discordrat | 66d1b7730d226aeea411fedb685fd3ce9c4e5cdd11d7367db4abc0ec5c625ea0

Analysis

max time kernel
478s
max time network
481s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
02-07-2024 18:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

file.html
Size

312KB
MD5

a85e8c872d3bd4a0d870d0ace8ac55af
SHA1

88c7c98e1e815678c2c3301bde54652da17e2962
SHA256

66d1b7730d226aeea411fedb685fd3ce9c4e5cdd11d7367db4abc0ec5c625ea0
SHA512

6358fa1395c27784e0622b52e681eacf736467afa6b6f3a98cc05ea5845cfeaee30699b789c8ffef44a562500b52c055f16fca0fe887f6d30c33c80ee58b9613
SSDEEP

3072:6ipgAkHnjPIQ6KSEc/iHfPaW+LN7DxRLlzglKnViNk:TgAkHnjPIQBSEz/PCN7jBnViNk

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI1Njk2MTU3MDM0MTI2MTM0Mw.G2jsSE.fwfDhga89T38Vkr6KKPeUy8EFRSYPByb0GnYBY
server_id
1256961368641372210

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Enumerates VirtualBox DLL files 2 TTPs 4 IoCs

File and Directory Discovery

T1083

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
File opened (read-only)	C:\windows\system32\vboxhook.dll	Engine - Clean.exe
File opened (read-only)	C:\windows\system32\vboxmrxnp.dll	Engine - Clean.exe
File opened (read-only)	C:\windows\system32\vboxhook.dll	Engine - Clean.exe
File opened (read-only)	C:\windows\system32\vboxmrxnp.dll	Engine - Clean.exe

Executes dropped EXE 3 IoCs

pid	Process
6388	runtime_fixed.exe
5636	runtime_fixed.exe
4544	runtime_fixed.exe

Loads dropped DLL 64 IoCs

pid	Process
4044	Engine - Clean.exe
4044	Engine - Clean.exe
4044	Engine - Clean.exe
4044	Engine - Clean.exe
4044	Engine - Clean.exe
4044	Engine - Clean.exe
4044	Engine - Clean.exe
4044	Engine - Clean.exe
4044	Engine - Clean.exe
4044	Engine - Clean.exe
4044	Engine - Clean.exe
4044	Engine - Clean.exe
4044	Engine - Clean.exe
4044	Engine - Clean.exe
4044	Engine - Clean.exe
4044	Engine - Clean.exe
4044	Engine - Clean.exe
4044	Engine - Clean.exe
4044	Engine - Clean.exe
4044	Engine - Clean.exe
4044	Engine - Clean.exe
4044	Engine - Clean.exe
4044	Engine - Clean.exe
4044	Engine - Clean.exe
4044	Engine - Clean.exe
4044	Engine - Clean.exe
4044	Engine - Clean.exe
4044	Engine - Clean.exe
4044	Engine - Clean.exe
4044	Engine - Clean.exe
4044	Engine - Clean.exe
4044	Engine - Clean.exe
4044	Engine - Clean.exe
4044	Engine - Clean.exe
4044	Engine - Clean.exe
4044	Engine - Clean.exe
4044	Engine - Clean.exe
4044	Engine - Clean.exe
4044	Engine - Clean.exe
4044	Engine - Clean.exe
4044	Engine - Clean.exe
4044	Engine - Clean.exe
4044	Engine - Clean.exe
4044	Engine - Clean.exe
4044	Engine - Clean.exe
4044	Engine - Clean.exe
4044	Engine - Clean.exe
4044	Engine - Clean.exe
4044	Engine - Clean.exe
4044	Engine - Clean.exe
4044	Engine - Clean.exe
4044	Engine - Clean.exe
4044	Engine - Clean.exe
4044	Engine - Clean.exe
4044	Engine - Clean.exe
4044	Engine - Clean.exe
4044	Engine - Clean.exe
4044	Engine - Clean.exe
4044	Engine - Clean.exe
4044	Engine - Clean.exe
4044	Engine - Clean.exe
4044	Engine - Clean.exe
4044	Engine - Clean.exe
4044	Engine - Clean.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 10 IoCs

Web Service

T1102

flow	ioc
816	discord.com
793	discord.com
794	discord.com
799	discord.com
802	discord.com
813	discord.com
797	discord.com
800	discord.com
804	discord.com
815	discord.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133644194683933202"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe10000000534faf642ebcda01fe958c3136bcda01616b7ebeb0ccda0114000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Downloads"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Downloads"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0000000001000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2080292272-204036150-2159171770-1000\{D73D49C0-33C6-4DE5-A355-F2B0E1DBB86F}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\NodeSlot = "5"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000000000001000000ffffffff	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "6"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Documents"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\MRUListEx = ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	chrome.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
4344	chrome.exe
4344	chrome.exe
2116	chrome.exe
2116	chrome.exe
4044	Engine - Clean.exe
4044	Engine - Clean.exe
4044	Engine - Clean.exe
4044	Engine - Clean.exe
4044	Engine - Clean.exe
4044	Engine - Clean.exe
5368	Engine - Clean.exe
5368	Engine - Clean.exe
5368	Engine - Clean.exe
5368	Engine - Clean.exe
5368	Engine - Clean.exe
5368	Engine - Clean.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 57 IoCs

