6d996f70f6b9f99e4ae0aad1f28d224c84c22194551ca4e21f56127eb563faea

Analysis

max time kernel
62s
max time network
151s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
06-07-2024 17:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BlueStacksMicroInstaller_5.21.218.1001_native.exe
Size

911KB
MD5

05cd50890a8efa95d686384d2d96c530
SHA1

ad496d950142315aa8662edb002549e84d3de424
SHA256

6d996f70f6b9f99e4ae0aad1f28d224c84c22194551ca4e21f56127eb563faea
SHA512

6dc050e3c6577299ba4bcc306d1866ddea3eb2499f75f1de96e435d03f03b0ccf4021602be0eb6c816d7a0e81ce29590de247a084d67e88a64fa6ced4043bcf3
SSDEEP

24576:bivtCXWeGKM8WolR74uEFQWa3GZllJCGt3:+tCXWPIWofUuCQWa25JN3

Score

4^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

Processes:

BlueStacksInstaller.exeHD-CheckCpu.exe

pid process

1628 BlueStacksInstaller.exe
2760 HD-CheckCpu.exe

Loads dropped DLL 4 IoCs

Processes:

BlueStacksMicroInstaller_5.21.218.1001_native.exe

pid	process
2088	BlueStacksMicroInstaller_5.21.218.1001_native.exe
2088	BlueStacksMicroInstaller_5.21.218.1001_native.exe
2088	BlueStacksMicroInstaller_5.21.218.1001_native.exe
2088	BlueStacksMicroInstaller_5.21.218.1001_native.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exechrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies Internet Explorer settings 1 TTPs 32 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002f8e41e3384fa749ac47329e409d990900000000020000000000106600000001000020000000395e0e0f01a3fa33ea5f70898d4636f94ba1cfd9445639a1b45a29d7520f4e71000000000e800000000200002000000006482a447bea715135f0f61e3a2c250f91cc3cff3089ab32786d608305eaddd620000000fc28fd94835f95c601abb837970b94e328da3311a2f3fe2bd3b6dbc9e081fbce4000000054f2625061af9aef32e1311a07571b0be39bafffe6dcac7163f6b521560790ddba0ab7ba1db030d9760da567bfeda252b6d0135e7a09308a8828dca9c8d0e665	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 3038ad53cccfda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7CD34E71-3BBF-11EF-B6F1-C644C3EA32BD} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002f8e41e3384fa749ac47329e409d990900000000020000000000106600000001000020000000825ed4a637bac9eb8ee0c4745d93ae81989390bc5195cebb7a275f33b109fe30000000000e80000000020000200000000a5156a59efff1dddef6d56c60df818e16fba6a38dbbe44f31d4dc697d15a97b900000008b48c6f086b5f7558f0c20980f58c6f9ca1d5f4fdb358b589f5a8f83202bcf7243967d7126797adca309ebea125239c04fd186295665e9b61f8a1d6558125d13ec2e194fbe398a74744757c884f208975c8c0767e8283b3ff5447a8b2c89887fc3505ccf2cafbd26657d2df3fb02b8842a3d21d5581997ba9ae92f29780c52bf21a23d1f20a3c19ff7f6d3825ee29d1f40000000db3a822f3daec46bda30cd4e6f643635c28f86fafa7d818502d7f7c2df1cd82bb90ea088311d4097f45ea1d1deb4f460f5bc65cc7a971f01f4012fda82388311	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe

Modifies system certificate store 2 TTPs 4 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

BlueStacksInstaller.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6	BlueStacksInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	BlueStacksInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A	BlueStacksInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d46240f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	BlueStacksInstaller.exe

Suspicious behavior: EnumeratesProcesses 9 IoCs

Processes:

BlueStacksInstaller.exechrome.exechrome.exe

pid	process
1628	BlueStacksInstaller.exe
1628	BlueStacksInstaller.exe
1628	BlueStacksInstaller.exe
1628	BlueStacksInstaller.exe
1628	BlueStacksInstaller.exe
2004	chrome.exe
2004	chrome.exe
1940	chrome.exe
1940	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

BlueStacksInstaller.exechrome.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	1628	BlueStacksInstaller.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	1940	chrome.exe
Token: SeShutdownPrivilege	1940	chrome.exe
Token: SeShutdownPrivilege	1940	chrome.exe
Token: SeShutdownPrivilege	1940	chrome.exe
Token: SeShutdownPrivilege	1940	chrome.exe
Token: SeShutdownPrivilege	1940	chrome.exe
Token: SeShutdownPrivilege	1940	chrome.exe
Token: SeShutdownPrivilege	1940	chrome.exe
Token: SeShutdownPrivilege	1940	chrome.exe
Token: SeShutdownPrivilege	1940	chrome.exe
Token: SeShutdownPrivilege	1940	chrome.exe
Token: SeShutdownPrivilege	1940	chrome.exe
Token: SeShutdownPrivilege	1940	chrome.exe
Token: SeShutdownPrivilege	1940	chrome.exe
Token: SeShutdownPrivilege	1940	chrome.exe
Token: SeShutdownPrivilege	1940	chrome.exe
Token: SeShutdownPrivilege	1940	chrome.exe
Token: SeShutdownPrivilege	1940	chrome.exe
Token: SeShutdownPrivilege	1940	chrome.exe
Token: SeShutdownPrivilege	1940	chrome.exe
Token: SeShutdownPrivilege	1940	chrome.exe
Token: SeShutdownPrivilege	1940	chrome.exe
Token: SeShutdownPrivilege	1940	chrome.exe
Token: SeShutdownPrivilege	1940	chrome.exe
Token: SeShutdownPrivilege	1940	chrome.exe
Token: SeShutdownPrivilege	1940	chrome.exe
Token: SeShutdownPrivilege	1940	chrome.exe
Token: SeShutdownPrivilege	1940	chrome.exe
Token: SeShutdownPrivilege	1940	chrome.exe
Token: SeShutdownPrivilege	1940	chrome.exe
Token: SeShutdownPrivilege	1940	chrome.exe
Token: SeShutdownPrivilege	1940	chrome.exe
Token: SeShutdownPrivilege	1940	chrome.exe

Suspicious use of FindShellTrayWindow 54 IoCs

Processes:

iexplore.exechrome.exechrome.exe

pid	process
2764	iexplore.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

Processes:

chrome.exechrome.exe

pid	process
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe

Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2764 iexplore.exe
2764 iexplore.exe
972 IEXPLORE.EXE
972 IEXPLORE.EXE
972 IEXPLORE.EXE
972 IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

BlueStacksMicroInstaller_5.21.218.1001_native.exeBlueStacksInstaller.exeiexplore.exechrome.exe

