026d681fb89031b74ca874bac275cd435534ae066b43c8e51b04d9b82558339c

Analysis

max time kernel
607s
max time network
1176s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
20/08/2024, 16:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

setup.exe
Size

2.6MB
MD5

b3d10c2ff044dbca8f0d15f03925b105
SHA1

2259255c190241f5a8e6e18c74bf2bb4724f7aa9
SHA256

3adecd3e1dc942ffefe7a429cceb774030b89b40a9c1556fdd20d54e7e9996d3
SHA512

7aff9b263f7b73e831ce3a6771f7cdd69cab96ea9b8304a0ee8362e1c2b737bdc0acc07b202bb84449d0160bbab9f628b7e1e24097babd09bfb52f4789323049
SSDEEP

49152:w73UUTfHju2BuppUDms0fOjKODCrWurHXqVbhu8gJ+7WmA7R:o3tazUFrKODCrWur6lI1mK

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2692	setup.tmp
2140	lzma2.exe

Loads dropped DLL 15 IoCs

pid	Process
2636	setup.exe
2692	setup.tmp
2692	setup.tmp
2692	setup.tmp
2692	setup.tmp
2692	setup.tmp
2692	setup.tmp
2692	setup.tmp
2692	setup.tmp
2692	setup.tmp
2140	lzma2.exe
2692	setup.tmp
2692	setup.tmp
2692	setup.tmp
2692	setup.tmp

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
285	raw.githubusercontent.com
286	raw.githubusercontent.com
309	raw.githubusercontent.com

