banload | hxxps://www[.]google[.]com/url?sa=t&source=web&rct=j&opi=89978449&url=hxxps://www[.]download-free-games[.]com/&ved=2ahUKEwjjs53w0r2HAxVoq5UCHcP-ACYQFnoECBcQAQ&usg=AOvVaw0LQEOGQgZyzAzejZagifl4

Analysis

max time kernel
576s
max time network
626s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
23-07-2024 17:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=https://www.download-free-games.com/&ved=2ahUKEwjjs53w0r2HAxVoq5UCHcP-ACYQFnoECBcQAQ&usg=AOvVaw0LQEOGQgZyzAzejZagifl4

Score

10^/10

banload discovery downloader dropper evasion spyware stealer trojan

Malware Config

Signatures

Banload
Banload variants download malicious files, then install and execute the files.
trojan dropper downloader banload

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 3 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	GLWorker.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	GLWorker.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	GLWorker.exe

Downloads MZ/PE file

Checks BIOS information in registry 2 TTPs 6 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	GLWorker.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	GLWorker.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	GLWorker.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	GLWorker.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	GLWorker.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	GLWorker.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\International\Geo\Nation	GamesManager.exe

Executes dropped EXE 14 IoCs

pid	Process
2412	travel-mosaics-4-adventures-in-rioSetup.exe
4100	GamesManagerInstaller.exe
5744	GamesManagerInstaller.exe
4264	toasterinstaller.exe
2524	GamesManager.exe
5692	GamesManager.exe
5260	GamesManager.exe
2308	GamesManager.exe
5012	GamesManager.exe
1260	GamesManager.exe
648	GamesManager.exe
1128	GLWorker.exe
1400	GLWorker.exe
1836	GLWorker.exe

Loads dropped DLL 64 IoCs

pid	Process
2412	travel-mosaics-4-adventures-in-rioSetup.exe
2412	travel-mosaics-4-adventures-in-rioSetup.exe
2412	travel-mosaics-4-adventures-in-rioSetup.exe
4100	GamesManagerInstaller.exe
5744	GamesManagerInstaller.exe
5744	GamesManagerInstaller.exe
5744	GamesManagerInstaller.exe
5744	GamesManagerInstaller.exe
5744	GamesManagerInstaller.exe
5744	GamesManagerInstaller.exe
5744	GamesManagerInstaller.exe
5744	GamesManagerInstaller.exe
5744	GamesManagerInstaller.exe
5744	GamesManagerInstaller.exe
5744	GamesManagerInstaller.exe
5744	GamesManagerInstaller.exe
5744	GamesManagerInstaller.exe
5744	GamesManagerInstaller.exe
5744	GamesManagerInstaller.exe
5744	GamesManagerInstaller.exe
5744	GamesManagerInstaller.exe
5744	GamesManagerInstaller.exe
5744	GamesManagerInstaller.exe
5744	GamesManagerInstaller.exe
5744	GamesManagerInstaller.exe
5744	GamesManagerInstaller.exe
5744	GamesManagerInstaller.exe
5744	GamesManagerInstaller.exe
5744	GamesManagerInstaller.exe
5744	GamesManagerInstaller.exe
5744	GamesManagerInstaller.exe
5744	GamesManagerInstaller.exe
5744	GamesManagerInstaller.exe
5744	GamesManagerInstaller.exe
5744	GamesManagerInstaller.exe
5744	GamesManagerInstaller.exe
5744	GamesManagerInstaller.exe
5744	GamesManagerInstaller.exe
5744	GamesManagerInstaller.exe
5744	GamesManagerInstaller.exe
5744	GamesManagerInstaller.exe
5744	GamesManagerInstaller.exe
5744	GamesManagerInstaller.exe
5744	GamesManagerInstaller.exe
5744	GamesManagerInstaller.exe
5744	GamesManagerInstaller.exe
5744	GamesManagerInstaller.exe
5744	GamesManagerInstaller.exe
5744	GamesManagerInstaller.exe
5744	GamesManagerInstaller.exe
5744	GamesManagerInstaller.exe
5744	GamesManagerInstaller.exe
5744	GamesManagerInstaller.exe
5744	GamesManagerInstaller.exe
5744	GamesManagerInstaller.exe
5744	GamesManagerInstaller.exe
5744	GamesManagerInstaller.exe
5744	GamesManagerInstaller.exe
5744	GamesManagerInstaller.exe
5744	GamesManagerInstaller.exe
5744	GamesManagerInstaller.exe
5744	GamesManagerInstaller.exe
5744	GamesManagerInstaller.exe
5744	GamesManagerInstaller.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	chrome.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 4 IoCs

pid	pid_target	Process	procid_target
2152	2308	WerFault.exe	180
428	5012	WerFault.exe	183
4464	1260	WerFault.exe	185
2388	648	WerFault.exe	187

System Location Discovery: System Language Discovery 1 TTPs 14 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GamesManagerInstaller.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GLWorker.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GamesManager.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GamesManager.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GLWorker.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GLWorker.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	travel-mosaics-4-adventures-in-rioSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GamesManagerInstaller.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GamesManager.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GamesManager.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GamesManager.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	toasterinstaller.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GamesManager.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GamesManager.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
behavioral1/files/0x000800000001aca4-588.dat	nsis_installer_1
behavioral1/files/0x000800000001aca4-588.dat	nsis_installer_2

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\LowRegistry\Shell Extensions\Cached	PaintStudio.View.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\LowRegistry	PaintStudio.View.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\LowRegistry\Shell Extensions	PaintStudio.View.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133662280186349283"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\{B6C66E1C-D8DA-13D1-B2E4-0060975B8649}\byPkqlqw = "C`"	GLWorker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "3"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	chrome.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FE5B2B68-9A4A-F563-A509-DC92774CE823}\GkYgLvgkvow = "fX`EkATLhADbV]a]\x7f`[nqdP"	GLWorker.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache	PaintStudio.View.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FE5B2B68-9A4A-F563-A509-DC92774CE823}\InprocServer32	GLWorker.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\{B6C66E1C-D8DA-13D1-B2E4-0060975B8649}\ozhHmsDdxvg = "LUR]GLqZwNfuUY`rawMmF~IhS@GwdueT"	GLWorker.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Content\CacheLimit = "51200"	PaintStudio.View.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FE5B2B68-9A4A-F563-A509-DC92774CE823}\ozhHmsDdxvg = "wLQqumtYUh[nQarQdtLaxuxevPbunhVE"	GLWorker.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 14002e8005398e082303024b98265d99428e115f0000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FE5B2B68-9A4A-F563-A509-DC92774CE823}\IItmnzSmnu = "KeJzPkVZYfOlbedkNNtoxIT\\ExRDw}QQ"	GLWorker.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:"	PaintStudio.View.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\{B6C66E1C-D8DA-13D1-B2E4-0060975B8649}\mnyvmflpmLxca = "QUNInybgtMUiAWYepB\|WS"	GLWorker.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CacheLimit = "1"	PaintStudio.View.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FE5B2B68-9A4A-F563-A509-DC92774CE823}\Programmable	GLWorker.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FE5B2B68-9A4A-F563-A509-DC92774CE823}\ozhHmsDdxvg = "wLQAumtYUh[nQarQdtLaxuxevPbunhVE"	GLWorker.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FE5B2B68-9A4A-F563-A509-DC92774CE823}\lyhnooge = "FeI`gApnjsC\\yX^BeEp]EDGOi"	GLWorker.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FE5B2B68-9A4A-F563-A509-DC92774CE823}\tzhpIEywQrT = "skbIJfQrE{vT\x7fKFsGZ^T]FBP}Gkx"	GLWorker.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FE5B2B68-9A4A-F563-A509-DC92774CE823}\byPkqlqw = "Qp"	GLWorker.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FE5B2B68-9A4A-F563-A509-DC92774CE823}\Implemented Categories	GLWorker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings	PaintStudio.View.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	PaintStudio.View.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FE5B2B68-9A4A-F563-A509-DC92774CE823}\InprocServer32\ = "C:\\Windows\\SysWOW64\\Dxtmsft.dll"	GLWorker.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FE5B2B68-9A4A-F563-A509-DC92774CE823}\InprocServer32\ThreadingModel = "Both"	GLWorker.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe100000002eb059e18986da01cec3de769286da01cec3de769286da0114000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	chrome.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FE5B2B68-9A4A-F563-A509-DC92774CE823}\ToolBoxBitmap32\ = "C:\\Windows\\SysWOW64\\Dxtmsft.dll,235"	GLWorker.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\{B6C66E1C-D8DA-13D1-B2E4-0060975B8649}	GLWorker.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\{B6C66E1C-D8DA-13D1-B2E4-0060975B8649}\byPkqlqw = "lP"	GLWorker.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FE5B2B68-9A4A-F563-A509-DC92774CE823}\byPkqlqw = "~@"	GLWorker.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\{B6C66E1C-D8DA-13D1-B2E4-0060975B8649}\tzhpIEywQrT = "VTqbCxBi[HRzqkC@cFs\|jH\\UCtR@"	GLWorker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	chrome.exe

Modifies system certificate store 2 TTPs 5 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	GamesManager.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e75490f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e4190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	GamesManager.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c000000010000000400000000100000190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e199604000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	GamesManager.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4	GamesManager.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	GamesManager.exe

Runs regedit.exe 1 IoCs

pid	Process
4160	regedit.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
3120	vlc.exe
3892	PaintStudio.View.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2232	chrome.exe
2232	chrome.exe
6088	chrome.exe
6088	chrome.exe
4004	mspaint.exe
4004	mspaint.exe
5240	mspaint.exe
5240	mspaint.exe
3892	PaintStudio.View.exe
3892	PaintStudio.View.exe
3892	PaintStudio.View.exe
3892	PaintStudio.View.exe
3892	PaintStudio.View.exe
3892	PaintStudio.View.exe
3892	PaintStudio.View.exe
3892	PaintStudio.View.exe
3892	PaintStudio.View.exe
3892	PaintStudio.View.exe
3892	PaintStudio.View.exe
3892	PaintStudio.View.exe
3892	PaintStudio.View.exe
3892	PaintStudio.View.exe
3892	PaintStudio.View.exe
3892	PaintStudio.View.exe
3892	PaintStudio.View.exe
3892	PaintStudio.View.exe
3892	PaintStudio.View.exe
3892	PaintStudio.View.exe
3892	PaintStudio.View.exe
3892	PaintStudio.View.exe
3892	PaintStudio.View.exe
3892	PaintStudio.View.exe
3892	PaintStudio.View.exe
3892	PaintStudio.View.exe
3892	PaintStudio.View.exe
3892	PaintStudio.View.exe
3892	PaintStudio.View.exe
3892	PaintStudio.View.exe
3892	PaintStudio.View.exe
3892	PaintStudio.View.exe
3892	PaintStudio.View.exe
3892	PaintStudio.View.exe
3892	PaintStudio.View.exe
3892	PaintStudio.View.exe
3892	PaintStudio.View.exe
3892	PaintStudio.View.exe
3892	PaintStudio.View.exe
3892	PaintStudio.View.exe
3892	PaintStudio.View.exe
3892	PaintStudio.View.exe
3892	PaintStudio.View.exe
3892	PaintStudio.View.exe
3892	PaintStudio.View.exe
3892	PaintStudio.View.exe
3892	PaintStudio.View.exe
3892	PaintStudio.View.exe
3892	PaintStudio.View.exe
3892	PaintStudio.View.exe
5744	GamesManagerInstaller.exe
5744	GamesManagerInstaller.exe
5744	GamesManagerInstaller.exe
5744	GamesManagerInstaller.exe
5744	GamesManagerInstaller.exe
5744	GamesManagerInstaller.exe

Suspicious behavior: GetForegroundWindowSpam 4 IoCs

pid	Process
5896	chrome.exe
2792	chrome.exe
3120	vlc.exe
4160	regedit.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 61 IoCs

pid	Process
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe

Suspicious use of FindShellTrayWindow 46 IoCs

pid	Process
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
3120	vlc.exe
3120	vlc.exe
3120	vlc.exe
3120	vlc.exe
3120	vlc.exe
3120	vlc.exe
3120	vlc.exe
3120	vlc.exe
3120	vlc.exe
3120	vlc.exe
2524	GamesManager.exe

Suspicious use of SendNotifyMessage 34 IoCs

pid	Process
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
3120	vlc.exe
3120	vlc.exe
3120	vlc.exe
3120	vlc.exe
3120	vlc.exe
3120	vlc.exe
3120	vlc.exe
3120	vlc.exe
3120	vlc.exe
2524	GamesManager.exe

