hxxps://filebin[.]net/p3xcxmv8d24c1e6p

Analysis

max time kernel
115s
max time network
116s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
13/06/2024, 16:28

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://filebin.net/p3xcxmv8d24c1e6p

Score

8^/10

vmprotect

Malware Config

Signatures

Downloads MZ/PE file

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
behavioral1/files/0x0007000000023596-436.dat	vmprotect

Suspicious use of NtSetInformationThreadHideFromDebugger 10 IoCs

pid	Process
536	PaperCraneLauncher.vmp.exe
536	PaperCraneLauncher.vmp.exe
1428	PaperCraneLauncher.vmp.exe
1428	PaperCraneLauncher.vmp.exe
3204	PaperCraneLauncher.vmp.exe
3204	PaperCraneLauncher.vmp.exe
4904	PaperCraneLauncher.vmp.exe
4904	PaperCraneLauncher.vmp.exe
864	PaperCraneLauncher.vmp.exe
864	PaperCraneLauncher.vmp.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133627697369315486"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 56 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e8005398e082303024b98265d99428e115f0000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616193"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe100000002f0283c647bcda015f7d83854ebcda0144f0d4d4aebdda0114000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\NodeSlot = "2"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616193"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2124	chrome.exe
2124	chrome.exe
536	PaperCraneLauncher.vmp.exe
536	PaperCraneLauncher.vmp.exe
1428	PaperCraneLauncher.vmp.exe
1428	PaperCraneLauncher.vmp.exe
3204	PaperCraneLauncher.vmp.exe
3204	PaperCraneLauncher.vmp.exe
4904	PaperCraneLauncher.vmp.exe
4904	PaperCraneLauncher.vmp.exe
864	PaperCraneLauncher.vmp.exe
864	PaperCraneLauncher.vmp.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe

Suspicious use of SetWindowsHookEx 16 IoCs

pid	Process
536	chrome.exe
536	PaperCraneLauncher.vmp.exe
536	PaperCraneLauncher.vmp.exe
536	PaperCraneLauncher.vmp.exe
1428	PaperCraneLauncher.vmp.exe
1428	PaperCraneLauncher.vmp.exe
1428	PaperCraneLauncher.vmp.exe
3204	PaperCraneLauncher.vmp.exe
3204	PaperCraneLauncher.vmp.exe
3204	PaperCraneLauncher.vmp.exe
4904	PaperCraneLauncher.vmp.exe
4904	PaperCraneLauncher.vmp.exe
4904	PaperCraneLauncher.vmp.exe
864	PaperCraneLauncher.vmp.exe
864	PaperCraneLauncher.vmp.exe
864	PaperCraneLauncher.vmp.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2124 wrote to memory of 4568	2124	chrome.exe	81
PID 2124 wrote to memory of 4568	2124	chrome.exe	81
PID 2124 wrote to memory of 4432	2124	chrome.exe	83
PID 2124 wrote to memory of 4432	2124	chrome.exe	83
PID 2124 wrote to memory of 4432	2124	chrome.exe	83
PID 2124 wrote to memory of 4432	2124	chrome.exe	83
PID 2124 wrote to memory of 4432	2124	chrome.exe	83
PID 2124 wrote to memory of 4432	2124	chrome.exe	83
PID 2124 wrote to memory of 4432	2124	chrome.exe	83
PID 2124 wrote to memory of 4432	2124	chrome.exe	83
PID 2124 wrote to memory of 4432	2124	chrome.exe	83
PID 2124 wrote to memory of 4432	2124	chrome.exe	83
PID 2124 wrote to memory of 4432	2124	chrome.exe	83
PID 2124 wrote to memory of 4432	2124	chrome.exe	83
PID 2124 wrote to memory of 4432	2124	chrome.exe	83
PID 2124 wrote to memory of 4432	2124	chrome.exe	83
PID 2124 wrote to memory of 4432	2124	chrome.exe	83
PID 2124 wrote to memory of 4432	2124	chrome.exe	83
PID 2124 wrote to memory of 4432	2124	chrome.exe	83
PID 2124 wrote to memory of 4432	2124	chrome.exe	83
PID 2124 wrote to memory of 4432	2124	chrome.exe	83
PID 2124 wrote to memory of 4432	2124	chrome.exe	83
PID 2124 wrote to memory of 4432	2124	chrome.exe	83
PID 2124 wrote to memory of 4432	2124	chrome.exe	83
PID 2124 wrote to memory of 4432	2124	chrome.exe	83
PID 2124 wrote to memory of 4432	2124	chrome.exe	83
PID 2124 wrote to memory of 4432	2124	chrome.exe	83
PID 2124 wrote to memory of 4432	2124	chrome.exe	83
PID 2124 wrote to memory of 4432	2124	chrome.exe	83
PID 2124 wrote to memory of 4432	2124	chrome.exe	83
PID 2124 wrote to memory of 4432	2124	chrome.exe	83
PID 2124 wrote to memory of 4432	2124	chrome.exe	83
PID 2124 wrote to memory of 4432	2124	chrome.exe	83
PID 2124 wrote to memory of 2880	2124	chrome.exe	84
PID 2124 wrote to memory of 2880	2124	chrome.exe	84
PID 2124 wrote to memory of 1972	2124	chrome.exe	85
PID 2124 wrote to memory of 1972	2124	chrome.exe	85
PID 2124 wrote to memory of 1972	2124	chrome.exe	85
PID 2124 wrote to memory of 1972	2124	chrome.exe	85
PID 2124 wrote to memory of 1972	2124	chrome.exe	85
PID 2124 wrote to memory of 1972	2124	chrome.exe	85
PID 2124 wrote to memory of 1972	2124	chrome.exe	85
PID 2124 wrote to memory of 1972	2124	chrome.exe	85
PID 2124 wrote to memory of 1972	2124	chrome.exe	85
PID 2124 wrote to memory of 1972	2124	chrome.exe	85
PID 2124 wrote to memory of 1972	2124	chrome.exe	85
PID 2124 wrote to memory of 1972	2124	chrome.exe	85
PID 2124 wrote to memory of 1972	2124	chrome.exe	85
PID 2124 wrote to memory of 1972	2124	chrome.exe	85
PID 2124 wrote to memory of 1972	2124	chrome.exe	85
PID 2124 wrote to memory of 1972	2124	chrome.exe	85
PID 2124 wrote to memory of 1972	2124	chrome.exe	85
PID 2124 wrote to memory of 1972	2124	chrome.exe	85
PID 2124 wrote to memory of 1972	2124	chrome.exe	85
PID 2124 wrote to memory of 1972	2124	chrome.exe	85
PID 2124 wrote to memory of 1972	2124	chrome.exe	85
PID 2124 wrote to memory of 1972	2124	chrome.exe	85
PID 2124 wrote to memory of 1972	2124	chrome.exe	85
PID 2124 wrote to memory of 1972	2124	chrome.exe	85
PID 2124 wrote to memory of 1972	2124	chrome.exe	85
PID 2124 wrote to memory of 1972	2124	chrome.exe	85
PID 2124 wrote to memory of 1972	2124	chrome.exe	85
PID 2124 wrote to memory of 1972	2124	chrome.exe	85
PID 2124 wrote to memory of 1972	2124	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://filebin.net/p3xcxmv8d24c1e6p
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffee96ab58,0x7fffee96ab68,0x7fffee96ab78
  2⤵
  PID:4568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1688 --field-trial-handle=1916,i,13663818538981757061,15861190078808513817,131072 /prefetch:2
  2⤵
  PID:4432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1916,i,13663818538981757061,15861190078808513817,131072 /prefetch:8
  2⤵
  PID:2880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2264 --field-trial-handle=1916,i,13663818538981757061,15861190078808513817,131072 /prefetch:8
  2⤵
  PID:1972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2980 --field-trial-handle=1916,i,13663818538981757061,15861190078808513817,131072 /prefetch:1
  2⤵
  PID:1888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2992 --field-trial-handle=1916,i,13663818538981757061,15861190078808513817,131072 /prefetch:1
  2⤵
  PID:3120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4348 --field-trial-handle=1916,i,13663818538981757061,15861190078808513817,131072 /prefetch:8
  2⤵
  PID:4196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4628 --field-trial-handle=1916,i,13663818538981757061,15861190078808513817,131072 /prefetch:8
  2⤵
  PID:3672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4952 --field-trial-handle=1916,i,13663818538981757061,15861190078808513817,131072 /prefetch:1
  2⤵
  PID:832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4904 --field-trial-handle=1916,i,13663818538981757061,15861190078808513817,131072 /prefetch:1
  2⤵
  PID:968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5200 --field-trial-handle=1916,i,13663818538981757061,15861190078808513817,131072 /prefetch:8
  2⤵
  PID:1488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5368 --field-trial-handle=1916,i,13663818538981757061,15861190078808513817,131072 /prefetch:8
  2⤵
  PID:4884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3392 --field-trial-handle=1916,i,13663818538981757061,15861190078808513817,131072 /prefetch:8
  2⤵
  PID:4480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5304 --field-trial-handle=1916,i,13663818538981757061,15861190078808513817,131072 /prefetch:1
  2⤵
  PID:1580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3984 --field-trial-handle=1916,i,13663818538981757061,15861190078808513817,131072 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4224 --field-trial-handle=1916,i,13663818538981757061,15861190078808513817,131072 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4112 --field-trial-handle=1916,i,13663818538981757061,15861190078808513817,131072 /prefetch:8
  2⤵
  PID:4960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3392 --field-trial-handle=1916,i,13663818538981757061,15861190078808513817,131072 /prefetch:8
  2⤵
  PID:3204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2732 --field-trial-handle=1916,i,13663818538981757061,15861190078808513817,131072 /prefetch:1
  2⤵
  PID:2536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 --field-trial-handle=1916,i,13663818538981757061,15861190078808513817,131072 /prefetch:8
  2⤵
  PID:992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5356 --field-trial-handle=1916,i,13663818538981757061,15861190078808513817,131072 /prefetch:8
  2⤵
  PID:4352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4260 --field-trial-handle=1916,i,13663818538981757061,15861190078808513817,131072 /prefetch:8
  2⤵
  PID:3944