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Among Us\Among Us_Data\il2cpp_data\etc\mono\2.0\machine.config	setup.tmp
File created	C:\Program Files (x86)\Among Us\Among Us_Data\resources.assets.resS	setup.tmp
File opened for modification	C:\Program Files (x86)\Among Us\Among Us_Data\StreamingAssets\aa	setup.tmp
File created	C:\Program Files (x86)\Among Us\Among Us_Data\level7	setup.tmp
File created	C:\Program Files (x86)\Among Us\Among Us_Data\StreamingAssets\aa\Itch\StandaloneWindows\initialcosmetics_assets_all.bundle	setup.tmp
File opened for modification	C:\Program Files (x86)\Among Us\Among Us_Data\il2cpp_data\etc\mono\4.0\settings.map	setup.tmp
File created	C:\Program Files (x86)\Among Us\Among Us_Data\il2cpp_data\etc\mono\config	setup.tmp
File created	C:\Program Files (x86)\Among Us\Among Us_Data\sharedassets8.assets	setup.tmp
File created	C:\Program Files (x86)\Among Us\Among Us_Data\StreamingAssets\aa\Itch\StandaloneWindows\2024beanbundle1_assets_all.bundle	setup.tmp
File opened for modification	C:\Program Files (x86)\Among Us\Among Us_Data\level9	setup.tmp
File created	C:\Program Files (x86)\Among Us\Among Us_Data\il2cpp_data\etc\mono\4.0\DefaultWsdlHelpGenerator.aspx	setup.tmp
File opened for modification	C:\Program Files (x86)\Among Us\Among Us_Data\il2cpp_data\Resources\Sentry.System.Text.Encodings.Web.dll-resources.dat	setup.tmp
File opened for modification	C:\Program Files (x86)\Among Us\Among Us_Data\StreamingAssets\UnityServicesProjectConfiguration.json	setup.tmp
File created	C:\Program Files (x86)\Among Us\Among Us_Data\il2cpp_data\etc\mono\4.0\machine.config	setup.tmp
File created	C:\Program Files (x86)\Among Us\Among Us_Data\il2cpp_data\Resources\Sentry.System.Buffers.dll-resources.dat	setup.tmp
File opened for modification	C:\Program Files (x86)\Among Us\UnityPlayer.dll	setup.tmp
File created	C:\Program Files (x86)\Among Us\Among Us_Data\sharedassets2.assets.resS	setup.tmp
File opened for modification	C:\Program Files (x86)\Among Us\Among Us_Data\il2cpp_data\etc\mono	setup.tmp
File created	C:\Program Files (x86)\Among Us\Among Us_Data\level3	setup.tmp
File opened for modification	C:\Program Files (x86)\Among Us\Among Us_Data\il2cpp_data\etc\mono\4.0\DefaultWsdlHelpGenerator.aspx	setup.tmp
File opened for modification	C:\Program Files (x86)\Among Us\Among Us_Data\il2cpp_data\etc\mono\2.0\Browsers\Compat.browser	setup.tmp
File created	C:\Program Files (x86)\Among Us\Among Us_Data\sharedassets3.assets	setup.tmp
File opened for modification	C:\Program Files (x86)\Among Us\Among Us_Data\il2cpp_data\etc\mono\4.5\Browsers\Compat.browser	setup.tmp
File created	C:\Program Files (x86)\Among Us\Icon.ico	setup.tmp
File opened for modification	C:\Program Files (x86)\Among Us\Among Us_Data\sharedassets7.assets.resS	setup.tmp
File created	C:\Program Files (x86)\Among Us\Among Us_Data\sharedassets8.assets.resS	setup.tmp
File created	C:\Program Files (x86)\Among Us\Among Us_Data\sharedassets2.resource	setup.tmp
File opened for modification	C:\Program Files (x86)\Among Us\Among Us_Data\il2cpp_data\etc\mono\mconfig\config.xml	setup.tmp
File opened for modification	C:\Program Files (x86)\Among Us\GameAssembly.dll	setup.tmp
File opened for modification	C:\Program Files (x86)\Among Us\Among Us_Data\StreamingAssets\CustomAssetPacksData.json	setup.tmp
File created	C:\Program Files (x86)\Among Us\Among Us_Data\il2cpp_data\etc\mono\4.0\web.config	setup.tmp
File created	C:\Program Files (x86)\Among Us\Among Us_Data\il2cpp_data\Resources\Sentry.System.Text.Encodings.Web.dll-resources.dat	setup.tmp
File created	C:\Program Files (x86)\Among Us\Among Us_Data\sharedassets1.assets.resS	setup.tmp
File opened for modification	C:\Program Files (x86)\Among Us\Among Us_Data\StreamingAssets\aa\AddressablesLink\link.xml	setup.tmp
File opened for modification	C:\Program Files (x86)\Among Us\Among Us_Data\il2cpp_data\etc\mono\4.5\Browsers	setup.tmp
File opened for modification	C:\Program Files (x86)\Among Us\Among Us_Data\resources.assets.resS	setup.tmp
File opened for modification	C:\Program Files (x86)\Among Us\Among Us_Data	setup.tmp
File opened for modification	C:\Program Files (x86)\Among Us\Among Us_Data\il2cpp_data\etc\mono\config	setup.tmp
File created	C:\Program Files (x86)\Among Us\Among Us_Data\il2cpp_data\etc\mono\2.0\Browsers\Compat.browser	setup.tmp
File created	C:\Program Files (x86)\Among Us\Among Us_Data\il2cpp_data\Resources\mscorlib.dll-resources.dat	setup.tmp
File created	C:\Program Files (x86)\Among Us\Among Us_Data\il2cpp_data\Resources\Sentry.System.Reflection.Metadata.dll-resources.dat	setup.tmp
File opened for modification	C:\Program Files (x86)\Among Us\Among Us_Data\level0	setup.tmp
File opened for modification	C:\Program Files (x86)\Among Us\Among Us_Data\sharedassets7.assets	setup.tmp
File created	C:\Program Files (x86)\Among Us\Among Us_Data\il2cpp_data\etc\mono\4.5\web.config	setup.tmp
File created	C:\Program Files (x86)\Among Us\Among Us_Data\il2cpp_data\etc\mono\2.0\settings.map	setup.tmp
File created	C:\Program Files (x86)\Among Us\Among Us_Data\sharedassets5.assets	setup.tmp
File opened for modification	C:\Program Files (x86)\Among Us\Among Us_Data\sharedassets8.assets	setup.tmp
File created	C:\Program Files (x86)\Among Us\Among Us_Data\Plugins\x86\discord_game_sdk.dll	setup.tmp
File opened for modification	C:\Program Files (x86)\Among Us\Among Us_Data\sharedassets2.assets.resS	setup.tmp
File opened for modification	C:\Program Files (x86)\Among Us\Among Us_Data\sharedassets0.assets	setup.tmp
File created	C:\Program Files (x86)\Among Us\Among Us_Data\sharedassets9.assets	setup.tmp
File created	C:\Program Files (x86)\Among Us\Among Us_Data\Plugins\x86\sentry.dll	setup.tmp
File opened for modification	C:\Program Files (x86)\Among Us\Among Us_Data\Resources\AmongUsHelper.exe	setup.tmp
File created	C:\Program Files (x86)\Among Us\Among Us_Data\Resources\unity default resources	setup.tmp
File created	C:\Program Files (x86)\Among Us\Among Us_Data\il2cpp_data\Resources\Sentry.System.Text.Json.dll-resources.dat	setup.tmp
File created	C:\Program Files (x86)\Among Us\Among Us_Data\resources.resource	setup.tmp
File opened for modification	C:\Program Files (x86)\Among Us\Among Us_Data\sharedassets1.assets.resS	setup.tmp
File created	C:\Program Files (x86)\Among Us\is-K9LSK.tmp	setup.tmp
File opened for modification	C:\Program Files (x86)\Among Us\Among Us_Data\globalgamemanagers.assets	setup.tmp
File created	C:\Program Files (x86)\Among Us\Among Us_Data\StreamingAssets\aa\Itch\StandaloneWindows\0e13d00f4e855a64ab6bfe6989b0ff98_unitybuiltinshaders.bundle	setup.tmp
File opened for modification	C:\Program Files (x86)\Among Us\Among Us_Data\StreamingAssets\aa\Itch\StandaloneWindows\2024_birthday_beans_assets_all.bundle	setup.tmp
File opened for modification	C:\Program Files (x86)\Among Us\Among Us_Data\StreamingAssets\aa\Itch\StandaloneWindows\referencedatagroup_assets_all.bundle	setup.tmp
File opened for modification	C:\Program Files (x86)\Among Us\Among Us_Data\sharedassets8.assets.resS	setup.tmp
File created	C:\Program Files (x86)\Among Us\Among Us_Data\level5	setup.tmp