Suspicious use of SetWindowsHookEx 30 IoCs

pid	Process
5896	chrome.exe
5896	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2412	travel-mosaics-4-adventures-in-rioSetup.exe
4004	mspaint.exe
4004	mspaint.exe
4004	mspaint.exe
4004	mspaint.exe
3120	vlc.exe
5240	mspaint.exe
3892	PaintStudio.View.exe
3892	PaintStudio.View.exe
4100	GamesManagerInstaller.exe
5744	GamesManagerInstaller.exe
4264	toasterinstaller.exe
2524	GamesManager.exe
5692	GamesManager.exe
5260	GamesManager.exe
2308	GamesManager.exe
5012	GamesManager.exe
1260	GamesManager.exe
648	GamesManager.exe
1128	GLWorker.exe
1400	GLWorker.exe
1836	GLWorker.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2232 wrote to memory of 2888	2232	chrome.exe	73
PID 2232 wrote to memory of 2888	2232	chrome.exe	73
PID 2232 wrote to memory of 5104	2232	chrome.exe	75
PID 2232 wrote to memory of 5104	2232	chrome.exe	75
PID 2232 wrote to memory of 5104	2232	chrome.exe	75
PID 2232 wrote to memory of 5104	2232	chrome.exe	75
PID 2232 wrote to memory of 5104	2232	chrome.exe	75
PID 2232 wrote to memory of 5104	2232	chrome.exe	75
PID 2232 wrote to memory of 5104	2232	chrome.exe	75
PID 2232 wrote to memory of 5104	2232	chrome.exe	75
PID 2232 wrote to memory of 5104	2232	chrome.exe	75
PID 2232 wrote to memory of 5104	2232	chrome.exe	75
PID 2232 wrote to memory of 5104	2232	chrome.exe	75
PID 2232 wrote to memory of 5104	2232	chrome.exe	75
PID 2232 wrote to memory of 5104	2232	chrome.exe	75
PID 2232 wrote to memory of 5104	2232	chrome.exe	75
PID 2232 wrote to memory of 5104	2232	chrome.exe	75
PID 2232 wrote to memory of 5104	2232	chrome.exe	75
PID 2232 wrote to memory of 5104	2232	chrome.exe	75
PID 2232 wrote to memory of 5104	2232	chrome.exe	75
PID 2232 wrote to memory of 5104	2232	chrome.exe	75
PID 2232 wrote to memory of 5104	2232	chrome.exe	75
PID 2232 wrote to memory of 5104	2232	chrome.exe	75
PID 2232 wrote to memory of 5104	2232	chrome.exe	75
PID 2232 wrote to memory of 5104	2232	chrome.exe	75
PID 2232 wrote to memory of 5104	2232	chrome.exe	75
PID 2232 wrote to memory of 5104	2232	chrome.exe	75
PID 2232 wrote to memory of 5104	2232	chrome.exe	75
PID 2232 wrote to memory of 5104	2232	chrome.exe	75
PID 2232 wrote to memory of 5104	2232	chrome.exe	75
PID 2232 wrote to memory of 5104	2232	chrome.exe	75
PID 2232 wrote to memory of 5104	2232	chrome.exe	75
PID 2232 wrote to memory of 5104	2232	chrome.exe	75
PID 2232 wrote to memory of 5104	2232	chrome.exe	75
PID 2232 wrote to memory of 5104	2232	chrome.exe	75
PID 2232 wrote to memory of 5104	2232	chrome.exe	75
PID 2232 wrote to memory of 5104	2232	chrome.exe	75
PID 2232 wrote to memory of 5104	2232	chrome.exe	75
PID 2232 wrote to memory of 5104	2232	chrome.exe	75
PID 2232 wrote to memory of 5104	2232	chrome.exe	75
PID 2232 wrote to memory of 2468	2232	chrome.exe	76
PID 2232 wrote to memory of 2468	2232	chrome.exe	76
PID 2232 wrote to memory of 1868	2232	chrome.exe	77
PID 2232 wrote to memory of 1868	2232	chrome.exe	77
PID 2232 wrote to memory of 1868	2232	chrome.exe	77
PID 2232 wrote to memory of 1868	2232	chrome.exe	77
PID 2232 wrote to memory of 1868	2232	chrome.exe	77
PID 2232 wrote to memory of 1868	2232	chrome.exe	77
PID 2232 wrote to memory of 1868	2232	chrome.exe	77
PID 2232 wrote to memory of 1868	2232	chrome.exe	77
PID 2232 wrote to memory of 1868	2232	chrome.exe	77
PID 2232 wrote to memory of 1868	2232	chrome.exe	77
PID 2232 wrote to memory of 1868	2232	chrome.exe	77
PID 2232 wrote to memory of 1868	2232	chrome.exe	77
PID 2232 wrote to memory of 1868	2232	chrome.exe	77
PID 2232 wrote to memory of 1868	2232	chrome.exe	77
PID 2232 wrote to memory of 1868	2232	chrome.exe	77
PID 2232 wrote to memory of 1868	2232	chrome.exe	77
PID 2232 wrote to memory of 1868	2232	chrome.exe	77
PID 2232 wrote to memory of 1868	2232	chrome.exe	77
PID 2232 wrote to memory of 1868	2232	chrome.exe	77
PID 2232 wrote to memory of 1868	2232	chrome.exe	77
PID 2232 wrote to memory of 1868	2232	chrome.exe	77
PID 2232 wrote to memory of 1868	2232	chrome.exe	77

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=https://www.download-free-games.com/&ved=2ahUKEwjjs53w0r2HAxVoq5UCHcP-ACYQFnoECBcQAQ&usg=AOvVaw0LQEOGQgZyzAzejZagifl4
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffd4eec9758,0x7ffd4eec9768,0x7ffd4eec9778
  2⤵
  PID:2888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1532 --field-trial-handle=1748,i,2568642005709937292,4964024671464185898,131072 /prefetch:2
  2⤵
  PID:5104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1748,i,2568642005709937292,4964024671464185898,131072 /prefetch:8
  2⤵
  PID:2468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2096 --field-trial-handle=1748,i,2568642005709937292,4964024671464185898,131072 /prefetch:8
  2⤵
  PID:1868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2864 --field-trial-handle=1748,i,2568642005709937292,4964024671464185898,131072 /prefetch:1
  2⤵
  PID:1836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2876 --field-trial-handle=1748,i,2568642005709937292,4964024671464185898,131072 /prefetch:1
  2⤵
  PID:3332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4408 --field-trial-handle=1748,i,2568642005709937292,4964024671464185898,131072 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3540 --field-trial-handle=1748,i,2568642005709937292,4964024671464185898,131072 /prefetch:8
  2⤵
  PID:4260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3816 --field-trial-handle=1748,i,2568642005709937292,4964024671464185898,131072 /prefetch:8
  2⤵
  PID:2084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3088 --field-trial-handle=1748,i,2568642005709937292,4964024671464185898,131072 /prefetch:1
  2⤵
  PID:3376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4700 --field-trial-handle=1748,i,2568642005709937292,4964024671464185898,131072 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2084 --field-trial-handle=1748,i,2568642005709937292,4964024671464185898,131072 /prefetch:1
  2⤵
  PID:4488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=300 --field-trial-handle=1748,i,2568642005709937292,4964024671464185898,131072 /prefetch:1
  2⤵
  PID:1244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2868 --field-trial-handle=1748,i,2568642005709937292,4964024671464185898,131072 /prefetch:8
  2⤵
  PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3688 --field-trial-handle=1748,i,2568642005709937292,4964024671464185898,131072 /prefetch:1
  2⤵
  PID:4220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=768 --field-trial-handle=1748,i,2568642005709937292,4964024671464185898,131072 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3860 --field-trial-handle=1748,i,2568642005709937292,4964024671464185898,131072 /prefetch:1
  2⤵
  PID:4200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5592 --field-trial-handle=1748,i,2568642005709937292,4964024671464185898,131072 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5644 --field-trial-handle=1748,i,2568642005709937292,4964024671464185898,131072 /prefetch:1
  2⤵
  PID:3184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5684 --field-trial-handle=1748,i,2568642005709937292,4964024671464185898,131072 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5912 --field-trial-handle=1748,i,2568642005709937292,4964024671464185898,131072 /prefetch:1
  2⤵
  PID:2476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6044 --field-trial-handle=1748,i,2568642005709937292,4964024671464185898,131072 /prefetch:1
  2⤵
  PID:4540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5636 --field-trial-handle=1748,i,2568642005709937292,4964024671464185898,131072 /prefetch:1
  2⤵
  PID:796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=1488 --field-trial-handle=1748,i,2568642005709937292,4964024671464185898,131072 /prefetch:1
  2⤵
  PID:4276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5996 --field-trial-handle=1748,i,2568642005709937292,4964024671464185898,131072 /prefetch:1
  2⤵
  PID:2052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 --field-trial-handle=1748,i,2568642005709937292,4964024671464185898,131072 /prefetch:8
  2⤵
  PID:3288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=300 --field-trial-handle=1748,i,2568642005709937292,4964024671464185898,131072 /prefetch:8
  2⤵
  PID:1936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5800 --field-trial-handle=1748,i,2568642005709937292,4964024671464185898,131072 /prefetch:8
  2⤵
  PID:4664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=1600 --field-trial-handle=1748,i,2568642005709937292,4964024671464185898,131072 /prefetch:1
  2⤵
  PID:4216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6256 --field-trial-handle=1748,i,2568642005709937292,4964024671464185898,131072 /prefetch:1
  2⤵
  PID:1064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5236 --field-trial-handle=1748,i,2568642005709937292,4964024671464185898,131072 /prefetch:1
  2⤵
  PID:4272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6328 --field-trial-handle=1748,i,2568642005709937292,4964024671464185898,131072 /prefetch:1
  2⤵
  PID:596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=5596 --field-trial-handle=1748,i,2568642005709937292,4964024671464185898,131072 /prefetch:1
  2⤵
  PID:2224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=5224 --field-trial-handle=1748,i,2568642005709937292,4964024671464185898,131072 /prefetch:1
  2⤵
  PID:948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=6516 --field-trial-handle=1748,i,2568642005709937292,4964024671464185898,131072 /prefetch:1
  2⤵
  PID:2792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=6704 --field-trial-handle=1748,i,2568642005709937292,4964024671464185898,131072 /prefetch:1
  2⤵
  PID:3388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=6852 --field-trial-handle=1748,i,2568642005709937292,4964024671464185898,131072 /prefetch:1
  2⤵
  PID:520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=7052 --field-trial-handle=1748,i,2568642005709937292,4964024671464185898,131072 /prefetch:1
  2⤵
  PID:2364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=7188 --field-trial-handle=1748,i,2568642005709937292,4964024671464185898,131072 /prefetch:1
  2⤵
  PID:2296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=7392 --field-trial-handle=1748,i,2568642005709937292,4964024671464185898,131072 /prefetch:1
  2⤵
  PID:5168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=7416 --field-trial-handle=1748,i,2568642005709937292,4964024671464185898,131072 /prefetch:1
  2⤵
  PID:5176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=7500 --field-trial-handle=1748,i,2568642005709937292,4964024671464185898,131072 /prefetch:1
  2⤵
  PID:5184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=7836 --field-trial-handle=1748,i,2568642005709937292,4964024671464185898,131072 /prefetch:1
  2⤵
  PID:5404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=7988 --field-trial-handle=1748,i,2568642005709937292,4964024671464185898,131072 /prefetch:1
  2⤵
  PID:5412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=8280 --field-trial-handle=1748,i,2568642005709937292,4964024671464185898,131072 /prefetch:1
  2⤵
  PID:5564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=8436 --field-trial-handle=1748,i,2568642005709937292,4964024671464185898,131072 /prefetch:1
  2⤵
  PID:5572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=8612 --field-trial-handle=1748,i,2568642005709937292,4964024671464185898,131072 /prefetch:1
  2⤵
  PID:5700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=8776 --field-trial-handle=1748,i,2568642005709937292,4964024671464185898,131072 /prefetch:1
  2⤵
  PID:5728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=8160 --field-trial-handle=1748,i,2568642005709937292,4964024671464185898,131072 /prefetch:1
  2⤵
  PID:5956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8524 --field-trial-handle=1748,i,2568642005709937292,4964024671464185898,131072 /prefetch:8
  2⤵
  PID:1976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8536 --field-trial-handle=1748,i,2568642005709937292,4964024671464185898,131072 /prefetch:8
  2⤵
  PID:624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8504 --field-trial-handle=1748,i,2568642005709937292,4964024671464185898,131072 /prefetch:8
  2⤵
  PID:3160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=8432 --field-trial-handle=1748,i,2568642005709937292,4964024671464185898,131072 /prefetch:1
  2⤵
  PID:2640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=8840 --field-trial-handle=1748,i,2568642005709937292,4964024671464185898,131072 /prefetch:1
  2⤵
  PID:5796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=8340 --field-trial-handle=1748,i,2568642005709937292,4964024671464185898,131072 /prefetch:1
  2⤵
  PID:1408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=8796 --field-trial-handle=1748,i,2568642005709937292,4964024671464185898,131072 /prefetch:1
  2⤵
  PID:5128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=8364 --field-trial-handle=1748,i,2568642005709937292,4964024671464185898,131072 /prefetch:1
  2⤵
  PID:5660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=8860 --field-trial-handle=1748,i,2568642005709937292,4964024671464185898,131072 /prefetch:1
  2⤵
  PID:5684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=692 --field-trial-handle=1748,i,2568642005709937292,4964024671464185898,131072 /prefetch:1
  2⤵
  PID:5140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=3512 --field-trial-handle=1748,i,2568642005709937292,4964024671464185898,131072 /prefetch:1
  2⤵
  PID:5152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=7720 --field-trial-handle=1748,i,2568642005709937292,4964024671464185898,131072 /prefetch:1
  2⤵
  PID:3224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2900 --field-trial-handle=1748,i,2568642005709937292,4964024671464185898,131072 /prefetch:8
  2⤵
  PID:5488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6684 --field-trial-handle=1748,i,2568642005709937292,4964024671464185898,131072 /prefetch:8
  2⤵
  - Drops file in Windows directory
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:5896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4804 --field-trial-handle=1748,i,2568642005709937292,4964024671464185898,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=772 --field-trial-handle=1748,i,2568642005709937292,4964024671464185898,131072 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=3656 --field-trial-handle=1748,i,2568642005709937292,4964024671464185898,131072 /prefetch:1
  2⤵
  PID:4740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=2196 --field-trial-handle=1748,i,2568642005709937292,4964024671464185898,131072 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=3656 --field-trial-handle=1748,i,2568642005709937292,4964024671464185898,131072 /prefetch:1
  2⤵
  PID:1420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 --field-trial-handle=1748,i,2568642005709937292,4964024671464185898,131072 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:2792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=2428 --field-trial-handle=1748,i,2568642005709937292,4964024671464185898,131072 /prefetch:1
  2⤵
  PID:996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=7640 --field-trial-handle=1748,i,2568642005709937292,4964024671464185898,131072 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --mojo-platform-channel-handle=6460 --field-trial-handle=1748,i,2568642005709937292,4964024671464185898,131072 /prefetch:1
  2⤵
  PID:1364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --mojo-platform-channel-handle=5224 --field-trial-handle=1748,i,2568642005709937292,4964024671464185898,131072 /prefetch:1
  2⤵
  PID:2304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --mojo-platform-channel-handle=4820 --field-trial-handle=1748,i,2568642005709937292,4964024671464185898,131072 /prefetch:1
  2⤵
  PID:3896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --mojo-platform-channel-handle=7064 --field-trial-handle=1748,i,2568642005709937292,4964024671464185898,131072 /prefetch:1
  2⤵
  PID:6040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --mojo-platform-channel-handle=7944 --field-trial-handle=1748,i,2568642005709937292,4964024671464185898,131072 /prefetch:1
  2⤵
  PID:1704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --mojo-platform-channel-handle=8288 --field-trial-handle=1748,i,2568642005709937292,4964024671464185898,131072 /prefetch:1
  2⤵
  PID:6064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --mojo-platform-channel-handle=6752 --field-trial-handle=1748,i,2568642005709937292,4964024671464185898,131072 /prefetch:1
  2⤵
  PID:5476

