Analysis

  • max time kernel
    289s
  • max time network
    289s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-07-2024 06:25

General

  • Target

    https://mega.nz/file/cGNQXagS#-QZUigdV3ZIaAo-SvvPznTJ3rUUtQDbrRkIj-BVa9ZM

Score
10/10

Malware Config

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

  • RedLine payload 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://mega.nz/file/cGNQXagS#-QZUigdV3ZIaAo-SvvPznTJ3rUUtQDbrRkIj-BVa9ZM
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1816
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff91f84ab58,0x7ff91f84ab68,0x7ff91f84ab78
      2⤵
        PID:3600
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 --field-trial-handle=1928,i,7265010230901517564,3030022702860588246,131072 /prefetch:2
        2⤵
          PID:732
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1928,i,7265010230901517564,3030022702860588246,131072 /prefetch:8
          2⤵
            PID:1508
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2248 --field-trial-handle=1928,i,7265010230901517564,3030022702860588246,131072 /prefetch:8
            2⤵
              PID:4508
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3080 --field-trial-handle=1928,i,7265010230901517564,3030022702860588246,131072 /prefetch:1
              2⤵
                PID:1552
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3112 --field-trial-handle=1928,i,7265010230901517564,3030022702860588246,131072 /prefetch:1
                2⤵
                  PID:2136
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4696 --field-trial-handle=1928,i,7265010230901517564,3030022702860588246,131072 /prefetch:8
                  2⤵
                    PID:4792
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4504 --field-trial-handle=1928,i,7265010230901517564,3030022702860588246,131072 /prefetch:8
                    2⤵
                      PID:2428
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4692 --field-trial-handle=1928,i,7265010230901517564,3030022702860588246,131072 /prefetch:8
                      2⤵
                        PID:1220
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4844 --field-trial-handle=1928,i,7265010230901517564,3030022702860588246,131072 /prefetch:8
                        2⤵
                          PID:4464
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 --field-trial-handle=1928,i,7265010230901517564,3030022702860588246,131072 /prefetch:8
                          2⤵
                            PID:3328
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5152 --field-trial-handle=1928,i,7265010230901517564,3030022702860588246,131072 /prefetch:1
                            2⤵
                              PID:2468
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5448 --field-trial-handle=1928,i,7265010230901517564,3030022702860588246,131072 /prefetch:1
                              2⤵
                                PID:2476
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5560 --field-trial-handle=1928,i,7265010230901517564,3030022702860588246,131072 /prefetch:8
                                2⤵
                                  PID:1440
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1780 --field-trial-handle=1928,i,7265010230901517564,3030022702860588246,131072 /prefetch:2
                                  2⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:4424
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1952 --field-trial-handle=1928,i,7265010230901517564,3030022702860588246,131072 /prefetch:1
                                  2⤵
                                    PID:1092
                                • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                                  "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                                  1⤵
                                    PID:4820
                                  • C:\Windows\system32\AUDIODG.EXE
                                    C:\Windows\system32\AUDIODG.EXE 0x4f8 0x4fc
                                    1⤵
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:3996
                                  • C:\Windows\System32\rundll32.exe
                                    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                    1⤵
                                      PID:2332
                                    • C:\Program Files\7-Zip\7zFM.exe
                                      "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\OSU Cheat.zip"
                                      1⤵
                                      • Suspicious behavior: GetForegroundWindowSpam
                                      • Suspicious use of FindShellTrayWindow
                                      PID:4476
                                    • C:\Users\Admin\Downloads\OSU Cheat\Instаller.exe
                                      "C:\Users\Admin\Downloads\OSU Cheat\Instаller.exe"
                                      1⤵
                                      • Executes dropped EXE
                                      PID:3932
                                    • C:\Windows\system32\taskmgr.exe
                                      "C:\Windows\system32\taskmgr.exe" /4
                                      1⤵
                                      • Checks SCSI registry key(s)
                                      • Suspicious behavior: EnumeratesProcesses
                                      • Suspicious behavior: GetForegroundWindowSpam
                                      • Suspicious use of FindShellTrayWindow
                                      • Suspicious use of SendNotifyMessage
                                      PID:1296

