Analysis
-
max time kernel
301s -
max time network
303s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
-
submitted
02-07-2024 21:00
General
-
Target
UnamBinder.exe
-
Size
9.4MB
-
MD5
70565dbd654937df2eaefc7c79941169
-
SHA1
5cb8daf1185704a9772f07dcec2e499149517715
-
SHA256
a90ba5a56422c0d2a41f28da056affd69cc8929e14dcdab1583ec96b50b8e28d
-
SHA512
64b89f77d6528c838c0288c59203455ea3318028816d4426f818c6b8c3258d8e5e13242b175d7b3402547cfd5a0acddb212b9f9b5bbf5d259cd4befc2d078a4c
-
SSDEEP
196608:g81oBGyk1BK5Gf01Up2GRlRaNqg4eS+wDjxx1ohqsIOGvuQdaQ:g46GykqGf5sGRT2qFP+GDAqkG2i
Score
10/10
Malware Config
Extracted
Family
xenorat
C2
37.120.141.155
Mutex
SteamUDP_FULL
Attributes
-
delay
5000
-
install_path
temp
-
port
22914
-
startup_name
SteamUDPUpdater
Signatures
-
XenorRat
XenorRat is a remote access trojan written in C#.
-
Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings 2 TTPs 3 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 15 IoCs
-
Loads dropped DLL 38 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file 44 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs
Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.
-
Detects videocard installed 1 TTPs 1 IoCs
Uses WMIC.exe to determine videocard installed.
-
Enumerates processes with tasklist 1 TTPs 3 IoCs
-
Enumerates system info in registry 2 TTPs 6 IoCs
-
Gathers system information 1 TTPs 1 IoCs
Runs systeminfo.exe.
-
Kills process with taskkill 30 IoCs
-
Modifies data under HKEY_USERS 3 IoCs
-
Modifies registry class 64 IoCs
-
Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 49 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of SetWindowsHookEx 25 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\UnamBinder.exe"C:\Users\Admin\AppData\Local\Temp\UnamBinder.exe"1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SYSTEM32\cmd.exe"cmd" cmd /c "C:\Users\Admin\AppData\Local\Temp\Compilers\MinGW64\bin\windres.exe" --input resource.rc --output resource.o -O coff -F pe-i3862⤵
-
C:\Users\Admin\AppData\Local\Temp\Compilers\MinGW64\bin\windres.exeC:\Users\Admin\AppData\Local\Temp\Compilers\MinGW64\bin\windres.exe --input resource.rc --output resource.o -O coff -F pe-i3863⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Compilers\MinGW64\bin\gcc" -E -xc -DRC_INVOKED resource.rc4⤵
-
C:\Users\Admin\AppData\Local\Temp\Compilers\MinGW64\bin\gcc.exeC:\Users\Admin\AppData\Local\Temp\Compilers\MinGW64\bin\gcc -E -xc -DRC_INVOKED resource.rc5⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe"C:/Users/Admin/AppData/Local/Temp/Compilers/MinGW64/bin/../libexec/gcc/x86_64-w64-mingw32/4.9.2/cc1.exe" "-E" "-quiet" "-iprefix" "C:/Users/Admin/AppData/Local/Temp/Compilers/MinGW64/bin/../lib/gcc/x86_64-w64-mingw32/4.9.2/" "-D_REENTRANT" "-D" "RC_INVOKED" "resource.rc" "-mtune=generic" "-march=x86-64"6⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\Compilers\tinycc\tcc.exe"C:\Users\Admin\AppData\Local\Temp\Compilers\tinycc\tcc.exe" -Wall -Wl,-subsystem=windows "C:\Users\Admin\AppData\Local\Temp\loader_fixed.c" resource.o -luser32 -lshell32 -m322⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SYSTEM32\cmd.exe"cmd" cmd /c "C:\Users\Admin\Desktop\Compilers\MinGW64\bin\windres.exe" --input resource.rc --output resource.o -O coff -F pe-i3862⤵
-
C:\Users\Admin\Desktop\Compilers\MinGW64\bin\windres.exeC:\Users\Admin\Desktop\Compilers\MinGW64\bin\windres.exe --input resource.rc --output resource.o -O coff -F pe-i3863⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\Desktop\Compilers\MinGW64\bin\gcc" -E -xc -DRC_INVOKED resource.rc4⤵
-
C:\Users\Admin\Desktop\Compilers\MinGW64\bin\gcc.exeC:\Users\Admin\Desktop\Compilers\MinGW64\bin\gcc -E -xc -DRC_INVOKED resource.rc5⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\Desktop\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe"C:/Users/Admin/Desktop/Compilers/MinGW64/bin/../libexec/gcc/x86_64-w64-mingw32/4.9.2/cc1.exe" "-E" "-quiet" "-iprefix" "C:/Users/Admin/Desktop/Compilers/MinGW64/bin/../lib/gcc/x86_64-w64-mingw32/4.9.2/" "-D_REENTRANT" "-D" "RC_INVOKED" "resource.rc" "-mtune=generic" "-march=x86-64"6⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\Desktop\Compilers\tinycc\tcc.exe"C:\Users\Admin\Desktop\Compilers\tinycc\tcc.exe" -Wall -Wl,-subsystem=windows "C:\Users\Admin\Desktop\loader_fixed.c" resource.o -luser32 -lshell32 -m322⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffadfddab58,0x7ffadfddab68,0x7ffadfddab782⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1704 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1952 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2164 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3108 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3116 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4364 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3940 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4648 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4536 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4940 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5084 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4968 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4560 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4728 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4660 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4048 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3272 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4440 