53E43.tmp	setup-lightshot.tmp
File created	C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\is-AC22D.tmp	setupupdater.tmp
File created	C:\Program Files (x86)\Skillbrains\Updater\is-REHR6.tmp	setupupdater.tmp
File opened for modification	C:\Program Files (x86)\Skillbrains\Updater\MachineProducts.xml	Updater.exe
File opened for modification	C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exe	setup-lightshot.tmp
File created	C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\is-CUVSV.tmp	setup-lightshot.tmp
File created	C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-CT2HM.tmp	setup-lightshot.tmp
File created	C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-459E4.tmp	setup-lightshot.tmp
File created	C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-1QT1P.tmp	setup-lightshot.tmp
File created	C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-QV5H5.tmp	setup-lightshot.tmp
File created	C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-PKQD8.tmp	setup-lightshot.tmp
File created	C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-H9CAB.tmp	setup-lightshot.tmp
File created	C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-Q4J29.tmp	setup-lightshot.tmp
File created	C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-A32UP.tmp	setup-lightshot.tmp
File created	C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-RQV6M.tmp	setup-lightshot.tmp

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\update-sys.job	Updater.exe
File created	C:\Windows\Tasks\update-S-1-5-21-1162180587-977231257-2194346871-1000.job	updater.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Kills process with taskkill 2 IoCs

evasion

pid	Process
3640	taskkill.exe
2292	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133621553851265641"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1162180587-977231257-2194346871-1000\{A264D5C4-4876-4AE7-B482-6BEBBFFC0F5F}	chrome.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4968	chrome.exe
4968	chrome.exe
1596	setup-lightshot.tmp
1596	setup-lightshot.tmp
2324	setupupdater.tmp
2324	setupupdater.tmp
5172	msedge.exe
5172	msedge.exe
3608	msedge.exe
3608	msedge.exe
5668	identity_helper.exe
5668	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
4968	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeDebugPrivilege	3640	taskkill.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeDebugPrivilege	2292	taskkill.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
1596	setup-lightshot.tmp
3068	Lightshot.exe
3068	Lightshot.exe
3068	Lightshot.exe
2324	setupupdater.tmp
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe

Suspicious use of SendNotifyMessage 51 IoCs

pid	Process
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
3068	Lightshot.exe
3068	Lightshot.exe
3068	Lightshot.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4968 wrote to memory of 2476	4968	chrome.exe	82
PID 4968 wrote to memory of 2476	4968	chrome.exe	82
PID 4968 wrote to memory of 3012	4968	chrome.exe	83
PID 4968 wrote to memory of 3012	4968	chrome.exe	83
PID 4968 wrote to memory of 3012	4968	chrome.exe	83
PID 4968 wrote to memory of 3012	4968	chrome.exe	83
PID 4968 wrote to memory of 3012	4968	chrome.exe	83
PID 4968 wrote to memory of 3012	4968	chrome.exe	83
PID 4968 wrote to memory of 3012	4968	chrome.exe	83
PID 4968 wrote to memory of 3012	4968	chrome.exe	83
PID 4968 wrote to memory of 3012	4968	chrome.exe	83
PID 4968 wrote to memory of 3012	4968	chrome.exe	83
PID 4968 wrote to memory of 3012	4968	chrome.exe	83
PID 4968 wrote to memory of 3012	4968	chrome.exe	83
PID 4968 wrote to memory of 3012	4968	chrome.exe	83
PID 4968 wrote to memory of 3012	4968	chrome.exe	83
PID 4968 wrote to memory of 3012	4968	chrome.exe	83
PID 4968 wrote to memory of 3012	4968	chrome.exe	83
PID 4968 wrote to memory of 3012	4968	chrome.exe	83
PID 4968 wrote to memory of 3012	4968	chrome.exe	83
PID 4968 wrote to memory of 3012	4968	chrome.exe	83
PID 4968 wrote to memory of 3012	4968	chrome.exe	83
PID 4968 wrote to memory of 3012	4968	chrome.exe	83
PID 4968 wrote to memory of 3012	4968	chrome.exe	83
PID 4968 wrote to memory of 3012	4968	chrome.exe	83
PID 4968 wrote to memory of 3012	4968	chrome.exe	83
PID 4968 wrote to memory of 3012	4968	chrome.exe	83
PID 4968 wrote to memory of 3012	4968	chrome.exe	83
PID 4968 wrote to memory of 3012	4968	chrome.exe	83
PID 4968 wrote to memory of 3012	4968	chrome.exe	83
PID 4968 wrote to memory of 3012	4968	chrome.exe	83
PID 4968 wrote to memory of 3012	4968	chrome.exe	83
PID 4968 wrote to memory of 3012	4968	chrome.exe	83
PID 4968 wrote to memory of 3444	4968	chrome.exe	84
PID 4968 wrote to memory of 3444	4968	chrome.exe	84
PID 4968 wrote to memory of 1424	4968	chrome.exe	85
PID 4968 wrote to memory of 1424	4968	chrome.exe	85
PID 4968 wrote to memory of 1424	4968	chrome.exe	85
PID 4968 wrote to memory of 1424	4968	chrome.exe	85
PID 4968 wrote to memory of 1424	4968	chrome.exe	85
PID 4968 wrote to memory of 1424	4968	chrome.exe	85
PID 4968 wrote to memory of 1424	4968	chrome.exe	85
PID 4968 wrote to memory of 1424	4968	chrome.exe	85
PID 4968 wrote to memory of 1424	4968	chrome.exe	85
PID 4968 wrote to memory of 1424	4968	chrome.exe	85
PID 4968 wrote to memory of 1424	4968	chrome.exe	85
PID 4968 wrote to memory of 1424	4968	chrome.exe	85
PID 4968 wrote to memory of 1424	4968	chrome.exe	85
PID 4968 wrote to memory of 1424	4968	chrome.exe	85
PID 4968 wrote to memory of 1424	4968	chrome.exe	85
PID 4968 wrote to memory of 1424	4968	chrome.exe	85
PID 4968 wrote to memory of 1424	4968	chrome.exe	85
PID 4968 wrote to memory of 1424	4968	chrome.exe	85
PID 4968 wrote to memory of 1424	4968	chrome.exe	85
PID 4968 wrote to memory of 1424	4968	chrome.exe	85
PID 4968 wrote to memory of 1424	4968	chrome.exe	85
PID 4968 wrote to memory of 1424	4968	chrome.exe	85
PID 4968 wrote to memory of 1424	4968	chrome.exe	85
PID 4968 wrote to memory of 1424	4968	chrome.exe	85
PID 4968 wrote to memory of 1424	4968	chrome.exe	85
PID 4968 wrote to memory of 1424	4968	chrome.exe	85
PID 4968 wrote to memory of 1424	4968	chrome.exe	85
PID 4968 wrote to memory of 1424	4968	chrome.exe	85
PID 4968 wrote to memory of 1424	4968	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://prntsc.pro
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa4367ab58,0x7ffa4367ab68,0x7ffa4367ab78
  2⤵
  PID:2476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1672 --field-trial-handle=1908,i,18040406196256308981,16800546482169923984,131072 /prefetch:2
  2⤵
  PID:3012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1908,i,18040406196256308981,16800546482169923984,131072 /prefetch:8
  2⤵
  PID:3444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2200 --field-trial-handle=1908,i,18040406196256308981,16800546482169923984,131072 /prefetch:8
  2⤵
  PID:1424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2844 --field-trial-handle=1908,i,18040406196256308981,16800546482169923984,131072 /prefetch:1
  2⤵
  PID:1308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2860 --field-trial-handle=1908,i,18040406196256308981,16800546482169923984,131072 /prefetch:1
  2⤵
  PID:1544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4428 --field-trial-handle=1908,i,18040406196256308981,16800546482169923984,131072 /prefetch:1
  2⤵
  PID:388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4608 --field-trial-handle=1908,i,18040406196256308981,16800546482169923984,131072 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4816 --field-trial-handle=1908,i,18040406196256308981,16800546482169923984,131072 /prefetch:8
  2⤵
  PID:3940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4800 --field-trial-handle=1908,i,18040406196256308981,16800546482169923984,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:1344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4368 --field-trial-handle=1908,i,18040406196256308981,16800546482169923984,131072 /prefetch:8
  2⤵
  PID:3644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4296 --field-trial-handle=1908,i,18040406196256308981,16800546482169923984,131072 /prefetch:8
  2⤵
  PID:5000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5308 --field-trial-handle=1908,i,18040406196256308981,16800546482169923984,131072 /prefetch:8
  2⤵
  PID:4056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5268 --field-trial-handle=1908,i,18040406196256308981,16800546482169923984,131072 /prefetch:8
  2⤵
  PID:3640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5596 --field-trial-handle=1908,i,18040406196256308981,16800546482169923984,131072 /prefetch:8
  2⤵
  PID:4724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5584 --field-trial-handle=1908,i,18040406196256308981,16800546482169923984,131072 /prefetch:8
  2⤵
  PID:2944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5328 --field-trial-handle=1908,i,18040406196256308981,16800546482169923984,131072 /prefetch:8
  2⤵
  PID:2292
- C:\Users\Admin\Downloads\setup-lightshot.exe
  "C:\Users\Admin\Downloads\setup-lightshot.exe"
  2⤵
  - Executes dropped EXE
  PID:712
- - C:\Users\Admin\AppData\Local\Temp\is-C13BO.tmp\setup-lightshot.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-C13BO.tmp\setup-lightshot.tmp" /SL5="$110052,2148280,486912,C:\Users\Admin\Downloads\setup-lightshot.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Adds Run key to start application
    - Drops file in Program Files directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    PID:1596
  - - C:\Windows\SysWOW64\taskkill.exe
      "C:\Windows\System32\taskkill.exe" /f /im lightshot.exe
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:3640
  - - C:\Windows\SysWOW64\taskkill.exe
      "taskkill.exe" /F /IM lightshot.exe
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:2292
  - - C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
      "C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe"
      4⤵
      Executes dropped EXE
      PID:1524
    - - C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exe
        