pid	Process
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
6012	chrome.exe
6104	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4344 wrote to memory of 1676	4344	chrome.exe	83
PID 4344 wrote to memory of 1676	4344	chrome.exe	83
PID 4344 wrote to memory of 4376	4344	chrome.exe	84
PID 4344 wrote to memory of 4376	4344	chrome.exe	84
PID 4344 wrote to memory of 4376	4344	chrome.exe	84
PID 4344 wrote to memory of 4376	4344	chrome.exe	84
PID 4344 wrote to memory of 4376	4344	chrome.exe	84
PID 4344 wrote to memory of 4376	4344	chrome.exe	84
PID 4344 wrote to memory of 4376	4344	chrome.exe	84
PID 4344 wrote to memory of 4376	4344	chrome.exe	84
PID 4344 wrote to memory of 4376	4344	chrome.exe	84
PID 4344 wrote to memory of 4376	4344	chrome.exe	84
PID 4344 wrote to memory of 4376	4344	chrome.exe	84
PID 4344 wrote to memory of 4376	4344	chrome.exe	84
PID 4344 wrote to memory of 4376	4344	chrome.exe	84
PID 4344 wrote to memory of 4376	4344	chrome.exe	84
PID 4344 wrote to memory of 4376	4344	chrome.exe	84
PID 4344 wrote to memory of 4376	4344	chrome.exe	84
PID 4344 wrote to memory of 4376	4344	chrome.exe	84
PID 4344 wrote to memory of 4376	4344	chrome.exe	84
PID 4344 wrote to memory of 4376	4344	chrome.exe	84
PID 4344 wrote to memory of 4376	4344	chrome.exe	84
PID 4344 wrote to memory of 4376	4344	chrome.exe	84
PID 4344 wrote to memory of 4376	4344	chrome.exe	84
PID 4344 wrote to memory of 4376	4344	chrome.exe	84
PID 4344 wrote to memory of 4376	4344	chrome.exe	84
PID 4344 wrote to memory of 4376	4344	chrome.exe	84
PID 4344 wrote to memory of 4376	4344	chrome.exe	84
PID 4344 wrote to memory of 4376	4344	chrome.exe	84
PID 4344 wrote to memory of 4376	4344	chrome.exe	84
PID 4344 wrote to memory of 4376	4344	chrome.exe	84
PID 4344 wrote to memory of 4376	4344	chrome.exe	84
PID 4344 wrote to memory of 4376	4344	chrome.exe	84
PID 4344 wrote to memory of 2224	4344	chrome.exe	85
PID 4344 wrote to memory of 2224	4344	chrome.exe	85
PID 4344 wrote to memory of 3768	4344	chrome.exe	86
PID 4344 wrote to memory of 3768	4344	chrome.exe	86
PID 4344 wrote to memory of 3768	4344	chrome.exe	86
PID 4344 wrote to memory of 3768	4344	chrome.exe	86
PID 4344 wrote to memory of 3768	4344	chrome.exe	86
PID 4344 wrote to memory of 3768	4344	chrome.exe	86
PID 4344 wrote to memory of 3768	4344	chrome.exe	86
PID 4344 wrote to memory of 3768	4344	chrome.exe	86
PID 4344 wrote to memory of 3768	4344	chrome.exe	86
PID 4344 wrote to memory of 3768	4344	chrome.exe	86
PID 4344 wrote to memory of 3768	4344	chrome.exe	86
PID 4344 wrote to memory of 3768	4344	chrome.exe	86
PID 4344 wrote to memory of 3768	4344	chrome.exe	86
PID 4344 wrote to memory of 3768	4344	chrome.exe	86
PID 4344 wrote to memory of 3768	4344	chrome.exe	86
PID 4344 wrote to memory of 3768	4344	chrome.exe	86
PID 4344 wrote to memory of 3768	4344	chrome.exe	86
PID 4344 wrote to memory of 3768	4344	chrome.exe	86
PID 4344 wrote to memory of 3768	4344	chrome.exe	86
PID 4344 wrote to memory of 3768	4344	chrome.exe	86
PID 4344 wrote to memory of 3768	4344	chrome.exe	86
PID 4344 wrote to memory of 3768	4344	chrome.exe	86
PID 4344 wrote to memory of 3768	4344	chrome.exe	86
PID 4344 wrote to memory of 3768	4344	chrome.exe	86
PID 4344 wrote to memory of 3768	4344	chrome.exe	86
PID 4344 wrote to memory of 3768	4344	chrome.exe	86
PID 4344 wrote to memory of 3768	4344	chrome.exe	86
PID 4344 wrote to memory of 3768	4344	chrome.exe	86
PID 4344 wrote to memory of 3768	4344	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\file.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ffe85eeab58,0x7ffe85eeab68,0x7ffe85eeab78
  2⤵
  PID:1676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1592 --field-trial-handle=1876,i,15042582712905854430,15343932288387965363,131072 /prefetch:2
  2⤵
  PID:4376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1876,i,15042582712905854430,15343932288387965363,131072 /prefetch:8
  2⤵
  PID:2224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2200 --field-trial-handle=1876,i,15042582712905854430,15343932288387965363,131072 /prefetch:8
  2⤵
  PID:3768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=1876,i,15042582712905854430,15343932288387965363,131072 /prefetch:1
  2⤵
  PID:1500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3084 --field-trial-handle=1876,i,15042582712905854430,15343932288387965363,131072 /prefetch:1
  2⤵
  PID:2668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4588 --field-trial-handle=1876,i,15042582712905854430,15343932288387965363,131072 /prefetch:1
  2⤵
  PID:1388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4600 --field-trial-handle=1876,i,15042582712905854430,15343932288387965363,131072 /prefetch:1
  2⤵
  PID:1980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5184 --field-trial-handle=1876,i,15042582712905854430,15343932288387965363,131072 /prefetch:1
  2⤵
  PID:2244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4968 --field-trial-handle=1876,i,15042582712905854430,15343932288387965363,131072 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5264 --field-trial-handle=1876,i,15042582712905854430,15343932288387965363,131072 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3648 --field-trial-handle=1876,i,15042582712905854430,15343932288387965363,131072 /prefetch:8
  2⤵
  PID:3844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 --field-trial-handle=1876,i,15042582712905854430,15343932288387965363,131072 /prefetch:8
  2⤵
  PID:1540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=1716 --field-trial-handle=1876,i,15042582712905854430,15343932288387965363,131072 /prefetch:1
  2⤵
  PID:4248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1632 --field-trial-handle=1876,i,15042582712905854430,15343932288387965363,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2452 --field-trial-handle=1876,i,15042582712905854430,15343932288387965363,131072 /prefetch:8
  2⤵
  PID:916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3152 --field-trial-handle=1876,i,15042582712905854430,15343932288387965363,131072 /prefetch:8
  2⤵
  PID:3020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4312 --field-trial-handle=1876,i,15042582712905854430,15343932288387965363,131072 /prefetch:1
  2⤵
  PID:7120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3296 --field-trial-handle=1876,i,15042582712905854430,15343932288387965363,131072 /prefetch:1
  2⤵
  PID:4136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4216 --field-trial-handle=1876,i,15042582712905854430,15343932288387965363,131072 /prefetch:8
  2⤵
  PID:916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4500 --field-trial-handle=1876,i,15042582712905854430,15343932288387965363,131072 /prefetch:8
  2⤵
  PID:3128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5484 --field-trial-handle=1876,i,15042582712905854430,15343932288387965363,131072 /prefetch:1
  2⤵
  PID:1516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4104 --field-trial-handle=1876,i,15042582712905854430,15343932288387965363,131072 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=1872 --field-trial-handle=1876,i,15042582712905854430,15343932288387965363,131072 /prefetch:1
  2⤵
  PID:5448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=3696 --field-trial-handle=1876,i,15042582712905854430,15343932288387965363,131072 /prefetch:1
  2⤵
  PID:5636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5208 --field-trial-handle=1876,i,15042582712905854430,15343932288387965363,131072 /prefetch:1
  2⤵
  PID:5744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4432 --field-trial-handle=1876,i,15042582712905854430,15343932288387965363,131072 /prefetch:8
  2⤵
  PID:5972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5484 --field-trial-handle=1876,i,15042582712905854430,15343932288387965363,131072 /prefetch:1
  2⤵
  PID:6284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=4540 --field-trial-handle=1876,i,15042582712905854430,15343932288387965363,131072 /prefetch:1
  2⤵
  PID:6500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=5404 --field-trial-handle=1876,i,15042582712905854430,15343932288387965363,131072 /prefetch:1
  2⤵
  PID:6812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5520 --field-trial-handle=1876,i,15042582712905854430,15343932288387965363,131072 /prefetch:1
  2⤵
  PID:3060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=4904 --field-trial-handle=1876,i,15042582712905854430,15343932288387965363,131072 /prefetch:1
  2⤵
  PID:7008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5184 --field-trial-handle=1876,i,15042582712905854430,15343932288387965363,131072 /prefetch:8
  2⤵
  PID:2296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 --field-trial-handle=1876,i,15042582712905854430,15343932288387965363,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:2460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=5876 --field-trial-handle=1876,i,15042582712905854430,15343932288387965363,131072 /prefetch:1
  2⤵
  PID:1692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=5856 --field-trial-handle=1876,i,15042582712905854430,15343932288387965363,131072 /prefetch:1
  2⤵
  PID:1400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=5964 --field-trial-handle=1876,i,15042582712905854430,15343932288387965363,131072 /prefetch:1
  2⤵
  PID:3764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=6368 --field-trial-handle=1876,i,15042582712905854430,15343932288387965363,131072 /prefetch:1
  2⤵
  PID:3308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=6396 --field-trial-handle=1876,i,15042582712905854430,15343932288387965363,131072 /prefetch:1
  2⤵
  PID:5232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=6380 --field-trial-handle=1876,i,15042582712905854430,15343932288387965363,131072 /prefetch:1
  2⤵
  PID:5224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=6832 --field-trial-handle=1876,i,15042582712905854430,15343932288387965363,131072 /prefetch:1
  2⤵
  PID:5356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=6872 --field-trial-handle=1876,i,15042582712905854430,15343932288387965363,131072 /prefetch:1
  2⤵
  PID:5364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=6996 --field-trial-handle=1876,i,15042582712905854430,15343932288387965363,131072 /prefetch:1
  2⤵
  PID:5564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=7268 --field-trial-handle=1876,i,15042582712905854430,15343932288387965363,131072 /prefetch:1
  2⤵
  PID:5520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=7564 --field-trial-handle=1876,i,15042582712905854430,15343932288387965363,131072 /prefetch:1
  2⤵
  PID:872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=7588 --field-trial-handle=1876,i,15042582712905854430,15343932288387965363,131072 /prefetch:1
  2⤵
  PID:3404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=5804 --field-trial-handle=1876,i,15042582712905854430,15343932288387965363,131072 /prefetch:1
  2⤵
  PID:6060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7172 --field-trial-handle=1876,i,15042582712905854430,15343932288387965363,131072 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:6012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7984 --field-trial-handle=1876,i,15042582712905854430,15343932288387965363,131072 /prefetch:8
  2⤵
  PID:6232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=7604 --field-trial-handle=1876,i,15042582712905854430,15343932288387965363,131072 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=6664 --field-trial-handle=1876,i,15042582712905854430,15343932288387965363,131072 /prefetch:1
  2⤵
  PID:2196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=7612 --field-trial-handle=1876,i,15042582712905854430,15343932288387965363,131072 /prefetch:1
  2⤵
  PID:4304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=7160 --field-trial-handle=1876,i,15042582712905854430,15343932288387965363,131072 /prefetch:1
  2⤵
  PID:708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=8204 --field-trial-handle=1876,i,15042582712905854430,15343932288387965363,131072 /prefetch:1
  2⤵
  PID:212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=8060 --field-trial-handle=1876,i,15042582712905854430,15343932288387965363,131072 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=7648 --field-trial-handle=1876,i,15042582712905854430,15343932288387965363,131072 /prefetch:1
  2⤵
  PID:1868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=8124 --field-trial-handle=1876,i,15042582712905854430,15343932288387965363,131072 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=8520 --field-trial-handle=1876,i,15042582712905854430,15343932288387965363,131072 /prefetch:1
  2⤵
  PID:3380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=8660 --field-trial-handle=1876,i,15042582712905854430,15343932288387965363,131072 /prefetch:1
  2⤵
  PID:5264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=8712 --field-trial-handle=1876,i,15042582712905854430,15343932288387965363,131072 /prefetch:1
  2⤵
  PID:2540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=8968 --field-trial-handle=1876,i,15042582712905854430,15343932288387965363,131072 /prefetch:1
  2⤵
  PID:6436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=9004 --field-trial-handle=1876,i,15042582712905854430,15343932288387965363,131072 /prefetch:1
  2⤵
  PID:6412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=9028 --field-trial-handle=1876,i,15042582712905854430,15343932288387965363,131072 /prefetch:1
  2⤵
  PID:5212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=9492 --field-trial-handle=1876,i,15042582712905854430,15343932288387965363,131072 /prefetch:1
  2⤵
  PID:6312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=9496 --field-trial-handle=1876,i,15042582712905854430,15343932288387965363,131072 /prefetch:1
  2⤵
  PID:5508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=9812 --field-trial-handle=1876,i,15042582712905854430,15343932288387965363,131072 /prefetch:1
  2⤵
  PID:5712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=8776 --field-trial-handle=1876,i,15042582712905854430,15343932288387965363,131072 /prefetch:1
  2⤵
  PID:5848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=8768 --field-trial-handle=1876,i,15042582712905854430,15343932288387965363,131072 /prefetch:1
  2⤵
  PID:5856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=8364 --field-trial-handle=1876,i,15042582712905854430,15343932288387965363,131072 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=8464 --field-trial-handle=1876,i,15042582712905854430,15343932288387965363,131072 /prefetch:1
  2⤵
  PID:3528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=8824 --field-trial-handle=1876,i,15042582712905854430,15343932288387965363,131072 /prefetch:1
  2⤵
  PID:376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --mojo-platform-channel-handle=7700 --field-trial-handle=1876,i,15042582712905854430,15343932288387965363,131072 /prefetch:1
  2⤵
  PID:6004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --mojo-platform-channel-handle=8940 --field-trial-handle=1876,i,15042582712905854430,15343932288387965363,131072 /prefetch:1
  2⤵
  PID:5984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8740 --field-trial-handle=1876,i,15042582712905854430,15343932288387965363,131072 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:6104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8948 --field-trial-handle=1876,i,15042582712905854430,15343932288387965363,131072 /prefetch:8
  2⤵
  PID:1652

