be6c7b0c87bdb9426bbbab27b7574d3bcd435126b8130bbd2c2ce516e077e4e8

Resubmissions

09/07/2024, 18:56

240709-xltjmazbqn 9

09/07/2024, 16:59

240709-vhlcqstgpm 9

09/07/2024, 14:31

240709-rvwsfsybnk 8

Analysis

max time kernel
2700s
max time network
2683s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
09/07/2024, 18:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MWIII_IRIS_AIO_V3.5.exe
Size

10.9MB
MD5

dc43693ef7c1e53d46b0da91191597db
SHA1

aef31787fe96864a8ae38793d4974fc254cddf50
SHA256

be6c7b0c87bdb9426bbbab27b7574d3bcd435126b8130bbd2c2ce516e077e4e8
SHA512

d5190aa5c30e941908560709917ea59dc6400f4ba1bbf2aa15c4abaa08d62cc1f7aa4cd154dbea9c537ddc513005ec1b25146a2d7b8951da14cac2542861fb26
SSDEEP

196608:Or9iC3AAslutR6k0SxVCypmKEqEOdoFldQ+6XVizae1haPXM3dkIftIia9tkfc:+9ikAAsUvl0aH2qbdoLPae1hIc3TtIiu

Score

9^/10

evasion execution themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 16 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	MWIII_1.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	MWIII_1.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	MWIII_1.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	MWIII_1.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	MWIII_1.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	MWIII_1.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	MWIII_1.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	MWIII_1.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	MWIII_1.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	MWIII_1.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	MWIII_1.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	MWIII_1.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	MWIII_1.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	MWIII_1.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	MWIII_1.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	MWIII_1.exe

Downloads MZ/PE file
Stops running service(s) 4 TTPs
evasion execution

Windows Service
T1543.003

Impair Defenses
T1562

Service Stop
T1489

Service Execution
T1569.002

Checks BIOS information in registry 2 TTPs 32 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	MWIII_1.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	MWIII_1.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	MWIII_1.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	MWIII_1.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	MWIII_1.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	MWIII_1.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	MWIII_1.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	MWIII_1.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	MWIII_1.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	MWIII_1.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	MWIII_1.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	MWIII_1.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	MWIII_1.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	MWIII_1.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	MWIII_1.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	MWIII_1.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	MWIII_1.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	MWIII_1.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	MWIII_1.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	MWIII_1.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	MWIII_1.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	MWIII_1.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	MWIII_1.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	MWIII_1.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	MWIII_1.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	MWIII_1.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	MWIII_1.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	MWIII_1.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	MWIII_1.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	MWIII_1.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	MWIII_1.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	MWIII_1.exe

Executes dropped EXE 23 IoCs

pid	Process
1584	MWIII_1.exe
3936	MWIII_1.exe
4412	MWIII_1.exe
4676	MWIII_1.exe
4980	MWIII_1.exe
3332	MWIII_1.exe
512	MWIII_1.exe
4460	MWIII_1.exe
1908	MWIII_1.exe
2076	MWIII_1.exe
1656	MWIII_1.exe
1928	MWIII_1.exe
1916	MWIII_1.exe
2176	MWIII_1.exe
3976	MWIII_1.exe
1696	MWIII_1.exe
5004	MWIII_1.exe
4680	MWIII_1.exe
2108	MWIII_1.exe
1052	MWIII_1.exe
740	MWIII_1.exe
4396	MWIII_1.exe
4080	MWIII_1.exe

Loads dropped DLL 23 IoCs

pid	Process
1952	x64dbg.exe
4496	x64dbg.exe
1932	x64dbg.exe
1932	x64dbg.exe
1932	x64dbg.exe
1932	x64dbg.exe
3284	x64dbg.exe
3284	x64dbg.exe
3284	x64dbg.exe
3284	x64dbg.exe
3284	x64dbg.exe
3284	x64dbg.exe
3284	x64dbg.exe
3284	x64dbg.exe
3284	x64dbg.exe
3284	x64dbg.exe
3284	x64dbg.exe
3284	x64dbg.exe
3284	x64dbg.exe
3284	x64dbg.exe
3284	x64dbg.exe
3284	x64dbg.exe
3284	x64dbg.exe

Themida packer 6 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral1/files/0x000900000002326b-510.dat	themida
behavioral1/memory/1584-620-0x0000000140000000-0x0000000140CD0000-memory.dmp	themida
behavioral1/memory/1584-708-0x0000000140000000-0x0000000140CD0000-memory.dmp	themida
behavioral1/memory/3936-938-0x0000000140000000-0x0000000140CD0000-memory.dmp	themida
behavioral1/memory/4412-1009-0x0000000140000000-0x0000000140CD0000-memory.dmp	themida
behavioral1/memory/4412-1221-0x0000000140000000-0x0000000140CD0000-memory.dmp	themida

Checks whether UAC is enabled 1 TTPs 16 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	MWIII_1.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	MWIII_1.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	MWIII_1.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	MWIII_1.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	MWIII_1.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	MWIII_1.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	MWIII_1.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	MWIII_1.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	MWIII_1.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	MWIII_1.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	MWIII_1.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	MWIII_1.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	MWIII_1.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	MWIII_1.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	MWIII_1.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	MWIII_1.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\L:	wmplayer.exe
File opened (read-only)	\??\H:	unregmp2.exe
File opened (read-only)	\??\S:	unregmp2.exe
File opened (read-only)	\??\Y:	unregmp2.exe
File opened (read-only)	\??\Q:	wmplayer.exe
File opened (read-only)	\??\G:	wmplayer.exe
File opened (read-only)	\??\H:	wmplayer.exe
File opened (read-only)	\??\S:	wmplayer.exe
File opened (read-only)	\??\X:	wmplayer.exe
File opened (read-only)	\??\A:	unregmp2.exe
File opened (read-only)	\??\B:	unregmp2.exe
File opened (read-only)	\??\R:	unregmp2.exe
File opened (read-only)	\??\V:	unregmp2.exe
File opened (read-only)	\??\A:	wmplayer.exe
File opened (read-only)	\??\U:	wmplayer.exe
File opened (read-only)	\??\W:	wmplayer.exe
File opened (read-only)	\??\K:	unregmp2.exe
File opened (read-only)	\??\L:	unregmp2.exe
File opened (read-only)	\??\U:	unregmp2.exe
File opened (read-only)	\??\W:	unregmp2.exe
File opened (read-only)	\??\O:	unregmp2.exe
File opened (read-only)	\??\I:	wmplayer.exe
File opened (read-only)	\??\V:	wmplayer.exe
File opened (read-only)	\??\Y:	wmplayer.exe
File opened (read-only)	\??\E:	wmplayer.exe
File opened (read-only)	\??\J:	wmplayer.exe
File opened (read-only)	\??\K:	wmplayer.exe
File opened (read-only)	\??\N:	wmplayer.exe
File opened (read-only)	\??\I:	unregmp2.exe
File opened (read-only)	\??\N:	unregmp2.exe
File opened (read-only)	\??\P:	unregmp2.exe
File opened (read-only)	\??\Q:	unregmp2.exe
File opened (read-only)	\??\P:	wmplayer.exe
File opened (read-only)	\??\T:	wmplayer.exe
File opened (read-only)	\??\E:	unregmp2.exe
File opened (read-only)	\??\G:	unregmp2.exe
File opened (read-only)	\??\J:	unregmp2.exe
File opened (read-only)	\??\T:	unregmp2.exe
File opened (read-only)	\??\M:	wmplayer.exe
File opened (read-only)	\??\O:	wmplayer.exe
File opened (read-only)	\??\R:	wmplayer.exe
File opened (read-only)	\??\Z:	wmplayer.exe
File opened (read-only)	\??\M:	unregmp2.exe
File opened (read-only)	\??\X:	unregmp2.exe
File opened (read-only)	\??\Z:	unregmp2.exe
File opened (read-only)	\??\B:	wmplayer.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service

T1102

flow	ioc
118	raw.githubusercontent.com

Suspicious use of NtCreateThreadExHideFromDebugger 4 IoCs

pid	Process
1952	x64dbg.exe
4496	x64dbg.exe
1932	x64dbg.exe
1932	x64dbg.exe

Suspicious use of SetThreadContext 64 IoCs

description	pid	Process	procid_target
PID 1932 set thread context of 4412	1932	x64dbg.exe	220
PID 1932 set thread context of 4676	1932	x64dbg.exe	250
PID 1932 set thread context of 4980	1932	x64dbg.exe	252
PID 1932 set thread context of 3332	1932	x64dbg.exe	254
PID 1932 set thread context of 3332	1932	x64dbg.exe	254
PID 1932 set thread context of 3332	1932	x64dbg.exe	254
PID 1932 set thread context of 3332	1932	x64dbg.exe	254
PID 1932 set thread context of 3332	1932	x64dbg.exe	254
PID 1932 set thread context of 3332	1932	x64dbg.exe	254
PID 1932 set thread context of 3332	1932	x64dbg.exe	254
PID 1932 set thread context of 3332	1932	x64dbg.exe	254
PID 1932 set thread context of 3332	1932	x64dbg.exe	254
PID 1932 set thread context of 3332	1932	x64dbg.exe	254
PID 1932 set thread context of 3332	1932	x64dbg.exe	254
PID 1932 set thread context of 3332	1932	x64dbg.exe	254
PID 1932 set thread context of 3332	1932	x64dbg.exe	254
PID 1932 set thread context of 3332	1932	x64dbg.exe	254
PID 1932 set thread context of 3332	1932	x64dbg.exe	254
PID 1932 set thread context of 3332	1932	x64dbg.exe	254
PID 1932 set thread context of 3332	1932	x64dbg.exe	254
PID 1932 set thread context of 3332	1932	x64dbg.exe	254
PID 1932 set thread context of 3332	1932	x64dbg.exe	254
PID 1932 set thread context of 3332	1932	x64dbg.exe	254
PID 1932 set thread context of 3332	1932	x64dbg.exe	254
PID 1932 set thread context of 3332	1932	x64dbg.exe	254
PID 1932 set thread context of 3332	1932	x64dbg.exe	254
PID 1932 set thread context of 3332	1932	x64dbg.exe	254
PID 1932 set thread context of 3332	1932	x64dbg.exe	254
PID 1932 set thread context of 3332	1932	x64dbg.exe	254
PID 1932 set thread context of 3332	1932	x64dbg.exe	254
PID 1932 set thread context of 3332	1932	x64dbg.exe	254
PID 1932 set thread context of 3332	1932	x64dbg.exe	254
PID 1932 set thread context of 3332	1932	x64dbg.exe	254
PID 3284 set thread context of 512	3284	x64dbg.exe	270
PID 3284 set thread context of 512	3284	x64dbg.exe	270
PID 3284 set thread context of 512	3284	x64dbg.exe	270
PID 3284 set thread context of 512	3284	x64dbg.exe	270
PID 3284 set thread context of 512	3284	x64dbg.exe	270
PID 3284 set thread context of 512	3284	x64dbg.exe	270
PID 3284 set thread context of 512	3284	x64dbg.exe	270
PID 3284 set thread context of 512	3284	x64dbg.exe	270
PID 3284 set thread context of 512	3284	x64dbg.exe	270
PID 3284 set thread context of 512	3284	x64dbg.exe	270
PID 3284 set thread context of 512	3284	x64dbg.exe	270
PID 3284 set thread context of 512	3284	x64dbg.exe	270
PID 3284 set thread context of 512	3284	x64dbg.exe	270
PID 3284 set thread context of 512	3284	x64dbg.exe	270
PID 3284 set thread context of 512	3284	x64dbg.exe	270
PID 3284 set thread context of 512	3284	x64dbg.exe	270
PID 3284 set thread context of 512	3284	x64dbg.exe	270
PID 3284 set thread context of 512	3284	x64dbg.exe	270
PID 3284 set thread context of 512	3284	x64dbg.exe	270
PID 3284 set thread context of 512	3284	x64dbg.exe	270
PID 3284 set thread context of 512	3284	x64dbg.exe	270
PID 3284 set thread context of 512	3284	x64dbg.exe	270
PID 3284 set thread context of 512	3284	x64dbg.exe	270
PID 3284 set thread context of 512	3284	x64dbg.exe	270
PID 3284 set thread context of 512	3284	x64dbg.exe	270
PID 3284 set thread context of 512	3284	x64dbg.exe	270
PID 3284 set thread context of 512	3284	x64dbg.exe	270
PID 3284 set thread context of 512	3284	x64dbg.exe	270
PID 3284 set thread context of 512	3284	x64dbg.exe	270
PID 3284 set thread context of 512	3284	x64dbg.exe	270
PID 3284 set thread context of 512	3284	x64dbg.exe	270

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll	svchost.exe
File opened for modification	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll	svchost.exe

Launches sc.exe 4 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
3020	sc.exe
5088	sc.exe
364	sc.exe
1448	sc.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4380	4072	WerFault.exe	147