        "C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:3068
  - - C:\Users\Admin\AppData\Local\Temp\is-8AUJ3.tmp\setupupdater.exe
      "C:\Users\Admin\AppData\Local\Temp\is-8AUJ3.tmp\setupupdater.exe" /verysilent
      4⤵
      Executes dropped EXE
      PID:3276
    - - C:\Users\Admin\AppData\Local\Temp\is-AN0NN.tmp\setupupdater.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\is-AN0NN.tmp\setupupdater.tmp" /SL5="$20240,490430,120832,C:\Users\Admin\AppData\Local\Temp\is-8AUJ3.tmp\setupupdater.exe" /verysilent
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in Program Files directory
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of FindShellTrayWindow
        
        PID:2324
      - C:\Windows\SysWOW64\net.exe
        
        "C:\Windows\system32\net.exe" START SCHEDULE
        6⤵
        
        PID:1948
        
        C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 START SCHEDULE
        7⤵
        
        PID:2220
      - C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe
        
        "C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe" -runmode=addsystask
        6⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:1700
      - C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
        
        "C:\Program Files (x86)\Skillbrains\Updater\Updater.exe" -runmode=addproduct -info="C:\Program Files (x86)\Skillbrains\Updater\info.xml"
        6⤵
        Executes dropped EXE
        
        PID:1592
        
        C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe
        
        "C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe" -runmode=addproduct -info="C:\Program Files (x86)\Skillbrains\Updater\info.xml"
        7⤵
        Executes dropped EXE
        Drops file in Program Files directory
        
        PID:2944
      - C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
        
        "C:\Program Files (x86)\Skillbrains\Updater\Updater.exe" -runmode=ping -url="http://updater.prntscr.com/getver/updater?ping=true"
        6⤵
        Executes dropped EXE
        
        PID:4940
        
        C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe
        
        "C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe" -runmode=ping -url="http://updater.prntscr.com/getver/updater?ping=true"
        7⤵
        Executes dropped EXE
        
        PID:428
  - - C:\Program Files (x86)\Skillbrains\Updater\updater.exe
      "C:\Program Files (x86)\Skillbrains\Updater\updater.exe" -runmode=addtask
      4⤵
      Executes dropped EXE
      PID:2260
    - - C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\updater.exe
        
        "C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\updater.exe" -runmode=addtask
        5⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:3120
  - - C:\Program Files (x86)\Skillbrains\Updater\updater.exe
      "C:\Program Files (x86)\Skillbrains\Updater\updater.exe" -runmode=addproduct -info="C:\Program Files (x86)\Skillbrains\lightshot\info.xml"
      4⤵
      Executes dropped EXE
      PID:1012
    - - C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\updater.exe
        
        "C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\updater.exe" -runmode=addproduct -info="C:\Program Files (x86)\Skillbrains\lightshot\info.xml"
        5⤵
        Executes dropped EXE
        
        PID:536
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://app.prntscr.com/thankyou_desktop.html#install_source=default
      4⤵
      Enumerates system info in registry
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      PID:3608
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xe8,0x108,0x7ffa320d46f8,0x7ffa320d4708,0x7ffa320d4718
        5⤵
        
        PID:3520
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,17221080451300789661,18168362665786845331,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
        5⤵
        
        PID:5164
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,17221080451300789661,18168362665786845331,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:5172
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,17221080451300789661,18168362665786845331,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
        5⤵
        
        PID:5184
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17221080451300789661,18168362665786845331,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
        5⤵
        
        PID:5452
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17221080451300789661,18168362665786845331,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
        5⤵
        
        PID:5460
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17221080451300789661,18168362665786845331,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
        5⤵
        
        PID:5928
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,17221080451300789661,18168362665786845331,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 /prefetch:8
        5⤵
        
        PID:5508
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,17221080451300789661,18168362665786845331,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 /prefetch:8
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:5668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=1652 --field-trial-handle=1908,i,18040406196256308981,16800546482169923984,131072 /prefetch:1
  2⤵
  PID:5600

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1192

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5444

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5628

C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
"C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe"
1⤵
- Executes dropped EXE
PID:5320
- C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exe
  "C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exe"
  2⤵
  - Executes dropped EXE
  PID:5248

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe

Filesize
854KB

MD5
fbe0664e1c333e36e3ce73d8bd5cc8a1

SHA1
d7f284e9a8d3a3b5a832c37b58382000b583fbc1

SHA256
c4ce15b1bc8adecbf20a655256aab267c1d72e7a33947598af48ea287cca5670

SHA512
7b7e34aa69e2e92590b79d2b9c9fd095d15fc5a2943335d0f59cdee15083a8bb1a66b669615ce716bb714a59a1be54e8fea88a5889bfa8e0371e7eb8902fa555

Download Submit
C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

Filesize
405KB

MD5
3ec8f4bd54ef439a8fab6467122da0c4

SHA1
ee2e65cbbaa22db70d89b85db28ee955d4db12f9

SHA256
a5e3bdc3b0b0bd6455892e23008161b5478b24f4fe1801f43a8a01cfff1bcba7

SHA512
0f50ce35241d5d55f0f3bae6fb38de39213a48d356478efac76c0292b286b58ddb855e130fd03bdf3cd63e141aa14ffd5318671e9885b2c17411f8ba3aba6189