description	pid	process	target process
PID 2088 wrote to memory of 1628	2088	BlueStacksMicroInstaller_5.21.218.1001_native.exe	BlueStacksInstaller.exe
PID 2088 wrote to memory of 1628	2088	BlueStacksMicroInstaller_5.21.218.1001_native.exe	BlueStacksInstaller.exe
PID 2088 wrote to memory of 1628	2088	BlueStacksMicroInstaller_5.21.218.1001_native.exe	BlueStacksInstaller.exe
PID 2088 wrote to memory of 1628	2088	BlueStacksMicroInstaller_5.21.218.1001_native.exe	BlueStacksInstaller.exe
PID 1628 wrote to memory of 2760	1628	BlueStacksInstaller.exe	HD-CheckCpu.exe
PID 1628 wrote to memory of 2760	1628	BlueStacksInstaller.exe	HD-CheckCpu.exe
PID 1628 wrote to memory of 2760	1628	BlueStacksInstaller.exe	HD-CheckCpu.exe
PID 1628 wrote to memory of 2760	1628	BlueStacksInstaller.exe	HD-CheckCpu.exe
PID 1628 wrote to memory of 2764	1628	BlueStacksInstaller.exe	iexplore.exe
PID 1628 wrote to memory of 2764	1628	BlueStacksInstaller.exe	iexplore.exe
PID 1628 wrote to memory of 2764	1628	BlueStacksInstaller.exe	iexplore.exe
PID 2764 wrote to memory of 972	2764	iexplore.exe	IEXPLORE.EXE
PID 2764 wrote to memory of 972	2764	iexplore.exe	IEXPLORE.EXE
PID 2764 wrote to memory of 972	2764	iexplore.exe	IEXPLORE.EXE
PID 2764 wrote to memory of 972	2764	iexplore.exe	IEXPLORE.EXE
PID 2004 wrote to memory of 1628	2004	chrome.exe	chrome.exe
PID 2004 wrote to memory of 1628	2004	chrome.exe	chrome.exe
PID 2004 wrote to memory of 1628	2004	chrome.exe	chrome.exe
PID 2004 wrote to memory of 2552	2004	chrome.exe	chrome.exe
PID 2004 wrote to memory of 2552	2004	chrome.exe	chrome.exe
PID 2004 wrote to memory of 2552	2004	chrome.exe	chrome.exe
PID 2004 wrote to memory of 2552	2004	chrome.exe	chrome.exe
PID 2004 wrote to memory of 2552	2004	chrome.exe	chrome.exe
PID 2004 wrote to memory of 2552	2004	chrome.exe	chrome.exe
PID 2004 wrote to memory of 2552	2004	chrome.exe	chrome.exe
PID 2004 wrote to memory of 2552	2004	chrome.exe	chrome.exe
PID 2004 wrote to memory of 2552	2004	chrome.exe	chrome.exe
PID 2004 wrote to memory of 2552	2004	chrome.exe	chrome.exe
PID 2004 wrote to memory of 2552	2004	chrome.exe	chrome.exe
PID 2004 wrote to memory of 2552	2004	chrome.exe	chrome.exe
PID 2004 wrote to memory of 2552	2004	chrome.exe	chrome.exe
PID 2004 wrote to memory of 2552	2004	chrome.exe	chrome.exe
PID 2004 wrote to memory of 2552	2004	chrome.exe	chrome.exe
PID 2004 wrote to memory of 2552	2004	chrome.exe	chrome.exe
PID 2004 wrote to memory of 2552	2004	chrome.exe	chrome.exe
PID 2004 wrote to memory of 2552	2004	chrome.exe	chrome.exe
PID 2004 wrote to memory of 2552	2004	chrome.exe	chrome.exe
PID 2004 wrote to memory of 2552	2004	chrome.exe	chrome.exe
PID 2004 wrote to memory of 2552	2004	chrome.exe	chrome.exe
PID 2004 wrote to memory of 2552	2004	chrome.exe	chrome.exe
PID 2004 wrote to memory of 2552	2004	chrome.exe	chrome.exe
PID 2004 wrote to memory of 2552	2004	chrome.exe	chrome.exe
PID 2004 wrote to memory of 2552	2004	chrome.exe	chrome.exe
PID 2004 wrote to memory of 2552	2004	chrome.exe	chrome.exe
PID 2004 wrote to memory of 2552	2004	chrome.exe	chrome.exe
PID 2004 wrote to memory of 2552	2004	chrome.exe	chrome.exe
PID 2004 wrote to memory of 2552	2004	chrome.exe	chrome.exe
PID 2004 wrote to memory of 2552	2004	chrome.exe	chrome.exe
PID 2004 wrote to memory of 2552	2004	chrome.exe	chrome.exe
PID 2004 wrote to memory of 2552	2004	chrome.exe	chrome.exe
PID 2004 wrote to memory of 2552	2004	chrome.exe	chrome.exe
PID 2004 wrote to memory of 2552	2004	chrome.exe	chrome.exe
PID 2004 wrote to memory of 2552	2004	chrome.exe	chrome.exe
PID 2004 wrote to memory of 2552	2004	chrome.exe	chrome.exe
PID 2004 wrote to memory of 2552	2004	chrome.exe	chrome.exe
PID 2004 wrote to memory of 2552	2004	chrome.exe	chrome.exe
PID 2004 wrote to memory of 2552	2004	chrome.exe	chrome.exe
PID 2004 wrote to memory of 1596	2004	chrome.exe	chrome.exe
PID 2004 wrote to memory of 1596	2004	chrome.exe	chrome.exe
PID 2004 wrote to memory of 1596	2004	chrome.exe	chrome.exe
PID 2004 wrote to memory of 1592	2004	chrome.exe	chrome.exe
PID 2004 wrote to memory of 1592	2004	chrome.exe	chrome.exe
PID 2004 wrote to memory of 1592	2004	chrome.exe	chrome.exe
PID 2004 wrote to memory of 1592	2004	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\BlueStacksMicroInstaller_5.21.218.1001_native.exe
"C:\Users\Admin\AppData\Local\Temp\BlueStacksMicroInstaller_5.21.218.1001_native.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2088
- C:\Users\Admin\AppData\Local\Temp\7zS828E00C6\BlueStacksInstaller.exe
  "C:\Users\Admin\AppData\Local\Temp\7zS828E00C6\BlueStacksInstaller.exe"
  2⤵
  - Executes dropped EXE
  - Modifies system certificate store
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1628
- - C:\Users\Admin\AppData\Local\Temp\7zS828E00C6\HD-CheckCpu.exe
    "C:\Users\Admin\AppData\Local\Temp\7zS828E00C6\HD-CheckCpu.exe" --cmd checkHypervEnabled
    3⤵
    - Executes dropped EXE
    PID:2760
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://cloud.bluestacks.com/bs3/help_articles?article=RawMode_help_Win7&oem=nxt&locale=en-US&image_name=Nougat32
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2764
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2764 CREDAT:275457 /prefetch:2
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7229758,0x7fef7229768,0x7fef7229778
  2⤵
  PID:1628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1184 --field-trial-handle=1248,i,9366219965649797296,15189093020243094722,131072 /prefetch:2
  2⤵
  PID:2552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1512 --field-trial-handle=1248,i,9366219965649797296,15189093020243094722,131072 /prefetch:8
  2⤵
  PID:1596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1556 --field-trial-handle=1248,i,9366219965649797296,15189093020243094722,131072 /prefetch:8
  2⤵
  PID:1592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2288 --field-trial-handle=1248,i,9366219965649797296,15189093020243094722,131072 /prefetch:1
  2⤵
  PID:2920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2280 --field-trial-handle=1248,i,9366219965649797296,15189093020243094722,131072 /prefetch:1
  2⤵
  PID:2488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1336 --field-trial-handle=1248,i,9366219965649797296,15189093020243094722,131072 /prefetch:2
  2⤵
  PID:2120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2224 --field-trial-handle=1248,i,9366219965649797296,15189093020243094722,131072 /prefetch:1
  2⤵
  PID:1376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3676 --field-trial-handle=1248,i,9366219965649797296,15189093020243094722,131072 /prefetch:8
  2⤵
  PID:2412

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7229758,0x7fef7229768,0x7fef7229778
  2⤵
  PID:2768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1148 --field-trial-handle=1304,i,155716288328376300,6848078611288631817,131072 /prefetch:2
  2⤵
  PID:916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1524 --field-trial-handle=1304,i,155716288328376300,6848078611288631817,131072 /prefetch:8
  2⤵
  PID:2988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1608 --field-trial-handle=1304,i,155716288328376300,6848078611288631817,131072 /prefetch:8
  2⤵
  PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2264 --field-trial-handle=1304,i,155716288328376300,6848078611288631817,131072 /prefetch:1
  2⤵
  PID:1476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2272 --field-trial-handle=1304,i,155716288328376300,6848078611288631817,131072 /prefetch:1
  2⤵
  PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1488 --field-trial-handle=1304,i,155716288328376300,6848078611288631817,131072 /prefetch:2
  2⤵
  PID:816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2196 --field-trial-handle=1304,i,155716288328376300,6848078611288631817,131072 /prefetch:1
  2⤵
  PID:856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3772 --field-trial-handle=1304,i,155716288328376300,6848078611288631817,131072 /prefetch:1
  2⤵
  PID:1624