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	lzma2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 53 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430332903"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 300f0f6f1df3da01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000062974e5b5f804e45b98349be16bffb78000000000200000000001066000000010000200000000c9149251f9068a835613d5bc527bd9e6f09e98035203cf0a28cf29de9ef0805000000000e80000000020000200000007534fb11890270af48801308c535b1a27628a697781a6067abf403bd0251a295900000007ad82d0c1274bdf05439a7c8f420e54c09fba8d9e8095879d3d07ae2b6abf1781bc74c6c439d777eae815eb1e21e9cca6df689b650492c0acaa168d149653950ebb78b62082518ca13f5fea7d5b540c037101240b89dd7c4b2eb0a2abddccfda6e388122d3c9b78c9fea4fd752529f37901e244dedd84a5271b8e41f9c27143c6e49aa8faacb8f6ce55d8fd41e999b9b400000006f2f9ef8062be49021ceebbb09bc030fc5f7eeb4dd2cc6edae55af6cb46d41c30c9239f28b01bfc9df5e154ded313d4c7bcd9a09be0acfbfa894cd22db5aac92	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\itorrents-igruha.org\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "24"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "8"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\itorrents-igruha.org\ = "24"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\itorrents-igruha.org\Total = "24"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\itorrents-igruha.org\ = "8"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000062974e5b5f804e45b98349be16bffb7800000000020000000000106600000001000020000000babc4e48c4c12a18d47eb4985b24d2346da286e873783ff88cd9be7a805e48e1000000000e80000000020000200000006a14d0b30d660bbe35bc51a52f340f45f307fb410f78ee2baa0e243d5102f58b2000000060b4ba589899a37955cef3e47859276ba364b8f2499bcd915532525a05f6fa634000000006a74325349f1fa975fa2550d272374a01aafc16e6a7507e685e433bc68b8255c0c804e16f774d99a96ce636510376c7c969e2acf9589622e2f3e16d56c90949	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\itorrents-igruha.org	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\itorrents-igruha.org\Total = "8"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9852D701-5F10-11EF-B903-D22B03723C32} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2692	setup.tmp
2692	setup.tmp
2880	chrome.exe
2880	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeRestorePrivilege	2140	lzma2.exe
Token: 35	2140	lzma2.exe
Token: SeSecurityPrivilege	2140	lzma2.exe
Token: SeShutdownPrivilege	2880	chrome.exe
Token: SeShutdownPrivilege	2880	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2692	setup.tmp
2692	setup.tmp
2624	iexplore.exe
2880	chrome.exe
2880	chrome.exe
2880	chrome.exe
2880	chrome.exe
2880	chrome.exe
2880	chrome.exe
2880	chrome.exe
2880	chrome.exe
2880	chrome.exe
2880	chrome.exe
2880	chrome.exe
2880	chrome.exe
2880	chrome.exe
2880	chrome.exe
2880	chrome.exe
2880	chrome.exe
2880	chrome.exe
2880	chrome.exe
2880	chrome.exe
2880	chrome.exe
2880	chrome.exe
2880	chrome.exe
2880	chrome.exe
2880	chrome.exe
2880	chrome.exe
2880	chrome.exe
2880	chrome.exe
2880	chrome.exe
2880	chrome.exe
2880	chrome.exe
2880	chrome.exe
2880	chrome.exe
2880	chrome.exe
2880	chrome.exe
2880	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2880	chrome.exe
2880	chrome.exe
2880	chrome.exe
2880	chrome.exe
2880	chrome.exe
2880	chrome.exe
2880	chrome.exe
2880	chrome.exe
2880	chrome.exe
2880	chrome.exe
2880	chrome.exe
2880	chrome.exe
2880	chrome.exe
2880	chrome.exe
2880	chrome.exe
2880	chrome.exe
2880	chrome.exe
2880	chrome.exe
2880	chrome.exe
2880	chrome.exe
2880	chrome.exe
2880	chrome.exe
2880	chrome.exe
2880	chrome.exe
2880	chrome.exe