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Delays execution with timeout.exe 2 IoCs

evasion

pid	Process
5088	timeout.exe
2608	timeout.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Kills process with taskkill 16 IoCs

evasion

pid	Process
4008	taskkill.exe
3616	taskkill.exe
2584	taskkill.exe
4688	taskkill.exe
2316	taskkill.exe
4908	taskkill.exe
4944	taskkill.exe
5064	taskkill.exe
1420	taskkill.exe
4560	taskkill.exe
3396	taskkill.exe
4440	taskkill.exe
1192	taskkill.exe
4956	taskkill.exe
1680	taskkill.exe
2104	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133650305773298605"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	x64dbg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	x64dbg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	x64dbg.exe
Key created	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\3	Magicmida.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	x64dbg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	x64dbg.exe
Key created	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	x64dbg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	x64dbg.exe
Key created	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	x64dbg.exe
Key created	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	x64dbg.exe
Key created	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	x64dbg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257"	Magicmida.exe
Key created	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg	x64dbg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	x64dbg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	x64dbg.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	x64dbg.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	x64dbg.exe
Key created	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell	x64dbg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	x64dbg.exe
Key created	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	x64dbg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	x64dbg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	x64dbg.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Magicmida.exe
Key created	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\Shell	x64dbg.exe
Key created	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg	x64dbg.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	x64dbg.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	x64dbg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	x64dbg.exe
Key created	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	x64dbg.exe
Key created	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg	x64dbg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	Magicmida.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	x64dbg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	x64dbg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	x64dbg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	x64dbg.exe
Key created	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings	Magicmida.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	x64dbg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	x64dbg.exe
Key created	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	x64dbg.exe
Key created	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	Magicmida.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Downloads"	x64dbg.exe
Key created	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	x64dbg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	x64dbg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	x64dbg.exe
Key created	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	x64dbg.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202020202020202	x64dbg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	x64dbg.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Magicmida.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\3\NodeSlot = "16"	x64dbg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Magicmida.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	Magicmida.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	x64dbg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	x64dbg.exe
Key created	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\Shell	Magicmida.exe
Key created	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	Magicmida.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	x64dbg.exe
Key created	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	x64dbg.exe
Key created	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\Shell	x64dbg.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	x64dbg.exe
Key created	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2	x64dbg.exe
Key created	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	Magicmida.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	Magicmida.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	Magicmida.exe
Key created	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2	x64dbg.exe

Suspicious behavior: AddClipboardFormatListener 4 IoCs

pid	Process
1952	x64dbg.exe
4496	x64dbg.exe
1932	x64dbg.exe
3284	x64dbg.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2288	MWIII_IRIS_AIO_V3.5.exe
2288	MWIII_IRIS_AIO_V3.5.exe
4928	chrome.exe
4928	chrome.exe
3720	chrome.exe
3720	chrome.exe
1952	x64dbg.exe
1952	x64dbg.exe
1952	x64dbg.exe
1952	x64dbg.exe
1952	x64dbg.exe
1952	x64dbg.exe
1952	x64dbg.exe
1952	x64dbg.exe
1952	x64dbg.exe
1952	x64dbg.exe
1952	x64dbg.exe
1952	x64dbg.exe
1952	x64dbg.exe
1952	x64dbg.exe
1952	x64dbg.exe
1952	x64dbg.exe
1952	x64dbg.exe
1952	x64dbg.exe
1952	x64dbg.exe
1952	x64dbg.exe
1952	x64dbg.exe
1952	x64dbg.exe
1952	x64dbg.exe
1952	x64dbg.exe
1952	x64dbg.exe
1952	x64dbg.exe
1952	x64dbg.exe
1952	x64dbg.exe
1952	x64dbg.exe
1952	x64dbg.exe
1952	x64dbg.exe
1952	x64dbg.exe
1952	x64dbg.exe
1952	x64dbg.exe
1952	x64dbg.exe
1952	x64dbg.exe
1952	x64dbg.exe
1952	x64dbg.exe
1952	x64dbg.exe
1952	x64dbg.exe
1952	x64dbg.exe
1952	x64dbg.exe
1952	x64dbg.exe
1952	x64dbg.exe
1952	x64dbg.exe
1952	x64dbg.exe
1952	x64dbg.exe
1952	x64dbg.exe
1952	x64dbg.exe
1952	x64dbg.exe
1952	x64dbg.exe
1952	x64dbg.exe
1952	x64dbg.exe
1952	x64dbg.exe
1952	x64dbg.exe
1952	x64dbg.exe
1952	x64dbg.exe
1952	x64dbg.exe

Suspicious behavior: GetForegroundWindowSpam 5 IoCs

pid	Process
1952	x64dbg.exe
4496	x64dbg.exe
1932	x64dbg.exe
3008	Magicmida.exe
3284	x64dbg.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4908	taskkill.exe
Token: SeDebugPrivilege	4008	taskkill.exe
Token: SeDebugPrivilege	3616	taskkill.exe
Token: SeDebugPrivilege	4560	taskkill.exe
Token: SeDebugPrivilege	2584	taskkill.exe
Token: SeDebugPrivilege	3396	taskkill.exe
Token: SeDebugPrivilege	1192	taskkill.exe
Token: SeDebugPrivilege	4944	taskkill.exe
Token: SeDebugPrivilege	1680	taskkill.exe
Token: SeDebugPrivilege	4956	taskkill.exe
Token: SeDebugPrivilege	5064	taskkill.exe
Token: SeDebugPrivilege	2104	taskkill.exe
Token: SeDebugPrivilege	4440	taskkill.exe
Token: SeDebugPrivilege	2316	taskkill.exe
Token: SeDebugPrivilege	1420	taskkill.exe
Token: SeDebugPrivilege	4688	taskkill.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4072	wmplayer.exe
Token: SeCreatePagefilePrivilege	4072	wmplayer.exe
Token: SeShutdownPrivilege	1244	unregmp2.exe
Token: SeCreatePagefilePrivilege	1244	unregmp2.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4072	wmplayer.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
3580	taskmgr.exe
3580	taskmgr.exe
3580	taskmgr.exe
3580	taskmgr.exe
3580	taskmgr.exe
3580	taskmgr.exe
3580	taskmgr.exe
3580	taskmgr.exe
3580	taskmgr.exe
3580	taskmgr.exe
3580	taskmgr.exe
3580	taskmgr.exe
3580	taskmgr.exe
3580	taskmgr.exe
3580	taskmgr.exe
3580	taskmgr.exe
3580	taskmgr.exe
3580	taskmgr.exe
3580	taskmgr.exe
3580	taskmgr.exe
3580	taskmgr.exe
3580	taskmgr.exe
3580	taskmgr.exe
3580	taskmgr.exe
3580	taskmgr.exe
3580	taskmgr.exe
3580	taskmgr.exe
3580	taskmgr.exe
3580	taskmgr.exe
3580	taskmgr.exe
3580	taskmgr.exe
3580	taskmgr.exe

Suspicious use of SetWindowsHookEx 36 IoCs

pid	Process
1952	x64dbg.exe
1952	x64dbg.exe
1952	x64dbg.exe
1952	x64dbg.exe
1952	x64dbg.exe
1952	x64dbg.exe
4496	x64dbg.exe
4496	x64dbg.exe
4496	x64dbg.exe
4496	x64dbg.exe
4496	x64dbg.exe
4496	x64dbg.exe
1932	x64dbg.exe
1932	x64dbg.exe
1932	x64dbg.exe
1932	x64dbg.exe
3008	Magicmida.exe
3008	Magicmida.exe
3008	Magicmida.exe
3008	Magicmida.exe
3008	Magicmida.exe
3008	Magicmida.exe
1932	x64dbg.exe
1932	x64dbg.exe
1932	x64dbg.exe
3284	x64dbg.exe
3284	x64dbg.exe
3284	x64dbg.exe
3284	x64dbg.exe
3284	x64dbg.exe
3284	x64dbg.exe
3284	x64dbg.exe
3284	x64dbg.exe
3284	x64dbg.exe
3284	x64dbg.exe
3284	x64dbg.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2288 wrote to memory of 2204	2288	MWIII_IRIS_AIO_V3.5.exe	88
PID 2288 wrote to memory of 2204	2288	MWIII_IRIS_AIO_V3.5.exe	88
PID 2288 wrote to memory of 1416	2288	MWIII_IRIS_AIO_V3.5.exe	89
PID 2288 wrote to memory of 1416	2288	MWIII_IRIS_AIO_V3.5.exe	89
PID 2288 wrote to memory of 3036	2288	MWIII_IRIS_AIO_V3.5.exe	90
PID 2288 wrote to memory of 3036	2288	MWIII_IRIS_AIO_V3.5.exe	90
PID 2288 wrote to memory of 1412	2288	MWIII_IRIS_AIO_V3.5.exe	91
PID 2288 wrote to memory of 1412	2288	MWIII_IRIS_AIO_V3.5.exe	91
PID 2288 wrote to memory of 1676	2288	MWIII_IRIS_AIO_V3.5.exe	92
PID 2288 wrote to memory of 1676	2288	MWIII_IRIS_AIO_V3.5.exe	92
PID 2288 wrote to memory of 5028	2288	MWIII_IRIS_AIO_V3.5.exe	93
PID 2288 wrote to memory of 5028	2288	MWIII_IRIS_AIO_V3.5.exe	93
PID 2288 wrote to memory of 3632	2288	MWIII_IRIS_AIO_V3.5.exe	94
PID 2288 wrote to memory of 3632	2288	MWIII_IRIS_AIO_V3.5.exe	94
PID 2204 wrote to memory of 4908	2204	cmd.exe	96
PID 2204 wrote to memory of 4908	2204	cmd.exe	96
PID 3632 wrote to memory of 3884	3632	cmd.exe	95
PID 3632 wrote to memory of 3884	3632	cmd.exe	95
PID 1416 wrote to memory of 4008	1416	cmd.exe	97
PID 1416 wrote to memory of 4008	1416	cmd.exe	97
PID 3036 wrote to memory of 3616	3036	cmd.exe	98
PID 3036 wrote to memory of 3616	3036	cmd.exe	98
PID 1412 wrote to memory of 364	1412	cmd.exe	99
PID 1412 wrote to memory of 364	1412	cmd.exe	99
PID 1676 wrote to memory of 4560	1676	cmd.exe	100
PID 1676 wrote to memory of 4560	1676	cmd.exe	100
PID 2288 wrote to memory of 1492	2288	MWIII_IRIS_AIO_V3.5.exe	102
PID 2288 wrote to memory of 1492	2288	MWIII_IRIS_AIO_V3.5.exe	102
PID 2288 wrote to memory of 1204	2288	MWIII_IRIS_AIO_V3.5.exe	103
PID 2288 wrote to memory of 1204	2288	MWIII_IRIS_AIO_V3.5.exe	103
PID 2288 wrote to memory of 4368	2288	MWIII_IRIS_AIO_V3.5.exe	104
PID 2288 wrote to memory of 4368	2288	MWIII_IRIS_AIO_V3.5.exe	104
PID 2288 wrote to memory of 2180	2288	MWIII_IRIS_AIO_V3.5.exe	105
PID 2288 wrote to memory of 2180	2288	MWIII_IRIS_AIO_V3.5.exe	105
PID 2288 wrote to memory of 532	2288	MWIII_IRIS_AIO_V3.5.exe	106
PID 2288 wrote to memory of 532	2288	MWIII_IRIS_AIO_V3.5.exe	106
PID 2288 wrote to memory of 1164	2288	MWIII_IRIS_AIO_V3.5.exe	107
PID 2288 wrote to memory of 1164	2288	MWIII_IRIS_AIO_V3.5.exe	107
PID 532 wrote to memory of 2584	532	cmd.exe	108
PID 532 wrote to memory of 2584	532	cmd.exe	108
PID 1492 wrote to memory of 3396	1492	cmd.exe	109
PID 1492 wrote to memory of 3396	1492	cmd.exe	109
PID 4368 wrote to memory of 4944	4368	cmd.exe	110
PID 4368 wrote to memory of 4944	4368	cmd.exe	110
PID 2180 wrote to memory of 1448	2180	cmd.exe	111
PID 2180 wrote to memory of 1448	2180	cmd.exe	111
PID 1204 wrote to memory of 1192	1204	cmd.exe	112
PID 1204 wrote to memory of 1192	1204	cmd.exe	112
PID 2288 wrote to memory of 4208	2288	MWIII_IRIS_AIO_V3.5.exe	113
PID 2288 wrote to memory of 4208	2288	MWIII_IRIS_AIO_V3.5.exe	113
PID 2288 wrote to memory of 4072	2288	MWIII_IRIS_AIO_V3.5.exe	114
PID 2288 wrote to memory of 4072	2288	MWIII_IRIS_AIO_V3.5.exe	114
PID 2288 wrote to memory of 3940	2288	MWIII_IRIS_AIO_V3.5.exe	115
PID 2288 wrote to memory of 3940	2288	MWIII_IRIS_AIO_V3.5.exe	115
PID 2288 wrote to memory of 3992	2288	MWIII_IRIS_AIO_V3.5.exe	116
PID 2288 wrote to memory of 3992	2288	MWIII_IRIS_AIO_V3.5.exe	116
PID 2288 wrote to memory of 2464	2288	MWIII_IRIS_AIO_V3.5.exe	117
PID 2288 wrote to memory of 2464	2288	MWIII_IRIS_AIO_V3.5.exe	117
PID 2288 wrote to memory of 4644	2288	MWIII_IRIS_AIO_V3.5.exe	118
PID 2288 wrote to memory of 4644	2288	MWIII_IRIS_AIO_V3.5.exe	118
PID 2288 wrote to memory of 1788	2288	MWIII_IRIS_AIO_V3.5.exe	119
PID 2288 wrote to memory of 1788	2288	MWIII_IRIS_AIO_V3.5.exe	119
PID 2288 wrote to memory of 592	2288	MWIII_IRIS_AIO_V3.5.exe	120
PID 2288 wrote to memory of 592	2288	MWIII_IRIS_AIO_V3.5.exe	120

