Analysis Overview
Threat Level: Known bad
The file https://mega.nz/file/cGNQXagS#-QZUigdV3ZIaAo-SvvPznTJ3rUUtQDbrRkIj-BVa9ZM was found to be: Known bad.
Malicious Activity Summary
RedLine payload
RedLine
Executes dropped EXE
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Modifies registry class
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Modifies data under HKEY_USERS
Checks SCSI registry key(s)
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-07-07 06:25
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-07 06:25
Reported
2024-07-07 06:31
Platform
win10v2004-20240704-en
Max time kernel
289s
Max time network
289s
Command Line
Signatures
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\OSU Cheat\Instаller.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133648071881529281" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://mega.nz/file/cGNQXagS#-QZUigdV3ZIaAo-SvvPznTJ3rUUtQDbrRkIj-BVa9ZM
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff91f84ab58,0x7ff91f84ab68,0x7ff91f84ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 --field-trial-handle=1928,i,7265010230901517564,3030022702860588246,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1928,i,7265010230901517564,3030022702860588246,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2248 --field-trial-handle=1928,i,7265010230901517564,3030022702860588246,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3080 --field-trial-handle=1928,i,7265010230901517564,3030022702860588246,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3112 --field-trial-handle=1928,i,7265010230901517564,3030022702860588246,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4696 --field-trial-handle=1928,i,7265010230901517564,3030022702860588246,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4504 --field-trial-handle=1928,i,7265010230901517564,3030022702860588246,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4692 --field-trial-handle=1928,i,7265010230901517564,3030022702860588246,131072 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f8 0x4fc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4844 --field-trial-handle=1928,i,7265010230901517564,3030022702860588246,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 --field-trial-handle=1928,i,7265010230901517564,3030022702860588246,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5152 --field-trial-handle=1928,i,7265010230901517564,3030022702860588246,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5448 --field-trial-handle=1928,i,7265010230901517564,3030022702860588246,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5560 --field-trial-handle=1928,i,7265010230901517564,3030022702860588246,131072 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\OSU Cheat.zip"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1780 --field-trial-handle=1928,i,7265010230901517564,3030022702860588246,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1952 --field-trial-handle=1928,i,7265010230901517564,3030022702860588246,131072 /prefetch:1
C:\Users\Admin\Downloads\OSU Cheat\Instаller.exe
"C:\Users\Admin\Downloads\OSU Cheat\Instаller.exe"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | mega.nz | udp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.145.216.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.api.mega.co.nz | udp |
| LU | 66.203.125.15:443 | g.api.mega.co.nz | tcp |