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4692 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5400 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5536 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5576 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5728 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5968 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5980 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6280 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6316 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6444 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6452 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=6468 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6492 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=5572 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=7264 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=7284 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=7624 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=7136 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=7556 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=8204 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=7152 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=8500 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=8532 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=8956 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9324 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=7428 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=7576 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=6016 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=5912 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9764 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9804 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1116 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4628,i,1400471177590024469,587385956640537806,262144 --variations-seed-version --mojo-platform-channel-handle=4232 /prefetch:81⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x508 0x2f41⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\Desktop\loader_fixed.exe"C:\Users\Admin\Desktop\loader_fixed.exe"1⤵
- Checks computer location settings
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\Built.exe"C:\Users\Admin\AppData\Local\Temp\Built.exe"2⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\Built.exe"C:\Users\Admin\AppData\Local\Temp\Built.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\Built.exe'"4⤵
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\Built.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All"4⤵
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend5⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\‌    .scr'"4⤵
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command Add-MpPreference -ExclusionPath 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\‌    .scr'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "tasklist /FO LIST"4⤵
-
C:\Windows\system32\tasklist.exetasklist /FO LIST5⤵
- Enumerates processes with tasklist
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "tasklist /FO LIST"4⤵
-
C:\Windows\system32\tasklist.exetasklist /FO LIST5⤵
- Enumerates processes with tasklist
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName"4⤵
-
C:\Windows\System32\Wbem\WMIC.exeWMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName5⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "powershell Get-Clipboard"4⤵
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell Get-Clipboard5⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "tasklist /FO LIST"4⤵
-
C:\Windows\system32\tasklist.exetasklist /FO LIST5⤵
- Enumerates processes with tasklist
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "tree /A /F"4⤵
-
C:\Windows\system32\tree.comtree /A /F5⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "netsh wlan show profile"4⤵
-
C:\Windows\system32\netsh.exenetsh wlan show profile5⤵
- Event Triggered Execution: Netsh Helper DLL
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "systeminfo"4⤵
-
C:\Windows\system32\systeminfo.exesysteminfo5⤵
- Gathers system information
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "tree /A /F"4⤵
-
C:\Windows\system32\tree.comtree /A /F5⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "tree /A /F"4⤵
-
C:\Windows\system32\tree.comtree /A /F5⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "tree /A /F"4⤵
-
C:\Windows\system32\tree.comtree /A /F5⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "tree /A /F"4⤵
-
C:\Windows\system32\tree.comtree /A /F5⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "tree /A /F"4⤵
-
C:\Windows\system32\tree.comtree /A /F5⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /PID 4428"4⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /PID 44285⤵
- Kills process with taskkill
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /PID 748"4⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /PID 7485⤵
- Kills process with taskkill
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /PID 2300"4⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /PID 23005⤵
- Kills process with taskkill
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /PID 3776"4⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /PID 37765⤵
- Kills process with taskkill
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /PID 532"4⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /PID 5325⤵