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2540

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:8

C:\Users\Admin\Desktop\Engine Spoofer\Engine - Clean.exe
"C:\Users\Admin\Desktop\Engine Spoofer\Engine - Clean.exe"
1⤵
PID:3176
- C:\Users\Admin\Desktop\Engine Spoofer\Engine - Clean.exe
  "C:\Users\Admin\Desktop\Engine Spoofer\Engine - Clean.exe"
  2⤵
  - Enumerates VirtualBox DLL files
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:4044
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:1116

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Engine Spoofer\Login-Keys.txt
1⤵
PID:1204

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x378 0x308
1⤵
PID:4624

C:\Users\Admin\Desktop\Engine Spoofer\Engine - Clean.exe
"C:\Users\Admin\Desktop\Engine Spoofer\Engine - Clean.exe"
1⤵
PID:6484
- C:\Users\Admin\Desktop\Engine Spoofer\Engine - Clean.exe
  "C:\Users\Admin\Desktop\Engine Spoofer\Engine - Clean.exe"
  2⤵
  - Enumerates VirtualBox DLL files
  - Suspicious behavior: EnumeratesProcesses
  PID:5368
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:5460

C:\Users\Admin\Downloads\runtime_fixed.exe
"C:\Users\Admin\Downloads\runtime_fixed.exe"
1⤵
- Executes dropped EXE
PID:6388

C:\Users\Admin\Downloads\runtime_fixed.exe
"C:\Users\Admin\Downloads\runtime_fixed.exe"
1⤵
- Executes dropped EXE
PID:5636

C:\Users\Admin\Downloads\runtime_fixed.exe
"C:\Users\Admin\Downloads\runtime_fixed.exe"
1⤵
- Executes dropped EXE
PID:4544

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

File and Directory Discovery

T1083

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
a85e5add31f209ed527bf82ac0768582

SHA1
9551a7f1878b70b64d4ed23aa8f5d69cc6f272b9

SHA256
9b28265c7c93e93355a28432984cef0ab471397329c2924745ff139d2a585c43

SHA512
4e216dc0fb62569a58c05a34e91658cf481db11e2d27589f1cc556ed2e986bf6d999a51dd35a6cc98c59be97f9f64df3ff084bdd8b8f1739f4589e7c47e11bbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
24KB

MD5
87c2b09a983584b04a63f3ff44064d64

SHA1
8796d5ef1ad1196309ef582cecef3ab95db27043

SHA256
d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0

SHA512
df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
70KB

MD5
c71e661f482d2a7bfc565060281b324f

SHA1
4f66536e4d59091e4ce33e84207965c51330ecbb

SHA256
60edc95aa4f8233ce27dd1b122a78632a0b9aa5be0f183b27a08dd9fc58a4932

SHA512
7bf62c927d45ba24d1465977e8d741b2aba4faee95f7d3767fbbd781c62b3c6bc97e1fb9f525d43f3c77202ae6f8904f3389c3ffc84c306c43be876ce4a180c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

Filesize
329KB

MD5
e4c75cea4c0fd8bd22fd0ad8fa2457c0

SHA1
6bb3f608f2cbde9ad7cdefdd0f1c81b9c92786ea

SHA256
7620d632c5bb680e8d88f3d02b344cd93331f9a309e702672bd88ebf69537d3e

SHA512
d3b23e41c8c4f274a73b55e341fd08bad6a941c640629df83df7dfee276a332a0e05893e54b95860785eef670db13c87b3bcdb9664d047036d164a2e28f10696

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

Filesize
105KB

MD5
dcc103839b304adb91e5e1e59b65c23b

SHA1
9dc8a959f2e9b23258f4d36176415d262dded771

SHA256
1f7407badd60530a41bd6632a8dc0a45de6b21d8429772b6277fedd0ed0d3976

SHA512
83c9391d9a8547ce8f88db3308f8c73dd3a62423f979ce583a38d28e36a6266d865b530a497d3baa8e44d0621b1ed7295dd4b525f6383aa00d9f432e3e946304

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a

Filesize
253KB

MD5
e70f91e1d18a0478a9bdd39e1508028e

SHA1
f2b0078aeb14ce482f104bb40c1ec233136b3a46

SHA256
4964404b206d006ca3115e28ac1cba66451faf0ca152fc83f8ea8e14c17a5c0a

SHA512
b4564ddd77289e8c1d7c40eb330ced2baea201a0b6b133fcb1a9c0d3251992afe25582cb77274acd2b99fc1e6a3abea5315d25a7bdfa9b67d4ef9de4013b5e2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002d

Filesize
163KB

MD5
d5d7675604340f99633218bbe4793104

SHA1
ca1df39b7a903dbb856a555db75770f6222e7dce

SHA256
f7d966e98dacbf184660988f6b4482396b517d391e4d0475ffae4fa6f40971c6

SHA512
bd202a6a44ba24d784e3a55556b02d7c20738553832bb42d7aa3205b069913e524c08cf0a348e255b6f0c697f118f190bb5056695ee9d37d37296b9675964236

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002e

Filesize
206KB

MD5
20eafb50c1f216b06c9a0a91ede8120f

SHA1
6ae8a6e138a78ad50fa9834564e619b197283cb5

SHA256
f4ccf2be2995e07a67b3a60702dc2ad63d905b653cce7dfeb95088b406a24dda

SHA512
9f28ce9933ad85df5e40f38c9538e651b153e6279d28afafbb987f9a57abc2e101fce265bf1bd6329f2eab332029bf66cea4b9422cc80a4c594e435f1bad8dc6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000030

Filesize
42KB

MD5
54476cef20aa3e041c5b14de32a5ab6a

SHA1
032a1be25a46f795208b0365455d34e1e3b17760

SHA256
189be432c6fdba1e70841382153b3b2ac08aee391c80f6259066364be3ec461c

SHA512
0b8ba7bec920a0b73393fdcdb8fe399473965646b32ddee7a6734fa222476780c40b8ff74e528b12b2844cc15278bf0c065ffef32c227243829950623946d56f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003e

Filesize
22KB

MD5
6da2ddb665b9993ac36d728fd3578e3b

SHA1
b55493427fa69e38e2e1e71b1c8ca136bfe27731

SHA256
bdc726775c334d0e8f3bcfed7401822c8ba2fb79d32a6fe19451a424d47734fa

SHA512
37bebf9b3f95e0eb99ad52015523c71a81b30d812f342873a63d1f7607bc7949837c1d8fdb8b164aefa94806b95b45079e63c3c890cc4572bacbe68589439401

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000059

Filesize
47KB

MD5
127b7a9f7009939d0ae5dd1a48386985

SHA1
f9e981f2fbc6df7e304803153fb6fe40f0dcb6ac

SHA256
9d8e3219c036313e8b27ecb7b91befc49de6a32352a5349656945a7525a89962

SHA512
b1a442d78f6adc7a67f8ee299d46817309798ff2a38a66af2ff03eaa276b3a7967fde34e801dc8488ed75b3110fd01b3a9763f792ce75e21fae190d4779c1287