Download Submit
C:\Program Files (x86)\Skillbrains\Updater\info.xml

Filesize
276B

MD5
466b19bc0b21fe6667778a0c114a9d25

SHA1
3b930a9a836f39467b7bfce4a35499fef7803c36

SHA256
efce940e2e2504326dce91e1112dc19c31a9de49f0fc34886389d36997594ef0

SHA512
1d995818bed8c356aa691ef19a6ce3df54c2fa08c086304f32b0f963934ca6402f1890bdd376d2cb411c58561e3740b73125a4cf0187ff49172d57b3b712028a

Download Submit
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\DXGIODScreenshot.dll

Filesize
93KB

MD5
25c632cd2f529ba142fa706205ac00c9

SHA1
495b777348d26e5fa75dfbf6b50498428fe7748b

SHA256
6acdcd817cc5df637aa4cd101c25c9e0a69c778347a7a40ce7511eeea26fd6f0

SHA512
606e9856eb8153f9dab7f4c23ff967b2d9ce9fcf1902823a424ca4b4ee0a4f1a95bfdd316356dd65831c494f7e74ec4562bf684ab6a20c3376abef8ff10f6c7a

Download Submit
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.dll

Filesize
490KB

MD5
f256a9c7e68a249fe760019d19c022ce

SHA1
5a6279ef4f82270b756053cd34bba96d7fe0ce05

SHA256
04a27f0d1e89341722461119e00a10e00ec2a52f5e305961161ec4378e610e93

SHA512
a97f1cd4554d59ee0d69df6ebfc234e025c5e6e64c057f28c62f3743c8ccf8b502ce3eafc437a34a492b6b590fe62591293e551d0e7db5b6036890a64e6d8de9

Download Submit
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exe

Filesize
487KB

MD5
1e1c83b9680029ad4a9f8d3b3ac93197

SHA1
fa7b69793454131a5b21b32867533305651e2dd4

SHA256
0b899508777d7ed5159e2a99a5eff60c54d0724493df3d630525b837fa43aa51

SHA512
fe6f8df3dbbcc7535ead60028ec3e45801a33ccc81c9137b2288bc0d18be42379564c907eb406ce9491f46930690efa9a86a9f6506414992b5dba75adb3d1136

Download Submit
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\EN.txt

Filesize
10KB

MD5
4d195562c84403dd347bd2c45403efc5

SHA1
4203bd1c9f0c0a2133ba7dc5ff1f9c86c942d131

SHA256
4a57246bd4ce9d387ec10f0ab2084c3d91e8463d03c1412f3665aee3885a85a5

SHA512
3de1ba358834c7d238e35f533a192c6e6e41fdf276a29b6714cf02636cad123eff571614a1185025757bec3e9f9f351d612598496600684e4ac676e576e8c601

Download Submit
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\uploader.dll

Filesize
215KB

MD5
08cf9e363d79c9379cabd75382131315

SHA1
22ce1f3506fc46976f2d5dcc5a5735ce8ede63bf

SHA256
037ee2f3243918fffa71b9e3fe0541245f75f89abcac0ccf2ea6a57020ddaad7

SHA512
cab0c8a5b8596054315c69f1ff858da1fad89ea1e3c28d4c90411c293b6b40438e2be67e029a51279637f2704e30903d0d4751e31fa1d1b2af0393af90c8907b

Download Submit
C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe

Filesize
221KB

MD5
62eb961457df016fa3949e9601a1a845

SHA1
0c0a5fa4f6cb9e18c0e3431d5e1bf45fd2e05352

SHA256
8d4c4bcf7d7aedf0480e3eaac52138e63724ae83c419de8a98d6ab32d1c93645

SHA512
fb4fcb6a3f5b7a3eb35a1689a0d15e3d8f9f520180d6cc57857b90b8af3d576da179c30c18019da5500f58d6f86c07645090e0c75accbd87257e1b73d291ae81

Download Submit
C:\Program Files (x86)\Skillbrains\lightshot\info.xml

Filesize
362B

MD5
105b94bb4070848b67cc3c23ab32afbf

SHA1
4ff607984309dd4b9c0ebc03a610d0022fd565c2

SHA256
f2cbf4e10f5f71841842c75ab97d2dc59a902a095e4ab54a25ad692c1d3aa1f0

SHA512
9007822bb83f56518570a8acb3b42a1ec79be26fc0dabc22ec40f569a725cbb4bff9b0801ec5e51af8753bce54474107582b72fc8f37e8e305e22255a0793041

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_7DAD5545724AA2C98C55095F428499FB

Filesize
1KB

MD5
91257ef15d38b8afcd5b848bdcaa19c4

SHA1
6c2ed17d691bb659c43ada8e5f4b1f3f4eff9fb8

SHA256
bfb4c76c7500ee4098f02ec0387eb074fb0f1e51c1c037f52173373b3c6e88ae

SHA512
899fe3f445097fed828c40fc5e9ffe8129096947788cf4fab6749f90c4ff4d2c20790ccd114bed9f5833cddd2914acf740ff915bbf4377c4579feb4f3c8dd1d8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\66F835E41EC6A985EB9271E4A70169D7_CF44E3C99F7F4AC558EEB35244F7E046