| LU | 66.203.125.15:443 | g.api.mega.co.nz | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| NL | 66.203.127.11:443 | eu.static.mega.co.nz | tcp |
| NL | 66.203.127.11:443 | eu.static.mega.co.nz | tcp |
| GB | 216.58.213.10:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 15.125.203.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.127.203.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 66.203.127.11:443 | eu.static.mega.co.nz | tcp |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| US | 8.8.8.8:53 | gfs208n161.userstorage.mega.co.nz | udp |
| FR | 185.206.26.71:443 | gfs208n161.userstorage.mega.co.nz | tcp |
| FR | 185.206.26.71:443 | gfs208n161.userstorage.mega.co.nz | tcp |
| FR | 185.206.26.71:443 | gfs208n161.userstorage.mega.co.nz | tcp |
| FR | 185.206.26.71:443 | gfs208n161.userstorage.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.26.206.185.in-addr.arpa | udp |
| FR | 185.206.26.71:443 | gfs208n161.userstorage.mega.co.nz | tcp |
| FR | 185.206.26.71:443 | gfs208n161.userstorage.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.35:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 35.169.217.172.in-addr.arpa | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| GB | 216.58.213.10:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.79.70.13.in-addr.arpa | udp |
| NL | 45.15.156.45:80 | tcp | |
| NL | 45.15.156.45:80 | tcp | |
| NL | 45.15.156.45:80 | tcp | |
| NL | 45.15.156.45:80 | tcp | |
| NL | 45.15.156.45:80 | tcp | |
| NL | 45.15.156.45:80 | tcp |
Files
\??\pipe\crashpad_1816_UVGUEOFBJBJGVLDB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1dae8a557437697f6ae1bf69c0b088ab |
| SHA1 | 773514a94cfe834c7b3ab4894dc51c6d6c6d0f68 |
| SHA256 | b2ac654e1de4214138fb708667d393c43987be6183e7351768e4ded5f2813206 |
| SHA512 | 6b673a951d758567f8d4c93825e09d5e8708014b708dbd5ca9a4069a3b0f16b2e1a347abaf912d6c8cf7ce79ea377eb0cf0acc029c47e623ecef19e723bbfeb0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | a6920985ad73bfd3b25ca54fd366e36a |
| SHA1 | 542625d5fdf430117ad99cc39bba70bb17e01d4a |
| SHA256 | c46628e3dd028f298d9d132441c122e130670fbd408e6cd73672f609c34463ba |
| SHA512 | 15a7ce7ab292bd2782cfed82f435e216ddb9dceace56b4a3427f56bcda1f97cf53daa9ad7aedfdf9b8aaefa78a56f1e102ee7e119d3456390b9c64147e79b7a7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\p\Paths\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d2095ab383797bf3b0463cf775ed8761 |
| SHA1 | 4ea7738d6231bd0864013e9b067f13408d6778be |
| SHA256 | c6dca3312fd3c9c2ad47730aff81faeeb35e0a9c80ea6af1e31d790dc83973e0 |
| SHA512 | b06e4e7b4b0376ca3fe8b8ab64b6a6990608a33a79e53e388e64fcc7f09a7b557cdc6ec9341df920ecbd2341b8a696a801f6eb5ff0c9cf0b711cb6eb34a5432e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 62f834156e750bb339f48951c62147fe |
| SHA1 | c8c70bcd6a1331ffee2d3b92c9f36c7034b8239d |
| SHA256 | e6251b1d3b0aa6fa0b9ee802acf0d477d44e0ab1486d5f99e2651dfa26e17973 |
| SHA512 | 6907abb1bc88ccb00c3ef307abeed26ed7f6c641322bdd0ed12b2023b193ab617d33aceaa3785c1cd161891275bec5fddd142bf53d0ccd974ad492b91e14e7cf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024
| MD5 | 950eca48e414acbe2c3b5d046dcb8521 |
| SHA1 | 1731f264e979f18cdf08c405c7b7d32789a6fb59 |
| SHA256 | c0bbe530abfce19e06697bc4358eb426e076ccdb9113e22df4a6f32085da67a2 |
| SHA512 | 27e55525ade4d099a6881011f6e2e0d5d3a9ca7181f4f014dc231d40b3b1907d0d437b0c44d336c25dd7b73209cd773b8563675ac260c43c7752e2d2d694d4d9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index
| MD5 | bf9583dff3bf89812d06ddb06d3748a3 |