C:\Users\Admin\AppData\Local\Temp\MWIII_IRIS_AIO_V3.5.exe
"C:\Users\Admin\AppData\Local\Temp\MWIII_IRIS_AIO_V3.5.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2288
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2204
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:4908
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe /c taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T >nul 2>&1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1416
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:4008
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3036
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:3616
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1412
- - C:\Windows\system32\sc.exe
    sc stop HTTPDebuggerPro
    3⤵
    - Launches sc.exe
    PID:364
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe /c taskkill /IM HTTPDebuggerSvc.exe /F >nul 2>&1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1676
- - C:\Windows\system32\taskkill.exe
    taskkill /IM HTTPDebuggerSvc.exe /F
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:4560
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe /c @RD /S /Q "C:\Users\%username%\AppData\Local\Microsoft\Windows\INetCache\IE" >nul 2>&1
  2⤵
  PID:5028
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\MWIII_IRIS_AIO_V3.5.exe" MD5
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3632
- - C:\Windows\system32\certutil.exe
    certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\MWIII_IRIS_AIO_V3.5.exe" MD5
    3⤵
    PID:3884
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1492
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:3396
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe /c taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T >nul 2>&1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1204
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:1192
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4368
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:4944
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2180
- - C:\Windows\system32\sc.exe
    sc stop HTTPDebuggerPro
    3⤵
    - Launches sc.exe
    PID:1448
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe /c taskkill /IM HTTPDebuggerSvc.exe /F >nul 2>&1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:532
- - C:\Windows\system32\taskkill.exe
    taskkill /IM HTTPDebuggerSvc.exe /F
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:2584
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe /c @RD /S /Q "C:\Users\%username%\AppData\Local\Microsoft\Windows\INetCache\IE" >nul 2>&1
  2⤵
  PID:1164
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
  2⤵
  PID:4208
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:1420
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe /c taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T >nul 2>&1
  2⤵
  PID:4072
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:1680
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
  2⤵
  PID:3940
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:4440
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1
  2⤵
  PID:3992
- - C:\Windows\system32\sc.exe
    sc stop HTTPDebuggerPro
    3⤵
    - Launches sc.exe
    PID:5088
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe /c taskkill /IM HTTPDebuggerSvc.exe /F >nul 2>&1
  2⤵
  PID:2464
- - C:\Windows\system32\taskkill.exe
    taskkill /IM HTTPDebuggerSvc.exe /F
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:5064
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe /c @RD /S /Q "C:\Users\%username%\AppData\Local\Microsoft\Windows\INetCache\IE" >nul 2>&1
  2⤵
  PID:4644
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
  2⤵
  PID:1788
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:2316
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe /c taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T >nul 2>&1
  2⤵
  PID:592
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:4688
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
  2⤵
  PID:4552
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:2104
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1
  2⤵
  PID:1116
- - C:\Windows\system32\sc.exe
    sc stop HTTPDebuggerPro
    3⤵
    - Launches sc.exe
    PID:3020
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe /c taskkill /IM HTTPDebuggerSvc.exe /F >nul 2>&1
  2⤵
  PID:1248
- - C:\Windows\system32\taskkill.exe
    taskkill /IM HTTPDebuggerSvc.exe /F
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:4956
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe /c @RD /S /Q "C:\Users\%username%\AppData\Local\Microsoft\Windows\INetCache\IE" >nul 2>&1
  2⤵
  PID:4276

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb8b58ab58,0x7ffb8b58ab68,0x7ffb8b58ab78
  2⤵
  PID:1288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 --field-trial-handle=1816,i,5539929275311679880,5189727243654425580,131072 /prefetch:2
  2⤵
  PID:4184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1816,i,5539929275311679880,5189727243654425580,131072 /prefetch:8
  2⤵
  PID:892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2252 --field-trial-handle=1816,i,5539929275311679880,5189727243654425580,131072 /prefetch:8
  2⤵
  PID:4156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3104 --field-trial-handle=1816,i,5539929275311679880,5189727243654425580,131072 /prefetch:1
  2⤵
  PID:1500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3128 --field-trial-handle=1816,i,5539929275311679880,5189727243654425580,131072 /prefetch:1
  2⤵
  PID:1004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4044 --field-trial-handle=1816,i,5539929275311679880,5189727243654425580,131072 /prefetch:1
  2⤵
  PID:2620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4952 --field-trial-handle=1816,i,5539929275311679880,5189727243654425580,131072 /prefetch:1
  2⤵
  PID:532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=2620 --field-trial-handle=1816,i,5539929275311679880,5189727243654425580,131072 /prefetch:1
  2⤵
  PID:464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3488 --field-trial-handle=1816,i,5539929275311679880,5189727243654425580,131072 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2632 --field-trial-handle=1816,i,5539929275311679880,5189727243654425580,131072 /prefetch:8
  2⤵
  PID:4000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4540 --field-trial-handle=1816,i,5539929275311679880,5189727243654425580,131072 /prefetch:8
  2⤵
  PID:556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4816 --field-trial-handle=1816,i,5539929275311679880,5189727243654425580,131072 /prefetch:8
  2⤵
  PID:3824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4784 --field-trial-handle=1816,i,5539929275311679880,5189727243654425580,131072 /prefetch:1
  2⤵
  PID:2072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1628 --field-trial-handle=1816,i,5539929275311679880,5189727243654425580,131072 /prefetch:1
  2⤵
  PID:1652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4480 --field-trial-handle=1816,i,5539929275311679880,5189727243654425580,131072 /prefetch:8
  2⤵
  PID:4808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3324 --field-trial-handle=1816,i,5539929275311679880,5189727243654425580,131072 /prefetch:1
  2⤵
  PID:2576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4400 --field-trial-handle=1816,i,5539929275311679880,5189727243654425580,131072 /prefetch:1
  2⤵
  PID:3900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3356 --field-trial-handle=1816,i,5539929275311679880,5189727243654425580,131072 /prefetch:8
  2⤵
  PID:4492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3332 --field-trial-handle=1816,i,5539929275311679880,5189727243654425580,131072 /prefetch:8
  2⤵
  PID:1056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3092 --field-trial-handle=1816,i,5539929275311679880,5189727243654425580,131072 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4572 --field-trial-handle=1816,i,5539929275311679880,5189727243654425580,131072 /prefetch:1
  2⤵
  PID:3892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5208 --field-trial-handle=1816,i,5539929275311679880,5189727243654425580,131072 /prefetch:1
  2⤵
  PID:4000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4872 --field-trial-handle=1816,i,5539929275311679880,5189727243654425580,131072 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5184 --field-trial-handle=1816,i,5539929275311679880,5189727243654425580,131072 /prefetch:1
  2⤵
  PID:920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3492 --field-trial-handle=1816,i,5539929275311679880,5189727243654425580,131072 /prefetch:8
  2⤵
  PID:4944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3144 --field-trial-handle=1816,i,5539929275311679880,5189727243654425580,131072 /prefetch:8
  2⤵
  PID:2988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=2324 --field-trial-handle=1816,i,5539929275311679880,5189727243654425580,131072 /prefetch:1
  2⤵
  PID:3448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5500 --field-trial-handle=1816,i,5539929275311679880,5189727243654425580,131072 /prefetch:8
  2⤵
  PID:4180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3320 --field-trial-handle=1816,i,5539929275311679880,5189727243654425580,131072 /prefetch:8
  2⤵
  PID:4976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 --field-trial-handle=1816,i,5539929275311679880,5189727243654425580,131072 /prefetch:8
  2⤵
  PID:2588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5408 --field-trial-handle=1816,i,5539929275311679880,5189727243654425580,131072 /prefetch:8
  2⤵
  PID:1960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3292 --field-trial-handle=1816,i,5539929275311679880,5189727243654425580,131072 /prefetch:8
  2⤵
  PID:728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4716 --field-trial-handle=1816,i,5539929275311679880,5189727243654425580,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=5428 --field-trial-handle=1816,i,5539929275311679880,5189727243654425580,131072 /prefetch:1
  2⤵
  PID:680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=5376 --field-trial-handle=1816,i,5539929275311679880,5189727243654425580,131072 /prefetch:1
  2⤵
  PID:4288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 --field-trial-handle=1816,i,5539929275311679880,5189727243654425580,131072 /prefetch:8
  2⤵
  PID:228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5484 --field-trial-handle=1816,i,5539929275311679880,5189727243654425580,131072 /prefetch:8
  2⤵
  PID:2124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5228 --field-trial-handle=1816,i,5539929275311679880,5189727243654425580,131072 /prefetch:8
  2⤵
  PID:3384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5728 --field-trial-handle=1816,i,5539929275311679880,5189727243654425580,131072 /prefetch:8
  2⤵
  PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5812 --field-trial-handle=1816,i,5539929275311679880,5189727243654425580,131072 /prefetch:8
  2⤵
  PID:4348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4204 --field-trial-handle=1816,i,5539929275311679880,5189727243654425580,131072 /prefetch:8
  2⤵
  PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4208 --field-trial-handle=1816,i,5539929275311679880,5189727243654425580,131072 /prefetch:8
  2⤵
  PID:3940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5704 --field-trial-handle=1816,i,5539929275311679880,5189727243654425580,131072 /prefetch:8
  2⤵
  PID:4488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=244 --field-trial-handle=1816,i,5539929275311679880,5189727243654425580,131072 /prefetch:8
  2⤵
  PID:3392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5764 --field-trial-handle=1816,i,5539929275311679880,5189727243654425580,131072 /prefetch:8
  2⤵
  PID:512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5836 --field-trial-handle=1816,i,5539929275311679880,5189727243654425580,131072 /prefetch:8
  2⤵
  PID:3916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3408 --field-trial-handle=1816,i,5539929275311679880,5189727243654425580,131072 /prefetch:8
  2⤵
  PID:1388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5280 --field-trial-handle=1816,i,5539929275311679880,5189727243654425580,131072 /prefetch:8
  2⤵
  PID:1344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5412 --field-trial-handle=1816,i,5539929275311679880,5189727243654425580,131072 /prefetch:8
  2⤵
  PID:2800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5432 --field-trial-handle=1816,i,5539929275311679880,5189727243654425580,131072 /prefetch:8
  2⤵
  PID:2560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5332 --field-trial-handle=1816,i,5539929275311679880,5189727243654425580,131072 /prefetch:8
  2⤵
  PID:1204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5568 --field-trial-handle=1816,i,5539929275311679880,5189727243654425580,131072 /prefetch:8
  2⤵
  PID:3408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3996 --field-trial-handle=1816,i,5539929275311679880,5189727243654425580,131072 /prefetch:8
  2⤵
  PID:1064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6032 --field-trial-handle=1816,i,5539929275311679880,5189727243654425580,131072 /prefetch:8
  2⤵
  PID:1636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6060 --field-trial-handle=1816,i,5539929275311679880,5189727243654425580,131072 /prefetch:8
  2⤵
  PID:2972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6056 --field-trial-handle=1816,i,5539929275311679880,5189727243654425580,131072 /prefetch:8
  2⤵
  PID:5052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=5824 --field-trial-handle=1816,i,5539929275311679880,5189727243654425580,131072 /prefetch:1
  2⤵
  PID:2188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 --field-trial-handle=1816,i,5539929275311679880,5189727243654425580,131072 /prefetch:8
  2⤵
  PID:2304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4736 --field-trial-handle=1816,i,5539929275311679880,5189727243654425580,131072 /prefetch:8
  2⤵
  PID:2076

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4060

C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play -Embedding
1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4072
- C:\Windows\SysWOW64\unregmp2.exe
  "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
  2⤵
  PID:2248
- - C:\Windows\system32\unregmp2.exe
    "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
    3⤵
    - Enumerates connected drives
    - Suspicious use of AdjustPrivilegeToken
    PID:1244
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 3076
  2⤵
  - Program crash
  PID:4380

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost
1⤵
- Drops file in Windows directory
PID:4812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4072 -ip 4072
1⤵
PID:3484

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4760

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {c82192ee-6cb5-4bc0-9ef0-fb818773790a} -Embedding
1⤵
PID:1876

C:\Users\Admin\Downloads\snapshot_2024-07-07_16-07\release\x64\x64dbg.exe
"C:\Users\Admin\Downloads\snapshot_2024-07-07_16-07\release\x64\x64dbg.exe"
1⤵
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1952
- C:\Users\Admin\Downloads\MWIII_1.exe
  "C:\Users\Admin\Downloads\MWIII_1.exe"
  2⤵
  - Executes dropped EXE
  PID:1584

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:1340

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious use of SendNotifyMessage
PID:3580

C:\Users\Admin\Downloads\snapshot_2024-07-07_16-07\release\x96dbg.exe
"C:\Users\Admin\Downloads\snapshot_2024-07-07_16-07\release\x96dbg.exe"
1⤵
PID:752
- C:\Users\Admin\Downloads\snapshot_2024-07-07_16-07\release\x96dbg.exe
  "C:\Users\Admin\Downloads\snapshot_2024-07-07_16-07\release\x96dbg.exe" ::install
  2⤵
  PID:4576