2880	chrome.exe
2880	chrome.exe
2880	chrome.exe
2880	chrome.exe
2880	chrome.exe
2880	chrome.exe
2880	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2624	iexplore.exe
2624	iexplore.exe
2364	IEXPLORE.EXE
2364	IEXPLORE.EXE
2364	IEXPLORE.EXE
2364	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2636 wrote to memory of 2692	2636	setup.exe	30
PID 2636 wrote to memory of 2692	2636	setup.exe	30
PID 2636 wrote to memory of 2692	2636	setup.exe	30
PID 2636 wrote to memory of 2692	2636	setup.exe	30
PID 2636 wrote to memory of 2692	2636	setup.exe	30
PID 2636 wrote to memory of 2692	2636	setup.exe	30
PID 2636 wrote to memory of 2692	2636	setup.exe	30
PID 2692 wrote to memory of 2140	2692	setup.tmp	31
PID 2692 wrote to memory of 2140	2692	setup.tmp	31
PID 2692 wrote to memory of 2140	2692	setup.tmp	31
PID 2692 wrote to memory of 2140	2692	setup.tmp	31
PID 2692 wrote to memory of 2624	2692	setup.tmp	34
PID 2692 wrote to memory of 2624	2692	setup.tmp	34
PID 2692 wrote to memory of 2624	2692	setup.tmp	34
PID 2692 wrote to memory of 2624	2692	setup.tmp	34
PID 2624 wrote to memory of 2364	2624	iexplore.exe	35
PID 2624 wrote to memory of 2364	2624	iexplore.exe	35
PID 2624 wrote to memory of 2364	2624	iexplore.exe	35
PID 2624 wrote to memory of 2364	2624	iexplore.exe	35
PID 2880 wrote to memory of 1928	2880	chrome.exe	38
PID 2880 wrote to memory of 1928	2880	chrome.exe	38
PID 2880 wrote to memory of 1928	2880	chrome.exe	38
PID 2880 wrote to memory of 1484	2880	chrome.exe	40
PID 2880 wrote to memory of 1484	2880	chrome.exe	40
PID 2880 wrote to memory of 1484	2880	chrome.exe	40
PID 2880 wrote to memory of 1484	2880	chrome.exe	40
PID 2880 wrote to memory of 1484	2880	chrome.exe	40
PID 2880 wrote to memory of 1484	2880	chrome.exe	40
PID 2880 wrote to memory of 1484	2880	chrome.exe	40
PID 2880 wrote to memory of 1484	2880	chrome.exe	40
PID 2880 wrote to memory of 1484	2880	chrome.exe	40
PID 2880 wrote to memory of 1484	2880	chrome.exe	40
PID 2880 wrote to memory of 1484	2880	chrome.exe	40
PID 2880 wrote to memory of 1484	2880	chrome.exe	40
PID 2880 wrote to memory of 1484	2880	chrome.exe	40
PID 2880 wrote to memory of 1484	2880	chrome.exe	40
PID 2880 wrote to memory of 1484	2880	chrome.exe	40
PID 2880 wrote to memory of 1484	2880	chrome.exe	40
PID 2880 wrote to memory of 1484	2880	chrome.exe	40
PID 2880 wrote to memory of 1484	2880	chrome.exe	40
PID 2880 wrote to memory of 1484	2880	chrome.exe	40
PID 2880 wrote to memory of 1484	2880	chrome.exe	40
PID 2880 wrote to memory of 1484	2880	chrome.exe	40
PID 2880 wrote to memory of 1484	2880	chrome.exe	40
PID 2880 wrote to memory of 1484	2880	chrome.exe	40
PID 2880 wrote to memory of 1484	2880	chrome.exe	40
PID 2880 wrote to memory of 1484	2880	chrome.exe	40
PID 2880 wrote to memory of 1484	2880	chrome.exe	40
PID 2880 wrote to memory of 1484	2880	chrome.exe	40
PID 2880 wrote to memory of 1484	2880	chrome.exe	40
PID 2880 wrote to memory of 1484	2880	chrome.exe	40
PID 2880 wrote to memory of 1484	2880	chrome.exe	40
PID 2880 wrote to memory of 1484	2880	chrome.exe	40
PID 2880 wrote to memory of 1484	2880	chrome.exe	40
PID 2880 wrote to memory of 1484	2880	chrome.exe	40
PID 2880 wrote to memory of 1484	2880	chrome.exe	40
PID 2880 wrote to memory of 1484	2880	chrome.exe	40
PID 2880 wrote to memory of 1484	2880	chrome.exe	40
PID 2880 wrote to memory of 1484	2880	chrome.exe	40
PID 2880 wrote to memory of 1484	2880	chrome.exe	40
PID 2880 wrote to memory of 1484	2880	chrome.exe	40
PID 2880 wrote to memory of 604	2880	chrome.exe	41
PID 2880 wrote to memory of 604	2880	chrome.exe	41
PID 2880 wrote to memory of 604	2880	chrome.exe	41