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4564

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3716

C:\Users\Admin\AppData\Local\Temp\Temp1_PaperCraneLauncher.vmp.zip\PaperCraneLauncher.vmp.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_PaperCraneLauncher.vmp.zip\PaperCraneLauncher.vmp.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:536

C:\Users\Admin\AppData\Local\Temp\Temp1_PaperCraneLauncher.vmp.zip\PaperCraneLauncher.vmp.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_PaperCraneLauncher.vmp.zip\PaperCraneLauncher.vmp.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1428

C:\Users\Admin\Downloads\PaperCraneLauncher.vmp.exe
"C:\Users\Admin\Downloads\PaperCraneLauncher.vmp.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3204

C:\Users\Admin\Downloads\PaperCraneLauncher.vmp.exe
"C:\Users\Admin\Downloads\PaperCraneLauncher.vmp.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4904

C:\Users\Admin\Downloads\PaperCraneLauncher.vmp.exe
"C:\Users\Admin\Downloads\PaperCraneLauncher.vmp.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\391444c7-efd6-4a54-9c05-6822bfab9eef.tmp

Filesize
7KB

MD5
f2704d79ca233a9b810caa795f3ad097

SHA1
7da881fb77bad46779460624aa5182b6c709c4a0

SHA256
c104ea6161856f4853d193c1b48e0251819cfd2834ac6f31a709f3acc0df8650

SHA512
0f0eb677cdf9dc526c18b34a83a8317ef80bf0a217ba7bb7f7ff0d48581091c77722c778c93023846602a5eb14bb1ee695a728737c526e8dcb85a93eec08cf91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
390739e024e510df228568cda9acf405

SHA1
fc6ef812e24644112f794b2b7d60b7d55704d861

SHA256
05b1be8bae56900dc0148d11d1caede26f1bf3f86ebfe56e2c5c7d6003e2e492

SHA512
f0aa9a40ee388683474c9789bbd4717974f31fb593249e0e3a4b40f1700e3441c0660b37fcc25fb62f71219eb2ddd75bc349bfd719fc7558a87897e0558ab89d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
49ba8b3d3ad1cfdb9baa777ced26faa0