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2348

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:3012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7229758,0x7fef7229768,0x7fef7229778
  2⤵
  PID:1592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1164 --field-trial-handle=1336,i,11011950046955295261,2982475989317784522,131072 /prefetch:2
  2⤵
  PID:1060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1548 --field-trial-handle=1336,i,11011950046955295261,2982475989317784522,131072 /prefetch:8
  2⤵
  PID:1468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1628 --field-trial-handle=1336,i,11011950046955295261,2982475989317784522,131072 /prefetch:8
  2⤵
  PID:1076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2348 --field-trial-handle=1336,i,11011950046955295261,2982475989317784522,131072 /prefetch:1
  2⤵
  PID:2060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2356 --field-trial-handle=1336,i,11011950046955295261,2982475989317784522,131072 /prefetch:1
  2⤵
  PID:2376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1508 --field-trial-handle=1336,i,11011950046955295261,2982475989317784522,131072 /prefetch:2
  2⤵
  PID:680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2320 --field-trial-handle=1336,i,11011950046955295261,2982475989317784522,131072 /prefetch:1
  2⤵
  PID:2700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3704 --field-trial-handle=1336,i,11011950046955295261,2982475989317784522,131072 /prefetch:1
  2⤵
  PID:2988

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1584

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b991c56e87de722799931e37603835ab

SHA1
29ea3a74f243d13ac35e807951e50c0e28a6b983

SHA256
9bb1809e25099b9bd39d76b6a2b7516fcd6b71b417f68b274993dfad52f35ee5

SHA512
057c409bec4897bdfea27a33d79b64618b3f68d0212a76db9c29996aaae16b18b5daa198f46ee6869f9a9c624159a6d573f60906802f4d350bd2f8ba0e178ecc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
87cd2bcbb88f9daba0a55cf63fbec43b

SHA1
90186240ef2f82166c609fb9f7b397c7815c8b62

SHA256
553c5480273c030a86740b29af893f3aba5b1028d1fb9ffd2e8a5d367782c449

SHA512
68fd6f643861a798d1f612c701356771e76d8a1dd94a2aaea3963d7ae2b64305930efcd206883c1b1255e2f2ce0a59f8c19838736dff4ce5f36f0dfb01b0e2cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cd6e5d7869e6e800e6593dd329f41029

SHA1
03418a57ef44722bd95a4a0cb9f7c065aded3bcd

SHA256
2bbf95be7b3f0ff15c87746514521a424cdb96f0c4059e2f03dc6f5611e4abb3

SHA512
fa5df12e425f24f6d40bce48e306c5deb8aea7ff609cf1c29f86fd85a2176059e5df67b1412b9b9519db3e77f7a05543e806b77018affa67bca5121f9e797af0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ba24d9e932e0a87cfa70bc02c6c63173

SHA1
a84d4b9c201fd05222bbdfbbb5e79f2fb7d0e4b3

SHA256
f5a4c49980c64c97f34748f06b601c0d5202a824e8f89de865444aaaee499f17

SHA512
728dd0570e82052270117df75efd46a3339b578d624aee489a5e42fe030175d23d24ae06f63c632939e56b14acc818ee02da50c12c5b485b1489a4004dde5d36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
089ca292028ed2c0ec021b748514700f

SHA1
193695384710f556bdd185bd9f883c3863186259

SHA256
51e19a31f7b0fd64d34e63fd0a83a23b13ea185c17f0cffac2509d5dd0381a5f

SHA512
ba2adf7cb2426ecd738ad702c901ef268e56cdb84fdaa0287a9fbb90e26611388b6e392172bbe74791b46f9ebc59d48854e849004a880e4ee7c8c3976aaa33fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2c954539f20c45b54a52a382b8da1dbf

SHA1
cce61992c44e5f6c4b630f7851087708d40daa9c

SHA256
68ffbe292d985ba0277071af9ab499a39ae4ad747615a43c81172977162f7a2c

SHA512
85a7907d1f7f74c233bb8b9faf2d44442d3edbf4aa0868d002893c8315af36726c08ed13ac6748215195c8f0ad225e1eb644a7144b10c63af4b407157f93d357

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2eca3ee61d3ea5fb877eadd3b122380a

SHA1
ecc78ad486139a12bad79fc81920ac9c8034a1e9

SHA256
a7c12969159aff6f997fa66f06051f6c19d5d82946d58d9e54abf0400f511c36

SHA512
d9d2a861e22b8e11b52b7e36550d083d5105358235bf179049d302223a39c8c2a3ce9069087769413c6a7a5ef6421433c589913e776587a52f8a6999a27664ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ecf64715e5b8d58e7d1258fa1c7edec8

SHA1
0d3c9780799fa20ca8982a6c1c2b373ebe5b52d3

SHA256
0769014d52c2b2a8878c29ef2412619716107f578c8407184f824ace7d3ee678

SHA512
543e7863e2364a596750f660a8f0bdacbef77c23c6c8a45d863a72c1ce1690a2b817a40fd6cdfb37704003e1d9ebcb08b014035bd883858342f79549aadc6945

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b465eb606bed2c8f382c6f6367c6e84d

SHA1
1cafe4a74d65f59dce5eb37ceb6b97c9efa29515

SHA256
b137cb7ac65ba256e63c2c94b3f08c9598ad78fa23b47106ea857e8d0cf1a2bc

SHA512
a1b247603d8bf1263ca4c728ad3ebc00acca7431c792e6dd02a3ac8537d5d287e705946a32957f86d9da6917527a9276df5313b7259f7c1053bbd51c82e41b68

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
084b812dd89834d644c1b9db9c4df600

SHA1
ad265ba1150ef0b90f241d3615ceb73c315b7e23

SHA256
89cbd4e4b30a7141a94c9670ee1a326ff6285d45121101ca1d9486890a8825ae

SHA512
6df7428d230616191070210960a2fc43f6e8abf6b9dfaad291463bc9063e481c63bb2ef71fc0799c7ee28cf7aaa5c6686eb9cae36f5bbf361c7fc78ed2ac78d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9195cd2dcaba7f56e2b2c63b5a88bbef

SHA1
c87d2a15429f9126421b27473ba3fb8a337518e1

SHA256
1b9f20bef1d839318d68d45cd209fcbd916a5f839a94bff5ac1a8eb0e4b7aa91

SHA512
8121e185626fd3f9982cea0be7f79cc7e23010023b1eb0c80f1c55af0cb4b21fc9a9a251c0c31633e51264fcd140579534bdd6821fd08ea42aa743df08546cd1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
18355e92ff1efaa2eb6caf7f490ad6ab

SHA1
4aed56404ad13067363ddd73058e4fdb4a12af07

SHA256
e86d6c139d56f06005998694574c9a43f31b0e5ad7198e03b005bfe15985d9b6

SHA512
39486f5bd35a9abab5839d85330550011cc1905b59f505d1fff67f01ad54091801c1b2990d0abf0dc9fa8e8cbc1f6c98056de42b263c230f2c32b46510fdfb38

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
00980f124c4218a12eb46f9888f6aee0

SHA1
f91d2376763a874771d768aa00cf00a1ba9f3f78

SHA256
4f215decddcad3cabd1f404012a8d07309899a2f8a4d7d78998caf283c0c6cb3

SHA512
28280aade32ce55ec83c564b3cd8b056e0568c36126f1360d6de20e141e46d83e9cfa1cfdd908d2d4d3de358a0fa306700c5fb624de8fa92069dfc883f40fce8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eeb9987195017c0a0da51d9c19d0c117

SHA1
73130809dbb906bbe187902e90ff1e9de4be81f7

SHA256
d56ef1d839d6ca39eab8283c9c6d0fac74eaff48cb46866f5233acf73366756f

SHA512
39e0b4e86d045211393f54e82ad4d067c3aae4756a301e42dae78175f27395ea838bd3ab99a4405a9864d7c9676e89631498981a965ac7be7d3f3d5bad5ffbaf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9ece6d0e35e37c870b0bda66680eb6b8