C:\Users\Admin\AppData\Local\Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\setup.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2636
- C:\Users\Admin\AppData\Local\Temp\is-LFG0D.tmp\setup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-LFG0D.tmp\setup.tmp" /SL5="$400F4,2164130,699392,C:\Users\Admin\AppData\Local\Temp\setup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:2692
- - C:\Users\Admin\AppData\Local\Temp\is-K9IR5.tmp\lzma2.exe
    lzma2 x -txz -mmt=6 -an -y -si -so
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    PID:2140
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://ti-url.com/among-us
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2624
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2624 CREDAT:275457 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:2364

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef67c9758,0x7fef67c9768,0x7fef67c9778
  2⤵
  PID:1928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=1212,i,18111982632117251292,3731153076256857715,131072 /prefetch:2
  2⤵
  PID:1484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1512 --field-trial-handle=1212,i,18111982632117251292,3731153076256857715,131072 /prefetch:8
  2⤵
  PID:604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1604 --field-trial-handle=1212,i,18111982632117251292,3731153076256857715,131072 /prefetch:8
  2⤵
  PID:1992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2256 --field-trial-handle=1212,i,18111982632117251292,3731153076256857715,131072 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2296 --field-trial-handle=1212,i,18111982632117251292,3731153076256857715,131072 /prefetch:1
  2⤵
  PID:616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=3196 --field-trial-handle=1212,i,18111982632117251292,3731153076256857715,131072 /prefetch:2
  2⤵
  PID:1632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2552 --field-trial-handle=1212,i,18111982632117251292,3731153076256857715,131072 /prefetch:1
  2⤵
  PID:2864