                                    Network

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

                                      Filesize

                                      17KB

                                      MD5

                                      950eca48e414acbe2c3b5d046dcb8521

                                      SHA1

                                      1731f264e979f18cdf08c405c7b7d32789a6fb59

                                      SHA256

                                      c0bbe530abfce19e06697bc4358eb426e076ccdb9113e22df4a6f32085da67a2

                                      SHA512

                                      27e55525ade4d099a6881011f6e2e0d5d3a9ca7181f4f014dc231d40b3b1907d0d437b0c44d336c25dd7b73209cd773b8563675ac260c43c7752e2d2d694d4d9

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025

                                      Filesize

                                      211KB

                                      MD5

                                      151fb811968eaf8efb840908b89dc9d4

                                      SHA1

                                      7ec811009fd9b0e6d92d12d78b002275f2f1bee1

                                      SHA256

                                      043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

                                      SHA512

                                      83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                      Filesize

                                      72B

                                      MD5

                                      62f834156e750bb339f48951c62147fe

                                      SHA1

                                      c8c70bcd6a1331ffee2d3b92c9f36c7034b8239d

                                      SHA256

                                      e6251b1d3b0aa6fa0b9ee802acf0d477d44e0ab1486d5f99e2651dfa26e17973

                                      SHA512

                                      6907abb1bc88ccb00c3ef307abeed26ed7f6c641322bdd0ed12b2023b193ab617d33aceaa3785c1cd161891275bec5fddd142bf53d0ccd974ad492b91e14e7cf

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                      Filesize

                                      168B

                                      MD5

                                      5ddcd5c85e4bc3841dd3757731341732

                                      SHA1

                                      a54aa93527f031f21ff3bf545e313670f0fb52b1

                                      SHA256

                                      dff2f41a05101b6d827913e10686ea87b032e709c95064e1ef3c68de75e3e890

                                      SHA512

                                      7bf4cec20819dc352e5f7364ada9bb064d83c1587f674035fcbb9f52ee84450eeeba4c9f1c88fa06b3db2e156b546fd7f5deb25e85ad097cdfe8c02d4ace9bb9

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\p\Paths\MANIFEST-000001

                                      Filesize

                                      41B

                                      MD5

                                      5af87dfd673ba2115e2fcf5cfdb727ab

                                      SHA1

                                      d5b5bbf396dc291274584ef71f444f420b6056f1

                                      SHA256

                                      f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                      SHA512

                                      de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

                                      Filesize

                                      16B

                                      MD5

                                      46295cac801e5d4857d09837238a6394

                                      SHA1

                                      44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                      SHA256

                                      0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                      SHA512

                                      8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                      Filesize

                                      1KB

                                      MD5

                                      caef5a7152c9d4d8ff3d7453a6f862a1

                                      SHA1

                                      c78a2371ac66c9016507c0817bc4515e3a0778a9

                                      SHA256

                                      6f3622ae12cfa7452713fad6497df8d9e3cd9f422bcc3457a7491d984dd3c541

                                      SHA512

                                      d8828821de2bb775abfeb44d69d5bf56c9ad2faeaf180b07a6200f00160486416f3c989d37df2c01b1982f508b28ee1ca020b7afa9048a38be2e7086801c0c61

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                      Filesize

                                      2KB

                                      MD5

                                      a3138666299abd7e56ef90313541dc4a

                                      SHA1

                                      6b98eb242de56452ac0ee51507341e4af801babc

                                      SHA256

                                      f1a272e0be2ad3bb3bf609e4aa953236e6881e8bb4396d9f729bc867ae1ce622

                                      SHA512

                                      b59e34283c5d32bcf21c0fc022a1a9c1815a0b71fc0a8e3eb3aac6573693656004e38097588cdb3543ebaef79d3aa0144fc5fbc004eb659dd14f5942bcf62267

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                      Filesize