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4428

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2388

C:\Users\Admin\Downloads\travel-mosaics-4-adventures-in-rioSetup.exe
"C:\Users\Admin\Downloads\travel-mosaics-4-adventures-in-rioSetup.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2412
- C:\Users\Admin\AppData\Local\Temp\nsq5695.tmp\GamesManagerInstaller.exe
  "C:\Users\Admin\AppData\Local\Temp\nsq5695.tmp\GamesManagerInstaller.exe" -installer.createiwinshortcuts=yes -config.channel=20000006 -config.uri=https://www.iwin.com/ -config.channelName=IWinStreaming -config.iwinrequest="PF/4006613499724968468/travel-mosaics-4-adventures-in-rio/48/0"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:4100
- - C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe
    "C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe" -installer.logstartsent=true -config.channel=20000006 -config.uri="https://www.iwin.com/" -config.channelName="iWin" -config.sku=FIRST_INSTALL -installer.createshortcutswithname="iWin Games" -autoupdate=1 -config.iwinrequest="PF/4006613499724968468/travel-mosaics-4-adventures-in-rio/48/0"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:5744
  - - C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\toasterinstaller.exe
      "C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\toasterinstaller.exe" /S --no-desktop-shortcut
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4264
  - - C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe
      "C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe" -config.uri=https://www.iwin.com/ -config.channel="20000006" -config.sku="FIRST_INSTALL" -config.iwinrequest="PF/4006613499724968468/travel-mosaics-4-adventures-in-rio/48/0"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Modifies system certificate store
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of SetWindowsHookEx
      PID:2524
    - - C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe
        
        "C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe" --type=renderer --no-sandbox --service-pipe-token=98ACA33630C4BE4D88DEED8177393720 --lang=en-US --lang=en-US --log-file="C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\debug.log" --user-agent="Mozilla/5.0 (Windows NT 10.0; Win32; x86) Chromium/61.0.0.0 Chrome/61.0.0.0 Version/3.9.6.640 GamesManager/3.9.6.640 20000006 WinVer/10.0 [x64] CEF/3.3163.1651.gf229796 UAPI" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553 --disable-accelerated-video-decode --disable-gpu-compositing --enable-gpu-async-worker-context --service-request-channel-token=98ACA33630C4BE4D88DEED8177393720 --renderer-client-id=2 --mojo-platform-channel-handle=2744 /prefetch:1
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:5692
    - - C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe
        
        "C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe" --type=renderer --no-sandbox --service-pipe-token=02D583D909795A0C58C94BCFE9DAC2FB --lang=en-US --lang=en-US --log-file="C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\debug.log" --user-agent="Mozilla/5.0 (Windows NT 10.0; Win32; x86) Chromium/61.0.0.0 Chrome/61.0.0.0 Version/3.9.6.640 GamesManager/3.9.6.640 20000006 WinVer/10.0 [x64] CEF/3.3163.1651.gf229796 UAPI" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553 --disable-accelerated-video-decode --disable-gpu-compositing --enable-gpu-async-worker-context --service-request-channel-token=02D583D909795A0C58C94BCFE9DAC2FB --renderer-client-id=3 --mojo-platform-channel-handle=3148 /prefetch:1
        5⤵
        Checks computer location settings
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:5260
    - - C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe
        
        "C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe" --type=gpu-process --no-sandbox --lang=en-US --log-file="C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\debug.log" --user-agent="Mozilla/5.0 (Windows NT 10.0; Win32; x86) Chromium/61.0.0.0 Chrome/61.0.0.0 Version/3.9.6.640 GamesManager/3.9.6.640 20000006 WinVer/10.0 [x64] CEF/3.3163.1651.gf229796 UAPI" --use-gl=swiftshader-webgl --supports-dual-gpus=false --gpu-driver-bug-workarounds=9,12,23,27,49,84 --disable-gl-extensions="GL_KHR_blend_equation_advanced GL_KHR_blend_equation_advanced_coherent" --disable-accelerated-video-decode --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --lang=en-US --log-file="C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\debug.log" --user-agent="Mozilla/5.0 (Windows NT 10.0; Win32; x86) Chromium/61.0.0.0 Chrome/61.0.0.0 Version/3.9.6.640 GamesManager/3.9.6.640 20000006 WinVer/10.0 [x64] CEF/3.3163.1651.gf229796 UAPI" --service-request-channel-token=50B20192A7A6C57D5DA554E544E42A65 --mojo-platform-channel-handle=4092 /prefetch:2
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2308
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 1076
        6⤵
        Program crash
        
        PID:2152
    - - C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe
        
        "C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe" --type=gpu-process --no-sandbox --lang=en-US --log-file="C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\debug.log" --user-agent="Mozilla/5.0 (Windows NT 10.0; Win32; x86) Chromium/61.0.0.0 Chrome/61.0.0.0 Version/3.9.6.640 GamesManager/3.9.6.640 20000006 WinVer/10.0 [x64] CEF/3.3163.1651.gf229796 UAPI" --use-gl=swiftshader-webgl --supports-dual-gpus=false --gpu-driver-bug-workarounds=9,12,23,27,49,84 --disable-gl-extensions="GL_KHR_blend_equation_advanced GL_KHR_blend_equation_advanced_coherent" --disable-accelerated-video-decode --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --lang=en-US --log-file="C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\debug.log" --user-agent="Mozilla/5.0 (Windows NT 10.0; Win32; x86) Chromium/61.0.0.0 Chrome/61.0.0.0 Version/3.9.6.640 GamesManager/3.9.6.640 20000006 WinVer/10.0 [x64] CEF/3.3163.1651.gf229796 UAPI" --service-request-channel-token=9CFA9CB4BEBFFD0E8F063F2D797FAF28 --mojo-platform-channel-handle=3956 /prefetch:2
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:5012
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5012 -s 1092
        6⤵
        Program crash
        
        PID:428
    - - C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe
        
        "C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe" --type=gpu-process --no-sandbox --lang=en-US --log-file="C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\debug.log" --user-agent="Mozilla/5.0 (Windows NT 10.0; Win32; x86) Chromium/61.0.0.0 Chrome/61.0.0.0 Version/3.9.6.640 GamesManager/3.9.6.640 20000006 WinVer/10.0 [x64] CEF/3.3163.1651.gf229796 UAPI" --use-gl=swiftshader-webgl --supports-dual-gpus=false --gpu-driver-bug-workarounds=9,12,23,27,49,84 --disable-gl-extensions="GL_KHR_blend_equation_advanced GL_KHR_blend_equation_advanced_coherent" --disable-accelerated-video-decode --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --lang=en-US --log-file="C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\debug.log" --user-agent="Mozilla/5.0 (Windows NT 10.0; Win32; x86) Chromium/61.0.0.0 Chrome/61.0.0.0 Version/3.9.6.640 GamesManager/3.9.6.640 20000006 WinVer/10.0 [x64] CEF/3.3163.1651.gf229796 UAPI" --service-request-channel-token=D24E2D013010AA23ED9F1BEE2C4CD045 --mojo-platform-channel-handle=4084 /prefetch:2
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1260
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1260 -s 1072
        6⤵
        Program crash
        
        PID:4464
    - - C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe
        
        "C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe" --type=gpu-process --no-sandbox --lang=en-US --log-file="C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\debug.log" --user-agent="Mozilla/5.0 (Windows NT 10.0; Win32; x86) Chromium/61.0.0.0 Chrome/61.0.0.0 Version/3.9.6.640 GamesManager/3.9.6.640 20000006 WinVer/10.0 [x64] CEF/3.3163.1651.gf229796 UAPI" --use-gl=swiftshader-webgl --supports-dual-gpus=false --gpu-driver-bug-workarounds=9,12,23,27,49,84 --disable-gl-extensions="GL_KHR_blend_equation_advanced GL_KHR_blend_equation_advanced_coherent" --disable-accelerated-video-decode --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --lang=en-US --log-file="C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\debug.log" --user-agent="Mozilla/5.0 (Windows NT 10.0; Win32; x86) Chromium/61.0.0.0 Chrome/61.0.0.0 Version/3.9.6.640 GamesManager/3.9.6.640 20000006 WinVer/10.0 [x64] CEF/3.3163.1651.gf229796 UAPI" --service-request-channel-token=B4BD979E79A3E5A4807FA51CA3B4CDA1 --mojo-platform-channel-handle=4084 /prefetch:2
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:648
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 648 -s 1496
        6⤵
        Program crash
        
        PID:2388
    - - C:\Users\Admin\AppData\Local\UGMgames\20000006\travel-mosaics-4-adventures-in-rio\travel-mosaics-4-adventures-in-rio\GLWorker.exe
        
        C:\Users\Admin\AppData\Local\UGMgames\20000006\travel-mosaics-4-adventures-in-rio\travel-mosaics-4-adventures-in-rio\GLWorker.exe ALTUSERNAME;DAYSLEFT;TIMELEFTTOTAL;gid4006613487877689578
        5⤵
        Identifies VirtualBox via ACPI registry values (likely anti-VM)
        Checks BIOS information in registry
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        
        PID:1128
    - - C:\Users\Admin\AppData\Local\UGMgames\20000006\travel-mosaics-4-adventures-in-rio\travel-mosaics-4-adventures-in-rio\GLWorker.exe
        