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005a

Filesize
19KB

MD5
241379a911bde1dff4e08f2cb521e220

SHA1
d296b9bff172a84febde0d306294d6ce0c63ca1d

SHA256
b0bc11054a6e14544e3ef33a7492f9cd7be99cdf8dd7bf10c6d73f188436e653

SHA512
fe5f999d90254bd50284a349c3a5c9dfc28edb95ffa724f18d28f5a5758df3dea2d596c4e5ea22fa02b26723edcdf7c55057a2e35aa1d347efe7a258a6b761ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005b

Filesize
96KB

MD5
29acbe9123a51dff777c399b93c4aae6

SHA1
5381a0c5bf2dee2b2ee03e624e342eedff732834

SHA256
999510a8eebc7a4b5b397fa15f85ad35569c4fa626db0639093f0db34357aab5

SHA512
08caeebe0787ea9d8e94d52f6e9ab2cc641befe590ace6d2bc243933d0575c74dc9c54ca32415dbd3cfd7f78078d84dbaf131877e3c18052341c6fa7d8d441aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005d

Filesize
808KB

MD5
c0637a08f2ba40c56260782d2bb3ace4

SHA1
a2bf4298414a764ff1342b3f48f45b4dc1669a96

SHA256
d6ab12688ec8cfe7f9235b18c7d7a4730d86278ba1efae0d715c0d054465781e

SHA512
736d1ac8987102028baef59d43ceb2fde71b3aab2f8f2d8d306846a457e2ac224908968ff7bfe34bb05beb7998223d393244cf5da84f9d64f8b71c9f0b2ca6e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005f

Filesize
32KB

MD5
cd3756106418d9e83a2baff9904ba221

SHA1
4c2ed1c1ebe119027db0fbaf7a64b408f1779b4a

SHA256
57ec0895e1bcaf08c769e2d6872f3f3657972f87fac081063445213dae4541ee

SHA512
5bf43ccaaf99505f7e8ecf2eda18efe260125accbc12f655601e2acabd822513e153f4b81cbf03a65d13572f11e9f13fd471006a0ce8f2665e8a594ff2d769dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006e

Filesize
62KB

MD5
1721006aa7e52dafddd68998f1ca9ac0

SHA1
884e3081a1227cd1ed4ec63fb0a98bec572165ba

SHA256
c16e012546b3d1ef206a1ecbbb7bf8b5dfd0c13cfeb3bdc8af8c11eaa9da8b84

SHA512
ff7bfd489dc8c5001eea8f823e5ec7abf134e8ad52ee9544a8f4c20800cb67a724ec157ca8f4c434a94262a8e07c3452b6ad994510b2b9118c78e2f53d75a493

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000071

Filesize
19KB

MD5
9db75af2ae54430b2c88c452b4d66505

SHA1
805a267ffe69bc89075066761742682e32461a47

SHA256
921262b9d71dc673eed53926026576bdfd85b2f3192e12ec3931de84d48a8b33

SHA512
bacaa8f5afdca197f3642bb4f673321a6448c5e6c10cd10624cd214b3c0a0e8976d542efa2c9724360cfa7116f129b4f6a456dc3ed718cb8d75632ab55c89a44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
aebd031ea1630fd204630875d5a4b573

SHA1
fc8a10c43c6b696c347b5dd8a6462546e0195e01

SHA256
02f6c06e87426b444f100e9df437d1cf023c67f876842939af177a23f6adc5db

SHA512
289dbccf87954ee3a45fef52f4091da49783b44888adebab579cb69bf70fa9b72e6636f3fb98ded78395b5bd6fed5172dbd5cfbbf929c746b9e53bbdfdffff20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
1de77f09364ace0a89fae539cf1a10dc

SHA1
2c0d3468c86a84b22c0191c58ba9d56462dfb334

SHA256
3c7c97e7c1cd75024dec751b625846fe582e4bf112ac6b92d5dbce3999b45820

SHA512
8bc42482064b552f160d6ea29ca7fb6bb9613e73790cf1c34e74ce0984c88d7611b17bf6e2c7941b301c1f6274b952fcd673cf0461de33cedac037b4534ffff2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
fcfd13af6528dadcf2d583770f7b1b24

SHA1
b6c371f7a53839d6638cb101a26d439b3e6a0fc6

SHA256
a04f4028cee6775c6df1d48e86a2e1dc90972344c72b76ac4bad0d41225b257b

SHA512
aa9b1d65e6ef8e29173734bb7f06f3c097cc824b0992748612f05f173a18da3114d56de051ebe47a0f67818ae35fafeda05d318118f752a103d37eed73ff9107

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old

Filesize
389B

MD5
9d6cba740ee77ea371ba05edb8f4c95d

SHA1
a8a451ae7655036c90265a003f649779b2fce27c

SHA256
d85ab07ff437867f112ed0dd6eb7e04519cfc95c75e5e9c4659bd2dce5897a54

SHA512
658d9168326594cb31360f7d4754033e91018aab133873fc8bdd517540480ef3686a3f91dc36af44734340ea804521e402be3551ad3183c7e556f35578e1f302

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old~RFe5d5bde.TMP

Filesize
349B

MD5
2f74083492ed3caca8d7fb42360d208e

SHA1
d69236b89236a23a3c97823bdc5809058c9efa9f

SHA256
d34f63db58d8c37f6a33aabfe542fe444cd48e410217bb5fc98a660e5c1fc19a

SHA512
92ed0d593888dc4e32c5345f8dcc0820bb29b8c9309901fcab89f7104545ff3d4243299b31d7b8a547d417e38a7c9de8e35888d6cbdd4610d9455a60992b6b56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\87278fa4-3ccd-45b9-90fe-64add673c2cf.tmp

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
11e90626e1917c73d3af25d0fecd761d

SHA1
9248f6e525366bfbc56e1d5e8b6291c828fd4a9b

SHA256
082ee88fef607dfec83e4375f41edd5915fac78606dd8ad967cf9d84003544a2

SHA512
e27f3cee84f957b7f7e75a174299f7214e77dec6c27f3eedc133d699bc2f3121bc32379e3ecc0fb5e762790044297aad30f68245d430f597cd85be010174dbc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
443c18fbb24ba08d4f68793c83daea52

SHA1
95f4b47d0c3396a69e288f36dc0fcad0e4d0c936

SHA256
75eb3a2c5b693d05c85bf9abf101d6832f62b3a5467c588fce821e8bb32704e8

SHA512
7214d871a177653369ec6366d930e14e10511066d90ed6d0484ff8547ff27ec303bb45e4ec59271bb5717f7426683339db3bc3783014d14ad341fa874fdbd6d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
12KB

MD5
670f79c194a9c6392dc50fb124a675e0

SHA1
50331f4a4e50777b08e26c30ebdbc2695ad87571

SHA256
0de2792bd9d6aa0766e5b9fd59a6284f0ba4cc9ac65f5ba08427654f4a567767

SHA512
c27fd30cc73e4181a6e3d8d16ca83495e84c97c0584da298e94b380e20a7ec670207dca6deaf8c9aba344eb54b73d807103ac1391ff664b16f5f201de30f690e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
21KB

MD5
ede75dc35f1c5f578aec8668b3bc122d

SHA1
fcd8cf211d9c7efe60946a588c63dcfaee2fd31f

SHA256
c94db980055fd6ae1796904f382b652ade496a4f4568e30e1108acaa7e0a9a25

SHA512
e426d5a1418a06218dd0e86c587f9272a84e1e4b1c32933e6a88a245efc003d43ae4c3a299cecff85ecb8448980dadb65094980a45c0af8c91cd1292aab84cbf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
0126ac4c21267218faf4b0888d51c85f

SHA1
8b15473868aed37f4e1b3d9c4f48ce6a2fb40bd7

SHA256
145c71f97fb0a759ca9781195c0ad3785929d5ec197eadec7c5cba39b7624318

SHA512
8679d79286a627338e25fef631f711d5d2b9a4d8b1ccdd5246350b07f2832ea0761606f4dfde0903f19795c2ecabbfbd09023b16a4d5334e88b6c43c2ad160a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7afd3a87207a21b42c29553fba17bdf1

SHA1
f1a870c85c06dfa4fa0eb8cd8a13324eec76b70f

SHA256
303c3d319f27b327f3b7e1a6242240cd0b2a885cbc75431b6c8ee635ee26be73

SHA512
63a88b5a10c69c7725b10d025a13f874f8daf514e51f948185dbb5cfded37526846dd89c484bc363e325ca4a4a86ce0411313bf227f8c45774e4fc6e63f5e7b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e8a01fd759038b98de6dbc521699c178