| SHA1 | 4f9729b454d0cb23581ecd9e48ca7429d6e5609d |
| SHA256 | cc626450f635f3daf5cd51097008f9da5a2ba1689491c463ebdd8c32270290dc |
| SHA512 | 93e8bcc03ca65151ffbecde0d1962e010d610d051a20a7621db97995940e22e8d1315299069b0a5f7c31643f29484e36485fdc334d89a8358f586df16ab3e350 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6034dccd35fe92bc44d25c93bacaf79b |
| SHA1 | 067a9c9492ab40ac27a88fc5823d7e582bde9e8a |
| SHA256 | 85ad3b1eff2ff7ed0ebc02083c43fae148b0c3c2d88123f968f816f640834208 |
| SHA512 | b9d7fa2238ea4a3af20c3943d9f2acd2b4a97762cb08b99d6e1bbaa2ee1302ec50c0a6facce5fb7f82630ca41e38a3f3919dc77a5c4af80a312e12ce831870b2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5a4e5e18371c0d1f951e286e7292922c |
| SHA1 | d2cc79ed72c83814cd9e8c91d9863c775afbd679 |
| SHA256 | 4687f60ddaeb2d49280a6de1b12e128cc41c98a2769e1d7997a280a45764a83a |
| SHA512 | ede1f499b0249e1ca61c7a83fbe381d6cc42b4372b76a17d7693b2c03e7d3ded2fef70e1f598b65bb86129db1fb4f753168c51a22410d4b9381e7b42eb3b36b4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | c2d7fca6f5597ef3d11cc2317beb6680 |
| SHA1 | f2487ac124b21d7a516638e1407ea9d09fc4209a |
| SHA256 | 4bb3875a48d79e4a5d9742bd957167a8fabada4a77b3a9a0e0306279aa6b0bea |
| SHA512 | 34bc9000693abddd8e8d70a440bf58c08c1b4f72502501021206551344c4290be68240b0e871995d6b3059ba433b559acf07ac8e4ae0442b43c0306db784ae81 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0bfda22ae254b486e09da7f496c9d60e |
| SHA1 | d1d9d25899edd07043818953cbd28f04950ae66f |
| SHA256 | 6f6326785dec05fc95a5167f569f5559f52fbbb25924fabafd20550e8b551ab5 |
| SHA512 | ad7990b41788fc0cd4f2d073d99f5786130af66653a1e3f816d1e22d7bea79fd4fe94a475333c324232596aa2e3670d84bc861d39b80e857b6d7d77572075998 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 5831c32e711bb45233ce03a8acb429c1 |
| SHA1 | fee94f5659966440ca9bd05cf2a5ef792c7eb91d |
| SHA256 | f06f36e1db2029eb50a797536fa6932a1fbcea6f9dc3d9493112b3b9597f5dd6 |
| SHA512 | 50ff6b76fd8d7be1917a9a276ffabfa2380a037981515f12ecb8766226896289e0bbfcdbc952a0f246e65ddde46c2506ea876073d465e908281be158221fc692 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58abac.TMP
| MD5 | fd4961bdaa1bc5983e735d3e021cbe16 |
| SHA1 | 11bb6e88622e43c92a490d2fe3b47a86614e8e8d |
| SHA256 | e9f13817111503527b39469f373a0743d467c86d3764814b2119ab83298fd855 |
| SHA512 | 584aea41bb8edbcde51e22f03ddd92ea87e5a7676ffa52997f86258a0a71de14774a9f47f3ce90d4fc4a86d523b5491392d4e3fd992af634677a4d32d24b70ca |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 9f9091d84f7239a061e19d8e880914a5 |
| SHA1 | 913ca54cc1f75ec80a9ff9fab1a033ffcca1dca9 |
| SHA256 | 1baa589f99a9fbbe69f7b21f3ea1bb409fef92fa40bd77c9cd20cc232729277e |
| SHA512 | d8c85a5800a451b2ae7817d84044fb3b7b31f465c68b9a33b0044b0b8cd49b85a5d5b7f32f60e7c0879417e39c56362533e6323902ad17c62cdd4503f4552860 |
C:\Users\Admin\Downloads\OSU Cheat.zip
| MD5 | 0798373c6cbdc4962ee5ff8df59352de |
| SHA1 | 5ca7eb7e10dacf62a98887f544a1ce54f712f5ff |
| SHA256 | 2cf82cb72dfcbf58a6063cb33757b6cfb0182ee31e55efc37f2e8ac71ca4bcca |
| SHA512 | 09a3d47a8df7e760c703bb008c7758845331f37f61d939c02ed92c19613a6480cf96b13a33cfa95f4a1f63993c86831db91772973efe833ef54d02d723a41bab |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025
| MD5 | 151fb811968eaf8efb840908b89dc9d4 |
| SHA1 | 7ec811009fd9b0e6d92d12d78b002275f2f1bee1 |
| SHA256 | 043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed |
| SHA512 | 83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | caef5a7152c9d4d8ff3d7453a6f862a1 |