        C:\Users\Admin\AppData\Local\UGMgames\20000006\travel-mosaics-4-adventures-in-rio\travel-mosaics-4-adventures-in-rio\GLWorker.exe ALTUSERNAME;DAYSLEFT;TIMELEFTTOTAL;gid4006613487877689578
        5⤵
        Identifies VirtualBox via ACPI registry values (likely anti-VM)
        Checks BIOS information in registry
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        
        PID:1400
    - - C:\Users\Admin\AppData\Local\UGMgames\20000006\travel-mosaics-4-adventures-in-rio\travel-mosaics-4-adventures-in-rio\GLWorker.exe
        
        C:\Users\Admin\AppData\Local\UGMgames\20000006\travel-mosaics-4-adventures-in-rio\travel-mosaics-4-adventures-in-rio\GLWorker.exe ALTUSERNAME;DAYSLEFT;TIMELEFTTOTAL;gid4006613487877689578
        5⤵
        Identifies VirtualBox via ACPI registry values (likely anti-VM)
        Checks BIOS information in registry
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1836
    - - C:\Users\Admin\AppData\Local\UGMgames\20000006\travel-mosaics-4-adventures-in-rio\travel-mosaics-4-adventures-in-rio\TravelMosaics4_AdventuresInRio.ifn
        
        C:\Users\Admin\AppData\Local\UGMgames\20000006\travel-mosaics-4-adventures-in-rio\travel-mosaics-4-adventures-in-rio\TravelMosaics4_AdventuresInRio.ifn
        5⤵
        
        PID:5720
    - - C:\Users\Admin\AppData\Local\UGMgames\20000006\travel-mosaics-4-adventures-in-rio\travel-mosaics-4-adventures-in-rio\GLWorker.exe
        
        C:\Users\Admin\AppData\Local\UGMgames\20000006\travel-mosaics-4-adventures-in-rio\travel-mosaics-4-adventures-in-rio\GLWorker.exe ALTUSERNAME;DAYSLEFT;TIMELEFTTOTAL;gid4006613487877689578
        5⤵
        
        PID:1500

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\RevokeRead.bmp"
1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4004

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s DeviceAssociationService
1⤵
PID:2492

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\HidePush.MTS"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3120

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\ClearNew.png" /ForceBootstrapPaint3D
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:5240

C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
"C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe" -ServerName:Microsoft.MSPaint.AppX437q68k2qc2asvaagas2prv9tjej6ja9.mca
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3892

C:\Windows\regedit.exe
"C:\Windows\regedit.exe"
1⤵
- Runs regedit.exe
- Suspicious behavior: GetForegroundWindowSpam
PID:4160

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x344
1⤵
PID:3288

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Virtualization/Sandbox Evasion

T1497

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\JetDogs\Travel Mosaics 4 - Adventures In Rio\DotIndexValue.txt

Filesize
1B

MD5
cfcd208495d565ef66e7dff9f98764da

SHA1
b6589fc6ab0dc82cf12099d1c2d40ab994e8410c

SHA256
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

SHA512
31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

Download Submit
C:\Users\Admin\AppData\LocalLow\JetDogs\Travel Mosaics 4 - Adventures In Rio\ProfileRecord_4.txt

Filesize
5B

MD5
f31ee5e3824f1f5e5d206bdf3029f22b

SHA1
894a40dce8e5591059922ff5808e4c093326c141

SHA256
3a7b1681045c78f45696d8bcf69c24ddb61ed47987782a24d66d432a3b6fc101

SHA512
17ff5ddcbb101a8fc61235a95dfd1e0e54a63db1b8b613be729d23d0a19b203c61461278c2e57c057ec56591fae23229f725f0b7dab815852e4438f373c33361

Download Submit
C:\Users\Admin\AppData\LocalLow\JetDogs\Travel Mosaics 4 - Adventures In Rio\Unity\aba4a330-d56a-482f-a24a-9784a35ca3f2\Analytics\ArchivedEvents\172175501400004.b4eb7036\s

Filesize
341B

MD5
30c3e1687b22d25c70f47313a42a7fe2

SHA1
85bba6384b29b31dfc0c4149724fbd7e1d1c7524

SHA256
01a56916768ff3f2c67879a65867f6dd8cadf37e53d43088e3f9fbc2cc9c9e61

SHA512
e06599df349f3d6e8b268099477239b16f8f113e43d5a90c575f6724bd9c64a555f875e8bb2b4473cb7849302ce3bc200154ba27484cdf9988d56f71ee06ee1f

Download Submit
C:\Users\Admin\AppData\LocalLow\JetDogs\Travel Mosaics 4 - Adventures In Rio\Unity\aba4a330-d56a-482f-a24a-9784a35ca3f2\Analytics\ArchivedEvents\172175501400007.b4eb7036\g

Filesize
1B

MD5
c81e728d9d4c2f636f067f89cc14862c

SHA1
da4b9237bacccdf19c0760cab7aec4a8359010b0

SHA256
d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35

SHA512
40b244112641dd78dd4f93b6c9190dd46e0099194d5a44257b7efad6ef9ff4683da1eda0244448cb343aa688f5d3efd7314dafe580ac0bcbf115aeca9e8dc114

Download Submit
C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\Cache\f_000006

Filesize
29KB

MD5
0a1cc39cc3f6049e8d97ebe2de642c32

SHA1
93d4f34e2d9212930a53cba847d2d86b3ace96d6

SHA256
92a177028e4c6d62950420ace948e04fd294a749ee5d1e998d05d053eb87853c

SHA512
00cb2f6187d1c4d511a0996db494f9716878962e884d271905f51c5fb6429fbad1a44ffcb87f0e5875756edb25e3530be4f4bc0a2a8744f3d100cffc5446a5b5

Download Submit
C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\Cache\f_000009

Filesize
156KB

MD5
2c503b3f15f8cda76d58ad951bdbb987

SHA1
2479089f7d16d8e9518864f0242808f20abd7456

SHA256
febec47f17bade250d781ffcb762442915a8ec9fc1267a1a8d93459db5e3634d

SHA512
bfb599587efa3943b392546f5e6eda213cc310e7db3171c57787c16a45a663795281c70c9e245027f08c742ddf5f574d184bdfaa24dcb13876393770ec24680e

Download Submit
C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\Cache\f_00000b

Filesize
83KB

MD5
696fed984d8ea6c2bf429571a27e9543

SHA1
df94618526a88deef596a497be0097d38dada219

SHA256
6ff6b5bd1d8202ef2e6ca98a02213461567aacab197705dd06fa667783f7fa79

SHA512
62b87c12aae16443c1b79d6f07aa6110971638c4599abf0d4d0d25056a6daf7f9fe54df4c6a9e76071765ee8c5430c8ab1b8dc57f3f4fea586017a0516968323

Download Submit
C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\Cache\f_00000c

Filesize
80KB

MD5
7e22e43bed2d36701d3fa8bc73056c16

SHA1
df94363f4df82b013e7827d94b231635d823b5cf

SHA256
88e70c06621e26ef8f73ef6b81bf69f2a8747908456d45c107028a2589da0206

SHA512
7888d7f78ff6ac63d0db1ab4d160d3c72d51da2de7624d55966c244f150a67df0183b3c23ab27dd381b3609c6ff23ae96539b9287a206eca58885239137c2cbf

Download Submit
C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\Cache\f_000012

Filesize
153KB

MD5
b99bb4c30c2379edd0a1248d5b696da4

SHA1
4c28232b974975b572af715da0e7900d4aa76368

SHA256
9a0d4b440c8cab821cac261ac52a2acbeb083acc9b0c62ebc7786f24286e837e

SHA512
ebcf7ae932c8d886af1c3b8892f45ca5048eef576493956fb73e1a90816c4b97d8f2871ede114c82ceecd7557c29716f304c8c6e04713fb830846f117d947398

Download Submit
C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\Cache\f_000015

Filesize
70KB

MD5
80306f2ddbc20c3ae76abbba08295426

SHA1
0889b90062a0795b9739b1f6ba2347f9ceb23366

SHA256
1bf3b13506350d263b331177eafcf3ac2f368fc2e452d8395a77f6d80aa2365f

SHA512
a4ad282ee8d447ef1fe2e90f36f481e6b841d8a7fd810a9bfe4edd1074bd6a4c0052159e72531fdcb304d4a8a65d2d3052c348a6f971c7b758dcf2a26d062ed9

Download Submit
C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\Cache\f_000018

Filesize
140KB

MD5
55bbd29e4803a6b3c1fe9288bfa835dc

SHA1
f93f31497d6cbd7e7f445a922e2dd083c3317fdc

SHA256
e22f3846a13de427b8caeb2bba4651a6920cbaa6435cd271f5731138cc4ede62

SHA512
cf3a85bd05650fba1e386acf0979eaf460e96ebca164516d2a5de8612d331335ea916c9d2658a9a040337f928667d5e1407279e8c478eb5bcf5cb3c76a28b33b

Download Submit
C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\Cache\f_000020

Filesize
75KB

MD5
31677ed9edf7d2dd1fa577ab79d7a26f

SHA1
d804c73db9755e8e7f2894f5c111074f2088883d

SHA256
2d0d2aafa3825f34d909f1b1e57497eac730db6dbe11efa8464f9d1de46321f3

SHA512
2b610792a9cce6800c7d62026470b72200d192933cac906ffcbea5b6cd37ac7857f054ab4b6fcb5428bd94ca09128324ca20a5c940a19f0839cce6d9ba7bf787

Download Submit
C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\Cache\f_000026

Filesize
71KB

MD5
bc8c645c4b88ac4e304c68e369c59412

SHA1
13b609b698d1106f0f1e61c5f5975b7d8557b9a8

SHA256
7ee60e59b231a8178eaa2e452f2a17229026a10580bc15d0ee3d79a635f00c9e

SHA512
f4e114502701de4b93d033b6e1dab371bd5f0a8cdaf9387a8d17223adee35c851e36b50953343afbff0d42486b29328251c4721bcaa5cb9431047838769128a3

Download Submit
C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\Cache\f_00003e

Filesize
85KB

MD5
cbbe5785852c7c8a31564bf04a6d5e98

SHA1
5abad6abc31699810ce915189f8f0c5299957e42

SHA256
c98de2a4873c9fb817f6d5e58ce42f309dae1e364bfa64ee31ad8347b0bbc537

SHA512
77bac39382c856fff8d369ac26b36711cd6102df6c7094d5ba4248c149ad830f8167c7751ffa4349f1b3ce9e61d18a15330bc4db9c4b76381ec9c4515119e79f

Download Submit
C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\Cache\f_00004a

Filesize
262KB

MD5
1de8ed4ff3e5861a42021d16a0dab9d6

SHA1
7672a32383dfa65f339abb4c2f847ff00f4ede8a

SHA256
e5368f36e2ec140745003bf0dab08132a07be71e56ea16418ebd570c71aacd87

SHA512
450f765d6bc67d7ef992d99cd1626a6c2839e3de9b6b421e7242e239f1c25ecc69b02a46688057b03b3ed3fd260a98459eb761654a17a1d16d1a691d624cb7b2

Download Submit
C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\Cache\f_00004b

Filesize
93KB

MD5
18ad9aac6ddb303c855dd21058a5065f

SHA1
b6560eb0fd8e578938f99126521a7ccabc5a1248

SHA256
2a28a102aabe624aefe8169bb4c79273a25d1a17c8e7cc5069ba92c4a3d7dc1d

SHA512
92a00981ec397edb0bb4f0f3f9d103ff7d1a3062fcbf9b14180fd1ad54a272e86851846a898906eadee134126b163ff7c9eb47294d0533c940257f469173d82a

Download Submit
C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\Cache\f_00004d

Filesize
90KB

MD5
e48898abbd40b6208a655301be352199

SHA1
2cdcb68e3e464c26384111555d875a9b6c834c29

SHA256
61ffe7339c2774a7bd80fc9e0cd005ce20ea78164844545f64aff486a7d1f0a4

SHA512
72b735c0ebf50a53965eba1f8315268d91af090ee61937719da57e4c07a4e0f9a6ba0fa75a3b20516ad1b5e5cb70d82cfdb693fba654de95b7cb65abb840c815

Download Submit
C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\Local Storage\leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\Local Storage\leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\89670720-8a37-4ba3-aed7-a2f64003fd9a\index-dir\temp-index