Filesize
1KB

MD5
219c022ba7bfc7ca2fb3877a9c0a180f

SHA1
5a1736acd9cc185abf883512c59a0c627f37a31e

SHA256
257db8b18ece8798c00344ff156e8ae1efddac887ca670b32948a92979f1ae8c

SHA512
2dc9b6f6a49a631116c90da1a189054b895455c5670bd8fa7f779d34e784a3ed601c57e79780442f0b0480bdd554c0962116df96de02c06cf883733aeee2ae9a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\81B9B36F9ABC4DA631A4713EE66FAEC6_5ABD7D01BC4734045B6B5D27402C000C

Filesize
940B

MD5
c731c3bbc54303f879ec4e8dcbef1720

SHA1
4a1d8f0d11710ad4a5dcedbdc575483bb91dabda

SHA256
289172fa1d30eea4ddb0231fc4f51743c4ce20b5b7e669d32d277978c271f6bf

SHA512
695d7290eb9b4bcdd0ac2e8f11ea86cd92d045aea1b8b8790e466b25d04d107c2f243a44156fc1fe7a0fcc8e660d7a28709d34af2918db205c5c5dc9ec338a18

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_7DAD5545724AA2C98C55095F428499FB

Filesize
512B

MD5
68f3edd0471fefc07a7d62a97c234b11

SHA1
6df0470245ed74845d06ce9a541e91e1b0cae07b

SHA256
cd866e2cc637be6ef2192ff3db7e126b4962d8e9f2e8c10c604870f326806daf

SHA512
ae8330d93cdc0891c4374639eb8943f8d24e2bf6d776991a7448c8f16f270318142428c101c800f61b4d669ad0622a48626ab120c307f15288341e614f466665

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_7DAD5545724AA2C98C55095F428499FB

Filesize
512B

MD5
65f82fc2ab8969a1c9a0b48b62e90b05

SHA1
6e45cbb84458fe9562157edf5fc33334fbe9d2e1

SHA256
575f173728759483571d7c5003f2accb91874bcbcc306728843ba5ee2d67dcb2

SHA512
f9ab703c8a295cb043607698b163767bc365a53456e5586766afea3a8d40ff3572344be1ea1b68fc7e6fd96d688e80b4752639f824ff43b9fecf3f61744194cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\66F835E41EC6A985EB9271E4A70169D7_CF44E3C99F7F4AC558EEB35244F7E046

Filesize
502B

MD5
ce57cc535fe0e7663198020c25347701

SHA1
da185385146f075c3c952e43a2d341bdfaee9ff2

SHA256
17dd9d119bf4be05c7b65fd51ec2a7d7db74a0af7fc9156c8cc1ed18bb116c1a

SHA512
a83af2d462a26644f0f02cda1ae6041e63644a92a7452aeaab002b318f4bb151b0b88654b849206ead03e2003f94caa5b1b6176f8831402be272f3d54a5f2079

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\66F835E41EC6A985EB9271E4A70169D7_CF44E3C99F7F4AC558EEB35244F7E046

Filesize
502B

MD5
3fe86d231f6e0fa183ad39e19810d924

SHA1
b9529c4f51eddf1ca1a949e131ed008b59a16489

SHA256
eaae5705eac48798bba6d9aa1452507dab51e785e638bd70722f17a342689705

SHA512
734b4cc40df436451fa33d58b81a33309a34e341dbabc999658f6684d491562d8de132e7855cf77bba70fbd99e545552056f0e3ea4cd97deacd0423927a2b36b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\81B9B36F9ABC4DA631A4713EE66FAEC6_5ABD7D01BC4734045B6B5D27402C000C

Filesize
520B

MD5
a6911cc58e496e9af44d4957b0b179e1

SHA1
b13e2ede7a989cc830ee2c92468fa4ced18ce32d

SHA256
91711d3fd77df7db7562f43b13bb80bcc599f0eb79e2b3f252caabf8926e38e0

SHA512
9f49243e24938f76b84d15c6d502c9250d15fff9880329a30bb0d9f3403b2e82976be67d4449635a7656d5ede8c2ad86f42c906e24cafdda306062e0b0c4afc4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
a5df7c3478d27bcd43108e9d5108400b

SHA1
b2fb0f5d9c5a21de6b4762bbdda98f48efd053fa

SHA256
026ab2993d9fefe9c76dc7e26e83b8c516424fcad9b1ca4d1402a3f3c7dbf931

SHA512
499c1646c09d7c366f7ad9cd866c4cd0f522ad9c9e97d524fa02d9f31e119cacdf6626a8e1a61e9ba8b471fac045aa2689810dfabc7fb1e47a9d8091fc2bfd6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
816B

MD5
96165488aa1b517e8d5fc3f954e18da3

SHA1
a403f89ff22a6bbe8db2aed1ef9e2b8f05ecf9a0

SHA256
199b45e4ff99d345ddb53d115dc722e5551a89c72d631bb77acedaf43c5896df

SHA512
d08ca8f3d8e1631dd4d3fc82461b4a6818bf8fa4012c93bb9a7d60ce896a12779a7b066d7c265d8e7206e222689c40e6e39496aca467b7cd39a7cdb4a089a56f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
372f6b0787e8909bbb0f21b8dd3b75f9

SHA1
dc227a9ecd64e9a63a9e597243de96a3a64ffd5d

SHA256
6c624f5270aa670a990528de894670bb5877419eae4bfc6275a73ebf1cf4e127

SHA512
148353d122da5a47d7e914a6edd3b49cff537187e3add58edf36b876b74cc257c519ff924a354eb1a964b1ac236609cb46c8c004485da003c993d898b877bcf9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
0b6cd6fad5a847d0b39734b844541597