- Kills process with taskkill
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /PID 3216"4⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /PID 32165⤵
- Kills process with taskkill
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /PID 3928"4⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /PID 39285⤵
- Kills process with taskkill
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /PID 4312"4⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /PID 43125⤵
- Kills process with taskkill
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /PID 4108"4⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /PID 41085⤵
- Kills process with taskkill
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /PID 1956"4⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /PID 19565⤵
- Kills process with taskkill
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /PID 5736"4⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /PID 57365⤵
- Kills process with taskkill
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /PID 3848"4⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /PID 38485⤵
- Kills process with taskkill
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /PID 5312"4⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /PID 53125⤵
- Kills process with taskkill
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /PID 1880"4⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /PID 18805⤵
- Kills process with taskkill
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "getmac"4⤵
-
C:\Windows\system32\getmac.exegetmac5⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /PID 5232"4⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /PID 52325⤵
- Kills process with taskkill
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /PID 5492"4⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /PID 54925⤵
- Kills process with taskkill
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /PID 5420"4⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /PID 54205⤵
- Kills process with taskkill
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /PID 5528"4⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /PID 55285⤵
- Kills process with taskkill
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /PID 5412"4⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /PID 54125⤵
- Kills process with taskkill
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /PID 3088"4⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /PID 30885⤵
- Kills process with taskkill
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /PID 5456"4⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /PID 54565⤵
- Kills process with taskkill
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /PID 4564"4⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV15⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /PID 45645⤵
- Kills process with taskkill
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /PID 3040"4⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV15⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /PID 30405⤵
- Kills process with taskkill
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /PID 6200"4⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /PID 62005⤵
- Kills process with taskkill
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /PID 6680"4⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /PID 66805⤵
- Kills process with taskkill
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /PID 6752"4⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /PID 67525⤵
- Kills process with taskkill
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /PID 6776"4⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /PID 67765⤵
- Kills process with taskkill
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /PID 7316"4⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /PID 73165⤵
- Kills process with taskkill
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /PID 7980"4⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /PID 79805⤵
- Kills process with taskkill
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /PID 8172"4⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /PID 81725⤵
- Kills process with taskkill
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"4⤵
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY5⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"4⤵
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY5⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI52802\rar.exe a -r -hp"neekeri" "C:\Users\Admin\AppData\Local\Temp\i5qXG.zip" *"4⤵
-
C:\Users\Admin\AppData\Local\Temp\_MEI52802\rar.exeC:\Users\Admin\AppData\Local\Temp\_MEI52802\rar.exe a -r -hp"neekeri" "C:\Users\Admin\AppData\Local\Temp\i5qXG.zip" *5⤵
- Executes dropped EXE
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "wmic os get Caption"4⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic os get Caption5⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "wmic computersystem get totalphysicalmemory"4⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic computersystem get totalphysicalmemory5⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"4⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic csproduct get uuid5⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER"4⤵
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER5⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"4⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic path win32_VideoController get name5⤵