SHA1
8d807bfb86ead7a64ceef4b2c6e89b010563408e

SHA256
c1a9b66c1c8f3a6b9bb676da5ca6a4eaea788ccd27775544de5e8d1450610789

SHA512
f79199314c0940c0a0313fa89f35978eff1ccd5e3f6f5aa057046c1d5ee5ef5391b099b19e22c0b188336ae784704f2c7dde64798d73980869dbc018898b275e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
268867ce230a9183c197371b31713622

SHA1
c991bf2637750fc33b7ff1e19b82fb39c7694c69

SHA256
8c8b4e1ac8fec1432836a46983857fcedf1e4b968cc34e81277c375ee61dc026

SHA512
7dad94c92ad3514a170037f6b00223c6cdff146d6a1589c88a816e14770fec59aa2a7aaebd97afafcce688960b137d53677c65a6abddd0646955812aec020efb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9b833e9125b22f23d1895ec809ef5ad8

SHA1
1d96053a5e3ae25dbdf3c79aeee15834289279af

SHA256
8a7f22b52c9ed9e5db0dde94c87404f33396275971b882f86033ca5c6937ce75

SHA512
4b8df10629b9c6e0ff19702a163cdaad3e24095ec39d0c06011a82810eb2a0e26d5b27284bb7bcb791b6f31c4fc250c8811370d3259230aa8bdbe26cedae0e25

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
05803dd3dcbf5d197b45e9ae227d993d

SHA1
62d822a47b0a0f5216f6f7d03546d6d5382ecf53

SHA256
249241d809c0288e3635eadd709469806f71d0fcb6eaa87fbd1b24c09e67a3ca

SHA512
8e150f56b9d8cf0f2ea4ad258cc71fcd63355126f8143cda1be4bf6d5d7143b37d63687f762f8daf608b2bf6b691465d4d60cd61daca4c73cd0c3b6863698f5f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
210d110831742e99015893a8fc8210b4

SHA1
c249c71bac82198d5e86a48bf2926bd2a57a5f7e

SHA256
aca20048de99362abfc7b2b3e0d1f139c5b9543e5d924db7d83cf1a8465e7d5b

SHA512
17078116f58a96ad59733a7e04bc39a2ea76cac2c3867fad580e4008cecd140334f307a375dca9b8d1724d6f8e06b8983db45d472501dc0835ff02bd3271e664

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3a24389774387a9682352090476297c1

SHA1
78ea3b432561e3ee66a634b347c88fddc3019ea4

SHA256
e4cd0350a29e64d887019ea88a0cb10e195601adec7941aa89783269de1c7e39

SHA512
abefedc83a9d5f172f7d57750017b192f20922dd32d7a62d5fede437ab29fc2bb2f0f3ada831ba727b5398b5cc31ea6261d2ab54c9aa992c033d3750fb8c9937

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a7bfae877297d61d09d0ab27f7756c31

SHA1
653449ad6a5514c8e79d0ebed22b524ecd7541d7

SHA256
9253ec72ca3aa7fe2cf5b17fbcce086b5d45c29ac6d2724de6cf5a22db5f7b6a

SHA512
fcb0f81532fcb0a81ec6cff66d15f62967841a8bd3ba015bf5a3877b1fa87b15dd46e5da61236bbc35c5b937b5279d5717d40da1cd1d772c9232ececc510ffcb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6ea1c9f5920cb5f685e4531c0e42a73f

SHA1
9ec50e1e8a3a7c52698573eea48826bba3cdd1dc

SHA256
04a022b0bd5a9dd4cdfaa86917a5201357f0d2b63ff412a381eeb0fcd81122b6

SHA512
269c01340470b4b83e9e81e80fc29ebab10e9040006f6cc43357ce5ded38541e6f81f7f15a25f0fc8d05b6c7864f2269ad6ed2ee2132286d31dc416ab22acc92

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9ec180d3ed9a8666acda7ed188cc3756

SHA1
c87dc8230c8230819bb2fda815f0620e8254483f

SHA256
65f790250b8c12040473685d050c4f76b7790cd0b494ca55738e8f8c7b6f130e

SHA512
be1b7212cbe9eed4e3f82f70d8844165be16380a9174cb26511a3080fdef6d2b595b64e5bdb7ec6373c8a7f4ce18c4a62407e7dc6beb1a4efac30c775417f963

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
27459995278edfe94c2d884472ceef59

SHA1
d3e4c7e21a3824b39a3a79ae09de7ee8433c659b

SHA256
5317b674f475a6769866e04032a5e536d6511a2ce2d227062607c49b20d863fb

SHA512
11f99b1732ff62b29ca027ca7b3081eb310718b6cd6229491cf4fb46de979f79af720d74443aebdf4fee1c03f68c5c18dcc3711fd13b8126f28b568f4623ec38

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
148581a9d10cd99a6599056374f3f7f7

SHA1
082e482ebbd0f7fa010194353ab291d0b9ca166f

SHA256
e63d33aadf862b0bf36d80bb26a978842a735f351c6d1f30961a5ad8ec3bd004

SHA512
a4cbbc5d4a73e101b066299636f2e20fd01ed5f6c6305850e7f75f24521ab73dea6d276e6b2e8a2cc2a9f8b137e274e41ef423dd97843dd19600293e09d4969f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
366e604b199411735b5c21bee2077c77

SHA1
11d27ea62d1126971c6a705fa95356c61f8de366

SHA256
0304aefd9a8acc0a770855d5b943335b1d0e6d51796bf6cbb17eaff63cef4ace

SHA512
ac5d4e15e177c88131f92f0eadc592d47a35bdada658e56a3a7c9b3e055fbea96745dd90cec28b2f5ef6d58005df0e22948153de10fdc113d885de31aa437c1a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3c2079ab7b2c24dbd18a671fa632c94e

SHA1
d748ce66849c414725f4f331d300926adb79a569

SHA256
a9d49d5e37d645248a1f084ca4de5fe884dd3c12cdc67176ec3f6359a5ce6960

SHA512
e51706b4b260de62de92e12110324354a0e47a6d31493ccb332873953e1dcf2253cbb89dce45345609e6f53ee5b9d0a48cdae4a69098e319e1289d505751cd19

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7f3396b178c5b8a35a04eb8ba3093ccb

SHA1
59c5863eaf9111d9ff6df405774a0d2638b7a48a

SHA256
0a338e444e7c8c2f1b8d860ce47b87b2d1bebfa6f82ecdec2ae370e3505f33a0

SHA512
adb162b765771845e3c06c0a168f00aa7017f4b58a849a5443d40f29a7c045c60481bf1215d4f0c243ef77a5706ca40e87a74649779f1e4c314847006a93bd73

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
14da002fc38f86b37e29b253e0e36643

SHA1
b85028204497f9ffe6e9d02142e0166fcf3ce116

SHA256
12599adce9b5689e3b25c66658a9f2d6dc5a8c54ebe022b65ffba9f422d01f3c

SHA512
a22717d1818e8e177c64fde954e48cd92ae4defeee9ba50446f2058b148ca501c6b222df040158ac171fbe534f37a200391ec2ecd8e24bdc01cb44b9ef910f81

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ac9457f4851d9d6fe59bbadda8876ea4

SHA1
00717458d43319ac0e04005f4b5eb1f081de917e

SHA256
ba8b550d987d30e43833cd481585d452c25d5c8e212fd77b149b44558597b23c

SHA512
1827c1f13a99278c47a3bc35f54040a4aca7306f61231920ded8718bb8ab800f083e21fd40022f0e505b339cccd7eec824b6e7823aa27d90a6acb22a533c94e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
370c130a45aa7502081e36620203c922

SHA1
6606ea3c6e4dde1f2ac181368f7445a9e6eeb6d3

SHA256
e0ccbf2ee4e7ef34e39a9c7ebb3fec9c0d1dfbf02b6f13b34a3aa8837f7db38f

SHA512
4fbb9f0b1a2172fe50698be4d35643488dab426cc5f9728133a5c30803a660d7c49c9949cdc8ca55a422be8a220354e6a5d393477f888ebd8e78012411e289ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fbc2d3486e250c340d5f3ab28d6b9493