C:\Users\Admin\Downloads\snapshot_2024-07-07_16-07\release\x96dbg.exe
"C:\Users\Admin\Downloads\snapshot_2024-07-07_16-07\release\x96dbg.exe"
1⤵
PID:2124
- C:\Users\Admin\Downloads\snapshot_2024-07-07_16-07\release\x64\x64dbg.exe
  "C:\Users\Admin\Downloads\snapshot_2024-07-07_16-07\release\x64\x64dbg.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of NtCreateThreadExHideFromDebugger
  - Modifies registry class
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:4496
- - C:\Users\Admin\Downloads\MWIII_1.exe
    "C:\Users\Admin\Downloads\MWIII_1.exe"
    3⤵
    - Executes dropped EXE
    PID:3936

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\43ddad6cda8b4322b4ecb4a359fae9b1 /t 3008 /p 4496
1⤵
PID:4240

C:\Users\Admin\Downloads\snapshot_2024-07-07_16-07\release\x96dbg.exe
"C:\Users\Admin\Downloads\snapshot_2024-07-07_16-07\release\x96dbg.exe"
1⤵
PID:4520
- C:\Users\Admin\Downloads\snapshot_2024-07-07_16-07\release\x64\x64dbg.exe
  "C:\Users\Admin\Downloads\snapshot_2024-07-07_16-07\release\x64\x64dbg.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of NtCreateThreadExHideFromDebugger
  - Suspicious use of SetThreadContext
  - Modifies registry class
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:1932
- - C:\Users\Admin\Downloads\MWIII_1.exe
    "C:\Users\Admin\Downloads\MWIII_1.exe"
    3⤵
    - Identifies VirtualBox via ACPI registry values (likely anti-VM)
    - Checks BIOS information in registry
    - Executes dropped EXE
    - Checks whether UAC is enabled
    PID:4412
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\Downloads\MWIII_1.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
      4⤵
      PID:4332
    - - C:\Windows\system32\certutil.exe
        
        certutil -hashfile "C:\Users\Admin\Downloads\MWIII_1.exe" MD5
        5⤵
        
        PID:1564
    - - C:\Windows\system32\find.exe
        
        find /i /v "md5"
        5⤵
        
        PID:4664
    - - C:\Windows\system32\find.exe
        
        find /i /v "certutil"
        5⤵
        
        PID:2816
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c cls
      4⤵
      PID:2772
- - C:\Users\Admin\Downloads\MWIII_1.exe
    "C:\Users\Admin\Downloads\MWIII_1.exe"
    3⤵
    - Identifies VirtualBox via ACPI registry values (likely anti-VM)
    - Checks BIOS information in registry
    - Executes dropped EXE
    - Checks whether UAC is enabled
    PID:4676
- - C:\Users\Admin\Downloads\MWIII_1.exe
    "C:\Users\Admin\Downloads\MWIII_1.exe"
    3⤵
    - Executes dropped EXE
    PID:4980
- - C:\Users\Admin\Downloads\MWIII_1.exe
    "C:\Users\Admin\Downloads\MWIII_1.exe"
    3⤵
    - Executes dropped EXE
    PID:3332

C:\Users\Admin\Documents\Magicmida.exe
"C:\Users\Admin\Documents\Magicmida.exe"
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3008

C:\Users\Admin\Downloads\snapshot_2024-07-07_16-07\release\x96dbg.exe
"C:\Users\Admin\Downloads\snapshot_2024-07-07_16-07\release\x96dbg.exe"
1⤵
PID:2992
- C:\Users\Admin\Downloads\snapshot_2024-07-07_16-07\release\x64\x64dbg.exe
  "C:\Users\Admin\Downloads\snapshot_2024-07-07_16-07\release\x64\x64dbg.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of SetThreadContext
  - Modifies registry class
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:3284
- - C:\Users\Admin\Downloads\MWIII_1.exe
    "C:\Users\Admin\Downloads\MWIII_1.exe"
    3⤵
    - Identifies VirtualBox via ACPI registry values (likely anti-VM)
    - Checks BIOS information in registry
    - Executes dropped EXE
    - Checks whether UAC is enabled
    PID:512
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\Downloads\MWIII_1.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
      4⤵
      PID:4480
    - - C:\Windows\system32\certutil.exe
        
        certutil -hashfile "C:\Users\Admin\Downloads\MWIII_1.exe" MD5
        5⤵
        
        PID:3580
    - - C:\Windows\system32\find.exe
        
        find /i /v "md5"
        5⤵
        
        PID:3956
    - - C:\Windows\system32\find.exe
        
        find /i /v "certutil"
        5⤵
        
        PID:1916
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start cmd /C "color b && title Error && echo Server returned nothing (no headers, no data) && timeout /t 5"
      4⤵
      PID:468
    - - C:\Windows\system32\cmd.exe
        
        cmd /C "color b && title Error && echo Server returned nothing (no headers, no data) && timeout /t 5"
        5⤵
        
        PID:3008
      - C:\Windows\system32\timeout.exe
        
        timeout /t 5
        6⤵
        Delays execution with timeout.exe
        
        PID:5088
- - C:\Users\Admin\Downloads\MWIII_1.exe
    "C:\Users\Admin\Downloads\MWIII_1.exe"
    3⤵
    - Executes dropped EXE
    PID:4460
- - C:\Users\Admin\Downloads\MWIII_1.exe
    "C:\Users\Admin\Downloads\MWIII_1.exe"
    3⤵
    - Executes dropped EXE
    PID:1908
- - C:\Users\Admin\Downloads\MWIII_1.exe
    "C:\Users\Admin\Downloads\MWIII_1.exe"
    3⤵
    - Executes dropped EXE
    PID:2076
- - C:\Users\Admin\Downloads\MWIII_1.exe
    "C:\Users\Admin\Downloads\MWIII_1.exe"
    3⤵
    - Identifies VirtualBox via ACPI registry values (likely anti-VM)
    - Checks BIOS information in registry
    - Executes dropped EXE
    - Checks whether UAC is enabled
    PID:1656
- - C:\Users\Admin\Downloads\MWIII_1.exe
    "C:\Users\Admin\Downloads\MWIII_1.exe"
    3⤵
    - Identifies VirtualBox via ACPI registry values (likely anti-VM)
    - Checks BIOS information in registry
    - Executes dropped EXE
    - Checks whether UAC is enabled
    PID:1928
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\Downloads\MWIII_1.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
      4⤵
      PID:4796
    - - C:\Windows\system32\certutil.exe
        
        certutil -hashfile "C:\Users\Admin\Downloads\MWIII_1.exe" MD5
        5⤵
        
        PID:4964
    - - C:\Windows\system32\find.exe
        
        find /i /v "md5"
        5⤵
        
        PID:436
    - - C:\Windows\system32\find.exe
        
        find /i /v "certutil"
        5⤵
        
        PID:3500
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c cls
      4⤵
      PID:4332
- - C:\Users\Admin\Downloads\MWIII_1.exe
    "C:\Users\Admin\Downloads\MWIII_1.exe"
    3⤵
    - Identifies VirtualBox via ACPI registry values (likely anti-VM)
    - Checks BIOS information in registry
    - Executes dropped EXE
    - Checks whether UAC is enabled
    PID:1916
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\Downloads\MWIII_1.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
      4⤵
      PID:2216
    - - C:\Windows\system32\certutil.exe
        
        certutil -hashfile "C:\Users\Admin\Downloads\MWIII_1.exe" MD5
        5⤵
        
        PID:3008
    - - C:\Windows\system32\find.exe
        
        find /i /v "md5"
        5⤵
        
        PID:468
    - - C:\Windows\system32\find.exe
        
        find /i /v "certutil"
        5⤵
        
        PID:3788
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c cls
      4⤵
      PID:4832
- - C:\Users\Admin\Downloads\MWIII_1.exe
    "C:\Users\Admin\Downloads\MWIII_1.exe"
    3⤵
    - Identifies VirtualBox via ACPI registry values (likely anti-VM)
    - Checks BIOS information in registry
    - Executes dropped EXE
    - Checks whether UAC is enabled
    PID:2176
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\Downloads\MWIII_1.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
      4⤵
      PID:2336
    - - C:\Windows\system32\certutil.exe
        
        certutil -hashfile "C:\Users\Admin\Downloads\MWIII_1.exe" MD5
        5⤵
        
        PID:3500
    - - C:\Windows\system32\find.exe
        
        find /i /v "md5"
        5⤵
        
        PID:4192
    - - C:\Windows\system32\find.exe
        
        find /i /v "certutil"
        5⤵
        
        PID:4196
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c cls
      4⤵
      PID:100
- - C:\Users\Admin\Downloads\MWIII_1.exe
    "C:\Users\Admin\Downloads\MWIII_1.exe"
    3⤵
    - Identifies VirtualBox via ACPI registry values (likely anti-VM)
    - Checks BIOS information in registry
    - Executes dropped EXE
    - Checks whether UAC is enabled
    PID:3976
- - C:\Users\Admin\Downloads\MWIII_1.exe
    "C:\Users\Admin\Downloads\MWIII_1.exe"
    3⤵
    - Identifies VirtualBox via ACPI registry values (likely anti-VM)
    - Checks BIOS information in registry
    - Executes dropped EXE
    - Checks whether UAC is enabled
    PID:1696
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\Downloads\MWIII_1.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
      4⤵
      PID:2800
    - - C:\Windows\system32\certutil.exe
        
        certutil -hashfile "C:\Users\Admin\Downloads\MWIII_1.exe" MD5
        5⤵
        
        PID:4624
    - - C:\Windows\system32\find.exe
        
        find /i /v "md5"
        5⤵
        
        PID:2324
    - - C:\Windows\system32\find.exe
        
        find /i /v "certutil"
        5⤵
        
        PID:4956
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c cls
      4⤵
      PID:1796
- - C:\Users\Admin\Downloads\MWIII_1.exe
    "C:\Users\Admin\Downloads\MWIII_1.exe"
    3⤵
    - Identifies VirtualBox via ACPI registry values (likely anti-VM)
    - Checks BIOS information in registry
    - Executes dropped EXE
    - Checks whether UAC is enabled
    PID:5004
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\Downloads\MWIII_1.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
      4⤵
      PID:5088
    - - C:\Windows\system32\certutil.exe
        
        certutil -hashfile "C:\Users\Admin\Downloads\MWIII_1.exe" MD5
        5⤵
        
        PID:992
    - - C:\Windows\system32\find.exe
        
        find /i /v "md5"
        5⤵
        
        PID:3068
    - - C:\Windows\system32\find.exe
        
        find /i /v "certutil"
        5⤵
        
        PID:1052
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c cls
      4⤵
      PID:2912
- - C:\Users\Admin\Downloads\MWIII_1.exe
    "C:\Users\Admin\Downloads\MWIII_1.exe"
    3⤵
    - Identifies VirtualBox via ACPI registry values (likely anti-VM)
    - Checks BIOS information in registry
    - Executes dropped EXE
    - Checks whether UAC is enabled
    PID:4680
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\Downloads\MWIII_1.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
      4⤵
      PID:3996
    - - C:\Windows\system32\certutil.exe
        
        certutil -hashfile "C:\Users\Admin\Downloads\MWIII_1.exe" MD5
        5⤵
        
        PID:1036
    - - C:\Windows\system32\find.exe
        
        find /i /v "md5"
        5⤵
        
        PID:3924
    - - C:\Windows\system32\find.exe
        
        find /i /v "certutil"
        5⤵
        
        PID:2844
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c cls
      4⤵
      PID:2644
- - C:\Users\Admin\Downloads\MWIII_1.exe
    "C:\Users\Admin\Downloads\MWIII_1.exe"
    3⤵
    - Identifies VirtualBox via ACPI registry values (likely anti-VM)
    - Checks BIOS information in registry
    - Executes dropped EXE
    - Checks whether UAC is enabled
    PID:2108
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\Downloads\MWIII_1.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
      4⤵
      PID:1396
    - - C:\Windows\system32\certutil.exe
        
        certutil -hashfile "C:\Users\Admin\Downloads\MWIII_1.exe" MD5
        5⤵
        
        PID:4624
    - - C:\Windows\system32\find.exe
        
        find /i /v "md5"
        5⤵
        
        PID:624
    - - C:\Windows\system32\find.exe
        
        find /i /v "certutil"
        5⤵
        
        PID:312
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c cls
      4⤵
      PID:208
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start cmd /C "color b && title Error && echo Server returned nothing (no headers, no data) && timeout /t 5"
      4⤵
      PID:4368
    - - C:\Windows\system32\cmd.exe
        
        cmd /C "color b && title Error && echo Server returned nothing (no headers, no data) && timeout /t 5"
        5⤵
        