- Detects videocard installed
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault"4⤵
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault5⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\Temp\loader.exe"C:\Users\Admin\AppData\Local\Temp\loader.exe"2⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\SteamUDPUpdater.exe"C:\Users\Admin\AppData\Local\Temp\SteamUDPUpdater.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\XenoManager\SteamUDPUpdater.exe"C:\Users\Admin\AppData\Local\Temp\XenoManager\SteamUDPUpdater.exe"3⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\schtasks.exe"schtasks.exe" /Create /TN "SteamUDPUpdater" /XML "C:\Users\Admin\AppData\Local\Temp\tmp2CAF.tmp" /F4⤵
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\SysWOW64\schtasks.exe"schtasks.exe" /query /v /fo csv4⤵
-
C:\Windows\SysWOW64\schtasks.exe"schtasks.exe" /delete /tn "\SteamUDPUpdater" /f4⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\XenoManager\SteamUDPUpdater.exe"4⤵
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 35⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xe4,0xd8,0x104,0xe0,0x108,0x7ffaf872ab58,0x7ffaf872ab68,0x7ffaf872ab782⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2280 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3068 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3080 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4328 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4508 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4548 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4616 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5016 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level2⤵
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x238,0x23c,0x240,0x214,0x244,0x7ff7e098ae48,0x7ff7e098ae58,0x7ff7e098ae683⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4764 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4968 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4728 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4320 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3152 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5332 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3400 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5220 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3096 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4592 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5364 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5128 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4724 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5648 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5784 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5928 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5940 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=5664 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6396 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=6408 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6540 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=6716 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=6980 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=7116 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=7456 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=6564 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=7580 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=7936 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=8096 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=6412 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7164 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=2468 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=8012 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Persistence
Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.datFilesize
40B
MD564d7569e7e9cd59b61724e5ca8024d2b
SHA17e567c8f3a278f528fd7d85d462cce4e56bb8e79
SHA2568adde9c0e5b89d0b9041d73f1c9ef531e668cdc1d020e7625e45f7063569ab1c
SHA512b4425d6dea07aaa95039db3491ace66ff0e4e64232309b2c7dfe29200823454c3f91391db09b01b83edeb298dd3a9ff1dd0198c13230763553160e5a2607efb2
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025Filesize
1024KB
MD54322f0449af173fb3994d2bef7ecb2e4
SHA1b6ee5c6f76b8eee448f6b4b2b56fa1ec39653934
SHA2560502e6e2f3fc54a30dea0eb07eb19a395c7ea6fc273321a49a4cc977a59b7cc9
SHA512d8bae6131a5a8a1fcabb2d7efebc6cdbba27955fb77484a5d87dbce7a237c0cd5e19b74b4dad28312929ad732d3b80cf3d7f15f059c88438d0bc6ff9535ceeef
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000034Filesize
250KB
MD53984be43550437b25530c8f53ee87027
SHA1f41ac73065a906de660b71810ef57f28cb2e55c0
SHA2567cb584c59b91a08cd03f371f994e53b9037f8cf19916b8ed535d7fad360a3a53
SHA512ac3edd0f169dab2badf3d6c082c4c7db1e7412780d0147fd528419fce59e8b0e4f27b6e89fcd172ad200982e65821656318fffe010dbf1609d8947fc594208b8
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000041Filesize
23KB
MD5df14665f460474a948ef6f3ca958f319
SHA178acca6b4ca9499ba20a2341060e9e62d1365a0c
SHA256e1351a972cfc2b3cee94b36da7a2d25d94e86166685a084a7f8fc1f3e578270e
SHA5128a6bbf19d0a305b4617604e34491fea97b0d5d88b6bc7ed635daa1fd7c580fe5aaa799eaa298c949bf4cb69d8d415c0e823b6128476008e527c130a26cf59cc2
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
1KB
MD5a116659bc2ebdf4ab1daa4003f242292
SHA1613f635f69643c1c29d66892158f2897f60d2e88
SHA256b53d607b0389e6be5947f4ce3f9809185ea1ad8cc5a8ef4dbe6eb815d81eadf6