Filesize
48B

MD5
6dfe775562643ad228779e33d519e844

SHA1
2e49343c0ddc509812102434b3babe46c416b5b7

SHA256
210aaba06ec328897a410ce39a43e2cb999801f7965ad17aa438809a4cf66499

SHA512
7f4bb5bce38f362fd11505b56b2680dc6c328887f0e7cc9dc86077007b370dfaba1d4815b8b2b94d811e9af08b8cdec18743da4e48dde849508f56d6f1c18feb

Download Submit
C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\89670720-8a37-4ba3-aed7-a2f64003fd9a\index-dir\the-real-index~RFe5ebd43.TMP

Filesize
48B

MD5
2e3143816c5c7e2ccb3575d33046fac0

SHA1
f7c633526978ed4dd950ac9499d66ee16c07a418

SHA256
7fd94a3fa5b29402beb27fe43f1b21bdbbeffa0625e75828c068679a1fb36c55

SHA512
43c4d55589ab4df3f51ba49d8770a29b64e7dd7a392b26c99ee1798663325ba5793ffb8bf9240dd6efe970ac0e70687057b7628b708ad306032c85550dbb0007

Download Submit
C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt.tmp

Filesize
26B

MD5
2892eee3e20e19a9ba77be6913508a54

SHA1
7c4ef82faa28393c739c517d706ac6919a8ffc49

SHA256
4f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2

SHA512
b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae

Download Submit
C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5ea9bb.TMP

Filesize
77B

MD5
f23c8accfee04405b7cb7288f6fcaf7b

SHA1
8f588439e1d62d9217e81789ab20dec34c001ebf

SHA256
87d8101e6b649d913ec11da7c199d1b80bebf3b7734d587f966178678a8440a9

SHA512
62fbcf54326547fadb9497daac8549f4a5b1fb898567db9ba7c19524b5025f181418500db94798900814cbb9a3525429fceffc2d561a7154b1ef308971718030

Download Submit
C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\databases\https_www.iwin.com_0\1

Filesize
24KB

MD5
65cbf55ec340b83131d6c797943c04e7

SHA1
c2478ec88b3353436fb848d5e92554279a9c43aa

SHA256
a0adafe91984705728d767e9b7137fc73831e20475cd6e922be10e36af295c8a

SHA512
e5d3a50ed8ca85d1007e0f3a39b6fe2856402318eda76894d977a666b7d6ebf22aaec619746332f3545be97dc4f921159ba7be1a31926d6bf3942fb0ec478c96

Download Submit
C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\databases\https_www.iwin.com_0\2

Filesize
24KB

MD5
f1ac6beb03b6d9a05a9de585fe2d7c5c

SHA1
8c1d4989fb4dcc7271d1eeb024a4f932886e8f86

SHA256
87fb2357fc29f44cfdc286fd3d003ff60301c34196375a43d512ddcf92a71e90

SHA512
06d743b28f0efa8bab7c8fff74840c5b2766a0416721828034be6a9bf6af0c2cdf1dccee1bb0b11d7ebdaaae187831dae1b877f547d7c06c58bbe9eeacef5e1f

Download Submit
C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\debug.log

Filesize
11KB

MD5
3dbc494e77c7d6e3b2598cbc67c13235

SHA1
7d22d925485e5cc47211aa32aa8d7b0efc30b28b

SHA256
43c0d996b4462eb9e35f8ff5c36a86ec814c7b83671e4d5b8aed5c4f5e581d8e

SHA512
59343cc2d61180721c905537ebcbf9c4d8a87a0c9141d0fc7afa878789b0462b08e22b9549a2e3cebe7a5884e79b4a0678adcb29f3d13d3e9da67610c59a8415

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
42KB

MD5
f71833ecd7b948927e32575479265b99

SHA1
3068cec4b0ad0c5debe71e44b8c1036ec9372bcd

SHA256
6b642de5fc3f434351d8d8417850055a884fed8fab47217fd42036f030db36d6

SHA512
d641228b72468226c0df751f1dde3d263c83a5bf40b4a12b53a5fc18601a2779e2c1175215440fea8d69515aadfc6c8126267db168e3cba50439ac54861976be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
32KB

MD5
203f5643cda13507382764c51760963e

SHA1
68dca1febaec86de22e3f21db5a6498b71eca100

SHA256
d83b4d0fdc2be2765804c047d9fb862f4c239b3aa602a26e968c5b1476a78dce

SHA512
a74b41667fdef5e0f6e1cf8a79f23bb8c89a289b59f5f1603de1f955f4b105f2a26eb7bfbc5a22405841ce4cc3d4ea1a5c3641d8ca21cc22dcbaa5cbd62e1ed6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
72KB

MD5
1597c4d6ac610a94912b066e830e2f8c

SHA1
721e522276bd78f71ed9e16a27cd9ea0bcd11785

SHA256
69767d3b685be867f1999525e679f3203ed69478fe7aa0cc92ca22fd3125f32b

SHA512
3a186f410b0c151ed4ca3c3d494c110e0c4098a303ef498c1ecfe149b2969ac656cf49d615fbf830a5dccb9b5f709c6713f152d92079249a8d0ef889fc9f16f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
24KB

MD5
1ae717de5e37d49743912966a4ee324e

SHA1
fbb9d49cab0fb3e27a803a6c3ca5129a251dbc44

SHA256
ceb796ea521c69622d6432839501e90b2c986e13ac88a236d7c67eb741de0957

SHA512
6c821c4f5b709af6cf7d23dc928a272cc9fdcb0f283bde80503abc4f20d4453b289f2deb1e7f4635fc7fe10d6fcc5b9b7c58ce18095eda14944e64f9fda2fc62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
97KB

MD5
bd07808f150df8d17368220f65562e5c

SHA1
738610130cd9fb4e4f127a95f5c2199b938ff953

SHA256
eecda7fbb35446acd0de436e8635e249798194f57ef340728189be215fcad3d7

SHA512
6efbc2f2ec9a8399dfcc2c17adf836c46a70beed44323c1fd1e4ad2afe44d7cc68b2f7f4563ba8993269b9de97467c22d0bba6cc19091614cb47fe7235928d1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
219KB

MD5
78141303997175fbfbca51d1183ffc76

SHA1
db66dc2b69a17916e44830a47881ae558a7a6e3a

SHA256
b9ab747d809e3c50157778f99b89f58d37bc20da2f485bb6a7aecd0d56f25bb8

SHA512
a7749122fb522c76c60716689bfde8d02fb3d0e49612316ba4c0792b32ee6fe1c88f7ab5d9bdca36b94502ab647c184ede2e49a17265754dc4693fd026e2930b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
32KB

MD5
103708790db3586027df27ded660f8ef

SHA1
d3f58fbe6e02cb4b8b34c6fd510e011cb325bc70

SHA256
fdba876856bb6c2783df94cacb0f17b53fe33f1907135539272c0127b4270ffe

SHA512
bb9fe97db1f3d0050f5d36e202a83cfa04903d09cd3e5996944aafbfd05f13ddbd13aeb361eec76b28941b4cd51ff0e2a58d37fbe8c8b08ba1ab88edac93dca3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
30KB

MD5
4cf3dfc976277382ef9f7d6ee194fb27

SHA1
38465c6f20e333ad61f2205243a0e70b659ce64f

SHA256
4e0d6af6627007c53cdcab9071316765000b9d4d1d7144ec28189229507c415f

SHA512
986f1bcde13f93164e6ea9ba1cb9ab0a89b9775c5f8c49393aaa7437053506cafec2fc1e7b492f39896d42ba7849c9fc1fbf9182f5133db8f1798bbaaeca982e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
146KB

MD5
44fa6cb271a998d305bae64eccea3dc5

SHA1
ce9be4736519731957af9aed23733faeec40f2e7

SHA256
fb1c90f3ac72cc4cee01b12161e76e5570491f155e6637446b760fc6d6a4eca9

SHA512
853eb41fbea7ace4203b2ee4d73fc7628dc0dad8839d9c23fe8cd96de494ee6e3f71c1f5cfe6fa62bad01b9689c74c6bd3a55ca6c54f883407b79f59d02468a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
42KB

MD5
18a87d349c7bb761498ecedbfa4edd5c

SHA1
1d2c475f2927981eb865651dafcd461c55f7ab55

SHA256
dc48c07f76b91630cf10c5ea0e2c483aeeb6b093b93d79b8b54dc5bde81fe765

SHA512
919071ad4679ae01f68ce4e52785c8d3d0c8ab83cae15058f2c0a8b0818ce159cac7fe12961389c641048700e4a21fd36a2a3df54cf151c65f585b8c62e5857e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
20KB

MD5
4a2961dddc7ca6732df1c0646aad5129

SHA1
ff0b7265d2bef3824709ee3000621aca2d2c8724

SHA256
58a974546a65196f726ac5dbc25f1048991e8347bd53e7449102048a5a0dd597

SHA512
82c889adccb748ea06ced5db14b7f3f94b980215d350d7cf5463ad05de53b0421e0bc7fe6d0d3897480b2cbd6f34e0126814f166adb59b7f0a1c9cf960e8a2d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

Filesize
54KB

MD5
01ad880ee50b786f74a5e4fae9ba3d71

SHA1
111387dbe885b7f3af44cdbbeea17eeb04bbf803

SHA256
9368f2d586a1d2727921605892048bf5201ef8caa044f2e939ef431aa881d83e

SHA512
d8dc47e5d55e6598988281539205936c56b716eb02b4e643fc917a68ba4407ece36a9d4115d5d0e32ac630d44eadb94ad2607330de082629fea82a9bd35fb83c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

Filesize
28KB

MD5
13d4f13cd34f37afc507ac239d82ddbd

SHA1
6d500935a441d438ed052e90de0443bccc8c6d17

SHA256
76464e77d22532976bbe5d1829e97854d5c37ed5a46ff300ad9680876ec81d01

SHA512
152e6449d09a7b544cf6f986c9695ae07c330f4b13068cca028ab56ffdad6ff2467f371ea4385ad71da023f3beb83fe0ba1d6d413f1ddde14372efe82ae36b6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002e

Filesize
110KB

MD5
a7c99dfad6d9a5e01630a7b7784284c7

SHA1
4ccc3bf853df4f71afa1d99914c0571f71141867

SHA256
6c77edd7b4de42413e920e75c7fca6381fbb852d84e8662ec3380335b3fbd2d2

SHA512
3a57180100a288342937035670dbbf90a9441c1198f3046d3bae9553dfc8184ae1d3abc8c49589849a3984375cf4efbdb77b6a56eaccb411d6e54de9248a034f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000031

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000033

Filesize
77KB

MD5
4349f06ed40193f9d43871ef10e5e5bd

SHA1
b96a7e0bd318059d2cbce167cb2642a812c2df3d

SHA256
80e9085815a174e71b3ef88dfdc02d7b547f488ee18fc453ba32a8287e9f47a0

SHA512
ec7d0fb5b2977b10ae075a2ede29ba530bc583c7aeed597602a0bef99c056f4852bcbea0829e62f69b878327980e7d921e039156024cdab6b4ce2b8f07081529

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000034

Filesize
90KB

MD5
89182f304e3ecc23485591b279c968b5

SHA1
94b6645bdf88be0ed765b2711afa26501e6ea534

SHA256
e14157416a17157766c916959cff26d300d987be80d60acdaae39f4444c08085

SHA512
5e71e0a4b09312cb4b37c76787cce3b869aa5b4acfad21fc999f4d9c547af0128b195079fc69b3d005bfca8ff2d9a470f7615d72a8912696dc40fa75bbb2a067

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000039

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003a

Filesize
94KB

MD5
df4495c69f1999a5e7088c2a49aa6b66

SHA1
32e03b4c009c35844e646a5bbd83a3ad312d9daf

SHA256
3446b5b1ea167d6776ed7c6a493033ecb622a4fdf8e5d460e1bd229790790bdc

SHA512
25d2387f60ba45a5e8790914bfb9a06b8af547a5dc90f65bba616e148b43842d01f8998a67c7bece0482edca8a0f1fc8d1021baa3bfa67e448d18d69d03206a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003b

Filesize
78KB

MD5
35a46116980c974751122a331d47fd84

SHA1
cd6e9014e38596c681641a27706124b5b69f86fc

SHA256
ccab92b9bfa43457f743cd83e454bcc63a768deb352fbad2d06d718eb2815a66

SHA512
aa4f484d3ca65525d5613243797d7e025e552dbd4e68bd9887d88d32fc6928c13dd7a47e8f97c77436924478d451445fa121d1bc1958a0ba94a2a05159345048