        PID:4668
      - C:\Windows\system32\timeout.exe
        
        timeout /t 5
        6⤵
        Delays execution with timeout.exe
        
        PID:2608
- - C:\Users\Admin\Downloads\MWIII_1.exe
    "C:\Users\Admin\Downloads\MWIII_1.exe"
    3⤵
    - Identifies VirtualBox via ACPI registry values (likely anti-VM)
    - Checks BIOS information in registry
    - Executes dropped EXE
    - Checks whether UAC is enabled
    PID:1052
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\Downloads\MWIII_1.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
      4⤵
      PID:3084
    - - C:\Windows\system32\certutil.exe
        
        certutil -hashfile "C:\Users\Admin\Downloads\MWIII_1.exe" MD5
        5⤵
        
        PID:5040
    - - C:\Windows\system32\find.exe
        
        find /i /v "md5"
        5⤵
        
        PID:112
    - - C:\Windows\system32\find.exe
        
        find /i /v "certutil"
        5⤵
        
        PID:4264
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c cls
      4⤵
      PID:2876
- - C:\Users\Admin\Downloads\MWIII_1.exe
    "C:\Users\Admin\Downloads\MWIII_1.exe"
    3⤵
    - Identifies VirtualBox via ACPI registry values (likely anti-VM)
    - Checks BIOS information in registry
    - Executes dropped EXE
    - Checks whether UAC is enabled
    PID:740
- - C:\Users\Admin\Downloads\MWIII_1.exe
    "C:\Users\Admin\Downloads\MWIII_1.exe"
    3⤵
    - Identifies VirtualBox via ACPI registry values (likely anti-VM)
    - Checks BIOS information in registry
    - Executes dropped EXE
    - Checks whether UAC is enabled
    PID:4396
- - C:\Users\Admin\Downloads\MWIII_1.exe
    "C:\Users\Admin\Downloads\MWIII_1.exe"
    3⤵
    - Identifies VirtualBox via ACPI registry values (likely anti-VM)
    - Checks BIOS information in registry
    - Executes dropped EXE
    - Checks whether UAC is enabled
    PID:4080
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\Downloads\MWIII_1.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
      4⤵
      PID:2216
    - - C:\Windows\system32\certutil.exe
        
        certutil -hashfile "C:\Users\Admin\Downloads\MWIII_1.exe" MD5
        5⤵
        
        PID:4868
    - - C:\Windows\system32\find.exe
        
        find /i /v "md5"
        5⤵
        
        PID:5004
    - - C:\Windows\system32\find.exe
        
        find /i /v "certutil"
        5⤵
        
        PID:1808
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c cls
      4⤵
      PID:4064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

T1569

Service Execution

T1569.002

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Service Stop

T1489

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\5c8bd968-00ea-4c35-aa14-515424b39617.tmp

Filesize
284KB

MD5
c4c35289ec1de74854d9ed3fd9e05f83

SHA1
70200cd512f58db43a1a6f7fff4c59d88b99e69c

SHA256
f417583983e931cbf722f297eca73adf493ddb64265ee22e62b7eb8af6a002a1

SHA512
5ac8c4e575b6c5ea28e13dcd059ea132d77b91d2f12d73bb0c20e8e78e1e21efd56b4c1231a9ec0e20d2d32f0d1a9718462aa2ed81f43d301230f6b855d9f496

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
f118896862358d43eb483370b67fb47c

SHA1
1dc34f3ea7032d176f671f3dc884bdd7135d95f9

SHA256
90906b7ec504df96f49606f1d1a251fe89dffb446c290f757c1119cc6453fb09

SHA512
748f616833f052484205845c7c34ded95e3d5ee422b13ce46a502d8299e67d236575655568e8ab66335bdb9544ec83c5776ad22377bc53c3cae7b5fe9ae17d7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
4ce130d6931f4bb40b0cbd9bb7b35aff

SHA1
fff53ba159331b08ecda00a3810f05f749e9453b

SHA256
266beadad59759d364bbdd0f0ef6fd26ab1fc35ffd769e445cc6f7e01b7f8736

SHA512
1533d9c18bef9581d9f56c7cd65f128ca4bdc1fb7323cf2ecdde423300482935b4e4d810ea9c51d4170e5506455f5509a32aa828523303094350bcf9956850c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
2414610ac112a2b26a67a7d2af327237

SHA1
dafd4ec16522152bbc54e20b0d548e256c4459d2

SHA256
167c0aadf6ce1991f1e42e5ee2ef6d127aeabf1f7ee22d5b552a098bccb78065

SHA512
f01bc3c5a1dec1472867c3f25f20c759de1d9495e863e045248c37412aa79a2b8afb7a30df12210947b8d8476f7aebf4366403f0c8852a9513197babf5e06153

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
50881734a8b5a6841c105fb3c95287d8

SHA1
983d4a2f65c5264409f37e783425efe31acfbac6

SHA256
39340713d28a640307b511883b521e59abba198ae4685b636d1454292e8e5b39

SHA512
baed0f53ef6288f9ec9a720a1d02fe15aa1e14c712631dbfca00beabef9dede49940f05d1b6c8ec76e97532e96da3d65eaa4f75d052ab0923044d83f31b2560a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
cc4b2c992c46db5d85b195762611e93b

SHA1
86960038dc7893b5653e5cc24e0ccb6c70fea69c

SHA256
c1ff0da13587f7ea60f889c3f40315f4f76a382d7346db2a5585a96745dfd268

SHA512
03528825cc8710292ac52697fdb2ea67ed7b45b98cc86b166f70bcca4c3bb6d23444adbcfa08f79b3ea5f8b05ae7424e35f772b68ff99632daa8bba2185b09da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
6518f16d4efcc7915e6e92014cfdbf0e

SHA1
be315d740073982f30e0729b18db79771480df62

SHA256
1c57cdf388eee984badd59eaedb5c85c30b691636d2e42c22cfca542a9f235e7

SHA512
5e754278d49fa12465773767c71c3605a085d4060f157580a6395386c96da815eb01574065e5bf5ad347a4cb952263b1bcc07a77d77ec8b68e6d9418983e76dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
85513650cd596afa70fe0591e1d1d998

SHA1
976f0dd7e9fa107ea0ddd7a426b09515e1d97e7c

SHA256
8547ae30e7237a068b6952b96db4b0577615acaabe108334080f674ea41a2851

SHA512
b21d3483c0a776e5645b7d8deeeac1f7e4bd9a68e0609f083db0e432abb8958fe8419fdd26507ee91616b62c28266d5c9d6c81feb94e903f0215e0f37a1142dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
cb31886e93a79594f8ac5fbc12dda8df

SHA1
c5cc71e38e6a348d01987d2b7bd8a0fdac9b960a

SHA256
af9c38179fc008cdfdf2f5378c6ab287ec957df290be144a220a9587974eb628

SHA512
f7c38ea19be2025c1f4e97d4896e26b4260f2e265ccf7839ca002e2377296bc167bd5f44961e340a5c94aac12520591601374bf16723f9f751fcb1894b01e2bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
f809a562c1e9cf40656c6047ca5cbd8a

SHA1
62bbbd7e4d88c0ff1ee100a7f199b9f2387761da

SHA256
241c8fecd7d8ceb0988103b8b3cc05db1df96fef165e1fde2bc74dcf13890077

SHA512
2ec0eb6697c7743e2bb57ddefe98d2421cf0e998b633dfc45136828ce6c8634d02fc244e795cb7fad584a87ab8e2c9f0948965d2906eeadb37d0291444c12cf8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
ac98d01b06028ab55d645c3bfad2ccdf

SHA1
9ba0f05df1a340a198909f5993e39ad35c24d984

SHA256
dfd37bf0a5cf1e30fc7d05253c6048e7a7762f2a95a5fc7b0a07e1b2f1e0294e

SHA512
502d450455cc34bc07f91565cf665973b4093838597d7908f330b68d606fd08fd287d43b7d266d7fa235e3f68d8b1ffe0fb5df836f1d1602bde7fdc7504600ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0372372d06730dcbbe3b9637c8d9ad02

SHA1
59efbc321cc5312589a85cb5b0656d180e760dd1

SHA256
fd01780e67df0ce5b449a939ae6b22e43704054edf5fab7eb2f413cb850676e9

SHA512
e77f92e167fdeb4bebfa6e8d55a05960a0a7758b9c802e857e45eef345011307457c0e84957f984752747714756426161a378cf655e36cfedc6dfb41acc6ef8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1a5e4500c953e4a8d702dbc50e0cfb99

SHA1
4900d497a44af8630529485c0f5b06b85a9afa98

SHA256
30dd6d06abf40845768940ac412955e318ed5f39f78d8c77d1ef7eaba84c58eb

SHA512
1d5581189340c462563641b38e1eb765094b663643367eb722b9e9eb2b1e6ad05d7b6cb6326f671b8df8c695a99898c3dd50f3b03dce9eab16eafd3ff3d47080

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
857B

MD5
258310a07ebbd08d6c3ce3cf6b1d59d5

SHA1
0354817939bda94484f920824c2cf8b6b1de2baa

SHA256
def386b3740b855d2f1a1c5b65229a4cd81a48ac0df6c83583b2cc02b1d0aa91

SHA512
926ba86e4acc48ae542c81e35576a96ddf57c3199c5fc0cb8285dec98d7307da29d4e3caa98174acfb82f4b2c963bf03c3ec435ed9108cacd64eef1023fc8a70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
95573983d16e5549b87bfab7c695c2a5

SHA1
5cf8be090836fad2617d36241a306e06c58f2f95

SHA256
ddf68db00ce4be312be57d6dd9f808f95436409ee0e4f334e73dd657546a7846

SHA512
62b56d9ed5c83617b751843cf370a40da2d183cd0387a6263ef37db344c3e93d556c68ea9fccad193b06fcad439be7509c83b0d8f2036b3ba95ffaad3700378e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4ad6b8395c1c674f802cd56061d83951

SHA1
143a651289e7a7e614bbdd1d9920d3a1a507a356

SHA256
80267e81fef23d6644b8b25c8c6df62a801eadb9e1e141bfb4b149e2631c24e1

SHA512
67ddcc27e6bdeb8497e2031e6536c07e0e1c1d07ede3de529d3e6bdd824b691eb6dae2dbd4e57996bc8cbe7def8dbb7d9d7eb330ff991964b397cf8a12ef3114

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
7b4925e7fcc253aa4e80feb6b68b3f41

SHA1
9aecf6c196a092681ecc910bb8c0ab2e214c0ecb

SHA256
a7939fa138d31691572ca6c5aba6118e84536a084e2fde4829d5a3b2da7b8803

SHA512
485ce4ca6b3fc376f40d67f10dd7f19a7c8354da3846277e150e573e0fdb0fa277a7bce4e50a820074e24e5ac095ec88f3bed9bbd5862f3bf48f8278e142f47b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
857B

MD5
19265282b1daff4e5d015c16d19df22d

SHA1
47bd81985579f5cc9058d7323510355f355a6f4f

SHA256
50f9ec55c4f53cc809777031f74ff1192e9af0abe64b28cd24b6018710aac4f7

SHA512
05e87b3ed5762db0d6967413799a656d98e631f095534bdbd800c1001066c5a84ef157f9e60664c777a61b1837061d58bd2fa9a08657ce4c50edc86e3b1e3543

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
b1bbf1e81a9ee0b1fe9bb53676c4fabf

SHA1
41fec12195b184c78ddba8da5d79a67e63573c5f

SHA256
7e5e522ea9b9abf04b99e9dc98b3c184a92b017e6aaa700a3b12b9819eea6c89

SHA512
3573cd4b3ea522e3cee0adb21934a8a18cdb9db0084573439cdd70e5c5114da33a260bf6f72564937c65d2af07bb7577ee969301927d8c86d861c09413221373

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
8772c3d00fd2382c9dadeba565f97269

SHA1
5dbd62fdaf073d3899fa49ca35835f13b6f599f2

SHA256
ebb4750627f5851b96fb4f88d9652f2fbba9953c6b602c09af70cf4751a45151

SHA512
d2909a3e78c4093d24e542fa381bd39000f0010586e5d9248190947f88a44375e4272a0cb6898ccb715729118fdf8c36be6cbec464ec8b68ac05835907f6c3cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
26ad5d29d447ba63570f23c586e74658

SHA1
9a1c10e7bbea0d98f02faed052fffb794e343396

SHA256
758aad0f1f14a9aadd50669581dcc5e98e537fe3c62d1e6b7e5906f858ea7efa

SHA512
0f726b76d4ddde587207edb4bf699dbabd4ccb6aa214fcc0efc6f69a6602920df2b1579663c750e8bc125b67fc72c3470d728842b4d5600572b6a91e70e0b3d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
565d13d8c1eb2b4fc064d329a2e1ed3d

SHA1
085339fd7dbf7c7185d90aaef896178b25d978bb

SHA256
8dc80b78ad638a06fa8baa82d03afa44aca5340f85342bf801415e516082dff4

SHA512
ca36a4958817d4a1dae3484bc0c9a4a8b9ad2770c56761f674bbd38b8b2636b1f9395fb5bd8e97fea807fbe92ec06a9b7b67000a020077de2921df97fab54d17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
ca50aaed7272a55843c2a67dd83f6907

SHA1
848a7d3bb3a30a2c4ad1bdc7b74be2db1aa3987b

SHA256
1ac054ae773e4d84d6bb9b919274f43f97016405c90d2dc88e5733bb84945c68

SHA512
c3a396a2c1f85a946432bd0cec65d82f8c89c0512013cbdd4e872136f64916a87783516315099ced09c7c577580866aa0f86cefd04aa148976ce1e40e41fca1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
fa5eed3e558a45d5c7ab8e402fe1b74f