SHA1
cc15ea9a458f5f70cf26d9d74049e5f78830aa6a

SHA256
73e3a69cee5b1b82ea7f9e9a96702752237fa47b1fef1a045c05de1c3451c6ae

SHA512
9ac79bcec440bffbf49cbf197f5e0bfebda584d2edb53bfe90fd1879a7f646d8e29a76abf435c44ce309a256b3451bc8995a60abd5089976d199fb8db7abc49e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
809fe59d6f1fda1b2203cd24c3be85c3

SHA1
dedddf9d914d1361eeabee0d0bd3b6907c297618

SHA256
76d1aa1f2a7efce1eb155529d7db5cbe7ab3f9726832ebebbe1a2bea79697d69

SHA512
a3031853df1a40b28406dc8b52e283522a92a6dbdb1e6060774417fcfcb0bdf257cc7f42ffa337807bc3846edd064a025a4f9a98964d471734046396b8952939

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d41ff6c9b9e87927361da8b4e01f3981

SHA1
a85b0872d2ed949b3c889bb3a739a12caa87ee93

SHA256
994a8ff984cfcd276046168cee90868faf4f734e2b63200b276e4bf9c8a16dc1

SHA512
581327f10319e5b039c84bb5a59d52fd18428c342ca18930d5a853a5c21090808c9326cf6cf536bfd4f58d958c541aa6753e14e2eca294b1750d8866b146aeba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
fc51fbb995f81488ddbd794417fc8086

SHA1
fe1d61a99298083fad8a803dde9f312dd1746801

SHA256
a97585372fccd9eea901c7bd371b0f48c158a40e67835eacec03c9dab0937a2f

SHA512
8d6cdbb6fb950a72334eb936477de2d3f9d8bbf58124dba896bf54999a55773bdba2fad67d6a766b8e4661e2f2a49015239fe05f77e99ae48f73434832199e86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
93e7c7f2b20b6c14874937bf4e0cbe89

SHA1
2baa48fe6c02d893bf9185743b474a489b370409

SHA256
357fb58d68e831d631ee93105652e6e4d7c1657141a8c7938e157ba3a44609cb

SHA512
92728dde6b962e85b6e9acd51c71dac556985045531e119a2acfa18b330ec7b811a37ff1d161c64f0d84b47938a5eb5c088c5b4d9e35fb266cef33a22c2d299f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
489064b6105ed48d751ecc0906588d9c

SHA1
34adda16fd4cc96044191abc72b0ad89d865a8bf

SHA256
d925f80ea796a9ef9ef565c288a4bf420c1d8e3fb1e64f8361ac5d49f1c0eea8

SHA512
a629ee01604173020688f5cda9c1df308d0efe885306193c08774552ff1b50eb1682f239dae88bb148cf20a257add01ed60fe07a35aaf213f23a1110c0327f68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
923a0d0134b272bc8a0a1d72be9b84af

SHA1
30bbdbd024c59cc6d63e098eb3e756d56f0cead8

SHA256
463d9a9381ebbbb5000bd859c9d5929f72601b5255a90c79bf2def1a849cd6e6

SHA512
75be88dc5e08cd82bbdd09762561c87a5054ece2ec42144bbf9c92401153aeb1e9eec03f13e66f4e3905d7736c75da2b085aa5a8dee4d30cd60e767b277c96a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
f4822a3430d397c27c241f54d3582078

SHA1
22b71c6e1eb69a073b202012a7d09a189c23fb98

SHA256
49ec743c321689d06acbf50a9aff6382a69a0a19d644a18e4aa6121ad9b410f1

SHA512
a6b51a9a67ae35b0ca65a08b069305d92f205820479221b8443cd7ee48a50510324a3a07059d52f47a934cea3d7e653babfe065cc4b580b615110955e7ee0e90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
7c352d11a047e88d0bab6d8d5f892da1

SHA1
90d7be3ae0bf8ed41b201f157542d78bafbec89b

SHA256
0d1b03060a635e6a757999ed7979640ef4b63161bbf0b89ebed8c97948a8ba9e

SHA512
9cd4c40428a48624c960022d3f467d22b54cb18a300d6f830e55801ba4f00bb531e3692b81009aae67a2dc1a097e64ca4d452f67fd9242381215025bed4291a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b06f196a077097fbfb4f9c2155cae44b

SHA1
b252c3e552d68508259a2f7c72245e5a03145fb6

SHA256
a6ba68a882c574ef68de783124b5119a92d9d484703582476e1d312266148fc2

SHA512
1628fb41db61a9c7365b711852975561f98b41a92c3a6d98452768415a84979b307342af68b6077a92593667af4039da7e87947545ad9435f9ebd28a7eec1036

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
81b758d3932ed38e65dca1bfe6bc90c8

SHA1
8e89fe6a1625ba5837f9f24bcc31d54f6882bd38

SHA256
34c20bac4439c24c5ea6fecdf990f0837e9ea52d3fb389fbb1140d354f557035

SHA512
b6301be73f53a566514fad8b30cf2e25162407d0a4327fff69f24c4d56b9aca65c26581305a9a603778e368a14868565adcda09d200d7e7a6408adf4d3106351

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
171b48c799b4bcfd037b037c7ec0cb39

SHA1
fb86733f200e5c219900f1f9a5e715ccd138a636

SHA256
0382b4c9546aade55b79e17b67d826e7c5b0319aa16429dfe96aae885f2790aa

SHA512
19731fd328beed43d2f3395b9cb5fde69eb645dbd3ef4abb16efa34139c48f027f53392d77bebe36c0bc4441c83718257ede61f9125ffe17975ef7e2398dad18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
c42cb5c934462d758d81b586c43834cc

SHA1
b6a4ae00d3b53075d6c53c81956ed576662dbc92

SHA256
93bd95abc4d1eac7bf8a0d8bb7c7e07104612a3f19d4f977b64567ab56259173

SHA512
57908a59b5e1a8bf58daa2e57ff45dd42958daaf23206726436fb0bf871092dfdade9670e935eda4acddcd1b069eac3a842b93df8fc2b2895971d9ada86b7cf2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
108245b289eff551dbaf2e12b14913ce

SHA1
0ef2514ce34bb628bd5b918d5c2880b6b0a05a1a

SHA256
ad3e96c6e3ba81045a4b3e6cec1af46605c25596f2d9b371bb18ca5b372eaf0d

SHA512
c4a974bd41bf936cd6c49630d64d38e8d1dd77a60af73b4d1360eff0d27b2a2e987a316418770eb562fc44b67208794b8b8297cd97448b5b13e2f3db89957138

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
0ae8f01c7578e0f4be2adfd601b1eab0

SHA1
4a87736b93e772a1d5135e5d081f1e7aea452b4b

SHA256
d1b6606eb684d25eda6e5a13d11392ba0fef57152d44c3829afe2a5d5f0d1003

SHA512
02f2909401661a6392528e13905e8f11f30af4e5b238896ae86e01393948e4aaddfc7f17f7a4e09c214175763ffab585d6e2eda0a732f6e061d0d5bec5acea8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d56b67c66f75fb53ecffbc08916bc8a8

SHA1
062d1bb8afa3fd95cfebfa1d53819ea0bbe8ffa2

SHA256
2e7983d70c6039df96fbf071799a633c545dd18dfd1ec4a2037b5d0e03502757

SHA512
6e25479dd1c2a6319c357d296f6c5d950dc6c6441f10a4ce330665d0bab823d5d85cffc620b2df13fa5fd2080834adcee55ace7afc01d7e1410e14105b453195

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b40504e056a0192f706f6ae1c9df0f9a

SHA1
e8929de58deac4426ffcd28788962c80358a0a36

SHA256
20bc86d78abd0905d3703e00be75cfa41654772f426efb916c9dd23cb9f33681

SHA512
3ec3e9aafdc1d589f533dabbe9e13d3b013755b9fce5df706824c96a29da9f195d878c4fdccac1b45641f9b0394049c01aec9b2a2cfe8c92102143d67674436a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
94275bde03760c160b707ba8806ef545

SHA1
aad8d87b0796de7baca00ab000b2b12a26427859

SHA256
c58cb79fa4a9ade48ed821dd9f98957b0adfda7c2d267e3d07951c2d371aa968

SHA512
2aabd49bc9f0ed3a5c690773f48a92dbbbd60264090a0db2fe0f166f8c20c767a74d1e1d7cc6a46c34cfbd1587ddb565e791d494cd0d2ca375ab8cc11cd8f930

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
65253875814bc8db86cfc09fb724cb3b

SHA1
e69d98938e827749b3e2580b71facabf77873d3e

SHA256
b046da1ea781721eb5646f2937a086d5601f83879ae48fabd3e4d9da0116e155

SHA512
9eba10c9137589548d0ade2ada010f0ff40fac6a3ffec10d0ed9d2f47e913e19fe0430e6dbdc02dee0f8ae016825bb4ec7082747409269795c0beaacb91e1467

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
36cec3398e8024953335c05fec6361e9