SHA5122a574d367294470714a7175397dba0805fc52e896e25e5c62d92ec7ac66af0b43096329493b9dcf07bbd6071a26a5596c3513c1cd6a5819636162ea0034e29d5
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
2KB
MD5d356012bbc088f191588658bfcb86f92
SHA189418e591e62193e3ec31651b8192896d21e5868
SHA25684aec6565a1789e6d196d20a7c293f19f43c9b92b74c6411cc056ad2e7964867
SHA512f5d749c92c606b2bd31f0fee1b6fbd39b6a47df4a749b5d6d61eb1ab9039f7ab329d429135cb99b37ab5b7fbac75532631d2578fd43132f434c333e89eca6b61
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1Filesize
264KB
MD5f9e213e6075bf5e299d53f15c760bec0
SHA1f3e521331421019a8f47dcf6c75079f605511ca9
SHA2562679808cbd17977930802dbd457016b472f8cf5b3af67c524fa87a6fded93584
SHA512e3539837aace3da31e2db49b1e16e0f6eac507c974f778a20501669cc624f41f6d907eb4ee92a6cca20eee86dc85b1bb6408b7bc6c986ff098236dd584466dba
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
15KB
MD5109b34f17f23f68464bcfd464b6e2a6a
SHA12b484ed0654ec89389ea0f5104c5a222fbfe6e10
SHA256c4aa16ce286e7f2286c853be1894a2fbab64f37bc25604c86a01717a90f08853
SHA51216f3916e207fce861c7862123b0a2704d20ccecc830e257b8077834c233ee25494125f165db24776d8a338c8d53ad2ae3836cc7abf5b93a0900c0a8309560178
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
15KB
MD5da8131f5e8ae20ddc8d1be5e2b33b132
SHA18cde3a1be86329a9915293eb630e6663d4686fd4
SHA2569523f45e9935e0ef049f6b251967cc88029fa1fe9b17810637402d0690c6da2d
SHA51258bbc90b32e3502f52b65c19e999c091d44b148b7b563cb1f450a5baf8523ae7eff7c1f64cc3fd2d1a05c9e554f68a6636bae75c5e6e3728d975ac64cf3032fd
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
18KB
MD5d33424cbc3c1122317dd7d99189524a8
SHA16f69f5ac1a488338754e442e9668eb4e681affba
SHA256f5476dc1bdde1db07f2cd24ebab71d6a35df041c9008dd961838fdde8f9d70cd
SHA512b3f1d8a4b38024c9c3cc880a2b6a446609712d9447affa7470387aeeaa788586e77b64190bdae9fdb3e49118d8d2aeccdb812b253a85cd66ef0e184e43cfa339
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
18KB
MD54a8727114120ed81908e3d53f1307fa3
SHA13a69084b5ddf9cd81fd5e968fbc1558886c873ae
SHA2560093dec7665352fb9742bed2205f0292ecad98e11cd2df66771df1b4c0d0fed5
SHA5129e46b67826ba9c882859624fa52f333c24d0ad872ed7f1604d77e89f0d9b814127c604defa740b7254a62924da103ae4300614119e3eb7816120fcadc1435343
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending ReportsFilesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD5bd339d708460da7fb858303bbaa5c838
SHA1590ff9461716700ca636a6b79b25bfcd1ec99859
SHA256bd85f7303c6be0dc0bcdacd8140b9584d53251e9babdc9f5a4d44abae5b41bfa
SHA512c14acd2b92b01346b6824c88a2c0a5110ee3f327baf0584a70fe9e3af4eb12542b4a431eea0a25872eb24c9ad92b0f133539d9d5ee8916519fc2ffdbc2c02330
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
2KB
MD5f92f342f1748534d6fbc0f00b9b22f79
SHA1ec5f4794aa5206208b34421c5ca63ea2b67990ea
SHA2565a885dff4619dc4ca0c4403817661e919dee66c03080d0ee060aec8ee0c9fe52
SHA51279815d8c615ec8ae663e6c047f8d7862860cc00a95122f4291b9fc19badb1611f40a9e261c773b644097e8a3556fe757c88062203ab33ec43dd68b8d0644eb37
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
3KB
MD559cde4776381e8c82cf25d5517d96ce3
SHA17dafd207e41d7a76c7a061438a939f2e2ae33e7a
SHA256b68b5786fe7e410e80c7ad95836a142bb90c10760c5197924b4f5288c3dc805f
SHA5124d47333b59998e4a331b7ffa8caa2161f8b5d8a297c7216a5eca6e0a18a63db9a270cfe5774da0bf5ef20b0c3c169b4ef339298fcbc208a5ec6ee99baef14fe0
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
4KB
MD57bf90d6b7670e22b7947b4f82fe0d1ac
SHA10d81f6e3293b20acd592bc278cc118513838a2b8
SHA256a32c14c1e5f02c211cc6867b0e7df4f9e8ab37a1ab5337357721ddd90f188973
SHA5122372f9823faeba565f0dffdda025685bdff1b1bee3a1172cbb3e351baf7c0ef905692bb4e752aae512c83a56b59a2cf9849ddd71f5a12bd8fa6cc8041d23bb05
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
3KB
MD5fc47ac70d7415186e3c2ea578315d742
SHA19d2ca85434f4662c466b523eb72fd51dec85aab2
SHA2566e37fa885c8b63c2cfaa5fc28dfb981e58dfbc06a994b3de4391d6cf28a1c43e
SHA5123d12818409213b74cb00dbe312703c0ebaf49de22c124cd5038d53cfa362ca1c50ba1dc48e6780af057a9f7b852b67120baf1eb036da5d0a0b06b93a43eeb6bf
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
4KB
MD5b76a4952d31c706cf51dd4008a7d6bd6
SHA1c4ec996a6a90daf8c4932cf1c0e31940a54849a0
SHA2566b0a9b474b2259dbc46a25d289d39c39b22a85fb951d7fed9f97ca94a389d3c8
SHA512539e2b48a4e3c5730c6dc245d5378c60a2b1a765df11aa570475ec3c33f19a05bfe0721f324920182c52283a97a53469596560c9978b1cb3ffeb47a65282ac21
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD5735bd2dad0e631d36e32b3e2a391c8ba
SHA1a004313522d3777ab449f33574aa1cf3f10f23a7
SHA256eb6d2f5409891fb6f4301d2a45c5c229048763e889e2bb7a776ce473c35794c9
SHA5124119cb23b883633e37fdbfb0031479ec1ea2c3d61c4ef7afd5ca837e28a0f31c2dc0095615e9a183e2e420e1034a3cd17f3233b9027f03a7f3b9fe28eb3d6211
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD587d4f78760d037e2dd809a6eeaa48c54
SHA1b0f2ce771f43184a810b164dca4da3483c56670f
SHA25613a67de0c5fab5df8907b9e39f0f244485a4c7c83603fe716c4f65deab800619
SHA5127a5e443af737d33715f78f3750cb214af006c9624f3084e0fc8e746544401d21bac6113ee5dcb2cb90cf9c368333e3d6f828510db6f5ff2c54318e4b3e52c01b
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
8KB
MD556c7e6bef44a6a67aea672ea52fd3bca
SHA107a879a3ac949c50cca336fb4be452d940c80e72
SHA25692bce6d8f462f8d7a1baeb10740e14306563ef5eaa6b1c35b6b72b187e69b5dd
SHA5127c8bf1aa88f8bcb113ec6af81ab2b532e2b3e4f22c893f1fce2430768cef0d805013968de29936425085c69c87eea16d9a02e89acb7c1681a6639cbf6f86966f
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD563607b8caca9f58fd11e00efa006a387