SHA1
01c02416eac0aab2403cd5dae8eee9dd33919a70

SHA256
191f961ee8f16b800e16f2f83fbdea8d90542e71c79e0b80284043db6bf71f66

SHA512
60ae11b8e7c3b6bbb9257629382df9d87c77636ada07446f25163337bd5f33a6e64900f337173f2556557cecd4bb84d08876121cdd5e4f990a3ed21db71c856d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
857B

MD5
482f8b2e8a8885cb6b5e5cebb03c6933

SHA1
262d9f3b37f82d45ff70dd27c48c57db00bb88cc

SHA256
bf1398553c0a28ee0586a1320d6ba0afe0c566a17c2f1dc9576ebd80dd72e6c6

SHA512
b167cef47ededeb2120c0522fc576f0ab87307f47ada9d6f6c9a73c0614e744922b2de742fc5db81a3d13363ea0eb6b75d0b3989e765755bd57dc6f477de3bc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
28013647987b96dc997c120409eb96ca

SHA1
2e792dc39187c0c4994b284bd3f01a3fcd30ad42

SHA256
ae0ba2065bdc87f0bfce4d1e905c1489badf612a1609e2d97316b2df248f9a90

SHA512
992ed0d0106979f4e62d6b42e899d860e2b47e71d8d9f102b7ff437984043d33e1c34d90c48c872b55fb39a7019e0f3e36770be894d845782306b6023a8e95d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
8be14fc40fa3cecc040951c599c764a0

SHA1
355f9017d44506ea21613dad01dd9adae237a105

SHA256
52cd4cb4afd1ac5bf2e76921f033f8c26ac356325640803843bc4fd299f04d9c

SHA512
7f19102c52ebec90986f900d39206f4af665b29c1f28c4993cfedaeac9b8c38c898630feca5af9ecadbfe6555fba0acd06fc66322987a7e4e10f8e98ff1ce20f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
389525390acb6f7529401ce1850f8cec

SHA1
feb782adf16c86325a317d5660fed29a8d23d26d

SHA256
35357f0385103e0fbc1eb364b93f07c34b930ca523f2abe89616f0cdf01ae45d

SHA512
d72ba2505b10aaca39b559848dec72d90cd8e6af3b8f4209c8388e04345008cbbff442184dda8c92cedecf154e0699345a99e2e0a2b667679f728b0bdc6fb75d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
76a983bbe6d437808d430cfaa3128e6d

SHA1
02cfab8757a3ff24912cca0704f2c54491b280f8

SHA256
cf07c240a720aad36cab609432289e2928d97d61346f1da172363607f9cc77a1

SHA512
dc8a873fca3f98622c623ee1ba7fb2df83d6b47f553a794d2c650944c74ce00678514a4e7afd0a459ff0d6297ae7c2aa20d14444b1df5da346397b7957624275

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
206eccdb21cae2e1a1b82e61ea1e6dc2

SHA1
d0bc126d2774a82f352fd726e4931fddf516f1cc

SHA256
b4f19c1a4536f66136beb6288afdea8013a9fab4ee7afbedb82a7b9f8ebeb9c1

SHA512
ebe9b9311fa73d7f00b321786d6ca952a3a3d9e87c2fa19a9f7476cb4512e6c0f883a4a016883666752c1a79b145cbb15dc89af6387ea320a2befcd0c6e4a715

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
f745de9fba58455df930457d627e05cb

SHA1
1c68043c31cc83cc0e6ae62a76fbbcbb8cbf7326

SHA256
20337f20506e9ef1f59601f5f9ddf407c028b99510b8d35d9c2e6522d311fe11

SHA512
630ee3c74143e84d9d2dc5b3cd4dfb0678caeac0791d77ae499a7d2b25d92ccf5ccedb3ded27c46573581b50a2c0e7d4e739af4813b324fa9a84147ce2c1e425