SHA1
4ba487329c9e3b8a2c1085fe128b080155807a06

SHA256
648adceaca7f208e9c4e8b56a76d579451498fe5d4c5fe89b2237da76189b671

SHA512
9342f289faf9d058b0c838814a329916a9013e518d0950b282664118ded285c8f77f0ef239a3b27e84cdfcebfdcad2b89c48beb3524cdb91ef5836b77ecbb1eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
6f6b5c6229765138945ee852c2a2eff3

SHA1
8e48187f7075e13a4af657fdc8acf8f4eda10516

SHA256
5ded3f8e9a58b42a426c881460816b8e477262f4cca7397ed99dc082bc665410

SHA512
f039176ce0657954f2d04689671c3d0b9cb2287f1f4e088bda152997886c67ba6962db0f05ccaac0e7ad5cedf4b6c9eaa0e46d5a19aaf89fc03e2ee22989a4bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a788c2bf1dd36304184609f6069f755b

SHA1
44b9c5af4a7768d6df26c21bb7b57b527066f646

SHA256
fbf8da10096c373af2896eb314261c8bc8e89eff5c38344027fcbe4c27aa832f

SHA512
8c258d712d0769f1d5163ccd11270e746603f41fdb011c0edd6cb0d9a98bea7c7209b8aa9320696c405bc10843a8c073f316c489d98f0d20c112db6201641c98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
503cf6f3c33116534302360f6b35cb35

SHA1
d246fb6f6f1c1cc2747bff8c8bc5b363c69ba677

SHA256
0387f52ec0a93e2c8fe12fdb83c53f0b6c4a8750203169260969103059c13bd8

SHA512
ce4dc157995e7265c02f4e65313d3b733f7ccdbb0ed5d37220084b8b163d7e0fb3aca97361864c0709fd6856690abbe6a9a035fe54d9918c0f26913492a87f78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3c2eed7104b8daeb539a413e4a88e8f4

SHA1
4b77ee1ff9bb2d04611d953b748f94962f2479b0

SHA256
ac2eee67fed4ed6ce9458e7da6e326c66cd26b32c84bbaf2e031af452c661f6e

SHA512
14b2f6802e790520795f730a45518719ea988d3dadbd4bc0c234236d34e15e3b7c25d1a6329775cfe7ccf384710520dc8103fb9ac15d57dc4c71a574b2c584c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
1b1b02c76084d90eb4da3ae8ae5c6da0

SHA1
de3a172e6602d6063dde90166187152b958fba4a

SHA256
5fcacee45eb38d7d3695c798f8623613fedab0226652074ffb9215c375cba876

SHA512
ed0cf0cded14db1eb4a1ea9a559b56c696588bbcd326688c3c886267ee8eb51da8ff797a436abc7b11219a79d33ef7026f444c3217df971086f5bcd8129b06b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
8933d365054625b3c2522ae5cc0982e5

SHA1
278741101f13b88dfda4290b79fc487db0566edb

SHA256
aa2330f59e5d36eff12af6a69b252174457340b645885ab9ff3f29545e369b6d

SHA512
dc76133a8a9f9a52c4a0afd5f5082fcea9acc0693b15e1eea93c80f43a80cccc4863333c6935c2c0a636cdad3be02404dc6778928c281c7fa3f95b83fb1a225a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
9dbdc5cab76fa16c73dfde63b49353c0

SHA1
44da8da9d3168826606277ece18cef4024bb7829

SHA256
3390a7849f5b7f10e5a199b1bddf783b8b32965256b503c5e1e680b467e80cf4

SHA512
4b77373142f9092b1cca99b87631e2977557ab71c14245ee04505b74ea0cc590512533860276b4f4264dfe0da757771299895113a305e19dc9a4020f4934401d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c91e4573b8ebbf99d05b91f7028a7806

SHA1
438ca8567acb48a8413d84e1d2ef4ab86281109a

SHA256
8a2a9baaa5fb51a640c2f431aba9982a577f7669aff24551bfdeec9a6803ab3e

SHA512
cb8e6014d061962705e1be4050d82dba1cb9ae82322f22cd1341f6af86b51bb7b3daff0557f805a2402008a1c63e67f5667cd883d06d9370a06b8b585af59073

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
61450f3b0163171ead079446f8ba0476

SHA1
98540e69b78ce0ab129788ec3de2d044b76f9afe

SHA256
f4ab5616074204ea09c40f4707b375b049633754efa27c4bf0a0ac8964b39b86

SHA512
188ae7d5a81e7e09ad288bf3a62d84ad25dfbf6f7d4cd6eae6e1c3ed298d9292fadcaf84cf67fd1895da8032811f3d6ab276438ae80b324d4cdafefbc707ebd3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
ee9fda2684c7c544abe17b50cc09bfa5

SHA1
096f2709c43c90d2eddf1ddc8df89962ffe49cd7

SHA256
018fddb879ee492db294492b44a50f34a0918c5736f2230da546d585051db3c5

SHA512
1f802f6be63d3d0d1e474212eccdb40daee959a34a1ab0ed8ba05068b930554a4f9ae95f01f83ced9bad12eb91be04bec4c5ad75d9ea62b5960044a92c3b3317

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
1abdd242e1acb2879b6be30e084c8f75

SHA1
c2aa59eb0cf67cf2fc95a338ab6e2a37ca1c5ed4

SHA256
e0ac7ddd68931473b064d4b96def0b60ef3051fab16fe0c7af6e740543ee5c2f

SHA512
a2458763961e551dd1f37e60b48638444592476f7afbfd9ba5c7aece75cf3ee6ebd0eb78b9b71211b837f83ebc2d148342cecddf0f042079cd4e3493196ce2fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
ac1498ac051d201efce7b05f1b42a1f4

SHA1
a3fd0aa2eb178a79cb2f2e6354ca711d21f52b17

SHA256
6f9babe4fd8a6580a6b6dcdea1836ef64e3c8a328e67f8481dd6e1a7b35ff6e5

SHA512
373983049ae21268320f6ff83c9922c32cb33ccbcb3d5122852f375eb9bd0c0187186ca6c716eb56c64c5b5dd18991b442ee1ab56000f7af16b0c5d27dd54488

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a0468e6de04ad79ed5b938e9f477cff6

SHA1
5a191e852fbf4ee3adb09e3729abed62649930b2

SHA256
b29a39f7f2ca28686a24da4cb3f657b7c5e43dcd603232126fb18c3630418218

SHA512
079824e3945dbb9282fc96cda2c12c6a5cbb48105864984705c74c7165f814fe88441641020c73d12ac761ef87c7d439785162851470fd1686506a44163cc60c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
fdafe2c2cbb5890a181917dca07f36be

SHA1
f05ba249eea7092e5c94e7ff89cc227947085c1e

SHA256
a445c2418f03a8de587e46e840a4a6652555b1825e39f788b12cd55bc72e9de1

SHA512
887a2bd75b569e375acb44a724ff5650ae7da8fea99d8ba636644450a590ef74344a55ab3d24b349ccc31fed35ed3c61db2e625d6172463434879691994c382c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
75d00a6691316f5d6a373e36a6f5e921

SHA1
114ed92edcb57258963cbce251a8ec39fe0a5bb4

SHA256
4d12f6c1083ac1d61c9020cd6f63ab0e9ae80413c4609e4bab1a1329e7cc7cce

SHA512
2144b26f9343b071c83ba0409eb7b8ab7cc54cce0af0f0fe684aa969ee289a78b89a1f77d9bea6a7db2aa3739c3b6577f453480eb1d01852aa46250c003638c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
284KB

MD5
56acc5c471fc17b34ed9f8b70ccec092

SHA1
1368b4d6516aeb1a524228604ce3b67ca43f033d

SHA256
dd1bafdf61648636bd9dcaa780de68b75a45543707d02e6d795b6c8de59e5f40

SHA512
6d7cd30ac8fcfd803f786a24c9022387a81c7e6820be65dcf6a14c16a29817bf1d52ed1cc770ac40149e0de044005860090c87f97d058fe77dd6a1761dbeb0b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
284KB

MD5
490fa3125df4c4debf30ed491c3c549e

SHA1
42b023cb3da6275b42321a07bbf53886381e45f0

SHA256
a4d00596c9d30916e6a3d391c8558c8c957dcac9e6174d9e72cede957935235a

SHA512
d48d607177ce5926012898cee1fa415faf5a20ee5e726fe80423541c09bbd6c845076119dd0041b4b3650d60c4ab4518fa998cea93ed908813b7fd160d60f47b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
284KB

MD5
0d462f8fb88175f5c16dab0b9e36b986

SHA1
ddf492c13b523bd11c2d52bc1fe189e173cfa51d

SHA256
8c4c21dbb42a11e581e8ad291cf33f697eede6782423f45973de58feb0399e52

SHA512
a2b969e8b7f873c8b5bd4d98e8cd788a3cdb53f6fb57f6e3e748753713cf7a7fc12ba316380ca956781690b9c99de9322ec44b8d698a79380af4f46b89606edc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
284KB

MD5
db79430c7ed95bd6915b9840021724c7

SHA1
943b663075a31729b6fe7769cf3ff713eb3ee117

SHA256
8743bcdb7d566eacf409cd0eb11e740732384aab9f898af6729f6e40fbf359ad

SHA512
e713f543a6111bf7a7ee13aae607a8a5cea09846f14f13f8fcfdc6a8543d5b8ae7c5b976c39b86cb25b05f3cf3e7dbb3885ee4366c9d91dcf446374254f8a06d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
284KB

MD5
fb79129c5c592d5a3ff20aa24259874c

SHA1
aab8df445ca50f0128730acaa0180f7727bfd234

SHA256
5805425e38293c4949d25b896e2186790cf0aa42f042c7cfc4b98e12ce7b6269

SHA512
d6c1d17f879653da74e56774c4f82b2216efb38ba466515b2f01407ce902e9e5a9e7617a6c15971a04520a4b4ca3619c86205c948777ddb15df55930945541e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
284KB

MD5
ad40958bea7edf42cd2e5482b5809ebc

SHA1
7efe5e43e3027fb177f7cbdc91b62427f86eb52c

SHA256
7be3551c1bbe027b908a17b738ad23e6b54dc294d0de9607027cbc6da193a3b0

SHA512
b4e59ae9a742c2f93b6ff6982bd8e6b1a36df64ba717b188b9cb5694db1e2d2348de4d18f650356eae2e74ac5741c1158a43e5465dd8e51bec52cd46129dc58b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
4a83e69e907251b8962e43cdeb53c635

SHA1
56f9c71b43297b4b772023fd98a493ff8204c276

SHA256
1f121b8e208e1fcfad6128bbe9afc31aa7cae78885ea70d2ccbce96915307101

SHA512
05e46fe619263a616f69e2378d0b8855f2d79d5a475bc5bbf694408af3f06a530d8f7912492cb05c54b76e894ef210111e0a674885e8899f8e896118074b3e70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
09398c9598526ea0ea80ab8b31c53d89

SHA1
61a2b4dc7889eb0680bd5d57e764f21e7cf7c2ce

SHA256
249b476ff5b860fd3f35048c8c2938cfe0acdc34f8ff6cf77d8733f5928257c9

SHA512
78399ef18b672f12c98bcec607b65f3b7d92cd6d942867656eb1578682a3df35a0ba262917920613fc6abce1ba12d0ded6948b2289146e6ea4f7c613e362b953

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
94KB

MD5
57d00fa016d44c54cb309a4920ad9b65

SHA1
2d5c4a930b329fc7e2ec1d6902a2bc2350587cee

SHA256
1afb6a0330fe89b4d6d3fa92faa46ab8f691265a844802b5160298f620b39a52

SHA512
4d38e6b84f1265b24a90e4c4da7fc11c4275f82bab1c353bf8a870a431059664a83673d77d6833b589e8b1fc6eb172b014c6faf4886a77b4bdef3465c268d277

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe595c20.TMP

Filesize
89KB

MD5
e11bbf1e7fe6bebc149d6b5f22ccd630

SHA1
3d58a17656507dfb690e155c2c424288546f049a

SHA256
94ccd2f94105e723894d7b5043473a8d5b874e7151c0115c399119dcea53140d

SHA512
f50425060cd6b89204ec94c3c86156a0434128f8d5cd0fbb485f7ee5ad10e6736dc7543ce80f9c1fc63ab7a944340535764692e0e6fbae89292fb029c064c4b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
64KB

MD5
987a07b978cfe12e4ce45e513ef86619

SHA1
22eec9a9b2e83ad33bedc59e3205f86590b7d40c

SHA256
f1a4a978ce1c4731df1594043135cf58d084fdf129dd1c8e4507c9e06eac5ea8

SHA512
39b86540e4d35c84609ef66537b5aa02058e3d4293f902127c7d4eac8ffc65920cb5c69a77552fc085687eed66e38367f83c177046d0ecb8e6d135463cc142aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
1024KB

MD5
5af32a1bb86057b1f8145edd49e01956

SHA1
d0e12023a9b21166d95f2a9beab4e3dead42c0f8

SHA256
8478356afb6c50c41a68f6120ca56785e94ebd0590c0b42fa670f1a84eb1545d

SHA512
a170eb76934ba146537cf93754a7070829a04f3be9a19e1d1d25a33c50f830f02371ad77166a907c6a990fd54453ef29996321911302ce0c7ea3f591cc684a80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD

Filesize
498B

MD5
90be2701c8112bebc6bd58a7de19846e

SHA1
a95be407036982392e2e684fb9ff6602ecad6f1e

SHA256
644fbcdc20086e16d57f31c5bad98be68d02b1c061938d2f5f91cbe88c871fbf

SHA512
d618b473b68b48d746c912ac5fc06c73b047bd35a44a6efc7a859fe1162d68015cf69da41a5db504dcbc4928e360c095b32a3b7792fcc6a38072e1ebd12e7cbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

Filesize
9KB

MD5
5433eab10c6b5c6d55b7cbd302426a39

SHA1
c5b1604b3350dab290d081eecd5389a895c58de5

SHA256
23dbf7014e99e93af5f2760f18ee1370274f06a453145c8d539b66d798dad131

SHA512
207b40d6bec65ab147f963a5f42263ae5bf39857987b439a4fa1647bf9b40e99cdc43ff68b7e2463aa9a948284126ac3c9c7af8350c91134b36d8b1a9c61fd34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.bak

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db

Filesize
1024KB

MD5
6a65605e85b870fba3ecfabb08a8691d

SHA1
d0d6df64b67856c0717e07f76d29d0cf5506f298

SHA256
8ec1b34f237cbad8ed782d2d069fd98e5c4c3a405848c09aba5f9a6bcd811b64

SHA512
aa5fdeace88ababa329608cee065f00d8e479728833b1e3d210c92a7497f01fa61891e917dcf8d1877ea7ace2660c16b0f09aa1c38f8d69c74ac0580f0485f62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db

Filesize
1024KB

MD5
e3b03f02b9d42bf51996fcaa82e1de9e

SHA1
557d824567745ac1c5c28211ddbbc6fca6e807fc

SHA256
99fe9f59452392df2e316139c6509a96048ca45c94bf48ab380e767e73922982

SHA512
7899bce9beaa690046df97e98088a447a69607571c2d4c929fa6780c39fd1c301939b0318c2089e9b13cadb9f162f8c9cb7c8bb9f51caef8db4ccfb0f9462a7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db

Filesize
1024KB

MD5
f82708b538dfcc84870915b4469750bb

SHA1
e5b456f315cfe71409ca596f04a7455f42d54284

SHA256
d8f0a2874e9777626b7ffd706745168109940146b92f45179e6d369e7a0bee92

SHA512
502a179343616dbc391c2d47637ec082243aa27922500c9439bb049b7a7e399c920fccf902c9c9953b5f976a6154c1b30f2848e51704ad724a6274c5f51568ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db

Filesize
1024KB

MD5
ae9fdf3293108e332cd6a2b03670e8b8

SHA1
55e94edf6c8ad4feea7223b58fbe7abc37caf7ab

SHA256
9469be09ff5853bb05b9b0f4bac5418f29a81bd20df03f94f728b173d9b28feb

SHA512
ef61589f89d0e760c4419539b3e4d13b5d6f7b3e6071e36f40422f5c813d5b0b668c549d5cd10314730c3ae2192cc95228159eeafe9f6f321916c857c70e040c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

Filesize
7KB

MD5
1a288a283f30d1de061a89921dd747b2

SHA1
2ceb96b90a845ef8327d66146167319402331718

SHA256
e5defc36914710c5bfa0ec79dff5f622d032a9d6f1938e22e297095d431e0e9a

SHA512
8f127fc09f354ba2c6cea2a4416a40191bfe4c83f5766e3cf3d42704dcb2099adab84d3a151a3f67bb7cd8c5ba3260f4beb9069f0e4e442bacd321936ed6136c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

Filesize
7KB

MD5
8e797eab18ef5d7fe6d5ac31db459128

SHA1
30fc501d38c6f181f7b487f72edccb1e8ad53d22

SHA256
eacad41aa00d0ce9ef015dc09b0072ea0433d399295f5f7b4e06adb4aad5aa3a

SHA512
349a33bc76538d9ac1e2b45b818813292456400ea207a30a2b6a3c5bf2cd22719e5cf316a7d89031a0b3ad02284fe5500cef94174b0644dea5a5dcb6fc6e94d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\wmsetup.log

Filesize
1KB

MD5
b9172a60253b5d19ccf5c0c94ea5f02f

SHA1
c778feb30fbb9fe82869348bb9bb483100ab792b

SHA256
236ea76319179569860877e8dd6c691b0dbd3b2fc3b592f344cb101ce7c60a57

SHA512
c1b6dce54262fe6dd805bc276e615d58d66b0906cbc5ff9150f9eb0036de84add386b7340668363f23d08a5ea1a36a7ad4d87b98a67d3fcb68854ddf1871c54b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\74d7f43c1561fc1e.customDestinations-ms

Filesize
1KB

MD5
5535e2bb9bab3f61d28cfe326c82eb9c

SHA1
85423be7b1c9c080e434a6a3afb306560c27820d

SHA256
6c923fd9490467857347ba8421c2561ed7980a3555b5487c00beec832325d34d

SHA512
c32f017f43afa377d5140dcda883f499676b1d556287810735fba9a4781dc3d20973b3d7838a02508b5dfc77db971d699e600586b1c436bb7d552120ed41ffdc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\74d7f43c1561fc1e.customDestinations-ms

Filesize
3KB

MD5
150adcb35c0b142dd50186256c0e0491

SHA1
4c46090b133112b227084cec33d7311a8e2813c9

SHA256
e7b4b92f39f8aaeb9ffb2c67f376805379458ddf42a60564ab9d49da33f7f46b

SHA512
8394f69a7c8846c458c97903b2153dc0157fe75db4874d6b5417a6af83e85b8376f18499a62726d8e77d56cb5ff17f2f47d2966c128899528b3036bcc1d5b063

Download Submit
C:\Users\Admin\Downloads\HyperHide.zip.crdownload

Filesize
1.1MB

MD5
c9718e166d36b811b430a6d0e1227f38

SHA1
91bce80f2ee6df1cff2cf533049f630e7b2a5770

SHA256
d7a5c3c1340aa5cfa233064890da2fc2b3afdf226c9fca140d5d0591d9228186

SHA512
389bd3664f07fa6331894fdaad721ffa933d87317d2ff0dc452ad0aad49c027cc6f601f21d2f8dc60f23b76c5847367372523c52912f422f2022ed10cf6ee09f

Download Submit
C:\Users\Admin\Downloads\MWIII_1.exe

Filesize
4.9MB

MD5
b8f65af8d4606a9fa6b29d601adef7dc

SHA1
986d7bbb262b7caead4583d679103b9574b0e774

SHA256
b8f1582bafff3d2bcf1eb7c9a6ccf1e4d88106229e1dc2781fc0b1b16ec82a53

SHA512
837bb324f2aca44fdc2e2b5216a7f4e394fa8c8c5a233a79bdce5d89893b6dc8bce6e0851331eaaad0b794cf583be07a082515901839f5194767edafa65b964c

Download Submit
C:\Users\Admin\Downloads\Magicmida.zip.crdownload

Filesize
876KB

MD5
4945f45843099a9ba064a79f6e055fc8

SHA1
5d138447fdfcb96e5204bea4ea57e096787fde2f

SHA256
6acad8a56eac9dd39d6d35fdd0b9593bce5f6eaa94f340aa2aa8c531fe8b501d

SHA512
cb9e0e55aeacce28ed3d05f27369283b68586a50a9165693d7153da3f6555379cf9d27752e218d7a674a3d81cce9ee354e269a2caf558e860e104f0cecb5d42f

Download Submit
C:\Users\Admin\Downloads\ScyllaHide_2023-03-24_13-03.zip.crdownload

Filesize
3.6MB

MD5
138bffc8d10d42fc5c43194f632dfac8

SHA1
9f1769eb39f971e2fb72c539dbc76788982ad14b

SHA256
edeb0dd203fd1ef38e1404e8a1bd001e05c50b6096e49533f546d13ffdcb7404

SHA512
248777f1bd83f9ec55526bb095e85bc0f64c87c0cb4959c091dc7a9008369a5ba2864ac4230b40590438e86bc84e70b549c01cb9524d3c0c86dd3bc335c2b962

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 528611.crdownload

Filesize
91KB

MD5
def935ab78f1a00d3a9f2b81b3f4c0be

SHA1
e2be53bf595f2e87512319c9c16696cab7978831

SHA256
8187434b01b7737074dda165ce6501538f07e7b42e90e8d59279f14f1e298bc0

SHA512
0f46d7a0e783effd366c5aa12da74f614887877ba4ff2b7efd4321eb23acc396fc69e9591fd8fe29494100ea2b696ea5df2cd2bf4303901ff6921799589b5413

Download Submit
C:\Users\Admin\Downloads\snapshot_2024-07-07_16-07\release\x64\db\MWIII_1.exe.dd64

Filesize
403B

MD5
247f22e8d7c454449ca2c26b271dbc76

SHA1
c3989ea2dc3f2c8358adf1df8ef195cdc9329645

SHA256
dc2ca294955bb83414bf1e5712e7f88ed094c81f45e9034f5e28ba3a86b6e512

SHA512
75f4a024002456d0d4bdbbfa9373f41160c6558775433694a5ec8b766f126b6b59c8fc0cda1170d0a93dfceaecaa44babefb9a194da79a7f4b6aa3291da809f9

Download Submit
C:\Users\Admin\Downloads\snapshot_2024-07-07_16-07\release\x64\db\MWIII_1.exe.dd64

Filesize
404B

MD5
4320e63936c09f48f2ab823329719f7f

SHA1
f5d16daeb032fa58ad0ebb37d11126fc58516c0d

SHA256
3d64e1f18a07df63a67171ff7720c520bef503030d907e175cab65749afdf4aa

SHA512
99019a3362bf8c308bebdc032b8e06200a00a9c10ba9408373b6f2370e4e8f39917e5aed36780bdd1b4c1c44f41241bfacbed8cf2bf58ee204a216c7d5bfa456

Download Submit
C:\Users\Admin\Downloads\snapshot_2024-07-07_16-07\release\x64\plugins\scylla_hide.ini

Filesize
7KB

MD5
c9db952ed51747a08cbe243930069d22

SHA1
fc6149bf7ca2b4a3ec119ac7374b2e741a6a6179

SHA256
48f1078ad979e4f0f96e8f2f306a907ba3159d259bbcfa20493c60b7803c7418

SHA512
ff32acce3c9f72b6a37668075bda17aca29b6289ccdaa8299a376933f53005df757d8271b511f307f56f91c5e72f5706e426b5b207ca4b435f700102112377f6

Download Submit
C:\Users\Admin\Downloads\snapshot_2024-07-07_16-07\release\x64\plugins\scylla_hide.ini

Filesize
7KB

MD5
7388e6f06ceb10ecc2a509fe75ddfcb7

SHA1
b2202258e101541adf50029a77e925132bb77978

SHA256
9ed4df45b0eb6d08a43fa27516d7c52d5e2ac75805b7b41563ca65324ce243ab

SHA512
3344bf84c50ec2e81825a0a1f25151c0279beb8982caeff8a968e03e6fa23c91dc29f56d1906f57438005b5fcbd3186faee701a939f1b23d407cbbf12c93d14e

Download Submit
C:\Users\Admin\Downloads\snapshot_2024-07-07_16-07\release\x64\temp_E73EE7E.lz4

Filesize
295B

MD5
0301dc6a000dd0543cf93bec486ce8db

SHA1
23447b68fa1cc74e90b029074136a73337ea7f3d

SHA256
a51b3a7cd25135960e553c2311b90ee05ad1962f22910f02481a3fd655240546

SHA512
6c0c589c72973167c72471e80a6763e2a22ff43557eee4a0dc7b9edf93ba19325bc790c68ed6800c5f6660f445f0db015160f096d41d0d0e423da46ba591fbab

Download Submit
C:\Users\Admin\Downloads\snapshot_2024-07-07_16-07\release\x64\temp_E7445E5.lz4

Filesize
293B

MD5
0a2960390d43a8b4f3146d84da8536c0

SHA1
0ac22e3f8ea04dff54ae7cad546153b957006610

SHA256
cf0fae559650bff078a3e6ca6566a3d51697dc2d92009ce4b9ce4c8f43895a99

SHA512
28de3882514ab0a1e4bb57c5e105ecf71caf0c332d59f753937daff234722b8ac8138984fa5b32f15318e9531285e4e4daa05c3bba74cc1320ea9c7b84f998bf

Download Submit
C:\Users\Admin\Downloads\snapshot_2024-07-07_16-07\release\x64\temp_E79652D.lz4

Filesize
5KB

MD5
a9e28e247dd14256d141960ca1911c85

SHA1
a9fa930b7bef9886823b18d6f27451d05ba07a92

SHA256
b3d2ffd1384fe11d00ca883e3907ea7bed0a7c8a2296e7e7d17a5daa507e5c9a

SHA512
7f2d4aca61640f43d343dfb7f17ddae0d2831041334bc0989ca829afa73fd4ad96c7317f3606e1412671ce4674b721db9128427d1af62a6bf3a20394e53d4553

Download Submit
C:\Users\Admin\Downloads\snapshot_2024-07-07_16-07\release\x64\temp_E79652D.lz4

Filesize
449B

MD5
0fecb8ab8d51734c37ff66b8b84cf28d

SHA1
76ffc6c2a6c4ee7bb903cce438051478e8fd77c1

SHA256
a728b274c9fe43ef43bfadd1855deca977c683b9ef8fcccf080a93f24a4f7210

SHA512
0c2bd3cdb6cff6c40b3a81dca1c9c3c89beb6c5b00488c2ae821a79689a782c0523df3ff0cc3dc0cf5e3de6429515a3b1ec5e86683f66035528cc1d7cf49003e