SHA1
824b9f4be47f4db06fe37ad7188bb7d210d12b08

SHA256
558c7f5868a193bdac7992335e6c11e8f98548734aec47b11922d6c75f9077a6

SHA512
129937238b069edefbc2823548e0c4647df62fc5a114115c776378169c330ea382b9cf2e26cd54b6efcd27c4b8cd178bfb7ad7db66797b2e53c3a483e48bc43a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ba5a72f68651db13990d4386c8796726

SHA1
c56b33e4ce96037d521e9d57cf319ab0f6c9af88

SHA256
242e8d681083ddd02bff1afddc44df0b6fa9cf937abd41343e2583f706c31b23

SHA512
f8a9a45911afd8ac80f3f2f75c9031bc1746286ab033ae3650b27f3e68842241c6cb3af3e7967e3b30589defe8c376bb9fae2cdad412aeaf5ac41c298126d768

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
88adbe9a183b6850261a8f5bfd92b276

SHA1
cf73111c9899ec2684b0806b901f7dd5d8896042

SHA256
af9e960362acba23f47ff35bae9aac58dfefd6363bbd106515e44604725e57cd

SHA512
4ebfd8048207e2ca61b416b60eac862cc19798f404a0dfa9dcffc86da59ccd902ddedc6f70985cfdee3d205ea8340580ca9d9de0e4a85118874ade8df90ec851

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b26f931b08cd058cf8b665bb96b867d6

SHA1
a90f1238838d7bc9599676cc78e165ba3817b893

SHA256
99ec854969d67882419977d8d6059fc401de59070068c92ea9cbda14e0ed2f07

SHA512
0f8953af5e45cf95efc226913f94e936f9174be8c91169e5c6a5dbc65402d8cf97904d571322de0a8f9e7985a02fd9a84feeceb28ac9473c460c142543801810

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e740541b64b5fa110b575d87453d52f9

SHA1
cfe48897fe1f90a8c1e329bdbc056c766207ef2c

SHA256
8a79cdc3d06c015a715a8f0c28fe254f39cdab4a5eb39d5d41ac05d5a89f83ab

SHA512
fe80b4148bfe243e2614ce1e5c86bfc0bcd4a48febc4f05a5ea01b8e69d0a4a5170f6650ecc75e96668e7daca0a0e543586b842ea042f7d5a03dfb8d84c7ca48

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b15bdeb7e2f3e017bb3ea580ca66d328

SHA1
d8281059cf1e3f4470c2a29e03b2978f6e59c1e9

SHA256
a0e232a5b5db7dbb48215bfe03ed40134f45aabcad57c48c96b4792f78af1e1e

SHA512
5f817ead68a1d9f7627588afffbac3644eddb3fb622b94b224b0b442b606affe59e12e5107afbf009be0da1ddbd125131a03ec99499939bba1eaa93fd8e58c16

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a693839f17a6385895f19aeb86cf40d6

SHA1
c1650efa8d47738811c17fa40cc3d42e15692195

SHA256
01629e129d8a45167a4bb4e1410c6b4209acef2ac82a34558ae488e6bdd90da9

SHA512
fde77f9c47bc437e6c665ffcae9ad4c975576f066a36f43f6db0a255b0981af9da9d7054213451a7e8cb946b81fc3fb92031f8e2802121c26ff233239e566622

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
736bd0d2a6f1a733dc95283972021cf3

SHA1
a76fe1ddd4fcfd939c3878dc6f37eebf09a9c548

SHA256
9e208248d60a85de45293bca412d8b11e2952e95138be633401f616ad716a409

SHA512
ec89d00f4dc0b1794a6e2e34d8e73808cbabb15106eb4db82da4cfbbe96a72abdbb165a4448a9224b2d624e9c95be55b8482b776a1038eb3cb986e042d6d6d48

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
10a560af92b1c50f9b57fed168e54d61

SHA1
e38d73589c29f3c8dc36a041fb2dd96145e10d9f

SHA256
c7d815f41c0efe4b1b7f2cb3bae11056c11764ea193d3788eab74e454713f6d1

SHA512
bb783430c81acee51a9cdfd293e1c2b7cc7c969d026231116855444983a868d6041dd238981c853fdbcdc5d268deec377d5658b6c5fd5fc90f66bd63c301a7a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1dd476756514a471b1616984edb0db2c

SHA1
181cd385f91fcd154a526c1446f16554bb4207a1

SHA256
7bd967935e66d99d563374441d5528b1fd2e86dc12e2d3f5df03e4857647bfb7

SHA512
89d9f69340443eab7c4fc3e26e1082f5d622489cf964f7661e817c4b719db20a1c8b27c3bce2b12d813e158a4dde32ed56eb5ad18f7fce72db4952be0faa399c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
83d80f73863ced2399dd65cb9ef1be29

SHA1
7b02d0a99212154171aa042b582dbacb718eebea

SHA256
d489953e0f8ed5d7f20f1da69a51d409c53a4d9fd5132d4ce2e9846183bfeb79

SHA512
7a23cc9049cee37a7f154cadbb059496d53552cd81c0b5d0402bf4d1f4be65e5de10585c0da61458a7a1ed37c8f3c65cc128aba5a30a731e66f9b64665bada42

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0f6a053f8182132544bb2326ccf21c2e

SHA1
dc50571bfd01f004b5f73b1267a9e9e602ac1f2e

SHA256
f4dcdd6152802b9429bce5b68f2f76d3c6c39409934b46a769951025f1a864ef

SHA512
5d2b22796bb910c3a40cdcbfb7de73f2dba0669a26f584f4b085853b989dbf26867e3976f34a47324dc3f3f42de4c8eba29512d658ac3415281417e8e8214257

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a9c044960f16f7c5452f20a8902f29bc

SHA1
53bd7d60a6fbd176a3160e30bd1a623ea58131e9

SHA256
3ea05d5a27b3a2356a499abf8e7f1b79e49101902c5fc27fb383abbf55f6445f

SHA512
42f6371312735df43d74ed296b44b9a7fe74332d5247003808fd4f4ffe45a82027b2934843d6b25f4fcaae096f0a90bd00c787450a83e6702cd30141a2f1ac02

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a8e5c69abc0dae08e11cd2501d02eae8

SHA1
515b87754d83a49e530191f713bce1c852cd0ee8

SHA256
2835dbb34f2c57d068cfa37e0e3c8403dbd9b6e252cf10f8ca010b99ddaeb947

SHA512
7e7debc267df11e7ab0dd91d7b7e6082b68db92f8b612e23ce20a3005911fa820990925e65cf760bbee956118ff560a7326e00377de03afef2ff34bc318b26aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c284a8d42a342308d642514c3c585b9b

SHA1
a17f0318ac4bc2e231d23574d5c8599b74cb2636

SHA256
32b2bfee759fcf7042353d135a683497a639311c81977395db0603ac231939b3

SHA512
2e087774f4de8e3ce2d15a5ea177e2b95d259f752bf8c33d4085c966c2241f47d97365e28064f2dba6d6c1a8d5af50e9a6491c70e95b3946aba3772e5b982a8d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
857db815afed3322ce9c5d2e5493b138

SHA1
a11cc9dd6d2558ac28a2a55185e074e44266eb14

SHA256
e5081488d0089f5da0180a7d4f21e8d0e22f68ab51e55194118c15f9bf5eb878

SHA512
b7b63a5c31a37dedca413d00dbbdf3f0b3ef70e8c1e12a866f48579e960b751c900381f016eeabda082139104503d4ac845528cd1005c6f8a71e70c1304ce608

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\255adf2b-f62a-42cb-bc4e-38e9f3418246.tmp

Filesize
155KB

MD5
60bff5ed4b70efb0dc497e4224065099

SHA1
05c749439d059b97da1fe8f29a347ea5d63c7dbd

SHA256
63d23b95d8c55ff40f78602528f4e496f1eef13a4853e0b9a195dafee3a80fbc

SHA512
89fcebab31c29fe56bb15de1de594841bab5a0dae0af336d0111f2790d6df93e9627cdedbd8f3974db9126dacc582f87b8204a154e0224cce09402ed46de60ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
fd81db94741a2e9ee3567e1b97c61561