SHA1
71a3548c612934dc78122e3825d0df24ef94bc28

SHA256
1e89a4b922a0a798ab6ffcea4d0897c5eb50173f72de75c42157de20c0370b1a

SHA512
1008471d53ca27490d874c3024f22270695d4c546102bee882ef0db448cd1dbec45a6ef95097694e4c933a3a7460e6267e545a2723f3a43fa77ed6ba15d11b0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
860B

MD5
5f16fd956ed3fe837eff380af7f10290

SHA1
66f007bbdfa7d30d4abb324c818bd7ba5de345ea

SHA256
f52a280c15b4d5c0eda792bab455d0f88c3847887a8190df02b24b1587f8d4ff

SHA512
2f9d9c51cf3437955763bb2901b3b6596b74d49020c25feb34e6fdbb0d6aa33e91a51126af5f047389e33c06b4a6303060142c86ee4fa1f56b1c489c8c15d5cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
860B

MD5
6f3e1b71edaf74d10c1e20caf1dc690b

SHA1
3c3db4ba02772b735e3b5602480109d9185d999b

SHA256
514ebfd24b4c847a4423ed8d0c129d0727122ade8711810e8a5c9426441b4a4c

SHA512
fd8ecdfcac1398b41c15e8f7267d216fc8bab67b7aabe6417d0b388bd62260ca545e5f9297dbe86e775ab087cf83a7c8ed12bda73c4ca037b3f2a529df201b87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
10ed14ede9240a7426b7966927e632a9

SHA1
1bec510a41173355a95227b077a9e2be609ec7fd

SHA256
4f561ff688ce1d82babd728bfa002714b99dd3b42d415005d18c1b1e0cd9a9b7

SHA512
8d761239f05cf170c19c46aa80e83e0db81c5811997bd98dcf29b53c9707a9a197214a3696e61c260a15935cce73d06638fdabfa3e0159ccad90c3fa23b28f2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
781c91e5016f02a19f5f752a0de92db2

SHA1
9127879f39a470663bf872858abe4354b4f9abbf

SHA256
a11c26d468049d94aa7117f8edcdf86b7270cd1e8cd4cf73bfd315071d92b21d

SHA512
77f8c051cac1aa3ae89feb2470226f51613a777c4626673aebbaa58649a1532f2d673a21656d497fafeab342ac6909e7eb941b8fe461ebde6d09d71cc735932b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
860B

MD5
4ec29d53e4b043071bc050c244cbad9d

SHA1
b36933f1a88155b39abe5d87c9564a2dcefcdcb6

SHA256
3a4917907a71bfbd9812a50c15554d45a9d95f95d7e4d6245ab3b53f66f875ef

SHA512
67c1ed0562403fcd7325c567303bc7ddc653e3033d577946f412d86f5ca479face9e4772a956a61222a59623d264c0afafe02ad1d7584997609092d27d8e3ad8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
4b3dd1d913f5ec2413a90391741b2da6

SHA1
b16a9e2469978e1178aa525881dc98e5f67dc7aa

SHA256
e9cb5a690b13ef1a7a84fa3158ca83123c45f0d46b69b5c2242914812fcc31ee

SHA512
1d9b00ffc9d224d1de0ddd6fa4a8c428d06be37242cd211eee40cb711a030d656e7f53c04a62fbaf86b560206a80f36ba165a161ae0c9357ceb0225eb3141f2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
5ded1db968b8bf13f9aee69c11e5141f

SHA1
b12ef47e01ff8204ab3fd375b4c9a75e63fb27cf

SHA256
06d14dca6b0de0e00c79091dbf324951d3a5240577787481b8886c190f7529cb

SHA512
679f87a374db865ba8436027636fedad085f811863f4247bccf54705cc7bd1046c01b9729bedcaba83117c6fca173b2816d1b8659c1d14eb58ea18e51cbaa944

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
6eda388682ce3470b6c4b9b12e40a9cf

SHA1
3acaf6049a302ff8ec7f245419b97faae8b2abfd

SHA256
fd17bb76caa959894d8341dd614673faabe1f8eaba630bf6b41146612fe4e13f

SHA512
5985ea40f878ebe4680f89e4d5cbb1eea6c801d5e7d0e35094a981b370f99461006489d9ac55b2a74eb5f5574cc3d69b19a9ae6fd971678518439ca6585239e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
b6f48def1ad0dc727f479ce8ffec8a6b

SHA1
488a3d7c23f20d7c90d9cd3010d31836d67b4028

SHA256
88b9c140ca5cdbc682401e0cd009ef606ef17510c596d69c12b629f720543aec

SHA512
ff657c31fa12c36894ac6002bbc33c3263739b9727aa255687ff9299087d47b2a6b390cd0bb6ce588b992c245e497f5e9178de97bec3c72a2d696160dd9f3a9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57538e.TMP