SHA101841198bdbb07647fa5529168e8e0f2d5a37e8a
SHA25610942009dc29998dcaa8d022f06d878c3a06a7016df359daf1ea016df2e0dcd0
SHA512964c77d0983d8e2c8bf5acafe0fe86ee1bb65490d5af0c536c8fc79da0d83dd3c1e2cb5a3d3954236bc673be73e94deaa52e9cd0adaf9207ade0ec073e90657d
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure PreferencesFilesize
16KB
MD576421a1b87cd46e198f77fea1c37740f
SHA1d5f7fdd6434d13b05ce59abb9aa40137239a7600
SHA256d93f3f420e9d510aa040eeb77d4bd4c080d67f377bf67885a913075ff0f7547a
SHA51250b14f9b9c750cd6a77291862fcbe61cc76fd53e5d166f7858e49f8bf2144a7441765b3d85bd0dac6144fb5dc3500081a8d63e3be4772b7e11ab4d49620ff628
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
143KB
MD55e405564520f1ec62d793e961afdd0ef
SHA10fc382d7443aadad3e1a356e9b327ed10f2058a1
SHA256c421915f484e8e8443cf0f05e03fc30098ec7342343cd711273c476bd4ca98e8
SHA512492a78bf2b33488f06b7fe53c8ca241d7d60c207c2efd3764d032b92463a7f6faec171ac891cb93c67478b285198c5005b3afcb2642b2b88aa23c21b190ac9d9
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
143KB
MD5bae3f76b0fe23a5741e3e958c959a544
SHA157b8459e3a9c3c55a55e443cff00e41352f510ed
SHA256b5843baf9088564ea1b6f790dd1d188c18efa01fb6b7c1e3b58fc2c44d003067
SHA512245c9d6413fcee3071371a06bf3416a1407128ff4103c4aefa7b237139210998c79e0fa3c6888a3b15132233a2af3e45dd59803644e8c5888a2d514bed273260
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
278KB
MD595f751658567cc31bbf0f375ea7db155
SHA1010705e41685cb0c7c5e47fc1e1b44f84f33f4da
SHA256c53e2a66d6ec40369fd0e98bee5a8f45756f974a1c800e857fb3ea7a11ee259e
SHA512a4898093de1ecc1ab94e9f4531093ecf85884bbc5082b5c75a3d3f88a7b217fcca6d43f2ccc1e45f164deb3204ff7181f9dc66c4736b677e6a7be67b2d4ac801
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info CacheFilesize
100KB
MD55d10da04f7c9a9e1a276bbf478c3f713
SHA1d8247ea80f48679a3b0b145b112cca13ee7b2a66
SHA256f262669ac24f2fed7b6d5f5ef7a57719945476ef3589101ec714579b067c19dd
SHA5124abe083c6fbeba8ecc6c1810e31772d36cfbee2c9445e2dfb11c172342daabca022917919a827e076ea06649281f9328f439250f9a2a604d86ce2337154e6e59
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info CacheFilesize
102KB
MD5f3818a50ff528efcce568c4489b7cd48
SHA132848c7afee514d4d8697cd13d0dc86122120310
SHA256ad656a0f8a3416bb35b52a98e1cfc20c45f9cd742a7f972816589f70723fcccb
SHA5124e329006ef279ccb0eb220cb307c5a285828610ea4964816b98bd875c4dc1f35a0ceaf278a7b22ea29516832ca5063f4a0a5f5922507c726eb1f27357fa18a2c
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe588587.TMPFilesize
89KB
MD5b0e8507f625f2c95bbb314badc468123
SHA1970b1e6e3f3baab8700ef3f7543719d855d1ee1e
SHA256f858d7de9ca1f09c164b02b5f1f96fa956fbe83c87fcc5becbac2ee64850e86b
SHA512131d2ae6c515800d9200955f952536da664267e23e9cb4441c62aa2f57b6b3250104d6ba32c6989ea4cb8b1f974f07f492d22710ededeee5da1dd047ac9aa3a1
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.dbFilesize
28KB
MD56c505d69c4be8d1ce82acc764a2e4a63
SHA1062ccfe23ebebd66bc25a0dc52e9ae800252501f
SHA2569dfe5c33aa4d72093183d3b50ad39ee86faa6fab971cb4b2e09df6f30129af0f
SHA512c2e4e078402b3cc91919e4a4f39b5791a3d3d1550d1c59f0488cd409f1d6b3bc55776690173dd66bcc920eff5c3e46f0e1bb6c35ec0629eb2a148c0bf8ccd2fb
-
C:\Users\Admin\AppData\Local\Temp\Built.exeFilesize
6.7MB
MD54f086a444f0ded6ee6941f4d18b1f97b
SHA1bfeb3cb27791b5dd40bd155bbd7bedda521b424d
SHA256971d6aa712e01902cecba5e8405896375a3474da6b155a1dde599482ba2f95b7
SHA512171b8ecebaefbe92e09a38abc8f619bceacc060c1c0addc6d3b907e1adaa7232188141deada97fbb72fd37631b67e288c9af24108f1ab4b8c57a48f5d19eb325
-
C:\Users\Admin\AppData\Local\Temp\Compilers\MinGW64\bin\gcc.exeFilesize
789KB
MD543acaac9b437bd941c793ca6d9e776f7
SHA1c7de884538ea84e50127331fde9642c4b99fa966
SHA25627d8ea1223c1cf411773a39e8ef406d1f1d5d8956a0351ba8c74cc6c87978258
SHA5126587acc6c03afdfb7ac5e48f01978832dac491f9cdd86d1bc68f997e85000056cbfe6c27462ec3713c4bfad139f7a4937a0258eed98cede48dddacc2f17cac2d
-
C:\Users\Admin\AppData\Local\Temp\Compilers\MinGW64\bin\libiconv-2.dllFilesize
912KB
MD5661d92527d19257cba74a711bd3a5666
SHA15c02b30aa0facdce317b981eba7a46827942e783
SHA2565e3e889409110f7b7c2400f522b31d77b64fb3ab76ccfb9733acde34a07b7ad3
SHA512b9a5a59a82abae523db746f48465bdadd655f6553c9dfef92a3b14fd2d561e67c90605ce01210c7476c77ed688e8ef398e25ed5f319492a79cf8284dae8398a8
-
C:\Users\Admin\AppData\Local\Temp\Compilers\MinGW64\bin\windres.exeFilesize
1.1MB
MD518cd4a34ca3111b58afd6b45d4c92817
SHA1c1e73bf677aa8cec0cf2d11e196cceed24235a31
SHA256f245956c930f220f0bedf355a751a5cd738b4ec6bb6c5d584199ab3fa6c0a1c4
SHA512088207b82c8523e9c1e12f0d47eea05020ebb03e76306be891ce7c371c2ae0507037697336fc88a25fefa8f451cb83acb1adc6f9d1488917df8291e1f9e7546e
-
C:\Users\Admin\AppData\Local\Temp\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exeFilesize
12.5MB
MD572d8fe1f322d4eadbe4b825d0fbba8e3
SHA114111de0cf33c5608e2d800e96f0bdb8132b7105
SHA2566ce68e248fb64e366aaa6a5fe34fbf530299337de34f03d51dac6b59c86b9a0d
SHA5125f0e73be9ad6f5661b8a9a276966122c96453f73cf6f2dbbf10ac31eee8888c20217ac0b608f69e8302029352e620036804ee8733a5e5e62a104adad9245ffcb
-
C:\Users\Admin\AppData\Local\Temp\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\libcloog-isl-3.dllFilesize
118KB
MD5301bccd39510e47ba9bcb199c15319f7
SHA1a1c0ade259f3c504e0a3d2a06b1f23218f15f0f7
SHA256ff6cadf145cd39b19af0b4183eb7c98bbe2e9195d03ded4117be153052ad46bc
SHA5122d692d7581ad3dc95c6222b02628dd805748ccaf5276674d5f4633d3cfc64847a6d81b87f9c82a1f866e4a0a3b48493671db4e3caf6d400304eb547c6ead3997
-
C:\Users\Admin\AppData\Local\Temp\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\libgmp-3.dllFilesize
416KB
MD5fe5c6a36e0a8829823ba55b9d6429521