SHA1
f95023c759791eee7f4bb156dc7b71c5f2fbee2f

SHA256
07105ba17e0547c863995a21aa699f2b4626e6da53154416e6e3e91a32eefbdd

SHA512
ae85dc4cbd0254877c19cb8c76217cc1a94161546eb6f254acb315d17f65d348efc7fa9952fdcbe9b578f753aa1f0404c3e31ccf1e2327fa3f9f0ea4f063d082

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5c92a3.TMP

Filesize
120B

MD5
83ac72c26a900b775be16b7e5e127e00

SHA1
ca2323949fa2a2a80e8a04f7beba850efa2d98b3

SHA256
f1ce003ded51014ab5ab799bfccd520a2ef73990291a8d7a4e207a873d305856

SHA512
10235440c3c0c4f18f7de90a09cd387ef8f68d03298ae678ba5b4652cea38e0d2c5dddb95d6a3e03410127c4747056f81b04f8b2481fdb8c7e15cb3a6de84f54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
91dadd81802b8b7d10bdf7e2c62ed576

SHA1
1a57031db385e850e2e3c9bb4b3e6619b68fb1ae

SHA256
7a80f210da27c6d6357b8ece485ea9ee381a5e004bf5235622ac637ca09a4232

SHA512
1d8e54396925d320bb6f5797511f62f7de240e6dc6f99680dd5a597fd5285f5d087f32d7f226c72c6ed3fe451d5a01d70e01f0af547468c5cf518de67b5254f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
736e8a84ac8501757b6861d41f62e58d

SHA1
6b13eac5ff620bcb596487554544e93efa6ed9eb

SHA256
8a15535b2ce71ed07a83077b9a126968de3bf459aa422d458b33b3e3138f7f6d

SHA512
ea7a00e0846c20ad0d24dd7c52be4f25baea30dc986fa93a80f0ddd5f05548765cabfaad8323d2a92a4f3c33f82cc911d4b8eb1eb95b2a1e6cbc8296e820b75f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
775963a17b9259ec86d6186ddffa1894

SHA1
047143473eb47638e7b2531cb5d8ce43e1aed17f

SHA256
04e4da0623ec0786880595c8b7a9c95cde195c9b91b7921b5bbc8cdbbf4a6781

SHA512
f542a2e8c055ab9bbb7e5ae42ffc2e6879390da0a9efc80aa32f56bd1cadd4d9714169a3b2ff0b74984ae7990c82bd7e21b9f80d25dbed04fcc941d0f684f8b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
7670abd0b4f8f72834996b266320c044

SHA1
92caeee3d32fca29a4157d729e7017c62cd63503

SHA256
56eabd835713fe26647847791b722fc425d973dbce2bfc9763a6bebca6e415fe

SHA512
256140d5cb17d2207348a20cd21c433f82dc831996992c5687bd79648d6175c05b2c77405fc8b642d1408b18daa6309d220d3d0821eb2d855b3716af629f9cb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
97KB

MD5
6bebec47ddef634449308c38190a98a1

SHA1
8b7a1ce31ed1642990a00591253b3742985e6fec

SHA256
ea1704da11bfa63b71a4f7bdcf39f6e2452880f4db68d4bca6d787657c676a32

SHA512
b4d2e92260158590f0be761824e4b3a8a21ad1745d4263eb22086e424e99a4f6da247a4e7dccac587ef17c07d9e97f3a2d3330e63c5881688cf99d1a09dc5f7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
100KB

MD5
e785068b63134a94e0bf624dabae4bc8

SHA1
44a3512e092c5d8ddf3f77b2a9bf0bd24500d892

SHA256
5bfa3a787556d3ee7b9f888c30e26b9b88111496feb14740041cf3b8bff40a6d

SHA512
354b10826d1c91d179e59aff9fbea24dec94cf8cb54b238410fcefdfdc046ecb82da634dde36572294a3ef754c8b61b908f4331deee083364ef94d4d0a3eb88b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5abb81.TMP

Filesize
94KB

MD5
7d0ba094f540372d5457620686c6ccd9

SHA1
8554d8d4bcdf11c0b64377739c74e4f7bd4efb63

SHA256
7787fd14f15536607d446f13a93c23a9f96cb37ced6c450a67469fd2a7e94738

SHA512
94029e4edf0d9ad4fedbe3a36cf91c2485d1d1a1ec69f647a1d5f0ecd2aee64eb2b637c437685ab5e5bf89864db32bf5646b77db336276c6882f5e9f2b53e6a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31762\SDL2.dll

Filesize
2.4MB

MD5
83c5ff24eae3b9038d74ad91dc884e32

SHA1
81bf9f8109d73604768bf5310f1f70af62b72e43

SHA256
520d0459b91efa32fbccf9027a9ca1fc5aae657e679ce8e90f179f9cf5afd279

SHA512
38ff01891ad5093d0e4f222c5ab703a540514271bf3b94fb65f910193262af722adb9d4f4d2bd6a54c090a7d631d8c98497b7d78bd21359fdea756ff3ac63689

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31762\SDL2_image.dll

Filesize
122KB

MD5
b8d249a5e394b4e6a954c557af1b80e6

SHA1
b03bb9d09447114a018110bfb91d56ef8d5ec3bb

SHA256
1e364af75fee0c83506fbdfd4d5b0e386c4e9c6a33ddbddac61ddb131e360194

SHA512
2f2e248c3963711f1a9f5d8baea5b8527d1df1748cd7e33bf898a380ae748f7a65629438711ff9a5343e64762ec0b5dc478cdf19fbf7111dac9d11a8427e0007

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31762\SDL2_mixer.dll

Filesize
285KB

MD5
201aa86dc9349396b83eed4c15abe764

SHA1
1a239c479e275aa7be93c5372b2d35e98d8d8cec

SHA256
2a0fc5e9f72c2eaec3240cb82b7594a58ccda609485981f256b94d0a4dd8d6f8

SHA512
bb2cd185d1d936ceca3cc20372c98a1b1542288ad5523ff8b823fb5e842205656ec2f615f076929c69987c7468245a452238b509d37109c9bec26be5f638f3b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31762\SDL2_ttf.dll

Filesize
1.5MB

MD5
f187dfdccc102436e27704dc572a2c16

SHA1
be4d499e66b8c4eb92480e4f520ccd8eaaa39b04

SHA256
fcdfabdfce868eb33f7514025ff59c1bb6c418f1bcd6ace2300a9cd4053e1d63

SHA512
75002d96153dfd2bfdd6291f842fb553695ef3997012dae0b9a537c95c3f3a83b844a8d1162faefcddf9e1807f3db23b1a10c2789c95dd5f6fad2286bae91afb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31762\VCRUNTIME140.dll

Filesize
95KB

MD5
f34eb034aa4a9735218686590cba2e8b

SHA1
2bc20acdcb201676b77a66fa7ec6b53fa2644713

SHA256
9d2b40f0395cc5d1b4d5ea17b84970c29971d448c37104676db577586d4ad1b1

SHA512
d27d5e65e8206bd7923cf2a3c4384fec0fc59e8bc29e25f8c03d039f3741c01d1a8c82979d7b88c10b209db31fbbec23909e976b3ee593dc33481f0050a445af

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31762\VCRUNTIME140_1.dll

Filesize
36KB

MD5
135359d350f72ad4bf716b764d39e749

SHA1
2e59d9bbcce356f0fece56c9c4917a5cacec63d7

SHA256
34048abaa070ecc13b318cea31425f4ca3edd133d350318ac65259e6058c8b32

SHA512
cf23513d63ab2192c78cae98bd3fea67d933212b630be111fa7e03be3e92af38e247eb2d3804437fd0fda70fdc87916cd24cf1d3911e9f3bfb2cc4ab72b459ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31762\_asyncio.pyd

Filesize
63KB

MD5
33d0b6de555ddbbbd5ca229bfa91c329

SHA1
03034826675ac93267ce0bf0eaec9c8499e3fe17

SHA256
a9a99a2b847e46c0efce7fcfefd27f4bce58baf9207277c17bffd09ef4d274e5

SHA512
dbbd1ddfa445e22a0170a628387fcf3cb95e6f8b09465d76595555c4a67da4274974ba7b348c4c81fe71c68d735c13aacb8063d3a964a8a0556fb000d68686b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31762\_bz2.pyd

Filesize
81KB

MD5
86d1b2a9070cd7d52124126a357ff067

SHA1
18e30446fe51ced706f62c3544a8c8fdc08de503

SHA256
62173a8fadd4bf4dd71ab89ea718754aa31620244372f0c5bbbae102e641a60e

SHA512
7db4b7e0c518a02ae901f4b24e3860122acc67e38e73f98f993fe99eb20bb3aa539db1ed40e63d6021861b54f34a5f5a364907ffd7da182adea68bbdd5c2b535

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31762\_cffi_backend.cp310-win_amd64.pyd

Filesize
177KB

MD5
ebb660902937073ec9695ce08900b13d

SHA1
881537acead160e63fe6ba8f2316a2fbbb5cb311

SHA256
52e5a0c3ca9b0d4fc67243bd8492f5c305ff1653e8d956a2a3d9d36af0a3e4fd

SHA512
19d5000ef6e473d2f533603afe8d50891f81422c59ae03bead580412ec756723dc3379310e20cd0c39e9683ce7c5204791012e1b6b73996ea5cb59e8d371de24