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003c

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000040

Filesize
35KB

MD5
8e78fb35fb272cf500e096b9b5174931

SHA1
ed63646fe745d6b3f6e0c84db609b1f4b5b6d977

SHA256
74e6eebbc23acb88d47e0e02303141403ba9b28522564424672da91d14349ff2

SHA512
7bda61f8cd023f35a9f2cee09988748e7b770a8afcbde4d185127369ecf311d13a82d1bf3dee583948b799c36283df752906c30b59ea6ebb2911ac0e9a09848a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000052

Filesize
2.1MB

MD5
1736f6339e5c0304a52357ab1869d3ca

SHA1
3cf3de890e8aa2ec314dbcadfa3c8e758949e30f

SHA256
e3de890171da2404aaa7683933632e4d7371417a83bb94368e9bcfdb3f1630a1

SHA512
4688d0a5deef644cc6550966915b5c052fc0bc0c8afe0bd6fc924e28b08574f67bb28d9b4ed2c45b9c51273919b6c79a437176d0926ee011c004ed42d0728915

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000053

Filesize
54KB

MD5
ed73c07f9e8b887f6cae0e0e1640016e

SHA1
c53f71f3755562fd813f99f85d4328c41f400f64

SHA256
806eec8cf590cf66ded9839ad79028b2424f3ac25bf3b376e2b2b20f76185f66

SHA512
567d1aade9cc9a556ff6c0beb01e2a8a0497233c37d1460f686d95deb30510a0c2ac93980857e6419243eedeba0dd3852819b8bda2b9225c6f0b80ab1530d91a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000054

Filesize
18KB

MD5
3ed01614a9f8b4f9e39949dcb2f4d17b

SHA1
97e9dc8270ec764e8ff93ac738af67b2ff3430ea

SHA256
b60aa5a9ab890b040db482269da2054930119d22b04b179723e4bb2e48c78020

SHA512
908b2fc1f7c80e169cafefd3fb3e794240a49aed5cd709479276b1e2a1174c1f7e5552d100b3c397011d7671f0db7f6c75c835ae40c97bfa15e9c55274f16251

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000057

Filesize
17KB

MD5
5fe836387d84d5f862e7dc08929e6916

SHA1
941da96db8d065b6e64452f82f6c7472b2a989c6

SHA256
e7347362418f1ea28ab28bfa8aeb3a8da30ffe24ba3e448bf165ab2290814141

SHA512
65af90f23ec3f38ac62ce7170d6c245ff06926e6cf03c0e78da620118fdcf96b3b58e79e57fe25409416e5fc6aa3f7dc44540eddeed42cef01ad855521273beb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0c2b33ac5b50fb12_0

Filesize
240B

MD5
af324b394f6d100159d124c66b136570

SHA1
7527ef7b375ccc573a79608a4f7644cab3df7f11

SHA256
191bf8d04b0974d1d72329c0a1d5d34a141da7d7b57f8f4f4415678bf1ab034a

SHA512
5a1746798a5115e0198593258cbef3434ee0bf5f9b833e50fef311e6610af357a7eb3efa8838d125e5feaeef535aa0aa1c31da2d481729d4c2bbdb16f33d948d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0c2b33ac5b50fb12_0

Filesize
11KB

MD5
53edddd943ac1cbf0079570b05e19cf6

SHA1
97fe4dee5f623857a010cea21481ff8b0cc6313a

SHA256
82923d8452d58e8e402bca1fb333541a761ca80892461b151f5778047c2c4bb9

SHA512
e50ab0c2cc75ab9b5b7e70c9bbb40b5f2fa7bfd26aab9012cb5e0fe53ceddea886e2672c24d8db6260f1fe9b216f135044186889c8fb00fc72ff5b981eaa0ab9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\10eb9e86ac09b8c3_0

Filesize
284B

MD5
17be82d70bf14e34ab98060a5e46c873

SHA1
9a7caf3734ba83b41c02b7cf6670e5de6b879c62

SHA256
e7dc8e0068b3ad78b57435b7bdb359f657b391a1ac9826f14735dca56bf22124

SHA512
177e4e281a5f9c850ea9d0a30bc48d7a395fe697838147b9944cafec580159a073e28674ab1b0c751ba54d1c7669aad97e96eb27c413bd3d14ee2c0634f44ffd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2600728c00c06c5b_0

Filesize
18KB

MD5
7bc44d9cb58c21d90f3861b5c471f87b

SHA1
66c0e1615fdce28bb57dc6eebbff45a38dc93bc8

SHA256
a91ca50950afe1a224b0d5f0974c414448ddd4e67158a1e407643d1b45726100

SHA512
1e7e8c988625dc8c3195d5a3685bda43a43539915f188c4e7118462badc94f92745bc483846eff81df9857a04fdc6f9a391cb1654b34880bd19d9b6822439ad2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\334132fdcda61fb3_0

Filesize
136KB

MD5
dcf4bcc2375c5706349c1b3557d33679

SHA1
f997598107b9f82e395bd1f9f9351947a7cf3d2d

SHA256
cb7a98f7e838e50fb6232cd7c7b82085c1eed22a2f5edc09cf6b3ff921b58a5e

SHA512
613dc966bf9cada024d167464362c29c0f65dd390d2e3bcf18a10167c609a7ec2443240ebb333c1237f51295a9751c031624c25caf0cb3d9606b15ebcc793e32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\91eb69a60133c6ff_0

Filesize
239B

MD5
076ea24cb3fc345fc438f4421da54016

SHA1
181af9a14d41fd9c8b5186a6a3ba1295049121c3

SHA256
92e3a97497f9cca5456ad8beb2f4e67e7532f1049169bf5bd2785817df2a8d38

SHA512
fe2362dc692e87456e28e1dfbe5f80082b7b009e2b2d5fe75dddb088b65401f196af7663e9a71361508fd80f7321f458cf307b452f44fdbe1e87081769965a78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\91eb69a60133c6ff_0

Filesize
287B

MD5
5d1ef02c4688bb4c41a8c2d2f9ac24a3

SHA1
61aaa06746abc8bcb22e6e1b6805084a33b1ee28

SHA256
ad034d58ad9e11353fd122f268edb2f2b8befae512d783451e239be287b420a2

SHA512
13631ba9c0f62b663a3770f8db23c671830d08ba51cd5c045d085bea0d5cd5aa5fa1da50f7173b86c7def6756e047cfcba43f1e917a581312eeecbe7250b336c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\938910718e958878_0

Filesize
260KB

MD5
8ae1fcdb9f955036287de4be478f7ad4

SHA1
297695c44cc22eec33cebeb88b8c94909728260d

SHA256
31184dcee632929880baecffafe98d750022792ae39695483bf583e6e97b2e3c

SHA512
ff6b94ba05aeb4058362b3a347673ba5d3e6ae15a848fb0f26ec9b0073f3a9936bd0064abb761c54d1e513f6d93a004683f5d07cd71daac20dcdd95dc6b389f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ac2c1d95d501d944_0

Filesize
292B

MD5
9cc6fe9c46b5e62656959269bac58b2f

SHA1
0bdac7cc2087eaa0580a3a808ed11f7f07548795

SHA256
24d444ed541a8cab0295c6b562dee599dffb774ca645ca22c10dbe013019bb8b

SHA512
bf9011bca39f6d3975479045263248788338aeb339be9e27b44ac36ce1600081f7ebda59b323949efb420f39aa2ed141524adab6759052ae5d22df6a7974cda5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c85eb4b799a38685_0

Filesize
339KB

MD5
1acd7ecdb4493d8cd04b2a9d0b6a3f57

SHA1
cb30e79717f488e6f123cc861fc5398cde56d6cb

SHA256
eab472256950e859c4fcc71dcfd5788496d117208b2ef98f096f692ed1ba55b8

SHA512
abb14f40ce1b66c0d563bbb934b76532d3a2fb7275493871b0c54aeec92e9c971de312b3e1bcae516dc4d47548cc34c9f1acab12ce0c8c6f8f9c4d3baffa24db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d000f76c92a029d8_0

Filesize
231B

MD5
4f20507d87e3f1e9707626d673ed72e7

SHA1
62f393c1c0ad88ddf30b4198bb825e3b606537a7

SHA256
c8e260c01c845492069097be05dae11a4b0bce9a76e60217f8b97cdb0afcb2ab

SHA512
7da7972faf451f8eee55d50b769fd611d4334567502d8bf0b0c41ce4e0fa8332004520e3b1f9e1845cb851191c75afa4b1a9bbf096b80d6fd6ad60ee45219eb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d000f76c92a029d8_0

Filesize
279B

MD5
8de143588ccc1f14e92c1e7adcb7fa5b

SHA1
b3392195699a38cedb9241e57923a369bec1ccd6

SHA256
8a1208a16079a57a47897ca7aba6d49b2a53936a13af1c62064266d6339f7488

SHA512
06169be95b846454585aeb6403bc7f4b8ffa7a2b39d6fe2a24762a521461215d7187992924d6bcd110d22267033cf8a8760d212a0f2e2c764b4cb7a9b69fa15a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d1a4ec0a801a300a_0

Filesize
19KB

MD5
cafec79a67fab18933df9e3916b94859

SHA1
00db0c8f545c071986b4ef898ceddf5ebe42a7a4

SHA256
4d319e7cef766219c6948be2786a4e5cd895d066f95e144c8a52b2204b8318c4

SHA512
a67d327f09955deb3e4b9ce39ae68de1673b0de3911d2425e8495fd9fd8ae6f8f52dd098139d77c8eff72fd460f8f83caf28f92b3ecd59558c6f2329b886b0ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e14168ee004f1f85_0

Filesize
46KB

MD5
44ca00c487e80007e085e6f76247c9d2

SHA1
64dae868457d2f4e335cfa361bf03be248b0c4d1

SHA256
68317e5de01a438ae001c7aecb0e29c2f1027e387c20584d007aa5ecbda0b1a4

SHA512
4735f2f402ad546e8b6c9c086c91caa9ad7a020a4200a3d464512b9056dade6a30311f7c59972457f1acbbd4bf671c0b7554d69962a3db991123197fb68cb7ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e46839e4d25ef19f_0

Filesize
241B

MD5
930e3a2cb94203c4ab91990a4c93cf2e

SHA1
b79d7ace441ed838c55ff47c0092ed5df34c81e3

SHA256
9ef6accb23dac033b70ee2da16ce2e58c9536cc98a2e6251c6cb87532fc9c0b4

SHA512
493ea1c39403d3184f1d6d0e32a1d9a417fa98cc207de48c27fc942207bb6cd8be5dc6babd056814ccc147d4adfdfc93c11365682e7e0918573d9957fadb8259

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e46839e4d25ef19f_0

Filesize
289B

MD5
3a34dc66f46f065035a47e9a0729f500

SHA1
1c2cb89266526686befa255f1e3c2c5def31b762

SHA256
dcb94503023eac47a948fc8b8b635603c357b0f5a370296e886bacefe2f92409

SHA512
08caf903f643f0de0d887580ae961a1e7c866ee8613828fcb5af515fccb06870b9df6a80e30b02b7d1f5bb3387fb16b240c501171569464a8bfeeffb951d1252

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ec5ea768045d5c65_0

Filesize
289B

MD5
372d7c00ffb4bb2880aa236bdc8c3001

SHA1
108e1a7e4e9238a3ac832614fdd990a6ea393f50

SHA256
f070ace3a017eeda52bed5c96a2d1ab550b5f9eb881b7177d1200aa1ea42670d

SHA512
48ecf6039777215fee3ee62c37c761416924111bddf304f8b2fd7c61aa6db6950ed7ef0a7a31361a538c4758aea84732c7d79051cac6df833dca583ddf9119b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f9bada6d9087c487_0

Filesize
283B

MD5
49aacd686d6bb07f06e4163e6f7cfc9a

SHA1
9ecd7eef8dc488b70b59593cb988b084612e5e91

SHA256
4727d90a0779302ace50af9fc384398ed0c70fd28113dde37458a43a526dd986

SHA512
c0c2309b2915cb6ec3c9733a10f2beb13271ca30883ef9c060b98e3e1b53026ecb82ece6c213168cbb29fe7e3e53be322b1b32ac5dcb6642ced1e17f15fb1798

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\fc9052b809190713_0

Filesize
339KB

MD5
c6a1524f18a79230c02abcd1fe0181c2

SHA1
a5152a710ad25c30e300d3bfa44be88bdda4fb45

SHA256
41f8953d2e1dbf3124b735869a359f9131585b5fd7afd2ab5bd3719e193608ff

SHA512
a05ee8537c8fcac94db87e0c818079174af3c562e305601785841f3d3692af85d8fd466fa891e4ef3ab98ad08688562b0504f3696bdb3aa9628eaee235d3bd07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
2KB