Filesize
120B

MD5
0d48708aba4bf8df617697461edd40d8

SHA1
31956d25f78c48941cf702eb34e3304089f83e56

SHA256
f6125e6866f90f45a1eb2262dde068d3ff19a9a8c8dc67cd634ffc17bd9ecc63

SHA512
5b3a239373b7f055bb6d8bc7ddb5d6ea3fdf10f77a3d74d3b6424171b34a533ec2f5ecf5ad4023c8620569a3e3241deee0fa4c5c595ac212676844dc5ecc1884

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
87b5600d22ef1d829ae8b70d4210ff90

SHA1
cec17f24ef1e37b08610dc6aeab59e2a5d224817

SHA256
f1b07971fcbcf4da61664df702c837f00cc5b1ba66669240e1b4cd0482dd8a83

SHA512
7f5ba8b191a7a0031330b92df49e22c7fdc09478d6fcd82feda9218977466fb66b47f19193be0b4f064f76d329faa024532d77ab75896ed47973c1fc8fb1feb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
c7348c8eaee19a605bdac503fcf23218

SHA1
3aab24e1b153786d2066e7639b7b6b34e155113a

SHA256
3e03172b7bb1f9d655aa11f4495fb88bf9153ead8576366e65abca3fdf1e0bba

SHA512
7afca500f27fc7fc2de21c62d48cfbd656bcbb9bdb116c5de90e7e3a47a8421ec380d86899e1e91e983d3546c3ad9b2d1f49c30f5f2afd90875b018b339c6cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
2063c200e0c1c72cfd63ab560f22d522

SHA1
893ce21c822b6225ae76d7ad1fcb958a6c9044f7

SHA256
da60f4435636eaaa6aec6d986dcbb6b255f9ceddd90ac31aa49aaf1027a6da4f

SHA512
9a8f8ec5e1544dcb413535b711bce794cd57ad911f1f6bd7d78ee35d73d40006304be6b86b27ddb091c27b29ad0678b702875622f49a274583ed96a566d1702e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
0286e63f6194c106fe66ecf6919f2f94

SHA1
dae05e61c0f4adfe65ffb1a88814ae0e288266ef

SHA256
b00e9a0f498a1adda527f6b95347df5d79e5bab5de1733228de17b3fe59a75a4

SHA512
fd89d4bd48ccf54491223bc3639a0c270799816475aa23af669e33769a3b706f3463e6cb8e6ddf8e854b30c6fd6b620df4a93d6cc00d6e651d8eef0cc1749e75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
bcbdf02090eedda3be88fb3f51aeb8d8

SHA1
add5a3eed464aea6b1191d4b723e45414a7e945a

SHA256
387aa6e1d505cb0f22db2912916fec10a7e58355f130a55a40728e8cab51db09

SHA512
6dc27b7b2ee5f842d2de22ba935766f1bf15634ede8ead695e0ea686e369bcf61d0c2e0b1d9ac7d476628971e03ced17a5bbfbde1c89ddb4dcc60c0b3863a922

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
791b30a1fc857f4d10239872f32bff4c

SHA1
54b9ef690432c10708695ddc9aed326f915e243b

SHA256
ed7d54c28f909f0e106fbe94f24839e7e0ce3966123cc58e97af20ec187c1ce5

SHA512
6a735d6acc20398925efeeb1ea0b76a80546d02d11c51e7740dc33661735567b400a9a1fc0ab276e6f8f9d6336dad9068580c8cb1790173b5f4fd147f461d5d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
871B

MD5
73dee5a7e30e940e92e99867ff7c4298

SHA1
59fc5d2824c7cb0317b0a0f3e4ea86606b4a5be5

SHA256
dd10b7157b145ce8951bcf8cd86cd6bb8707bb7f6aa5df7c1a639b9d5e40dac2

SHA512
4e9e0b2be80e2d92acf440875aa7e1b1438863e60531d6e140510d72cbd72a46c1a2a47960c2b5eb7bb39bd3e47e2785ac0b5b99eb65efa6317c92756f67257f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5e68be6c6f7b0d7e496b02e89612177b

SHA1
f3e1ff5e4941265bed3ebfe0cdc65c44e9c61ce6

SHA256
37530b8abb6506e13824d145df8884f2f09b1959bde2421de98d8be85e3f8938

SHA512
02b8a28d00564c1989ca4103b1d38567cce577aab1012d031d8708de428105017760ec5764698c57da29a90fcb022ad04b076e80c212f284af1f81582325a0cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
bc3b1fbdf9bf4c39a21d824f8692b0d5

SHA1
574bcafc8e3144df7d2b403b47042899c3ff1346

SHA256
6159c61cb090ae404a0a87fad31d5c71394496e8a815ae7b3263766097ec1506

SHA512
72e20df954258dfb7b9f2d0432f28df8c27ba72da9800fdad07ebfbcaca88f5ec901ea3245bb1cc38f3fd22d57a8ac2157527ff4212c70975c7d3efd53006d24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6f15010eb4575e8c258909289c5b4c5c

SHA1
6cf85332b8b4b963af98c27c117df1fe225db4bc

SHA256
30e0fbcf7761cbcb4de9eca26d403d1378105e10647867e3ff537c3288715efb

SHA512
52ac0ba4701476da5cfa4766c75fb079a81b5c8d7828a32afac90402ca512358b80e14c6a0cf24e067b2c086ae174a43c02a0f6554a0f530e4b2a5c8db092232