SHA1
812c6793ff5ed6c48de9b5bf14e542793d214f8e

SHA256
1de7ffa87c097849748bafdbf03a9031f42809272986eeb06fc59c6ac8c9da7a

SHA512
a07c8345f04de340c58df10bfb38e329510f0b662e85ce1dea8997537645142a26f22c15e1a7e852816029542198ec67c0cea222ff1f9b240078b0f5fd78a1b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\2b4a45fa-0446-48a3-ad02-d74fd2bf59b2.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
be259e888e821f2aae471007850c96e9

SHA1
b9d096159e76c2b35e94a09f19766bd9a4f6eb53

SHA256
51ef6e6886e5406b5578084d0d87c729a4ec35022e347b0f8db963bc5f3c9838

SHA512
4876544026bc9fbd757f23cb11b1c55afe1a937acf9dee77e3d3ffa5efad177ed4b01c68a18c3d347c3e3ed08d85108d4cf11f491f81a71a5204f4fd10f5dcdd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000009.dbtmp

Filesize
16B

MD5
979c29c2917bed63ccf520ece1d18cda

SHA1
65cd81cdce0be04c74222b54d0881d3fdfe4736c

SHA256
b3524365a633ee6d1fa9953638d2867946c515218c497a5ec2dbef7dc44a7c53

SHA512
e38f694fd6ab9f678ae156528230d7a8bfb7b59a13b227f59f9c38ab5617db11ebb6be1276323a905d09c4066a3fe820cf58077ab48bf201f3c467a98516ee7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000011.dbtmp

Filesize
16B

MD5
6de46ed1e4e3a2ca9cf0c6d2c5bb98ca

SHA1
e45e85d3d91d58698f749c321a822bcccd2e5df7

SHA256
a197cc479c3bc03ef7b8d2b228f02a9bfc8c7cc6343719c5e26bebc0ca4ecf06

SHA512
710620a671c13935820ed0f3f78269f6975c05cf5f00542ebc855498ae9f12278da85feef14774206753771a4c876ae11946f341bb6c4d72ebcd99d7cff20dcd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
136B

MD5
cb8b2ea668b8e8342d035e34210f1e54

SHA1
eb98a18bd426ee6118b6c533656e4b4da742b8ee

SHA256
11afbc95599e3a16567dedd3a50136ede1f1d2e17f49eddbc648667c605fcfe5

SHA512
2cf4f65bb2dabb61452505902bd6ca72c0c180c4bc06b2451c3aa5ff5b37079bd24f68e9bb6ebd9bd80eadbdf065b10e8f599c783545bba6e98ec1b6af3def26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\MANIFEST-000007

Filesize
50B

MD5
1be22f40a06c4e7348f4e7eaf40634a9

SHA1
8205ec74cd32ef63b1cc274181a74b95eedf86df

SHA256
45a28788cde0d2a0232d19c391eae45777fe640790ac0674d6daa5672c444691

SHA512
b8f6f42d375e3ad8015d744fa2814994fa6e588b41cce0131fca48194dd40146b08169a8ce0da350525ff32a59a16edb503c72e0f07254955c82a0d38074856e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000008.dbtmp

Filesize
16B

MD5
589c49f8a8e18ec6998a7a30b4958ebc

SHA1
cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e

SHA256
26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8

SHA512
e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
136B

MD5
2e3fe3cd89ef01c03ae581598805d9c2

SHA1
42b2a143664359d19972e8409ff670b1d71c9092

SHA256
c40aca2a4aa38d7ac3fad7a85885244a30dd6fdfe9c0178192d9ac15bf18de97

SHA512
8aeccec22d96d49c75da52b1b0c33681bf7eb1e722f9aafc6e07e090c261e7470bd2e9110468dd906bb1e3c75c5f6d78075ab54328e79e8b65680752dad50cdd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000006

Filesize
50B

MD5
78c55e45e9d1dc2e44283cf45c66728a

SHA1
88e234d9f7a513c4806845ce5c07e0016cf13352

SHA256
7b69a2bee12703825dc20e7d07292125180b86685d2d1b9fd097df76fc6791ec

SHA512
f2ad4594024871286b98a94223b8e7155c7934ef4ebb55f25a4a485a059f75b572d21bc96e9b48ed394be8a41fe0208f7bfb6e28a79d75640c5b684f0c848fe3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
361B

MD5
5a81d7384c6aa9b09dd21b3028411708

SHA1
7c98d182cae11842817b6017e48f498ccd8d0f9d

SHA256
53d26958c798be511cd2b819eea4361953df629ad43aa0459d0b3d868422f0ea

SHA512
391b15509622eb350e0820d6449e7aad47fdd382d98d928705993bfd9c74948d5c700799672a3dade621ffe3ce59459d795c35aa45ec2d1496fe2f575d770f6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
8cb32f9b82d432d00db4302757edc3fa

SHA1
e94f271e0637f3d2dd1333fa05b25206aa454aaf

SHA256
f13e6d5267a4ba2db3be98d7982de483682157d20bd0566474ebd287749cc9e7

SHA512
f67cbfc28817742aaada8814e466746d27bce65c5153e94d0ac71334d2099a45b63c3f3b151b36571b5f7b6e9132597d1ca447c24ccf82f4157c2a8accf911d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
61e1e2975ecbd08ed6523c6d369ea0fc

SHA1
686a8d5cc06cbd705511da13d5743e2e4e52ebf6

SHA256
3e4990392d3402212c2c31db1f690542756dcce3690606d1b05bf7059e49289e

SHA512
ca32d1d26605506bef6425623aed9867c3630e2fa15c5cf985e1e3b1d1d489d2b952f06233dcb9e21b0f7dc93fc2be59de0d00ec6edd8e4a54bd92b3c4e18546

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5b81c8343725f16e63d808361d2443a5

SHA1
fc2dba067a1862b5c70d4bf48a6faa9821907b83

SHA256
e3c4cce9cbe368a63468215a4bab057b6eadebb4175e3285ef8a3a50fa0b3abc

SHA512
308af1c6bbec3eba75b04a21d6e96a3a4344f190a71ebed79c5f1ae4ddb0a2750a6c4f5f872671ed09d02a9766124a0bf222f491b04cb64aa0e7eebfee06d3a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b12579d1eb0052e94a7b162b6a4f1020

SHA1
fcbf139466b4c5979d0db47ed46ed7661912bff0

SHA256
64f5c57753bcc15bcaaa85c86885605efebf3b8d5c525640a2839ed19f0da247

SHA512
c90f76dc2a2e92d11f0c6d1af5845ccd41d5556bd2b0b930a20e1468d0d73c3a144cb683d992504cc4494442689c99ce0fb9aa380a1c2b423a4485e7f986c6fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
2b46352a08ec04950b303a18ae5187e7

SHA1
bec4546e7481c4b3decc102f40368ddece3558f5

SHA256
dd81dd0d4be38fec900f04a163108187d8eb1c75a32322cfd8361d46cfa73276

SHA512
b7c4469b87039c502045fc2aa3124403810193ec325c7e630111325b194a22a72925835ffe676a4ac90cafddc9c7eb9a3af9dfc30246a6972c76e814c6340b03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000009.log

Filesize
38B

MD5
e9c694b34731bf91073cf432768a9c44

SHA1
861f5a99ad9ef017106ca6826efe42413cda1a0e

SHA256
01c766e2c0228436212045fa98d970a0ad1f1f73abaa6a26e97c6639a4950d85

SHA512
2a359571c4326559459c881cba4ff4fa9f312f6a7c2955b120b907430b700ea6fd42a48fbb3cc9f0ca2950d114df036d1bb3b0618d137a36ebaaa17092fe5f01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000010.dbtmp

Filesize
16B

MD5
60e3f691077715586b918375dd23c6b0

SHA1
476d3eab15649c40c6aebfb6ac2366db50283d1b

SHA256
e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee

SHA512
d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
247B

MD5
b5cae56664644333d84dd8cf5446c1f6

SHA1
0b02b707be5083f70fadf85a182f7e375d2bae93

SHA256
8fe62df37be1bc639ac03708975ca3740351476bc37910c2c503e79b1686e576

SHA512
9d8aab61a6ac88f0ad3314d66754cfd61ed534bc9d7799cdaa33c2ae7b3aef4ca24694a4f9cfb0fb56ad8f4eebc088b70115e69257665dcf9dd8f7879f89b415