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31762\_ctypes.pyd

Filesize
120KB

MD5
1635a0c5a72df5ae64072cbb0065aebe

SHA1
c975865208b3369e71e3464bbcc87b65718b2b1f

SHA256
1ea3dd3df393fa9b27bf6595be4ac859064cd8ef9908a12378a6021bba1cb177

SHA512
6e34346ea8a0aacc29ccd480035da66e280830a7f3d220fd2f12d4cfa3e1c03955d58c0b95c2674aea698a36a1b674325d3588483505874c2ce018135320ff99

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31762\_decimal.pyd

Filesize
248KB

MD5
20c77203ddf9ff2ff96d6d11dea2edcf

SHA1
0d660b8d1161e72c993c6e2ab0292a409f6379a5

SHA256
9aac010a424c757c434c460c3c0a6515d7720966ab64bad667539282a17b4133

SHA512
2b24346ece2cbd1e9472a0e70768a8b4a5d2c12b3d83934f22ebdc9392d9023dcb44d2322ada9edbe2eb0e2c01b5742d2a83fa57ca23054080909ec6eb7cf3ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31762\_elementtree.pyd

Filesize
125KB

MD5
9dc3969ee6304eec0cf502fe34c9bbc9

SHA1
be8895abf3fcbe4e7df3f95d0d0c030377548ea0

SHA256
262d771de19a071c2d086717c29dc9a704b33f95f6aa06ec2092f3e8f54495ae

SHA512
d5c02a0e4b4ba4fe1348e218123d56a91efeff291dec10a4c8df6d7c86bad47ad95501396af35ea7103b3b5a9f27a81a67f8c8ca604e8da3922209b71d46e5aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31762\_hashlib.pyd

Filesize
63KB

MD5
d4674750c732f0db4c4dd6a83a9124fe

SHA1
fd8d76817abc847bb8359a7c268acada9d26bfd5

SHA256
caa4d2f8795e9a55e128409cc016e2cc5c694cb026d7058fc561e4dd131ed1c9

SHA512
97d57cfb80dd9dd822f2f30f836e13a52f771ee8485bc0fd29236882970f6bfbdfaac3f2e333bba5c25c20255e8c0f5ad82d8bc8a6b6e2f7a07ea94a9149c81e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31762\_lzma.pyd

Filesize
154KB

MD5
7447efd8d71e8a1929be0fac722b42dc

SHA1
6080c1b84c2dcbf03dcc2d95306615ff5fce49a6

SHA256
60793c8592193cfbd00fd3e5263be4315d650ba4f9e4fda9c45a10642fd998be

SHA512
c6295d45ed6c4f7534c1a38d47ddc55fea8b9f62bbdc0743e4d22e8ad0484984f8ab077b73e683d0a92d11bf6588a1ae395456cfa57da94bb2a6c4a1b07984de

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31762\_multiprocessing.pyd

Filesize
33KB

MD5
a9a0588711147e01eed59be23c7944a9

SHA1
122494f75e8bb083ddb6545740c4fae1f83970c9

SHA256
7581edea33c1db0a49b8361e51e6291688601640e57d75909fb2007b2104fa4c

SHA512
6b580f5c53000db5954deb5b2400c14cb07f5f8bbcfc069b58c2481719a0f22f0d40854ca640ef8425c498fbae98c9de156b5cc04b168577f0da0c6b13846a88

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31762\_overlapped.pyd

Filesize
48KB

MD5
fdf8663b99959031780583cce98e10f5

SHA1
6c0bafc48646841a91625d74d6b7d1d53656944d

SHA256
2ebbb0583259528a5178dd37439a64affcb1ab28cf323c6dc36a8c30362aa992

SHA512
a5371d6f6055b92ac119a3e3b52b21e2d17604e5a5ac241c008ec60d1db70b3ce4507d82a3c7ce580ed2eb7d83bb718f4edc2943d10cb1d377fa006f4d0026b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31762\base_library.zip

Filesize
859KB

MD5
f7afd689e9e4914f11b2b193a14ce840

SHA1
84ef11369192f04a5d35e4f7fe7dc13dba53d6be

SHA256
3200185a7ce361eb07ad45e91299d52569e0c8a54b4943aeaeb300b94ae5dfc1

SHA512
6de8772a52da2660cdb688422a2cc04eed522ef69724e76de496b09563555983f99d105c7088938574b66de3f9a175e92bfa3f2f1f3cd768985030b992be9068

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31762\crypto_clipper.json

Filesize
155B

MD5
8bff94a9573315a9d1820d9bb710d97f

SHA1
e69a43d343794524b771d0a07fd4cb263e5464d5

SHA256
3f7446866f42bcbeb8426324d3ea58f386f3171abe94279ea7ec773a4adde7d7

SHA512
d5ece1ea9630488245c578cb22d6d9d902839e53b4550c6232b4fb9389ef6c5d5392426ea4a9e3c461979d6d6aa94ddf3b2755f48e9988864788b530cdfcf80f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31762\freetype.dll

Filesize
639KB

MD5
236f879a5dd26dc7c118d43396444b1c

SHA1
5ed3e4e084471cf8600fb5e8c54e11a254914278

SHA256
1c487392d6d06970ba3c7b52705881f1fb069f607243499276c2f0c033c7df6f

SHA512
cc9326bf1ae8bf574a4715158eba889d7f0d5e3818e6f57395740a4b593567204d6eef95b6e99d2717128c3bffa34a8031c213ff3f2a05741e1eaf3ca07f2254

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31762\libcrypto-1_1.dll

Filesize
3.3MB

MD5
9d7a0c99256c50afd5b0560ba2548930

SHA1
76bd9f13597a46f5283aa35c30b53c21976d0824

SHA256
9b7b4a0ad212095a8c2e35c71694d8a1764cd72a829e8e17c8afe3a55f147939

SHA512
cb39aa99b9d98c735fdacf1c5ed68a4d09d11f30262b91f6aa48c3f8520eff95e499400d0ce7e280ca7a90ff6d7141d2d893ef0b33a8803a1cadb28ba9a9e3e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31762\libffi-7.dll

Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31762\libjpeg-9.dll

Filesize
238KB

MD5
c540308d4a8e6289c40753fdd3e1c960

SHA1
1b84170212ca51970f794c967465ca7e84000d0e

SHA256
3a224af540c96574800f5e9acf64b2cdfb9060e727919ec14fbd187a9b5bfe69

SHA512
1dadc6b92de9af998f83faf216d2ab6483b2dea7cdea3387ac846e924adbf624f36f8093daf5cee6010fea7f3556a5e2fcac494dbc87b5a55ce564c9cd76f92b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31762\libmodplug-1.dll

Filesize
259KB

MD5
ead020db018b03e63a64ebff14c77909

SHA1
89bb59ae2b3b8ec56416440642076ae7b977080e

SHA256
0c1a9032812ec4c20003a997423e67b71ecb5e59d62cdc18a5bf591176a9010e

SHA512
c4742d657e5598c606ceff29c0abb19c588ba7976a7c4bff1df80a3109fe7df25e7d0dace962ec3962a94d2715a4848f2acc997a0552bf8d893ff6e7a78857e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31762\libogg-0.dll

Filesize
25KB

MD5
307ef797fc1af567101afba8f6ce6a8c

SHA1
0023f520f874a0c3eb3dc1fe8df73e71bde5f228

SHA256
57abc4f6a9accdd08bf9a2b022a66640cc626a5bd4dac6c7c4f06a5df61ee1fe

SHA512
5b0b6049844c6fef0cd2b6b1267130bb6e4c17b26afc898cfc17499ef05e79096cd705007a74578f11a218786119be37289290c5c47541090d7b9dea2908688e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31762\libopus-0.dll

Filesize
359KB

MD5
e1adac219ec78b7b2ac9999d8c2e1c94

SHA1
6910ec9351bee5c355587e42bbb2d75a65ffc0cf

SHA256
771cae79410f7fcc4f993a105a18c4ed9e8cbddd6f807a42228d95f575808806

SHA512
da1912243491227168e23fb92def056b229f9f1d8c35ae122e1a0474b0be84ceb7167b138f2ee5fffd812b80c6aca719250aca6b25931585e224e27384f4cc67

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31762\libopus-0.x64.dll

Filesize
431KB

MD5
0e078e75ab375a38f99245b3fefa384a

SHA1
b4c2fda3d4d72c3e3294beb8aa164887637ca22a

SHA256
c84da836e8d92421ac305842cfe5a724898ed09d340d46b129e210bdc9448131

SHA512
fa838dab0a8a07ee7c370dd617073a5f795838c3518a6f79ee17d5ebc48b78cebd680e9c8cbe54f912ceb0ae6112147fb40182bcfdcc194b73aa6bab21427bfd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31762\libopusfile-0.dll