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2540

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef67c9758,0x7fef67c9768,0x7fef67c9778
  2⤵
  PID:2420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1144 --field-trial-handle=1288,i,9690934595525649188,9044564261115330145,131072 /prefetch:2
  2⤵
  PID:1924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1504 --field-trial-handle=1288,i,9690934595525649188,9044564261115330145,131072 /prefetch:8
  2⤵
  PID:1192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1556 --field-trial-handle=1288,i,9690934595525649188,9044564261115330145,131072 /prefetch:8
  2⤵
  PID:1160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2140 --field-trial-handle=1288,i,9690934595525649188,9044564261115330145,131072 /prefetch:1
  2⤵
  PID:2020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2148 --field-trial-handle=1288,i,9690934595525649188,9044564261115330145,131072 /prefetch:1
  2⤵
  PID:948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1396 --field-trial-handle=1288,i,9690934595525649188,9044564261115330145,131072 /prefetch:2
  2⤵
  PID:1532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1376 --field-trial-handle=1288,i,9690934595525649188,9044564261115330145,131072 /prefetch:1
  2⤵
  PID:2908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3684 --field-trial-handle=1288,i,9690934595525649188,9044564261115330145,131072 /prefetch:8
  2⤵
  PID:2340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3704 --field-trial-handle=1288,i,9690934595525649188,9044564261115330145,131072 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3800 --field-trial-handle=1288,i,9690934595525649188,9044564261115330145,131072 /prefetch:1
  2⤵
  PID:2676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 --field-trial-handle=1288,i,9690934595525649188,9044564261115330145,131072 /prefetch:8
  2⤵
  PID:2248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3776 --field-trial-handle=1288,i,9690934595525649188,9044564261115330145,131072 /prefetch:1
  2⤵
  PID:1680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3788 --field-trial-handle=1288,i,9690934595525649188,9044564261115330145,131072 /prefetch:1
  2⤵
  PID:2040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3976 --field-trial-handle=1288,i,9690934595525649188,9044564261115330145,131072 /prefetch:1
  2⤵
  PID:2212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3828 --field-trial-handle=1288,i,9690934595525649188,9044564261115330145,131072 /prefetch:1
  2⤵
  PID:1360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3912 --field-trial-handle=1288,i,9690934595525649188,9044564261115330145,131072 /prefetch:8
  2⤵
  PID:3000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3944 --field-trial-handle=1288,i,9690934595525649188,9044564261115330145,131072 /prefetch:8
  2⤵
  PID:2360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3792 --field-trial-handle=1288,i,9690934595525649188,9044564261115330145,131072 /prefetch:1
  2⤵
  PID:2088