                                      1KB

                                      MD5

                                      9f9091d84f7239a061e19d8e880914a5

                                      SHA1

                                      913ca54cc1f75ec80a9ff9fab1a033ffcca1dca9

                                      SHA256

                                      1baa589f99a9fbbe69f7b21f3ea1bb409fef92fa40bd77c9cd20cc232729277e

                                      SHA512

                                      d8c85a5800a451b2ae7817d84044fb3b7b31f465c68b9a33b0044b0b8cd49b85a5d5b7f32f60e7c0879417e39c56362533e6323902ad17c62cdd4503f4552860

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                      Filesize

                                      2B

                                      MD5

                                      d751713988987e9331980363e24189ce

                                      SHA1

                                      97d170e1550eee4afc0af065b78cda302a97674c

                                      SHA256

                                      4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                      SHA512

                                      b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                      Filesize

                                      523B

                                      MD5

                                      d2095ab383797bf3b0463cf775ed8761

                                      SHA1

                                      4ea7738d6231bd0864013e9b067f13408d6778be

                                      SHA256

                                      c6dca3312fd3c9c2ad47730aff81faeeb35e0a9c80ea6af1e31d790dc83973e0

                                      SHA512

                                      b06e4e7b4b0376ca3fe8b8ab64b6a6990608a33a79e53e388e64fcc7f09a7b557cdc6ec9341df920ecbd2341b8a696a801f6eb5ff0c9cf0b711cb6eb34a5432e

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                      Filesize

                                      523B

                                      MD5

                                      0bfda22ae254b486e09da7f496c9d60e

                                      SHA1

                                      d1d9d25899edd07043818953cbd28f04950ae66f

                                      SHA256

                                      6f6326785dec05fc95a5167f569f5559f52fbbb25924fabafd20550e8b551ab5

                                      SHA512

                                      ad7990b41788fc0cd4f2d073d99f5786130af66653a1e3f816d1e22d7bea79fd4fe94a475333c324232596aa2e3670d84bc861d39b80e857b6d7d77572075998

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                      Filesize

                                      523B

                                      MD5

                                      6c22a3880f4fb851e9a47094aa3e9624

                                      SHA1

                                      a1c1583ef49105b95960155b9b534b1c5d01f2ea

                                      SHA256

                                      aaa5c2690eed05a1705fed4e812d708595fb950c21568f15b44022debff7a072

                                      SHA512

                                      b247214e204ce4d605281ad7501f8d0cf7df5e640767503cff27eb90de3196ebf4515f64e715ce84c7e8f2018ef8e0a8c7a1caed4d090fe173bd123eb3eed68a

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                      Filesize

                                      6KB

                                      MD5

                                      1dae8a557437697f6ae1bf69c0b088ab

                                      SHA1

                                      773514a94cfe834c7b3ab4894dc51c6d6c6d0f68

                                      SHA256

                                      b2ac654e1de4214138fb708667d393c43987be6183e7351768e4ded5f2813206

                                      SHA512

                                      6b673a951d758567f8d4c93825e09d5e8708014b708dbd5ca9a4069a3b0f16b2e1a347abaf912d6c8cf7ce79ea377eb0cf0acc029c47e623ecef19e723bbfeb0

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                      Filesize

                                      7KB

                                      MD5

                                      6034dccd35fe92bc44d25c93bacaf79b

                                      SHA1

                                      067a9c9492ab40ac27a88fc5823d7e582bde9e8a

                                      SHA256

                                      85ad3b1eff2ff7ed0ebc02083c43fae148b0c3c2d88123f968f816f640834208

                                      SHA512

                                      b9d7fa2238ea4a3af20c3943d9f2acd2b4a97762cb08b99d6e1bbaa2ee1302ec50c0a6facce5fb7f82630ca41e38a3f3919dc77a5c4af80a312e12ce831870b2

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                      Filesize