MD5
9dee34dcb584dcf23b74fd22deb0e3a9

SHA1
395b5eca693848f2ce8b612386431e4fcfd8921d

SHA256
87ae913e95f8d03c6a270c3192f95d406324c51d9d3b8b550c228918cecea337

SHA512
666f5a32d0e111e98b4aca7ab8a5a2521c03e0af5d8692097861d175fcfd316332342ab56fa7b128604ff81b81f4ba8cd3498ae5053ebc7faddb5ada73685551

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
ad741dec003431325c40997b55b251e0

SHA1
f378341a8c03407116becc89e48e28b22bb02887

SHA256
e423d45d25650023dc31f14c8d56316b3cbf2c8ad1bbe6072853bb4abfca9fa2

SHA512
dd63940c3a1e5d0e00f22106c365fc15a0a5b52a92e38877f241a50b51382e761c7861c0bb7220ae65754b0cb382add5c33dd24bff96707c47df100e2c0e4f5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
ccd9af2cfa72200c71d69d982ad33c74

SHA1
71bc7a70b6406b6fe5a9064d8ff7a4dfbe06615b

SHA256
e6133379d0ae4e14699fd85981edf28fd587784c3b3dfa4eba5fb58ddec76c1b

SHA512
77e3e5794b94a56f970b7047634ae4f9b0ec48079fcc72ae13387c1594a96e76c1c11b8311699f3bb6a662342262620bc47a3390a7ed0c190907b0f67920f768

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
ab1ef6ee381cc1facca132250ace0a99

SHA1
2fb7c3c6f75aa36fa30d10072743a8bbeb225b33

SHA256
2a1a0b05916658515ad2f22fff5346b881188481023502c003e6033e1890fbab

SHA512
35b44a7f45cfb72d930fa1b233bc6806f8896114e53941a1fea993fc0485beb6c1f0d7ededf515a4eef6505f2f6135095fb07309395595f1a01b260c676b42fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
427b4988835de28192fb8d5dc3d0a583

SHA1
8ccff60ad7b8b4fc5e2022ceec64eb329ba28587

SHA256
c50358cb3a140236e88d5486eeae41e4ba179994a2ba178b65653a9c78d62b08

SHA512
afa2ef2425f695ac568fc7f7f15abca74142ae151d9e34054584fc64a9d92bac5106fdddbc475c4e7e0b8c790f6be94c57c06c18b68ce94b47bb41149125a79c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
78ad40eed52361adcd4bb43644b509a8

SHA1
07434c50839ada39f7b15326eb95b1099da87b50

SHA256
7049b32cbbf31e43d0e8f3910854901b2d51087bdbe3ddced773759bd8f5358b

SHA512
e79df6ccd4d59471087750ab1a7d570ee34a5e03b86210a246e15aa66147097ab1ddbe14a4ed96823aaf17749957496f2f763a736bd582f239e830994525b05f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
ad868d5a0e232c9bd09203cb4c011298

SHA1
9cdc0cf1acfb69b54923e210e6ce7a1611faca98

SHA256
0425b7f7cc5d5ad7750c2e3275d4b5e76bbd748cf4600cbcf145cf6f67088128

SHA512
195c974c5bf6c87e2beeceb8170ac50ad4e04ddb65140c509befba46a878361fb5dc6eeddfe90ac00cb0982e1f31cde191046fa1ffde30244dcd79fb080420a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
62aee88e90c6f4f87c645b6bed571977

SHA1
98644455278f8f7927ec8fdfc904b878e611594a

SHA256
e8db6e170b33f84e7500ad7bc8216e7cd26b2ba4d0fe009ec0b445f6a5632cdb

SHA512
336437111a58e61dd3d3ab794a075fe102ffbd4d4650e2f662c453d138efbad45455c2d8e63c70f80aa70e9e37177ea5199260b21a3873f63ceb53cb45e27d17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
5dd866ad015120b406b11f6d208a18f8

SHA1
ee53e383699353f7d119000a204cfb25d21c8cc8

SHA256
636b59c7dfe63f33d4dc7ca037b5437eb626cb004e89104f65c808e51861a560

SHA512
677feb30d2b6a2c2854f546b4534e3f831a92d97d117eee672cd5f18adf7d9623312471e9c5a35640ddb9069a1636746b66e4617dc748e89dc8cb0dcb7b0300d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
11KB

MD5
1c150d8209b5aa5e366889337e2033e2

SHA1
08fc838d611019f3858474482cda206496b9f88e

SHA256
412a0e90559cc956d096d5ef92e98ee3ff32c8c43b8f18e67194ddbb2cb2003c

SHA512
db3e72ee16830f78c1114fdd2701d25c7cbdb47f75e863f24095a596226038f50cdf3535b99cfe2f71567c1972822ec7fd610c9e0aa4ac5bc709731c24141723

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
09974d4f9b8f894c54f1b6d0a3400ac9

SHA1
15c43be7faf2c4f2a2c345d19cfe6d3aab3e8963

SHA256
cb5d14bbbb5c7775f60a5cc818bfa9b9a400f84cf52d8492e8baea45af8d6791

SHA512
12bb29f5a69f735468d4c00be879684e45331bbf15e4e8512590c3bd859a5319e2235d548e0fd0809d045fa4f77eeff4bb23fb481a28cc2fb49845ce6f0e8d73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
d021a45fe8b0beff84afe5f4bac4ff05

SHA1
4799130fa37c738be7c0d8205c0c81080ecc14bb

SHA256
123d31a0bfdbcc0ac0e935be44b99e72b67eac6fd8d73b557e784cde12aca694

SHA512
3bcba838d7d044c284db728f75451bb943e427466cb1e24bb29715ad93506f1dd982674f50f53eb5927a4313c02001b7c1abcdfe08c7359d975674163ff230df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
75e06a060a40a8cc056bb2d5556d3463

SHA1
3c2bd6604254549d3ef715ee102e614dda37b609

SHA256
36de7dff6d472a60fd457b23abc03196b8d60a885dc533a1b2f8a954bd32c99f

SHA512
5b6e8cec30e01aa79a2ca3f9f7295b3b3a4e95313614d3d1a443cd6e9d2935e6ada32f4c9f940144a24e4dcc2bddbd880fffa5c8f694ae0800461468b9c6c938

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
e092beff780937eab5ad1fd84e65fc97

SHA1
ebf4f3d485f81dd4bebf61c98d079f52d10b51d3

SHA256
bceec2dd76eb693eeea3eacbdcfc7d5ac1f41e8e4de756381166a030e1bdf110

SHA512
d1ddb5a903d3795cd959aeaac97ace41ba2aaa4d40f46d787527cfcdc8ec3debd3c12b757897791952e6d3da3303bf4a9d811468f4c5a55423d2dcf852d4ddfc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
18c7a9bee95998b8f18509d32b3f2308

SHA1
0d17e1acfd730f51e22618aae328dcbead378884

SHA256
4c015249891d061557ce57ff2376906065278fbcbed03f40bb089be9a15ba26d

SHA512
276521d0d1ee316a19f267db8c071f82778d4c394284e71c69aba3d7a19ef6a6e048ce37cd60a39682503ce8f259332ac8fdf6dda7f9d9d1b3dccd3888f4eed8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
c0bad0c95aeaff5052413e9d50bac919

SHA1
6a291a2dd4cb82f5e04f835ebefe08ccbcde32c2

SHA256
90333947a67f38b7c1b86860c09969f2b7875a9cb687cd12dc258c9f3594f713

SHA512
dc4784742a3834c4bcab19fede61fd8376a0666614c43b535525befa480f07be486e1cb3d5d6d8837145c582cb58cb57f5d50987a3a37fd75e3512ae2a01f2cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b5d00ffaf1a8a70f9cd7350fff458dce

SHA1
9329a0f30515a4b24bfc0b659aa5514c38f3c84a

SHA256
a057f974c8550d29c80f9291d1c83d04ae494b6bd6d480941670bde04c1788c1

SHA512
db84bc52efc2431c53bf5ff5d2e10d3a50dfc1d6af444a75d16ac65ec9aca252dea6910a1ef9666d08ef1af1ff78c010d21defcc74c3cb3192f487c4e99a84e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7b154942e86f0b9312ec9889301d7037

SHA1
d5c3d21fd498a4d19a1fe50897a2c98b8ceb1e26

SHA256
fad9b8b2bf236123a0c2b38ddc620c0b34ec6e87c491b76dfe68827655ccb818

SHA512
69125325f6d473f5a500df846dde6394803a396c3adc232adcf3f34bd9aee47db066612a4aab7f8324538df1a4fbf2d01793a16e55d43c861b4f1e51a4cb7949

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2661a9d279172cecaa451ee9f952b33e

SHA1
34057ecfa8533880a7501f9b54984b380d5d1d66

SHA256
00b7a751b88ef35b11612539a88c032584cab7bf4806137906e84ca5ca872156

SHA512
249ef2ced97ad517ccde820742e905393fe1d40902fc549ee4418b4386e0ecd70bd3b4e30614fcbdc17e5b02a91fac7db04f930b1525689f5aa26a34389330d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

Filesize
121KB

MD5
33825a60857047152a67b339c296c316

SHA1
1494281a3fdf25f80a61a25c120a9435c3c20c38

SHA256
42dbe12eb7ef39fb0bbeaba98dfe3d638e30b839558379fd60644a671ad2f248

SHA512
16cc5250801fe24d716c26b28d62c26228e6b357d9ae415ee51255b42b04e73aa2bfbfeb8c3fb01c12de47b8e310390bd1c5ed68a7638036bbdaf8e497ea385e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
d5b65ef73acba9d5fc4a736bd236b796

SHA1
86ddd4e5297a1c9c672e1288d9d97b0c12f60b64

SHA256
009645f76ff2f9226c228c5816705948abff31ee36f53fd6b60ffeaea07c667e

SHA512
bec24767ec8235ece305fac3f186bc0d63850e2ea50888ddf1f38d1b85fa7c4f685c2603b5a9690adca95401e6e626d40b877cfb3060023dea1be7121aacc278

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58dc32.TMP

Filesize
48B

MD5
0cbc1324e587e7f7cef6ea45ecbf0a42

SHA1
a8823c89d12ade60629f6f2ffdbde3d4f067080a

SHA256
05d33d648cae055d4318a8dbdd08289ff38fae7a9a2051bba487354958594037

SHA512
0f302316d0a1ea2b5720c003c38f10819f55350bdb252add8e81b0d2a55ca06acb4cbcd7129e90c034fcbb26409f96fa4f5a6620807153b3a9b33c0c2758ab9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
8aa6b609bc3d0cdaa5707e036a42a808

SHA1
46b81eb01d01a1ca4bf1001f90c06e0f260c4909

SHA256
68627b25137d6f78b07c92bd04a776e17792936e570d0926f90a0baf8a43b56e

SHA512
a982456a6e0346150b07c8ecb701c2d2eaa070b800523a84569d59bf5b65278e7dd46862f8dddadeec549073c77fa0563429f07a960ca0c585bd35a52610f142

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
79ce032ee068d6dd9ac72f02b0c6486e

SHA1
3df3637c4c07f98e5da129f8784ec8a973251a6d

SHA256
e91c9f5b20a4722a87281f5ae4229324c1daa99d988fbb684f481a873eb8174b

SHA512
cf79e45322177399d0f70c76c91331ea11b5c931b89afb11f65a8ee62795d0235bdd87e120c34ada74a49ac827056e8adb6e9acf7629d94fbaac5896f6886242

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
100KB

MD5
beea681abb522a044383db73a7c799e0

SHA1
7e1843ce9e4f8a2eee5701f40960bc06ae3c6e16

SHA256
28637a9a8250f9b9eec69a125e7df715aa38a063cd2d5d10e20672e0286e4def

SHA512
c7ab4bd043e9c9ef7b46fb24ee6f539bed9489b5efe993bb5ec09e89f0bfc2f805cbf5a6de3c24f3d42b1a763e14e675df3f09ceb148b6749dd4f68cc7e85d55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
107KB

MD5
de91f551bf6eca127b8ffca150c74839

SHA1
243c27e217000e3cab8c476ad6c053b3dbb579e9

SHA256
d010f0077e7ecc05a49989dddd7049936d8e95d0b56ded02bee46dc85dddac72

SHA512
cbeeefa0e730d4eb4af5a8619ca0360241e60e31f40a3f003ea8d2590fedc7f0c344eb9972b19069b4d706ec58902f919d28b4e8ebea7fdec35ddc87a0eea904

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe580e53.TMP

Filesize
98KB

MD5
7be85432dd4abb24cf9b6d8a5d44cfff

SHA1
1ba801d63e7030b2aee6895ee5a316e8bcad2ebb

SHA256
c475b1681b451c4c9b8f26f2548f8bed2a5f4c665cbb4d35672b61f4e10db47f

SHA512
3afe49c79e53c21d12d9378369400568dc83f133832a90adf80838af96db28d4a1ceab6ffac9990aabebdd643a4add9ef1461ccae18dc969840986079ddd6813