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000007

Filesize
90B

MD5
b6d5d86412551e2d21c97af6f00d20c3

SHA1
543302ae0c758954e222399987bb5e364be89029

SHA256
e0b2fdc217d9c571a35f41c21ed2596309f3f00a7297a8d1ded05f54f0e68191

SHA512
5b56ae73a61add9e26f77d95c9b823f82a7fcdc75eed64b388fb4967f5c6c42cb0796b0b99dc25c89f38952786176c10d173dec7862a8a5ce5f820280f72d665

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
136B

MD5
7f179a6417fceed7938d1fdd16e5a46e

SHA1
6bf99a00b061e2109821fd84fb9e88404864092f

SHA256
00c3634c740c9f91fffaa357e3352356f3d603cabbe10feef513113cdc214af6

SHA512
5e88558829183a10a87171e078b2262ec05dc4bf640c2990e463c619588fdaf7930eb5989adb022b824523d2026f1fdca4a8df942768e77007029ea12e35fed2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\MANIFEST-000007

Filesize
107B

MD5
22b937965712bdbc90f3c4e5cd2a8950

SHA1
25a5df32156e12134996410c5f7d9e59b1d6c155

SHA256
cad3bbec41899ea5205612fc1494fa7ba88847fb75437a2def22211a4003e2eb

SHA512
931427ad4609ab4ca12b2ee852d4965680f58602b00c182a2d340acf3163d888be6cfad87ca089f2b47929ddfa66be03ab13a6d24922397334d6997d4c8ede3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000008.ldb

Filesize
1KB

MD5
0c0e80f2644791435e049b2a799ec9c6

SHA1
489f75c2d6eb1575844a0cb850f30ef00df8e8d6

SHA256
5175e88983977846d5cc41ed8e82e62843e0538776d958064e05832eed91b463

SHA512
77c778b11845e810e1a41b7e107ba75b434f5ff136a2bd4d9df5dd3bd16cb840fbf882e1a8f3a079443f0ab3d49fd500b5e58f410947d69e5665fc1c44ac2f18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000009.log

Filesize
2KB

MD5
f38990ab48eaad8aef1c871b2b27bae7

SHA1
ac4997ff283a4a024d90bc5d8d762aea41245231

SHA256
2206fca1d9cb49ac498474104839bb1e121f30a82c8826ed11e02a243be7d467

SHA512
c067c46b63510c76c4737ebb15e7922dc954d234d925367fd958429838af2ce722930e4df91dadf90e41ac7a1f0907f56727cefde3d89aa8817f98c1e544f84b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
250B

MD5
2b522912bb4b4141d38363798596f068

SHA1
5df14c79fab763b0e04451f34475e7c18f9fa16a

SHA256
0934e741fb9915b7e2ec33ead6961cc069126861f314a500fefe641d3a3e147c

SHA512
f5f59ee3b903614f2313d6f72880c7d273b546c87bf329d3d3de8b34eada6b1446c1af728db1ab4411d8d64d0db1cca912faae5f4bc29221bac678538092b2b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000007

Filesize
250B

MD5
d7b276de48cdaccb148a52dc89437317

SHA1
e3d8531c10d774a7b63e536cc3da205787ecedd6

SHA256
e3884633dc7f6d8c56e14fa7f557bd515ac3a386fd5c35a68934333b501e22d7

SHA512
43f1a3925220c4de838e4bff8d4cc73d4ee867a04f458ccbe9b08d98093dbddd193615abb4f4482c031b0db22cd283ed6bb3a44bde8320fe9957524215807507

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
249B

MD5
214e275f4c2d71794151a56b062e35a4

SHA1
c5b49212adeb49db17ec32c1f26ac3d9cacb4a93

SHA256
6edddc4aae700ab8e69e4e9161832bc76d0ceae700df326d84bc9207961e031f

SHA512
5da514ed42099d6ebc7b76ee04bdd77d6e723af0fcb5fb69142b7598f7b9f3e199ef49a40c6f9140bd2b829d7e3168fa0b07a41aafa5326095c296e59a0d24d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\MANIFEST-000007

Filesize
98B

MD5
1c0c23649f958fa25b0407c289db12da

SHA1
5f6b10cd5a39fe8c30353bcf4cd4e4a60ef35574

SHA256
d5134b804a775cfb79c6166d15b5721d38ffc2da11948a6c1263595d6c2941cf

SHA512
b691e882018833a108bd286bc76c55a140d00d5a266617a3a381af1ceff01aefaef17acef29d14dec931d7051455726cde8974cd04cc07302f1c3cc452fe2f52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000009.log

Filesize
34B

MD5
fe62c64b5b3d092170445d5f5230524e

SHA1
0e27b930da78fce26933c18129430816827b66d3

SHA256
1e1a9ca70503efd8c607f9bc7131f08aba0476d75f2586dadb4da5485a5315d4

SHA512
924daccfbfb0c0464b4c5fd769e01a8f2e96fe28b635aa27ab4cd91766b05b03bbf941af14c017436107673f01bad815ce1fac2a649e745c76b3c736994b4fd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000013.dbtmp

Filesize
16B

MD5
a6813b63372959d9440379e29a2b2575

SHA1
394c17d11669e9cb7e2071422a2fd0c80e4cab76

SHA256
e6325e36f681074fccd2b1371dbf6f4535a6630e5b95c9ddff92c48ec11ce312

SHA512
3215a0b16c833b46e6be40fe8e3156e91ec0a5f5d570a5133b65c857237826053bf5d011de1fcc4a13304d7d641bcba931178f8b79ee163f97eb0db08829e711

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
249B

MD5
5e94b93bf07b19a14fa50338e8240173

SHA1
3670e69fd3cbd4087a83dcac56446ff0cd288047

SHA256
db311a5dd3452b6d05942c9308d7d3cf999d34ae0cd82286f9f810b477bc1110

SHA512
b353f971089653004b6d9dbd71a9009c45e4495db3178cf343277795eb626f2ed2b471eb2a63733631cb90aff8586893c174a209ed7b20b7b0a4005256c85e80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\MANIFEST-000007

Filesize
118B

MD5
d757e9f525200060aefbd2e00bc69809

SHA1
ae551809c3435fe3e6716b76dc23b7294189b4ce

SHA256
729406f9e7c1e50d927d0c6916ee0a97eaa26c46e6cdecef7580e61b8c0dfe20

SHA512
50c15062061f449952bda82a8b0cd4bafe6f3f434f642fadb8017e65c09886bb4d0b52967c80f8fa380447c63d79b6518f605a3efe7d8eea40c2dbbaa0d41953

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
bb7604e29dcd48745c898ed3b41ba598

SHA1
623fe9edde6ee320a4186327f7835f21290a687d

SHA256
74b18ea14045de7d0f5cd4c97e3f4ac19a2599daa919719ef8ccc04367cf55f8

SHA512
5d2ba4b259acd5bb288176e8c34128c085b31e4ad24ab6e1f4d5475c6d6085924ae32e159f52d40bf3e2333f06302ca783794fc44bf655ec97332f6d69f031bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
1520a5c2a07e020e470583eee9ec5b0c

SHA1
c67d215529b93cade01af17139dac8cf18733ccb

SHA256
5a145b0c95ea69d09cc757997b0def9dddc5c75e6dfd4efa0a5c223541742249

SHA512
a44917184bd03532106613b8bbd595e2aa093ac4275c1bdcfd934f6e6e942ed7a6fbc580587c70f8cafa12cb7065a21ecc58ccecf996efe2416ea301acae9147

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\a64431ed-1c9a-43ef-ac88-61453ad37d7c.tmp