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1e4e1381d3300eaa3ebcdeae980766f0

SHA1
bf47898f2361e569a1bdb4bbb217b22ce20a494e

SHA256
aa354ddc2810d16d385f9386f1c0eae0cd4f16d6b831744d0a7487ea46ff2680

SHA512
103cc3a7b6c5bc89cf64ef490cf6933e4010c36d91b3176bb1c3117d4730a4297033f52ddfd73bc07b5c42ce635863a73452cb745f51b32eb03a4492290d930a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
cec2e2d4bd99ebe0c3dfe2bd3196626b

SHA1
63864e4bd4d953b971133eac98b8f74288b048e6

SHA256
3e5ebd5fcb030489005e2d13e32809b2663267475ce6abfeacb616c149fb37c5

SHA512
794870638f4f4edd0cd32f24f241c5d59a3771ad82f6a36f81d9098726b4c60ce53c67450cd6ae40dc0112880a7036b99138060831fa8c9d43d7b1178d697a1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9O7X9C7J\1[1].gif

Filesize
43B

MD5
df3e567d6f16d040326c7a0ea29a4f41

SHA1
ea7df583983133b62712b5e73bffbcd45cc53736

SHA256
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

SHA512
b2ca25a3311dc42942e046eb1a27038b71d689925b7d6b3ebb4d7cd2c7b9a0c7de3d10175790ac060dc3f8acf3c1708c336626be06879097f4d0ecaa7f567041

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9O7X9C7J\__utm[1].gif

Filesize
35B

MD5
28d6814f309ea289f847c69cf91194c6

SHA1
0f4e929dd5bb2564f7ab9c76338e04e292a42ace

SHA256
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

SHA512
1d68b92e8d822fe82dc7563edd7b37f3418a02a89f1a9f0454cca664c2fc2565235e0d85540ff9be0b20175be3f5b7b4eae1175067465d5cca13486aab4c582c

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-8AUJ3.tmp\setupupdater.exe

Filesize
865KB

MD5
843d23f6aab075a3c032b06d30ce9c5d

SHA1
8e9f98e609db50ee6167a76b6ae1ca7886e6c866

SHA256
088f048ee972ef80bd527e301431c1ad7e46d0c994ad8a2b586c4fa6d86ac399

SHA512
101cc5a0a5c927adac497cf901ebfcb73bd92eec0b8855c8fa0aab0bb0411dcb5cc3271b6f73c0fdf6238a21df30871afcddf5bd8f0164ddaf8acd72d14a7db4

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-AN0NN.tmp\setupupdater.tmp

Filesize
1.1MB

MD5
3613e29d2a7b90c1012ec676819cc1cd

SHA1
a18f7ab9710eefa0678981b0be9a429dc6f98d28

SHA256
fb5761640bb6d375345b780df0f1811f6ae6a1ddeae7c948299379f8bca822c8

SHA512
837f3aedcfd81cfc0fcebc9e135f72a55c0cac10860ca78d57cd910d6f039afd500bbbff1481637f21912e5eacbdbebfdc3a3bb8133db2cb37f444ef87e6347b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-C13BO.tmp\setup-lightshot.tmp

Filesize
1.5MB

MD5
c6bffd4da620b07cb214f1bd8e7f21d2

SHA1
054221dc0c8a686e0d17edd6e02c06458b1395c3

SHA256
55dbb288d5df6df375487bae50661dbf530fd43a7e96017b7183a54db8fc376a

SHA512
91e50df87a6e42b01e24accead25726047a641c3960fa3336f560168ed68356e6992d289a0a71b629d74ad7b00bbdbf7e6e909a4c8b5b1616fbf3b0cc63210ab

Download Submit
C:\Users\Admin\AppData\Local\updater.log

Filesize
3B

MD5
ecaa88f7fa0bf610a5a26cf545dcd3aa

SHA1
57218c316b6921e2cd61027a2387edc31a2d9471

SHA256
f1945cd6c19e56b3c1c78943ef5ec18116907a4ca1efc40a57d48ab1db7adfc5

SHA512
37c783b80b1d458b89e712c2dfe2777050eff0aefc9f6d8beedee77807d9aeb2e27d14815cf4f0229b1d36c186bb5f2b5ef55e632b108cc41e9fb964c39b42a5

Download Submit
C:\Users\Admin\Downloads\setup-lightshot.exe

Filesize
2.7MB

MD5
a1f6923e771b4ff0df9fec9555f97c65

SHA1
545359cd68d0ee37f4b15e1a22c2c9a5fda69e22

SHA256
928c2808421dfd487ffa697379548cbe682c0e13aeb595eb89973ba9c515b8a1

SHA512
c9e54f48208151dcf60bf049d09a5c69f6ef7e4f046359fdfd50c61d49a6f9a37c3d3a2016d4beb70ae47270e9e9689e03064c02bee1e1d3d95998000e47f153

Download Submit
memory/712-704-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/712-152-0x0000000000401000-0x0000000000412000-memory.dmp

Filesize
68KB

Download
memory/712-149-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/712-531-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/1596-703-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/1596-688-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/1596-532-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/1596-156-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2324-403-0x0000000000400000-0x000000000052D000-memory.dmp

Filesize
1.2MB

Download
memory/3276-344-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3276-405-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download