                                      7KB

                                      MD5

                                      18a9b314905a4c30eca306b01ad1bb6c

                                      SHA1

                                      cc0b5ca1078e6eaccaacff81106b104d87c65114

                                      SHA256

                                      657098c1a822d745c5778543be2038e8b74df540964e53c2b79d8a7ccb7f241e

                                      SHA512

                                      35fe5d977b7fc8b46432afc6ef0f85961e5494973fb4d16d25629f8e9feab66dc6f9f38b4e6f951b918d3b24b28a7d2d67c327aa6fbb964f4639b13342ef1c61

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                      Filesize

                                      7KB

                                      MD5

                                      5a4e5e18371c0d1f951e286e7292922c

                                      SHA1

                                      d2cc79ed72c83814cd9e8c91d9863c775afbd679

                                      SHA256

                                      4687f60ddaeb2d49280a6de1b12e128cc41c98a2769e1d7997a280a45764a83a

                                      SHA512

                                      ede1f499b0249e1ca61c7a83fbe381d6cc42b4372b76a17d7693b2c03e7d3ded2fef70e1f598b65bb86129db1fb4f753168c51a22410d4b9381e7b42eb3b36b4

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

                                      Filesize

                                      96B

                                      MD5

                                      bf9583dff3bf89812d06ddb06d3748a3

                                      SHA1

                                      4f9729b454d0cb23581ecd9e48ca7429d6e5609d

                                      SHA256

                                      cc626450f635f3daf5cd51097008f9da5a2ba1689491c463ebdd8c32270290dc

                                      SHA512

                                      93e8bcc03ca65151ffbecde0d1962e010d610d051a20a7621db97995940e22e8d1315299069b0a5f7c31643f29484e36485fdc334d89a8358f586df16ab3e350

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                      Filesize

                                      144KB

                                      MD5

                                      a6920985ad73bfd3b25ca54fd366e36a

                                      SHA1

                                      542625d5fdf430117ad99cc39bba70bb17e01d4a

                                      SHA256

                                      c46628e3dd028f298d9d132441c122e130670fbd408e6cd73672f609c34463ba

                                      SHA512

                                      15a7ce7ab292bd2782cfed82f435e216ddb9dceace56b4a3427f56bcda1f97cf53daa9ad7aedfdf9b8aaefa78a56f1e102ee7e119d3456390b9c64147e79b7a7

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                      Filesize

                                      144KB

                                      MD5

                                      c950a6177f1e0875850e834725d49681

                                      SHA1

                                      e7839674d8bbae4a4952ef87dd272ac9c6c9004a

                                      SHA256

                                      9c528085f21137cf2b2ec64dbe03d823ed5587ee3b32b62956eaa92daab8383e

                                      SHA512

                                      be7313186e7e2185d3271845ff2aa59c614b0ccf2c3387407910b5b92ca58405fdde52caed6f43ea4f159f224a7f01cc2db67840f750fa30d95f1b90b39ab9d6

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                      Filesize

                                      144KB

                                      MD5

                                      c2d7fca6f5597ef3d11cc2317beb6680

                                      SHA1

                                      f2487ac124b21d7a516638e1407ea9d09fc4209a

                                      SHA256

                                      4bb3875a48d79e4a5d9742bd957167a8fabada4a77b3a9a0e0306279aa6b0bea

                                      SHA512

                                      34bc9000693abddd8e8d70a440bf58c08c1b4f72502501021206551344c4290be68240b0e871995d6b3059ba433b559acf07ac8e4ae0442b43c0306db784ae81

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                      Filesize

                                      97KB

                                      MD5

                                      5831c32e711bb45233ce03a8acb429c1

                                      SHA1

                                      fee94f5659966440ca9bd05cf2a5ef792c7eb91d

                                      SHA256

                                      f06f36e1db2029eb50a797536fa6932a1fbcea6f9dc3d9493112b3b9597f5dd6

                                      SHA512

                                      50ff6b76fd8d7be1917a9a276ffabfa2380a037981515f12ecb8766226896289e0bbfcdbc952a0f246e65ddde46c2506ea876073d465e908281be158221fc692