Filesize
155KB

MD5
fa140f0d45ad57629ca2d597ce9a71f9

SHA1
d4c48e2d7849045fb271aecaee86aa5d70fcdcb2

SHA256
42cb6314501aec1917df50523a5e83d4f744d1dd62737198f0343cf4dd08478e

SHA512
a65db5ed472849a1de5e09702a0416f1e0ecb3e694ec03c98b1580483d9ce67149aade3ffc0aa002f18d575736892ce284c60e0f56567ab524a3dca9efbcf900

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS828E00C6\Assets\change_hover.png

Filesize
310B

MD5
57092634754fc26e5515e3ed5ca7d461

SHA1
3ae4d01db9d6bba535f5292298502193dfc02710

SHA256
8e5847487da148ebb3ea029cc92165afd215cdc08f7122271e13eb37f94e6dc1

SHA512
553baf9967847292c8e9249dc3b1d55069f51c79f4d1d3832a0036e79691f433a3ce8296a68c774b5797caf7000037637ce61b8365885d2a4eed3ff0730e5e2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS828E00C6\Assets\error_icon_72.png

Filesize
1KB

MD5
4aaf83d2b3fd56ad806708e60474df39

SHA1
144777a265879b69fadea3eb3ac6939458918578

SHA256
84e59d14d9433e6c3d92daeb8c443063b5e3be6c0b297f0403dbde473a05cb3f

SHA512
3b8485f054fe6ed2374bc81cb1786f09741219fbfcb22503707b11cf5db1ab262ba4349633597d5d9ddabc3415b170fa8eebc932f58d211d7092b8fb96fa1304

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS828E00C6\Assets\exit_close.png

Filesize
670B

MD5
26eb04b9e0105a7b121ea9c6601bbf2a

SHA1
efc08370d90c8173df8d8c4b122d2bb64c07ccd8

SHA256
7aaef329ba9fa052791d1a09f127551289641ea743baba171de55faa30ec1157

SHA512
9df3c723314d11a6b4ce0577eb61488061f2f96a9746a944eb6a4ee8c0c4d29131231a1b20988ef5454b79f9475b43d62c710839ecc0a9c98324f977cab6db68

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS828E00C6\Assets\link.png

Filesize
306B

MD5
ae2c73ee43d722c327c7fb6fdbee905c

SHA1
96f238bf53ac80f5b7a9ad6ef2531e8e3f274628

SHA256
28c0abc6bfe7a155815104883a37a53dd783d142300471064c95eddf3cae0eaf

SHA512
5a1e341f727cf1cb4832cced8e96c5a74971451629603c48bfb91ceb4561d0122ab9ae701f8b34681d5f13115a384467d430ccb8282494b40f4577ebc3ad825b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS828E00C6\Assets\loader.png

Filesize
279B

MD5
03903fd42ed2ee3cb014f0f3b410bcb4

SHA1
762a95240607fe8a304867a46bc2d677f494f5c2

SHA256
076263cc65f9824f4f82eb6beaa594d1df90218a2ee21664cf209181557e04b1

SHA512
8b0e717268590e5287c07598a06d89220c5e9a33cd1c29c55f8720321f4b3efc869d20c61fcc892e13188d77f0fdc4c73a2ee6dece174bf876fcc3a6c5683857

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS828E00C6\Assets\minimize_progress.png

Filesize
212B

MD5
1504b80f2a6f2d3fefc305da54a2a6c2

SHA1
432a9d89ebc2f693836d3c2f0743ea5d2077848d

SHA256
2f62d4e8c643051093f907058dddc78cc525147d9c4f4a0d78b4d0e5c90979f6

SHA512
675db04baf3199c8d94af30a1f1c252830a56a90f633c3a72aa9841738b04242902a5e7c56dd792626338e8b7eabc1f359514bb3a2e62bc36c16919e196cfd94

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS828E00C6\BlueStacksInstaller.exe.config

Filesize
324B

MD5
1b456d88546e29f4f007cd0bf1025703

SHA1
e5c444fcfe5baf2ef71c1813afc3f2c1100cab86

SHA256
d6d316584b63bb0d670a42f88b8f84e0de0db4275f1a342084dc383ebeb278eb

SHA512
c545e416c841b8786e4589fc9ca2b732b16cdd759813ec03f558332f2436f165ec1ad2fbc65012b5709fa19ff1e8396639c17bfad150cabeb51328a39ea556e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS828E00C6\HD-CheckCpu.exe

Filesize
200KB

MD5
81234fd9895897b8d1f5e6772a1b38d0

SHA1
80b2fec4a85ed90c4db2f09b63bd8f37038db0d3

SHA256
2e14887f3432b4a313442247fc669f891dbdad7ef1a2d371466a2afa88074a4c

SHA512
4c924d6524dc2c7d834bfc1a0d98b21753a7bf1e94b1c2c6650f755e6f265512d3a963bc7bc745351f79f547add57c37e29ba9270707edbf62b60df3a541bc16

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS828E00C6\JSON.dll

Filesize
411KB

MD5
f5fd966e29f5c359f78cb61a571d1be4

SHA1
a55e7ed593b4bc7a77586da0f1223cfd9d51a233

SHA256
d2c8d26f95f55431e632c8581154db7c19547b656380e051194a9d2583dd2156

SHA512
d99e6fe250bb106257f86135938635f6e7ad689b2c11a96bb274f4c4c5e9a85cfacba40122dbc953f77b5d33d886c6af30bff821f10945e15b21a24b66f6c8be

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS828E00C6\Locales\i18n.en-US.txt

Filesize
19KB

MD5
0a041eb21be673b37a9a43f751d83400

SHA1
cf98837aeb730d05ec55252277d2ed41ef58f0ba

SHA256
708132b01a012c3a43a5a7e5550318f6fe72a98139bba7e4f5fb352b9e46db29

SHA512
476051e9cc528c8b72a1ff0aec6f9e05cce4e7069ff4af7e75558664f02a7018304a4d840e694ee811d08895b628da072b1c72b8f605e4212b75a84db66b8b14

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS828E00C6\ThemeFile

Filesize
80KB

MD5
c3e6bab4f92ee40b9453821136878993

SHA1
94493a6b3dfb3135e5775b7d3be227659856fbc4

SHA256
de1a2e6b560e036da5ea6b042e29e81a5bfcf67dde89670c332fc5199e811ba6

SHA512
a64b6b06b3a0f3591892b60e59699682700f4018b898efe55d6bd5fb417965a55027671c58092d1eb7e21c2dbac42bc68dfb8c70468d98bed45a8cff0e945895

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF04A.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF07C.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
\??\pipe\crashpad_2004_XAJOBTSYYDOFVAUZ

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\Users\Admin\AppData\Local\Temp\7zS828E00C6\BlueStacksInstaller.exe

Filesize
623KB

MD5
f51cd98b34ad6b81081e1a017f5c45bc

SHA1
e734d4f3d81d517b2a2eafaf20310bc94a419207

SHA256
02ca17eaa0f8eec7e7d321756fd73bb8292f2de7f3585d567ecf6f56b4f037f6

SHA512
1b87f6b7c0ac1825a3bd76bebda7e90ebc8293b889a3f39a4513ce04800fcd516e5d8597db379275ed324afb5c7f868afb31d1c965922b434de6968c94c47184

Download Submit
memory/1628-129-0x0000000000F00000-0x0000000000F9E000-memory.dmp

Filesize
632KB

Download
memory/1628-127-0x000007FEF5D63000-0x000007FEF5D64000-memory.dmp

Filesize
4KB

Download
memory/1628-131-0x0000000000A90000-0x0000000000AF8000-memory.dmp

Filesize
416KB

Download
memory/1628-956-0x000007FEF5D60000-0x000007FEF674C000-memory.dmp

Filesize
9.9MB

Download
memory/1628-132-0x000007FEF5D60000-0x000007FEF674C000-memory.dmp

Filesize
9.9MB

Download
memory/1628-192-0x00000000006D0000-0x00000000006DA000-memory.dmp

Filesize
40KB

Download
memory/1628-191-0x00000000006D0000-0x00000000006DA000-memory.dmp

Filesize
40KB

Download
memory/1628-957-0x00000000006D0000-0x00000000006DA000-memory.dmp

Filesize
40KB

Download