SHA1b0fcdefd0c045c8d5b2bb7e1a95cf6a0938c8b9b
SHA2563bd2deaddc781222f78722e1b734a91da27b9f0e679238e624d83015506a2a54
SHA512c1134a9e515db42ac062de0a79995a7d5cc44ad67461ba960ef3239c4ce467c10af4c3a5017c0ad75197b82f3f9df53bb975e5af01ef07430e6414d13252c39c
-
C:\Users\Admin\AppData\Local\Temp\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\libiconv-2.dllFilesize
912KB
MD548e2735197d6dcdb9e770de6c9f6da6c
SHA12048bc4f47230541d4c41706ab63e2f2cdd0a178
SHA256ba2285e9081fc62a7bf6f6bb3deaef88b43df5312d2aa2c5216ca061e0b3f462
SHA51273a15c57cbfe79e69a1361833d667cdea0e12154c7ab79a31519eb507dc145e07bbae320aef62e69f94f4570bbbbfdcd15e345d491448ab54a06b3343455044f
-
C:\Users\Admin\AppData\Local\Temp\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\libisl-10.dllFilesize
910KB
MD522ae27db2aa723df78bfb0082c8d655c
SHA113c22b295c23e838fded260d3dd68370f9fead17
SHA2561d210067f31ba2d8135416c61805b22fb191add0ab2165e6da4ef549a8fab5fc
SHA51204486ed3ce9dab682bf8307391c98c9e191805b777ba9bd490290b9a30bb53aecf8859a918ed6da0f11e52fdeec3012618a77d9895ea59edb847c33685add32c
-
C:\Users\Admin\AppData\Local\Temp\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\libmpc-2.dllFilesize
73KB
MD506bd9185c36cf58b25f3cb76eb8cca45
SHA1aacb00411e2870f4e21b986bd73bd270f25b4468
SHA256615088d6ae8eb77a6cfed97616a76a992843794f67a6d0e2a496dd1298a9b5ad
SHA512a3c15d0482545091ca1de236987b12af3db4f81aadd65b306a5d04fd4dcd3f3d11759f9ea247dfeaa8e8675e038ba92cb16d1b549a8c4fc474a8acec900d5af0
-
C:\Users\Admin\AppData\Local\Temp\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\libmpfr-1.dllFilesize
323KB
MD55610d32d53b668c95c69b530c2250dd7
SHA1bd7e2953c438fd5e8d0a353f7f07685055ba80c9
SHA25633180906b102967534f32d640c43b9e4bf7de7c4967368a76349d45e8b490b4a
SHA5122cfd8f398b14e76ca051a17fa2366470c2aefe0c0ceebc1b609682f2decd7ee28df13b2a0419eb6258e484d6d549ddb321d11506dc884a254d227d9a439fbfd5
-
C:\Users\Admin\AppData\Local\Temp\SteamUDPUpdater.exeFilesize
112KB
MD59908883bbcee91c29c9086198d8d8146
SHA1eae0d98cd5147fe75379c165900f1b07d4970505
SHA256829d1379ee5a8da6b21af8a5c4dd9c262a569847b2664d39f5c415e0dc74c399
SHA5124706586c902c7deaba67a7c58ed60df4960cbee62d63148b05c4d82b83fc685f61201904d09615936d1a505f0ca61cd376a7fe37e19b3570f51c73a740073629
-
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_0va2cyqf.nit.ps1Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
C:\Users\Admin\AppData\Local\Temp\loader.exeFilesize
143KB
MD5f701562eb6bc2d60da82bb8fe907594e
SHA1b4a927d39ec3eb6fbf3ff087ee4d23dc9dfc158c
SHA25617e8ea093d6505417598efa6d8b888fd164bb1e0006fa2e466c9d20e0dadb859
SHA512bf2f37d5764e57195d5688b0fcd179f471605cacb6c1adfaa6abbce821a83217fb9fecd2a28c87253fe4de126aa42e82e79e639359ebdf1a1b7b11ae448a63d2
-
C:\Users\Admin\Desktop\Compilers\tinycc\tcc.exeFilesize
53KB
MD508c121c2147e21032d5212f3d430660a
SHA1e93e7cca5c3ba779a36fb14e5fdb3182d745279a
SHA25654f013a8811498a3bd20d8440a497698de96b659930001874f7c7f638f887d1d
SHA5127b4eddb5e77d78640b56c4b970f96070bd7ed6d281f9a2d5895e7a1b4361cb5edb027068b087d71363ad617609109e6c42795022ec46b16a48cd2b468f711d27
-
C:\Users\Admin\Downloads\mash.zipFilesize
6.7MB
MD5ffa7c0265b3d50c1b6fbdc3d7293c92b
SHA168c2a274ffc751ce43a5e3b876ad0eabf75138b5
SHA25608085b047920914d358f92b509cdf9530d4c0493212688d0f2760cce25b1bbc5
SHA51284a08c0f17cfb4bd1d8510a6ca3923e059b37acdddcc115bfb7805963d855bec48741448cd4fd8837b0aa4eb595226252e45695b330450921854907a4b1c2041
-
\??\pipe\crashpad_748_BJISMEAUUSLMWEQRMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/1860-2362-0x0000000000E70000-0x0000000000E9A000-memory.dmpFilesize
168KB
-
memory/1860-2365-0x0000000005C30000-0x00000000061D4000-memory.dmpFilesize
5.6MB
-
memory/1860-2376-0x00000000058F0000-0x00000000058FA000-memory.dmpFilesize
40KB
-
memory/1860-2367-0x0000000005760000-0x00000000057F2000-memory.dmpFilesize
584KB
-
memory/2156-2363-0x00007FFAF8AC0000-0x00007FFAF8AE4000-memory.dmpFilesize
144KB
-
memory/2156-2502-0x00007FFAE9520000-0x00007FFAE9895000-memory.dmpFilesize
3.5MB
-
memory/2156-2601-0x00007FFAE98A0000-0x00007FFAE9A11000-memory.dmpFilesize
1.4MB
-
memory/2156-2602-0x00007FFAF85F0000-0x00007FFAF8609000-memory.dmpFilesize
100KB
-
memory/2156-2603-0x00007FFAFC510000-0x00007FFAFC51D000-memory.dmpFilesize
52KB
-
memory/2156-2604-0x00007FFAF8570000-0x00007FFAF859E000-memory.dmpFilesize
184KB
-
memory/2156-2605-0x00007FFAF84B0000-0x00007FFAF8568000-memory.dmpFilesize
736KB
-
memory/2156-2606-0x00007FFAE9520000-0x00007FFAE9895000-memory.dmpFilesize
3.5MB
-
memory/2156-2607-0x00007FFAF8490000-0x00007FFAF84A4000-memory.dmpFilesize
80KB
-
memory/2156-2608-0x00007FFAF8B80000-0x00007FFAF8B8D000-memory.dmpFilesize
52KB
-
memory/2156-2496-0x00007FFAF8610000-0x00007FFAF862F000-memory.dmpFilesize
124KB
-
memory/2156-2598-0x00007FFAF8630000-0x00007FFAF8649000-memory.dmpFilesize
100KB
-
memory/2156-2609-0x00007FFAE9400000-0x00007FFAE9518000-memory.dmpFilesize
1.1MB
-
memory/2156-2600-0x00007FFAF8610000-0x00007FFAF862F000-memory.dmpFilesize
124KB
-
memory/2156-2581-0x00007FFAE9A20000-0x00007FFAE9E8E000-memory.dmpFilesize
4.4MB
-
memory/2156-2565-0x00007FFAE9A20000-0x00007FFAE9E8E000-memory.dmpFilesize
4.4MB
-
memory/2156-2566-0x00007FFAF8AC0000-0x00007FFAF8AE4000-memory.dmpFilesize
144KB
-
memory/2156-2360-0x00007FFAE9A20000-0x00007FFAE9E8E000-memory.dmpFilesize
4.4MB
-
memory/2156-2492-0x00007FFAF8AC0000-0x00007FFAF8AE4000-memory.dmpFilesize
144KB
-
memory/2156-2491-0x00007FFAE9A20000-0x00007FFAE9E8E000-memory.dmpFilesize
4.4MB
-
memory/2156-2506-0x00007FFAF8630000-0x00007FFAF8649000-memory.dmpFilesize