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

Filesize
14KB

MD5
f339c1b0106838f9b89d75586b047ed8

SHA1
e6cdf9bf8ca9585b96225d731cfee96ec67cf180

SHA256
96174222be99903cd9d60bebef7b045c2ac12acb6dc00a8013eda8979e7436df

SHA512
183c9585a2f2f9889625ffeb36e477ee40a40b417dd5cecefc1938308a716b002a88a92f4d3af90fae191f8419a06bd9231ec288d246337a39b569cb35fc90cf

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\Projects.json

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\Projects.json

Filesize
233B

MD5
9b94fe777ba9a5f3e3b7f3769a621c2c

SHA1
148774b24a04b22fb39319047c58b7e419724059

SHA256
dbd6a2099fe3adf397e88651fb6dd1cb3d7ef7351dfe81f71d53611335cf6dd0

SHA512
b46bdcc0707546b4b43fb4db698f1e97ade3953da13856afd0ad0b942d9db86b5bea2ce7cf23ca5725b4b789cf4eedc37f262f328324db31a4f0a63e01e6a0cf

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\Projects.json

Filesize
232B

MD5
4306465f5ec8a1dc58958681f808197b

SHA1
096e34a592461ea48ac867dce7e6144a118c695d

SHA256
33162750446ca26ac4b9e21ba99b4e0c9eece8293024d343162a6b8b5c6e3dee

SHA512
ea8e07aa808c9c2b02d81278c2cd8bc2bd72a186fa7062b425c3bdb46c1febf534e0b376dd3aa4d143c4dd008706d444742adc803be0e0a3133b3f7973175f6f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\Projects.json

Filesize
283B

MD5
f3b15ed2a0988b4a3ec2ffcc29b8413f

SHA1
f6c105f521709a3b8b67c5cbc5aaf5863c37168e

SHA256
04a3572546dc30f8a1a02474de41fe6f38658ecb151d75967fe1775a2616c8b2

SHA512
58fc4a081447dd4a9f140c2dab62ec89b5750c8f2c490f052a9e3910fc50331f6c1f6899f831a01abfc139547eedb93c830691cf5c57684e70e6e5263928c5b6

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\cloudCommunitySettings.json

Filesize
2KB

MD5
404a3ec24e3ebf45be65e77f75990825

SHA1
1e05647cf0a74cedfdeabfa3e8ee33b919780a61

SHA256
cc45905af3aaa62601a69c748a06a2fa48eca3b28d44d8ec18764a7e8e4c3da2

SHA512
a55382b72267375821b0a229d3529ed54cef0f295f550d1e95661bafccec606aa1cd72e059d37d78e7d2927ae72e2919941251d233152f5eeb32ffdfc96023e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse905D.tmp\StdUtils.dll

Filesize
101KB

MD5
33b4e69e7835e18b9437623367dd1787

SHA1
53afa03edaf931abdc2d828e5a2c89ad573d926c

SHA256
72d38ef115e71fc73dc5978987c583fc8c6b50ff12e4a5d30649a4d164a8b6ae

SHA512
ca890e785d1a0a7e0b4a748416fba417826ae66b46e600f407d4e795b444612a8b830f579f2cf5b6e051bea800604f34f8801cc3daf05c8d29ad05bcda454a77

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse905D.tmp\System.dll

Filesize
11KB

MD5
17ed1c86bd67e78ade4712be48a7d2bd

SHA1
1cc9fe86d6d6030b4dae45ecddce5907991c01a0

SHA256
bd046e6497b304e4ea4ab102cab2b1f94ce09bde0eebba4c59942a732679e4eb

SHA512
0cbed521e7d6d1f85977b3f7d3ca7ac34e1b5495b69fd8c7bfa1a846baf53b0ecd06fe1ad02a3599082ffacaf8c71a3bb4e32dec05f8e24859d736b828092cd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse905D.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse905D.tmp\nsis7z.dll

Filesize
391KB

MD5
c6a070b3e68b292bb0efc9b26e85e9cc

SHA1
5a922b96eda6595a68fd0a9051236162ff2e2ada

SHA256
66ac8bd1f273a73e17a3f31d6add739d3cb0330a6417faeda11a9cae00b62d8b

SHA512
8eff8fc16f5bb574bd9483e3b217b67a8986e31497368c06fdaa3a1e93a40aee94a5b31729d01905157b0ae1e556a402f43cd29a4d30a0587e1ec334458a44e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg5614.tmp\INetC.dll

Filesize
25KB

MD5
e7ebd034dacf96fcc0c7a35c62477d21

SHA1
cd372d0607d94b48ac84a1738ed434df4d882f22

SHA256
dc84aa66f398781fe76eecf90fc6613f729076552d4b268269228b754bfd70d2

SHA512
df367b39c7c62ba2df1d50cbe3dbc97a7a2719fae7684330b4df971f0742c3447f0beb2d295a206522bbce6fbd0053d188d159f7236b6953d35cbf51aecc1bf3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg5614.tmp\System.dll

Filesize
11KB

MD5
bf712f32249029466fa86756f5546950

SHA1
75ac4dc4808ac148ddd78f6b89a51afbd4091c2e

SHA256
7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af

SHA512
13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg5614.tmp\nsProcess.dll

Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq5695.tmp\NSISdl.dll

Filesize
14KB

MD5
a5f8399a743ab7f9c88c645c35b1ebb5

SHA1
168f3c158913b0367bf79fa413357fbe97018191

SHA256
dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9

SHA512
824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq5695.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
C:\Users\Admin\AppData\Local\UGMgames\20000006\travel-mosaics-4-adventures-in-rio\travel-mosaics-4-adventures-in-rio\TravelMosaics4_AdventuresInRio_Data\level4.resS

Filesize
128KB

MD5
845e081bdd952686663c7e45abc65cbb

SHA1
f12a30d5f7d9bb89a1acfb9acc0e49c72f78a04c

SHA256
a1694a8816f911f68e7c89dbf150bf3092941076fd07b7f956b70a82df3d1048

SHA512
98d616d35073acebbe1d51d976f3cb65d7ce082b8a20b547a5b43fc8636062851b5845cada7d4bdc8689a824508a451b09ec2ee707600a6705e7b2fb2f71ba20

Download Submit
C:\Users\Admin\AppData\Roaming\iWin Games Notifier\installer.exe

Filesize
32.0MB

MD5
7386fff8d64aa277d80b6b7ea0f45a64

SHA1
42572679c25a3e88842409967999c788ec8a332c

SHA256
5ef7a49d40bdcb083012abc017c852565987d85d58025e174c693ac6d3869a3b

SHA512
ec61e4d0f1f0efea8bc5270ece40b693d24027f06198612494d918629667d2902a757a80eba1370941925313c561d221666fdb392f05a972c406c6d645f13a55

Download Submit
memory/1128-3892-0x0000000002840000-0x0000000002A4C000-memory.dmp

Filesize
2.0MB

Download
memory/1128-3896-0x0000000002840000-0x0000000002A4C000-memory.dmp

Filesize
2.0MB

Download
memory/1128-3900-0x0000000000400000-0x000000000060C000-memory.dmp

Filesize
2.0MB

Download
memory/1128-3901-0x0000000000400000-0x000000000060C000-memory.dmp

Filesize
2.0MB

Download
memory/1128-3906-0x0000000000400000-0x000000000060C000-memory.dmp

Filesize
2.0MB

Download
memory/1128-3904-0x0000000002840000-0x0000000002A4C000-memory.dmp

Filesize
2.0MB

Download
memory/1128-3899-0x0000000000400000-0x000000000060C000-memory.dmp

Filesize
2.0MB

Download
memory/1128-3902-0x0000000002840000-0x0000000002A4C000-memory.dmp

Filesize
2.0MB

Download
memory/1128-3891-0x0000000000400000-0x000000000060C000-memory.dmp

Filesize
2.0MB

Download
memory/1400-3915-0x00000000029A0000-0x0000000002BAC000-memory.dmp

Filesize
2.0MB

Download
memory/1400-3919-0x0000000000400000-0x000000000060C000-memory.dmp

Filesize
2.0MB

Download
memory/1400-3922-0x00000000029A0000-0x0000000002BAC000-memory.dmp

Filesize
2.0MB

Download
memory/1400-3928-0x0000000000400000-0x000000000060C000-memory.dmp

Filesize
2.0MB

Download
memory/1400-3926-0x00000000029A0000-0x0000000002BAC000-memory.dmp

Filesize
2.0MB

Download
memory/1400-3920-0x0000000000400000-0x000000000060C000-memory.dmp

Filesize
2.0MB

Download
memory/1400-3921-0x0000000000400000-0x000000000060C000-memory.dmp

Filesize
2.0MB

Download
memory/1400-3911-0x00000000029A0000-0x0000000002BAC000-memory.dmp

Filesize
2.0MB

Download
memory/1500-4121-0x0000000000400000-0x000000000060C000-memory.dmp

Filesize
2.0MB

Download
memory/1500-4119-0x0000000002AE0000-0x0000000002CEC000-memory.dmp

Filesize
2.0MB

Download
memory/1500-4135-0x0000000000400000-0x000000000060C000-memory.dmp

Filesize
2.0MB

Download
memory/1500-4136-0x0000000000400000-0x000000000060C000-memory.dmp

Filesize
2.0MB

Download
memory/1500-4141-0x0000000002AE0000-0x0000000002CEC000-memory.dmp

Filesize
2.0MB

Download
memory/1500-4143-0x0000000000400000-0x000000000060C000-memory.dmp

Filesize
2.0MB

Download
memory/1500-4137-0x0000000002AE0000-0x0000000002CEC000-memory.dmp

Filesize
2.0MB

Download
memory/1500-4134-0x0000000000400000-0x000000000060C000-memory.dmp

Filesize
2.0MB

Download
memory/1500-4115-0x0000000002AE0000-0x0000000002CEC000-memory.dmp

Filesize
2.0MB

Download
memory/1836-3937-0x0000000000400000-0x000000000060C000-memory.dmp

Filesize
2.0MB

Download
memory/1836-3929-0x0000000002720000-0x000000000292C000-memory.dmp

Filesize
2.0MB

Download
memory/1836-3944-0x0000000002720000-0x000000000292C000-memory.dmp

Filesize
2.0MB

Download
memory/1836-3946-0x0000000000400000-0x000000000060C000-memory.dmp

Filesize
2.0MB

Download
memory/1836-3933-0x0000000002720000-0x000000000292C000-memory.dmp

Filesize
2.0MB

Download
memory/1836-3939-0x0000000000400000-0x000000000060C000-memory.dmp

Filesize
2.0MB

Download
memory/1836-3940-0x0000000002720000-0x000000000292C000-memory.dmp

Filesize
2.0MB

Download
memory/1836-3938-0x0000000000400000-0x000000000060C000-memory.dmp

Filesize
2.0MB

Download
memory/3120-1536-0x00007FFD3D1E0000-0x00007FFD3D496000-memory.dmp

Filesize
2.7MB

Download
memory/3120-1537-0x00007FFD3B2A0000-0x00007FFD3C350000-memory.dmp

Filesize
16.7MB

Download
memory/3120-1535-0x00007FFD51DD0000-0x00007FFD51E04000-memory.dmp

Filesize
208KB

Download
memory/3120-1534-0x00007FF608500000-0x00007FF6085F8000-memory.dmp

Filesize
992KB

Download
memory/5260-2398-0x0000000000D70000-0x0000000000D71000-memory.dmp

Filesize
4KB

Download
memory/5692-2392-0x00000000017A0000-0x00000000017A1000-memory.dmp

Filesize
4KB

Download
memory/5720-4120-0x0000000000400000-0x0000000001F97000-memory.dmp

Filesize
27.6MB

Download
memory/5720-4161-0x0000000004180000-0x000000000438C000-memory.dmp

Filesize
2.0MB

Download
memory/5720-4156-0x0000000000400000-0x0000000001F97000-memory.dmp

Filesize
27.6MB

Download
memory/5720-4152-0x0000000000400000-0x0000000001F97000-memory.dmp

Filesize
27.6MB

Download
memory/5720-4109-0x0000000004180000-0x000000000438C000-memory.dmp

Filesize
2.0MB

Download
memory/5720-4113-0x0000000004180000-0x000000000438C000-memory.dmp

Filesize
2.0MB

Download
memory/5720-4350-0x0000000000400000-0x0000000001F97000-memory.dmp

Filesize
27.6MB

Download