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
97KB

MD5
b2c501bd4fb96ad60e2d1c607c236628

SHA1
0e9437c2b0847c8e9c5067bdf336b46856397a5f

SHA256
4910202c54ee6a9f1890bfe352003001ed05d73e7bca5857a9b104af1bed633c

SHA512
f86fe988b0fbf496a740988b946f99a895ebc6190e65b018856ba572c855ae9897cd9139937190042c4d42b47a96fe0b682112ee37ab0fb7042b350a023b2481

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58394b.TMP

Filesize
94KB

MD5
aeab2838910d7e85a160e0405fff5367

SHA1
371687bb3cc4e3c76dbcd7690f7cb0a1f75b133e

SHA256
226880ba8eaf3851c052f27d5186151cdef47d904eec210be6a17260532bf126

SHA512
277ab7a8e64692b4502c036462cbae68639b41e0d06616ff7f8d2a3ca1361fae3d31bcc20181290b5efd58b39ea6ef37a30cc859cda631be6da405b462bca43a

Download Submit
C:\Users\Admin\Downloads\PaperCraneLauncher.vmp.rar

Filesize
22.2MB

MD5
3a4f1f73eaa7b8c6d80b72055fc69dc0

SHA1
f6416375a6c54c828502ce855aff9b158e8a9e02

SHA256
6cb06dcc01926191b6046285173a5aa2d661e0f5ccc8c50dd41732bb41a46bcc

SHA512
49ff6f0530e998613b9dc27ad57309beb5082900b2416a758f52c0b4b9b1410ae0ae93a58e31b1f1d8f8da794c05386039f55284daac9348d2a12133ec064762

Download Submit
C:\Users\Admin\Downloads\PaperCraneLauncher.vmp.zip.crdownload

Filesize
22.7MB

MD5
69739593b97d669007ef842541876e55

SHA1
6b80551c5ac00d9a72757e82845ceba13a125645

SHA256
e675d8f16b70d7237145ff07c64d0e633e304dd5774a2e6f8b9a81f05778baec

SHA512
a7747d968e3969ad3c17b911c51c5b84f40db7289f1dca0a2eef24e7a03f4a75d1bb7c15dd573343d820b7a713f7707b6a4353a5ccabf43a5bd6e6ab7ce7a7df

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 222545.crdownload

Filesize
4.9MB

MD5
c01c4d326d65d94e05361c30821b2dbd

SHA1
16c0e2a2dff1e06cbdc5036d13a7444edc469193

SHA256
6a79b18a0b6ce048bd93586272612296073c5b7c252e13f378914a9d2d7fc9a2

SHA512
69ef9d5870d76e8175f5749b8ab24e9574c021fa8c2a0b0ea088bcd2ad93373efac252295395eb6f0d5896474d9f22275948dd79baded12a634e97e72f50abed

Download Submit
memory/536-263-0x0000000140333000-0x000000014138F000-memory.dmp

Filesize
16.4MB

Download
memory/536-264-0x0000000140000000-0x0000000142C75000-memory.dmp

Filesize
44.5MB

Download
memory/536-239-0x0000000140333000-0x000000014138F000-memory.dmp

Filesize
16.4MB

Download
memory/536-241-0x00007FFFFDAA0000-0x00007FFFFDAA2000-memory.dmp

Filesize
8KB

Download
memory/536-242-0x0000000140000000-0x0000000142C75000-memory.dmp

Filesize
44.5MB

Download
memory/536-283-0x0000000140000000-0x0000000142C75000-memory.dmp

Filesize
44.5MB

Download
memory/536-240-0x00007FFFFDA90000-0x00007FFFFDA92000-memory.dmp

Filesize
8KB

Download
memory/536-243-0x0000000140000000-0x0000000142C75000-memory.dmp

Filesize
44.5MB

Download
memory/864-358-0x0000000140000000-0x0000000142C75000-memory.dmp

Filesize
44.5MB

Download
memory/1428-286-0x0000000140000000-0x0000000142C75000-memory.dmp

Filesize
44.5MB

Download
memory/3204-313-0x0000000140000000-0x0000000142C75000-memory.dmp

Filesize
44.5MB

Download
memory/4904-335-0x0000000140000000-0x0000000142C75000-memory.dmp

Filesize
44.5MB

Download