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58abac.TMP

                                      Filesize

                                      87KB

                                      MD5

                                      fd4961bdaa1bc5983e735d3e021cbe16

                                      SHA1

                                      11bb6e88622e43c92a490d2fe3b47a86614e8e8d

                                      SHA256

                                      e9f13817111503527b39469f373a0743d467c86d3764814b2119ab83298fd855

                                      SHA512

                                      584aea41bb8edbcde51e22f03ddd92ea87e5a7676ffa52997f86258a0a71de14774a9f47f3ce90d4fc4a86d523b5491392d4e3fd992af634677a4d32d24b70ca

                                    • C:\Users\Admin\Downloads\OSU Cheat.zip

                                      Filesize

                                      14.5MB

                                      MD5

                                      0798373c6cbdc4962ee5ff8df59352de

                                      SHA1

                                      5ca7eb7e10dacf62a98887f544a1ce54f712f5ff

                                      SHA256

                                      2cf82cb72dfcbf58a6063cb33757b6cfb0182ee31e55efc37f2e8ac71ca4bcca

                                      SHA512

                                      09a3d47a8df7e760c703bb008c7758845331f37f61d939c02ed92c19613a6480cf96b13a33cfa95f4a1f63993c86831db91772973efe833ef54d02d723a41bab

                                    • C:\Users\Admin\Downloads\OSU Cheat\Instаller.exe

                                      Filesize

                                      232KB

                                      MD5

                                      e008ba05ef602fce8675025a96f32a62

                                      SHA1

                                      d3eaf659db494ef694bae2dc713235863a7376fb

                                      SHA256

                                      726796c4d30502d9be1d3bd29568368c9a359635037f66ac446b69b7575b07b8

                                      SHA512

                                      a3f4c684dce9d8730cd0e34170d23ba2847adc0a1a2e066eb41e925a6545b84841d1839719cc74c6897fae350f283619b421685cdd9c00e7798f29f07350b7f5

                                    • memory/1296-383-0x0000015879CF0000-0x0000015879CF1000-memory.dmp

                                      Filesize

                                      4KB

                                    • memory/1296-394-0x0000015879CF0000-0x0000015879CF1000-memory.dmp

                                      Filesize

                                      4KB

                                    • memory/1296-389-0x0000015879CF0000-0x0000015879CF1000-memory.dmp

                                      Filesize

                                      4KB

                                    • memory/1296-390-0x0000015879CF0000-0x0000015879CF1000-memory.dmp

                                      Filesize

                                      4KB

                                    • memory/1296-391-0x0000015879CF0000-0x0000015879CF1000-memory.dmp

                                      Filesize

                                      4KB

                                    • memory/1296-385-0x0000015879CF0000-0x0000015879CF1000-memory.dmp

                                      Filesize

                                      4KB

                                    • memory/1296-384-0x0000015879CF0000-0x0000015879CF1000-memory.dmp

                                      Filesize

                                      4KB

                                    • memory/1296-392-0x0000015879CF0000-0x0000015879CF1000-memory.dmp

                                      Filesize

                                      4KB

                                    • memory/1296-393-0x0000015879CF0000-0x0000015879CF1000-memory.dmp

                                      Filesize

                                      4KB

                                    • memory/1296-395-0x0000015879CF0000-0x0000015879CF1000-memory.dmp

                                      Filesize

                                      4KB

                                    • memory/3932-382-0x0000000005360000-0x00000000053AC000-memory.dmp

                                      Filesize

                                      304KB

                                    • memory/3932-378-0x0000000004C30000-0x0000000005248000-memory.dmp

                                      Filesize

                                      6.1MB

                                    • memory/3932-379-0x0000000004B50000-0x0000000004B62000-memory.dmp

                                      Filesize

                                      72KB

                                    • memory/3932-381-0x0000000004B70000-0x0000000004BAC000-memory.dmp

                                      Filesize

                                      240KB

                                    • memory/3932-380-0x0000000005250000-0x000000000535A000-memory.dmp

                                      Filesize

                                      1.0MB

                                    • memory/3932-374-0x00000000001C0000-0x00000000001EE000-memory.dmp

                                      Filesize

                                      184KB