Filesize
45KB

MD5
245498839af5a75cd034190fe805d478

SHA1
d164c38fd9690b8649afaef7c048f4aabb51dba8

SHA256
ccaaca81810bd2d1cab4692b4253a639f8d5516996db0e24d881efd3efdcc6a4

SHA512
4181dea590cbc7a9e06729b79201aa29e8349408cb922de8d4cda555fc099b3e10fee4f5a9ddf1a22eaec8f5ede12f9d6e37ed7ad0486beb12b7330cca51a79e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31762\libpng16-16.dll

Filesize
206KB

MD5
3a26cd3f92436747d2285dcef1fae67f

SHA1
e3d1403be06beb32fc8dc7e8a58c31e18b586a70

SHA256
e688b4a4d18f4b6ccc99c6ca4980f51218cb825610775192d9b60b2f05eff2d5

SHA512
73d651f063246723807d837811ead30e3faca8cb0581603f264c28fea1b2bdb6d874a73c1288c7770e95463786d6945b065d4ca1cf553e08220aea4e78a6f37f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31762\libssl-1_1.dll

Filesize
688KB

MD5
bec0f86f9da765e2a02c9237259a7898

SHA1
3caa604c3fff88e71f489977e4293a488fb5671c

SHA256
d74ce01319ae6f54483a19375524aa39d9f5fd91f06cf7df238ca25e043130fd

SHA512
ffbc4e5ffdb49704e7aa6d74533e5af76bbe5db297713d8e59bd296143fe5f145fbb616b343eed3c48eceaccccc2431630470d8975a4a17c37eafcc12edd19f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31762\libtiff-5.dll

Filesize
422KB

MD5
7d40a697ca6f21a8f09468b9fce565ad

SHA1
dc3b7f7fc0d9056af370e06f1451a65e77ff07f7

SHA256
ebfe97ac5ef26b94945af3db5ffd110a4b8e92dc02559bf81ccb33f0d5ebce95

SHA512
5a195e3123f7f17d92b7eca46b9afa1ea600623ad6929ac29197447bb4d474a068fd5f61fca6731a60514125d3b0b2cafe1ff6be3a0161251a366355b660d61a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31762\libwebp-7.dll

Filesize
437KB

MD5
2c5aca898ff88eb2c9028bbeefebbd1e

SHA1
7a0048674ef614bebe6cc83b1228d670372076c9

SHA256
9a53563b6058f70f2725029b7dd2fe96f869c20e8090031cd303e994dfe07b50

SHA512
46fe8b151e3a13ab506c4fc8a9f3f0f47b21f64f37097a4f1f573b547443ed23e7b2f489807c1623fbc41015f7da11665d88690d8cd0ddd61aa53789586c5a13

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31762\portmidi.dll

Filesize
41KB

MD5
df538704b8cd0b40096f009fd5d1b767

SHA1
d2399fbb69d237d43624e987445694ec7e0b8615

SHA256
c9f8d9043ac1570b10f104f2d00aec791f56261c84ee40773be73d0a3822e013

SHA512
408de3e99bc1bfb5b10e58ae621c0f9276530913ff26256135fe44ce78016de274cbe4c3e967457eb71870aad34dfeb362058afcebfa2d9e64f05604ab1517d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31762\pyexpat.pyd

Filesize
194KB

MD5
1118c1329f82ce9072d908cbd87e197c

SHA1
c59382178fe695c2c5576dca47c96b6de4bbcffd

SHA256
4a2d59993bce76790c6d923af81bf404f8e2cb73552e320113663b14cf78748c

SHA512
29f1b74e96a95b0b777ef00448da8bd0844e2f1d8248788a284ec868ae098c774a694d234a00bd991b2d22c2372c34f762cdbd9ec523234861e39c0ca752dcaa

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31762\python3.dll

Filesize
64KB

MD5
fd4a39e7c1f7f07cf635145a2af0dc3a

SHA1
05292ba14acc978bb195818499a294028ab644bd

SHA256
dc909eb798a23ba8ee9f8e3f307d97755bc0d2dc0cb342cedae81fbbad32a8a9

SHA512
37d3218bc767c44e8197555d3fa18d5aad43a536cfe24ac17bf8a3084fb70bd4763ccfd16d2df405538b657f720871e0cd312dfeb7f592f3aac34d9d00d5a643

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31762\python310.dll

Filesize
4.3MB

MD5
63a1fa9259a35eaeac04174cecb90048

SHA1
0dc0c91bcd6f69b80dcdd7e4020365dd7853885a

SHA256
14b06796f288bc6599e458fb23a944ab0c843e9868058f02a91d4606533505ed

SHA512
896caa053f48b1e4102e0f41a7d13d932a746eea69a894ae564ef5a84ef50890514deca6496e915aae40a500955220dbc1b1016fe0b8bcdde0ad81b2917dea8b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31762\select.pyd

Filesize
29KB

MD5
a653f35d05d2f6debc5d34daddd3dfa1

SHA1
1a2ceec28ea44388f412420425665c3781af2435

SHA256
db85f2f94d4994283e1055057372594538ae11020389d966e45607413851d9e9

SHA512
5aede99c3be25b1a962261b183ae7a7fb92cb0cb866065dc9cd7bb5ff6f41cc8813d2cc9de54670a27b3ad07a33b833eaa95a5b46dad7763ca97dfa0c1ce54c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31762\sqlite3.dll

Filesize
1.4MB

MD5
914925249a488bd62d16455d156bd30d

SHA1
7e66ba53f3512f81c9014d322fcb7dd895f62c55

SHA256
fbd8832b5bc7e5c9adcf7320c051a67ee1c33fd198105283058533d132785ab4

SHA512
21a468929b15b76b313b32be65cfc50cad8f03c3b2e9bf11ca3b02c88a0482b7bc15646ce40df7fb42fbc96bd12362a54cffe0563c4ddc3fc78622622c699186

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31762\tcl86t.dll

Filesize
1.8MB

MD5
75909678c6a79ca2ca780a1ceb00232e

SHA1
39ddbeb1c288335abe910a5011d7034345425f7d

SHA256
fbfd065f861ec0a90dd513bc209c56bbc23c54d2839964a0ec2df95848af7860

SHA512
91689413826d3b2e13fc7f579a71b676547bc4c06d2bb100b4168def12ab09b65359d1612b31a15d21cb55147bbab4934e6711351a0440c1533fb94fe53313bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31762\tk86t.dll

Filesize
1.5MB

MD5
4b6270a72579b38c1cc83f240fb08360

SHA1
1a161a014f57fe8aa2fadaab7bc4f9faaac368de

SHA256
cd2f60075064dfc2e65c88b239a970cb4bd07cb3eec7cc26fb1bf978d4356b08

SHA512
0c81434d8c205892bba8a4c93ff8fc011fb8cfb72cfec172cf69093651b86fd9837050bd0636315840290b28af83e557f2205a03e5c344239356874fce0c72b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31762\unicodedata.pyd

Filesize
1.1MB

MD5
81d62ad36cbddb4e57a91018f3c0816e

SHA1
fe4a4fc35df240b50db22b35824e4826059a807b

SHA256
1fb2d66c056f69e8bbdd8c6c910e72697874dae680264f8fb4b4df19af98aa2e

SHA512
7d15d741378e671591356dfaad4e1e03d3f5456cbdf87579b61d02a4a52ab9b6ecbffad3274cede8c876ea19eaeb8ba4372ad5986744d430a29f50b9caffb75d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31762\zlib1.dll

Filesize
106KB

MD5
5eac41b641e813f2a887c25e7c87a02e

SHA1
ec3f6cf88711ef8cfb3cc439cb75471a2bb9e1b5

SHA256
b1f58a17f3bfd55523e7bef685acf5b32d1c2a6f25abdcd442681266fd26ab08

SHA512
cad34a495f1d67c4d79ed88c5c52cf9f2d724a1748ee92518b8ece4e8f2fe1d443dfe93fb9dba8959c0e44c7973af41eb1471507ab8a5b1200a25d75287d5de5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI64842\cryptography-42.0.8.dist-info\INSTALLER

Filesize
4B

MD5
365c9bfeb7d89244f2ce01c1de44cb85

SHA1
d7a03141d5d6b1e88b6b59ef08b6681df212c599

SHA256
ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

SHA512
d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

Download Submit
memory/4044-1588-0x000001B47F8C0000-0x000001B47FCC6000-memory.dmp

Filesize
4.0MB

Download
memory/5368-3929-0x000001AEF3900000-0x000001AEF3D06000-memory.dmp

Filesize
4.0MB

Download
memory/6388-5840-0x000001DD77E70000-0x000001DD77E88000-memory.dmp

Filesize
96KB

Download
memory/6388-5841-0x000001DD7A4C0000-0x000001DD7A682000-memory.dmp

Filesize
1.8MB

Download
memory/6388-5842-0x000001DD7ACC0000-0x000001DD7B1E8000-memory.dmp

Filesize
5.2MB

Download