Download Submit
C:\Users\Admin\Downloads\snapshot_2024-07-07_16-07\release\x64\temp_E79D6B3.lz4

Filesize
439B

MD5
006a4fc0f056d27445e52276a2756955

SHA1
14414fa25f6a7364aea72ce552170148087dd604

SHA256
f91fc09139c5353e4bcf75dcf9380487b1d2e2c80b8c5ee90335a7f3b9234e06

SHA512
5b03bc9d6fbe0bc17e30a17470c7708deffafbdaa731989a63d39f324b372136e280ffbb62f7b311342e0a322b3a08ed9f8ee66001e665a6d7e8a70c0d490e55

Download Submit
C:\Users\Admin\Downloads\snapshot_2024-07-07_16-07\release\x64\temp_E79D6B3.lz4

Filesize
5KB

MD5
ca7e4c8de659b97aee8cdd4922f1c4ae

SHA1
773b3c70731d604e367510e4e5b68fdaca221eb0

SHA256
72ac1e1ebcd76e0c26cb5461d6fec6cd940ab8bdf73f82fb287322c0915586e1

SHA512
25e099a7dfe5f33f54d1b5c604dc3653ef33a712ef2bad92587a8151e87dfea4b39ae19b780a6a95241edff73ad8bb126b368018285b17eb6973c6320b108f91

Download Submit
C:\Users\Admin\Downloads\snapshot_2024-07-07_16-07\release\x64\temp_E7ADC3C.lz4

Filesize
5KB

MD5
06834c8acc84f9a152016452fbad3d9a

SHA1
10f7a9795487ca3940aab2a4f77d26b5d2b9804d

SHA256
a581daaeeb8111d27a6cda270e4bc578973a21d45e0f2c8d99492fda08c4383b

SHA512
930c9669c375f115b3b0802bfb908650df9a2bac0503307a5135ccec89fd172e6cff1d1c36fdac9f027446bbbff6c10308ddfa0db33905e2dffd9a49dedc722c

Download Submit
C:\Users\Admin\Downloads\snapshot_2024-07-07_16-07\release\x64\temp_E7ADC4C.lz4

Filesize
473B

MD5
4357e2f807b2fdd66a592ae081cb5068

SHA1
180d733dc24391efa47e165ab464b102763adb63

SHA256
7165660dfff9d459bd85e416f89e9aa052f77be5aaa28c3fed975ef1d78dbf2a

SHA512
2ef9cb9243c9758ed059a28fd90b7111fea0d2907c526814bd724e406a6b6967c15c762f0cc214bd77ce5ab5bab0fcf9b630ec07d3c7ea860ed520b74e8ca135

Download Submit
C:\Users\Admin\Downloads\snapshot_2024-07-07_16-07\release\x64\temp_E7C14EB.lz4

Filesize
489B

MD5
b3dc1f53f2893c56c1e4190df7474639

SHA1
d3333a806bfa661bd4bc1d4a95189c7492a2341f

SHA256
2e5507162bae34b953a2e6bc6a3a63cc05083baac6d67129fa451ffed376927a

SHA512
689f612b36faf21058e936b64807dd0f6dafc018f24185db8653e2e98905b8ce9bb53e4c387b6795a2fb28e277a023b0f52729063c2037b903cc473033a5edaa

Download Submit
C:\Users\Admin\Downloads\snapshot_2024-07-07_16-07\release\x64\temp_E7C14EB.lz4

Filesize
5KB

MD5
7c78effd631b540cc7aa9dc5be011df9

SHA1
26ee643d6e0266c5761251bb07e4f06094bd63fd

SHA256
02e517011819fbfce6815dbe1b806d06e695c6bcdb8ff675dea33ef04498401f

SHA512
1c287cc97332216bd72c4c897f94f1b407bd8c4f2d9bc27746eb91204049288e3f18fd073f4d34736ec5263227a0f0914e3b6371e9e0e7cb229681b486f9caca

Download Submit
C:\Users\Admin\Downloads\snapshot_2024-07-07_16-07\release\x64\temp_E7EA6A2.lz4

Filesize
484B

MD5
a18b29447325586c20f23d32a8924ce6

SHA1
e88df0fa125dfe897820dc21b848371b339b3f7f

SHA256
a3e7fd75f372f469777bed4f8f966a377505c68be96ee3cc3ab1abe08d54558c

SHA512
5cbb0fac18356ffc8b1b82e00f075c8021963177abf42d5926033615c658dbddab7aafa46979fbd9b36d38aa14711eb77f138ca382667c01bc260118b9035a63

Download Submit
C:\Users\Admin\Downloads\snapshot_2024-07-07_16-07\release\x64\temp_E7EA6A2.lz4

Filesize
5KB

MD5
33e262e11843cb8fb44a5046b802635d

SHA1
ac50a3d320e6b5a61a997bafd01b14f49b9b282a

SHA256
813a3a36bbd3383c8185208482733360297682b972969ce7c09278bd3fdee864

SHA512
e349c1f8aad3a32c493646669af230a25bc379396bce3978dd4450690c4754659206d3bf03b1cdbe7cb87c3953ead86c06cae196e6163ef4107851c1724c0065

Download Submit
C:\Users\Admin\Downloads\snapshot_2024-07-07_16-07\release\x64\temp_E7F6E77.lz4

Filesize
450B

MD5
b11226b21c927d4b607816db9dbb0ffb

SHA1
3cb282c9de3c6fd4701877d157c89b5e630e9bf9

SHA256
76e852a45402a058a3c7a02ef7e0d7cd6e80b214396fd3c225ecbd479b68793d

SHA512
ed45c6386a4230090e8e1d1a450cb50055143ded841e2a25a5b9b13433f3bcd8ada3ff085904c52e7623144cb1715f70132969ea70f7a49e077fef6ef3e9ed48

Download Submit
C:\Users\Admin\Downloads\snapshot_2024-07-07_16-07\release\x64\temp_E7FA3FE.lz4

Filesize
482B

MD5
b7b4ede3e59319a9e4105ff502fb750b

SHA1
cf0f524cbeccbf39261f7a8d81ff8cb4153bfa64

SHA256
55a34260072b662a79bd5c6d4b8836cbc2b4119f91c4b89e489b5eb9711f7a13

SHA512
5544e4e7e0c4a3b86f6c3cfff9b329a8e5c1a353a63654eb0105b2d47b6eb5d2c3df6a3776ab7fd16bae1a664ae540316e1838a22c09d151b09e814a1ae70c55

Download Submit
C:\Users\Admin\Downloads\snapshot_2024-07-07_16-07\release\x64\x64dbg.ini

Filesize
45KB

MD5
dff247fd8cece6ac4c1e543f9d68e6ab

SHA1
b27ad4a1945bf40a3bdc818a8cdfeb7eead10269

SHA256
add1490320d4e02805cdbfc02c67e55993480b8d6d2e1700d32d7e46285e1ea4

SHA512
549af5475b685c8a2e724fca94caaa5849b014ab30cee34c68ab51999865ed4647464812694100d60949bd0a49027997ac0f75cc4c78e2e517f2857b22d208ab

Download Submit
C:\Users\Admin\Downloads\snapshot_2024-07-07_16-07\release\x96dbg.ini

Filesize
122B

MD5
45c1e010baaeb6b086b93c73cbfa1433

SHA1
6570b66b77103aac30dc7cccfacde1e42413890a

SHA256
672875a23347e407ff4a54c6baa35090c7041fa45568437f12b86b50bc2fbebc

SHA512
6b00d4050ad80dc575b056e40b3fdae831e57d1b035fc7500c1523c70c7f03f344e8b53b070ec3c8482fcb7c300d401260502ba4c04076ee23db66c236d3ad50

Download Submit
memory/1584-622-0x00000000004D0000-0x00000000004D1000-memory.dmp

Filesize
4KB

Download
memory/1584-704-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/1584-693-0x00000000004D0000-0x00000000004D1000-memory.dmp

Filesize
4KB

Download
memory/1584-697-0x0000000000510000-0x0000000000511000-memory.dmp

Filesize
4KB

Download
memory/1584-698-0x0000000000520000-0x0000000000521000-memory.dmp

Filesize
4KB

Download
memory/1584-702-0x0000000000560000-0x0000000000561000-memory.dmp

Filesize
4KB

Download
memory/1584-703-0x0000000000570000-0x0000000000571000-memory.dmp

Filesize
4KB

Download
memory/1584-623-0x00000000004E0000-0x00000000004E1000-memory.dmp

Filesize
4KB

Download
memory/1584-708-0x0000000140000000-0x0000000140CD0000-memory.dmp

Filesize
12.8MB

Download
memory/1584-627-0x0000000000520000-0x0000000000521000-memory.dmp

Filesize
4KB

Download
memory/1584-705-0x0000000000590000-0x0000000000591000-memory.dmp

Filesize
4KB

Download
memory/1584-624-0x00000000004F0000-0x00000000004F1000-memory.dmp

Filesize
4KB

Download
memory/1584-620-0x0000000140000000-0x0000000140CD0000-memory.dmp

Filesize
12.8MB

Download
memory/1584-628-0x0000000000530000-0x0000000000531000-memory.dmp

Filesize
4KB

Download
memory/1584-621-0x00000000001F0000-0x00000000001F1000-memory.dmp

Filesize
4KB

Download
memory/1584-625-0x0000000000500000-0x0000000000501000-memory.dmp

Filesize
4KB

Download
memory/1584-626-0x0000000000510000-0x0000000000511000-memory.dmp

Filesize
4KB

Download
memory/1932-969-0x0000000140000000-0x0000000140CD0000-memory.dmp

Filesize
12.8MB

Download
memory/1932-1239-0x0000000140000000-0x0000000140CD0000-memory.dmp

Filesize
12.8MB

Download
memory/1932-1008-0x0000000140000000-0x0000000140CD0000-memory.dmp

Filesize
12.8MB

Download
memory/1932-1274-0x0000000140000000-0x0000000140CD0000-memory.dmp

Filesize
12.8MB

Download
memory/1952-707-0x0000000076170000-0x0000000076185000-memory.dmp

Filesize
84KB

Download
memory/1952-619-0x0000000140000000-0x0000000140CD0000-memory.dmp

Filesize
12.8MB

Download
memory/1952-611-0x0000000076170000-0x0000000076185000-memory.dmp

Filesize
84KB

Download
memory/1952-609-0x00000000756C0000-0x0000000075C0A000-memory.dmp

Filesize
5.3MB

Download
memory/1952-712-0x0000000140000000-0x0000000140CD0000-memory.dmp

Filesize
12.8MB

Download
memory/1952-608-0x00000000756C0000-0x0000000075C0A000-memory.dmp

Filesize
5.3MB

Download
memory/2288-1-0x00007FFB9A3F0000-0x00007FFB9A3F2000-memory.dmp

Filesize
8KB

Download
memory/2288-2-0x00007FF61B4A0000-0x00007FF61C8B1000-memory.dmp

Filesize
20.1MB

Download
memory/2288-0-0x00007FFB97BD0000-0x00007FFB97E99000-memory.dmp

Filesize
2.8MB

Download
memory/2288-7-0x00007FFB97BD0000-0x00007FFB97E99000-memory.dmp

Filesize
2.8MB

Download
memory/2288-8-0x00007FFB97BD0000-0x00007FFB97E99000-memory.dmp

Filesize
2.8MB

Download
memory/2288-5-0x00007FFB97BD0000-0x00007FFB97E99000-memory.dmp

Filesize
2.8MB

Download
memory/3936-938-0x0000000140000000-0x0000000140CD0000-memory.dmp

Filesize
12.8MB

Download
memory/4072-73-0x000000000A1F0000-0x000000000A200000-memory.dmp

Filesize
64KB

Download
memory/4072-72-0x000000000A1F0000-0x000000000A200000-memory.dmp

Filesize
64KB

Download
memory/4072-70-0x00000000078A0000-0x00000000078B0000-memory.dmp

Filesize
64KB

Download
memory/4072-77-0x000000000A1F0000-0x000000000A200000-memory.dmp

Filesize
64KB

Download
memory/4072-76-0x000000000A1F0000-0x000000000A200000-memory.dmp

Filesize
64KB

Download
memory/4072-75-0x000000000A1F0000-0x000000000A200000-memory.dmp

Filesize
64KB

Download
memory/4072-74-0x000000000A1F0000-0x000000000A200000-memory.dmp

Filesize
64KB

Download
memory/4072-78-0x000000000A1F0000-0x000000000A200000-memory.dmp

Filesize
64KB

Download
memory/4072-79-0x000000000A1F0000-0x000000000A200000-memory.dmp

Filesize
64KB

Download
memory/4412-1009-0x0000000140000000-0x0000000140CD0000-memory.dmp

Filesize
12.8MB

Download
memory/4412-1221-0x0000000140000000-0x0000000140CD0000-memory.dmp

Filesize
12.8MB

Download
memory/4496-937-0x0000000140000000-0x0000000140CD0000-memory.dmp

Filesize
12.8MB

Download
memory/4496-827-0x0000000140000000-0x0000000140CD0000-memory.dmp

Filesize
12.8MB

Download