| SHA1 | c78a2371ac66c9016507c0817bc4515e3a0778a9 |
| SHA256 | 6f3622ae12cfa7452713fad6497df8d9e3cd9f422bcc3457a7491d984dd3c541 |
| SHA512 | d8828821de2bb775abfeb44d69d5bf56c9ad2faeaf180b07a6200f00160486416f3c989d37df2c01b1982f508b28ee1ca020b7afa9048a38be2e7086801c0c61 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 6c22a3880f4fb851e9a47094aa3e9624 |
| SHA1 | a1c1583ef49105b95960155b9b534b1c5d01f2ea |
| SHA256 | aaa5c2690eed05a1705fed4e812d708595fb950c21568f15b44022debff7a072 |
| SHA512 | b247214e204ce4d605281ad7501f8d0cf7df5e640767503cff27eb90de3196ebf4515f64e715ce84c7e8f2018ef8e0a8c7a1caed4d090fe173bd123eb3eed68a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 18a9b314905a4c30eca306b01ad1bb6c |
| SHA1 | cc0b5ca1078e6eaccaacff81106b104d87c65114 |
| SHA256 | 657098c1a822d745c5778543be2038e8b74df540964e53c2b79d8a7ccb7f241e |
| SHA512 | 35fe5d977b7fc8b46432afc6ef0f85961e5494973fb4d16d25629f8e9feab66dc6f9f38b4e6f951b918d3b24b28a7d2d67c327aa6fbb964f4639b13342ef1c61 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | c950a6177f1e0875850e834725d49681 |
| SHA1 | e7839674d8bbae4a4952ef87dd272ac9c6c9004a |
| SHA256 | 9c528085f21137cf2b2ec64dbe03d823ed5587ee3b32b62956eaa92daab8383e |
| SHA512 | be7313186e7e2185d3271845ff2aa59c614b0ccf2c3387407910b5b92ca58405fdde52caed6f43ea4f159f224a7f01cc2db67840f750fa30d95f1b90b39ab9d6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 5ddcd5c85e4bc3841dd3757731341732 |
| SHA1 | a54aa93527f031f21ff3bf545e313670f0fb52b1 |
| SHA256 | dff2f41a05101b6d827913e10686ea87b032e709c95064e1ef3c68de75e3e890 |
| SHA512 | 7bf4cec20819dc352e5f7364ada9bb064d83c1587f674035fcbb9f52ee84450eeeba4c9f1c88fa06b3db2e156b546fd7f5deb25e85ad097cdfe8c02d4ace9bb9 |
C:\Users\Admin\Downloads\OSU Cheat\Instаller.exe
| MD5 | e008ba05ef602fce8675025a96f32a62 |
| SHA1 | d3eaf659db494ef694bae2dc713235863a7376fb |
| SHA256 | 726796c4d30502d9be1d3bd29568368c9a359635037f66ac446b69b7575b07b8 |
| SHA512 | a3f4c684dce9d8730cd0e34170d23ba2847adc0a1a2e066eb41e925a6545b84841d1839719cc74c6897fae350f283619b421685cdd9c00e7798f29f07350b7f5 |
memory/3932-374-0x00000000001C0000-0x00000000001EE000-memory.dmp
memory/3932-378-0x0000000004C30000-0x0000000005248000-memory.dmp
memory/3932-379-0x0000000004B50000-0x0000000004B62000-memory.dmp
memory/3932-380-0x0000000005250000-0x000000000535A000-memory.dmp
memory/3932-381-0x0000000004B70000-0x0000000004BAC000-memory.dmp
memory/3932-382-0x0000000005360000-0x00000000053AC000-memory.dmp
memory/1296-385-0x0000015879CF0000-0x0000015879CF1000-memory.dmp
memory/1296-384-0x0000015879CF0000-0x0000015879CF1000-memory.dmp
memory/1296-383-0x0000015879CF0000-0x0000015879CF1000-memory.dmp
memory/1296-393-0x0000015879CF0000-0x0000015879CF1000-memory.dmp
memory/1296-395-0x0000015879CF0000-0x0000015879CF1000-memory.dmp
memory/1296-394-0x0000015879CF0000-0x0000015879CF1000-memory.dmp
memory/1296-392-0x0000015879CF0000-0x0000015879CF1000-memory.dmp
memory/1296-391-0x0000015879CF0000-0x0000015879CF1000-memory.dmp
memory/1296-390-0x0000015879CF0000-0x0000015879CF1000-memory.dmp
memory/1296-389-0x0000015879CF0000-0x0000015879CF1000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | a3138666299abd7e56ef90313541dc4a |
| SHA1 | 6b98eb242de56452ac0ee51507341e4af801babc |
| SHA256 | f1a272e0be2ad3bb3bf609e4aa953236e6881e8bb4396d9f729bc867ae1ce622 |
| SHA512 | b59e34283c5d32bcf21c0fc022a1a9c1815a0b71fc0a8e3eb3aac6573693656004e38097588cdb3543ebaef79d3aa0144fc5fbc004eb659dd14f5942bcf62267 |