100KB
-
memory/2156-2364-0x00007FFAFFDC0000-0x00007FFAFFDCF000-memory.dmpFilesize
60KB
-
memory/2156-2505-0x00007FFAE9400000-0x00007FFAE9518000-memory.dmpFilesize
1.1MB
-
memory/2156-2599-0x00007FFAF8A90000-0x00007FFAF8ABD000-memory.dmpFilesize
180KB
-
memory/2156-2385-0x00007FFAE98A0000-0x00007FFAE9A11000-memory.dmpFilesize
1.4MB
-
memory/2156-2383-0x00007FFAF8630000-0x00007FFAF8649000-memory.dmpFilesize
100KB
-
memory/2156-2382-0x00007FFAF8A90000-0x00007FFAF8ABD000-memory.dmpFilesize
180KB
-
memory/2156-2596-0x00007FFAFFDC0000-0x00007FFAFFDCF000-memory.dmpFilesize
60KB
-
memory/2156-2384-0x00007FFAF8610000-0x00007FFAF862F000-memory.dmpFilesize
124KB
-
memory/2156-2386-0x00007FFAF85F0000-0x00007FFAF8609000-memory.dmpFilesize
100KB
-
memory/2156-2389-0x00007FFAF84B0000-0x00007FFAF8568000-memory.dmpFilesize
736KB
-
memory/2156-2391-0x00007FFAE9A20000-0x00007FFAE9E8E000-memory.dmpFilesize
4.4MB
-
memory/2156-2392-0x000001E59EC50000-0x000001E59EFC5000-memory.dmpFilesize
3.5MB
-
memory/2156-2390-0x00007FFAE9520000-0x00007FFAE9895000-memory.dmpFilesize
3.5MB
-
memory/2156-2388-0x00007FFAF8570000-0x00007FFAF859E000-memory.dmpFilesize
184KB
-
memory/2156-2387-0x00007FFAFC510000-0x00007FFAFC51D000-memory.dmpFilesize
52KB
-
memory/2156-2394-0x00007FFAF8B80000-0x00007FFAF8B8D000-memory.dmpFilesize
52KB
-
memory/2156-2393-0x00007FFAF8490000-0x00007FFAF84A4000-memory.dmpFilesize
80KB
-
memory/2156-2398-0x00007FFAE9400000-0x00007FFAE9518000-memory.dmpFilesize
1.1MB
-
memory/2156-2397-0x00007FFAF8AC0000-0x00007FFAF8AE4000-memory.dmpFilesize
144KB
-
memory/2156-2497-0x00007FFAE98A0000-0x00007FFAE9A11000-memory.dmpFilesize
1.4MB
-
memory/2156-2597-0x00007FFAF8AC0000-0x00007FFAF8AE4000-memory.dmpFilesize
144KB
-
memory/2156-2498-0x00007FFAF85F0000-0x00007FFAF8609000-memory.dmpFilesize
100KB
-
memory/2156-2500-0x00007FFAF8570000-0x00007FFAF859E000-memory.dmpFilesize
184KB
-
memory/2156-2501-0x00007FFAF84B0000-0x00007FFAF8568000-memory.dmpFilesize
736KB
-
memory/2244-2259-0x00007FFAF0210000-0x00007FFAF0275000-memory.dmpFilesize
404KB
-
memory/2244-2258-0x00007FF74D8D0000-0x00007FF74D8E6000-memory.dmpFilesize
88KB
-
memory/3948-0-0x00007FFAE93C3000-0x00007FFAE93C5000-memory.dmpFilesize
8KB
-
memory/3948-351-0x00007FFAE93C0000-0x00007FFAE9E81000-memory.dmpFilesize
10.8MB
-
memory/3948-1-0x00000132E5C30000-0x00000132E6592000-memory.dmpFilesize
9.4MB
-
memory/3948-2-0x00007FFAE93C0000-0x00007FFAE9E81000-memory.dmpFilesize
10.8MB
-
memory/3948-1320-0x00000132ECC60000-0x00000132ECCD6000-memory.dmpFilesize
472KB
-
memory/3948-380-0x00000132E9C30000-0x00000132E9C3A000-memory.dmpFilesize
40KB
-
memory/3948-379-0x00000132EC9F0000-0x00000132ECA02000-memory.dmpFilesize
72KB
-
memory/3948-3-0x00007FFAE93C0000-0x00007FFAE9E81000-memory.dmpFilesize
10.8MB
-
memory/3948-360-0x00007FFAE93C0000-0x00007FFAE9E81000-memory.dmpFilesize
10.8MB
-
memory/3948-191-0x00007FFAE93C3000-0x00007FFAE93C5000-memory.dmpFilesize
8KB
-
memory/3948-263-0x00007FFAE93C0000-0x00007FFAE9E81000-memory.dmpFilesize
10.8MB
-
memory/3948-1321-0x00000132ECB50000-0x00000132ECB6E000-memory.dmpFilesize
120KB
-
memory/3948-2270-0x00007FFAE93C0000-0x00007FFAE9E81000-memory.dmpFilesize
10.8MB
-
memory/3960-2251-0x0000000000400000-0x00000000004CE000-memory.dmpFilesize
824KB
-
memory/3960-2252-0x0000000066200000-0x00000000662EB000-memory.dmpFilesize
940KB
-
memory/4648-1325-0x00007FF671410000-0x00007FF671426000-memory.dmpFilesize
88KB
-
memory/4648-1326-0x00007FFB00B80000-0x00007FFB00BE5000-memory.dmpFilesize
404KB
-
memory/4832-1316-0x0000000000400000-0x00000000004CE000-memory.dmpFilesize
824KB
-
memory/4832-1317-0x0000000066200000-0x00000000662EB000-memory.dmpFilesize
940KB
-
memory/5800-2408-0x000001B5A2140000-0x000001B5A2162000-memory.dmpFilesize
136KB
-
memory/5800-2429-0x000001B5A24A0000-0x000001B5A260A000-memory.dmpFilesize
1.4MB
-
memory/6096-1311-0x0000000068C80000-0x0000000068CEF000-memory.dmpFilesize
444KB
-
memory/6096-1310-0x0000000066200000-0x00000000662EB000-memory.dmpFilesize
940KB
-
memory/6096-1314-0x000000006A780000-0x000000006A86A000-memory.dmpFilesize
936KB
-
memory/6096-1313-0x0000000065600000-0x0000000065619000-memory.dmpFilesize
100KB
-
memory/6096-1312-0x0000000070F00000-0x0000000070F24000-memory.dmpFilesize
144KB
-
memory/6096-1309-0x0000000000400000-0x0000000001149000-memory.dmpFilesize
13.3MB
-
memory/6096-1315-0x000000006FE80000-0x000000006FED7000-memory.dmpFilesize
348KB
-
memory/6528-2432-0x000001B2DB4F0000-0x000001B2DB65A000-memory.dmpFilesize
1.4MB
-
memory/6812-2433-0x000002277EB60000-0x000002277ECCA000-memory.dmpFilesize
1.4MB
-
memory/6920-2490-0x00000000059E0000-0x0000000005A46000-memory.dmpFilesize
408KB
-
memory/7456-2254-0x0000000000400000-0x0000000000502000-memory.dmpFilesize
1.0MB
-
memory/7588-2246-0x0000000068C80000-0x0000000068CEF000-memory.dmpFilesize
444KB
-
memory/7588-2245-0x0000000066200000-0x00000000662EB000-memory.dmpFilesize
940KB
-
memory/7588-2250-0x000000006FE80000-0x000000006FED7000-memory.dmpFilesize
348KB
-
memory/7588-2247-0x0000000065600000-0x0000000065619000-memory.dmpFilesize
100KB
-
memory/7588-2248-0x0000000070F00000-0x0000000070F24000-memory.dmpFilesize
144KB
-
memory/7588-2249-0x000000006A780000-0x000000006A86A000-memory.dmpFilesize
936KB
-
memory/7588-2244-0x0000000000400000-0x0000000001149000-memory.dmpFilesize
13.3MB
-
memory/7596-1319-0x0000000000400000-0x0000000000502000-memory.dmpFilesize
1.0MB
-
memory/7700-2361-0x0000000000C70000-0x0000000000C92000-memory.dmpFilesize
136KB