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:808

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Among Us\Among Us_Data\il2cpp_data\etc\mono\4.5\Browsers\Compat.browser

Filesize
1KB

MD5
0d831c1264b5b32a39fa347de368fe48

SHA1
187dff516f9448e63ea5078190b3347922c4b3eb

SHA256
8a1082057ac5681dcd4e9c227ed7fb8eb42ac1618963b5de3b65739dd77e2741

SHA512
4b7549eda1f8ed2c4533d056b62ca5030445393f9c6003e5ee47301ff7f44b4bd5022b74d54f571aa890b6e4593c6eded1a881500ac5ba2a720dc0ff280300af

Download Submit
C:\Program Files (x86)\Among Us\Among Us_Data\il2cpp_data\etc\mono\4.5\DefaultWsdlHelpGenerator.aspx

Filesize
59KB

MD5
f7be9f1841ff92f9d4040aed832e0c79

SHA1
b3e4b508aab3cf201c06892713b43ddb0c43b7ae

SHA256
751861040b69ea63a3827507b7c8da9c7f549dc181c1c8af4b7ca78cc97d710a

SHA512
380e97f7c17ee0fdf6177ed65f6e30de662a33a8a727d9f1874e9f26bd573434c3dedd655b47a21b998d32aaa72a0566df37e901fd6c618854039d5e0cbef3f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
854B

MD5
e935bc5762068caf3e24a2683b1b8a88

SHA1
82b70eb774c0756837fe8d7acbfeec05ecbf5463

SHA256
a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d

SHA512
bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1

Filesize
867B

MD5
c5dfb849ca051355ee2dba1ac33eb028

SHA1
d69b561148f01c77c54578c10926df5b856976ad

SHA256
cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b

SHA512
88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
67566378a69c96d7bc1af44679c01b21

SHA1
5d2514552b35f5a585919767b48a63603aed98e9

SHA256
2d040d83a00d59446a09d7ddae5b6a36598d546c44204dcf90990734e759d7e3

SHA512
6866a28d7b1e49bbf3bd28ea536974ed7e294ff7baf1df1e54d7d402d493cf547b27fef4ff3f9d35d87a72630739b43acdc3101a75c047c3d6cdbf897f28c9b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
003535e2cea2bd03f489f5ac0d6d8d5d

SHA1
b442daa24e014e37e24c5beebfcac7ef779f9bb8

SHA256
73c6cad1204401ee0f4090f1ef117667dba27b814c0d3fe82cb60fa4d0b620ec

SHA512
d9f423506a167930e43d6ec07b728fbb3bdba92c5504002344efc2caad62fffeec8ac6200b368d75a0b582193e718992bd7fb099967f74da42bc008f7b25c23a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
47fcdbf73c3e48851b12ae871b4c8617

SHA1
900325a50c714489f2242b22bb0949e23b509a4b

SHA256
d25f81a5f4d7589401aba72d314e8ac2ee82840c9004e5d6a7f49ff0599b7154

SHA512
5840ebad3f16d33733a22593ab255f5af3a3901d7055aba211db040eb323d0e934b83751f917d81d70efa5daf8d30aaa919f6944c9951a0d93c3d341efd4cdc2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
632ff1471f2883f742002c0728fa9627

SHA1
a850ff1915a5c9c5423aea4d52c6523a01a9a202

SHA256
5a2fd58264b14505078bd280cd48667ff36dbb80a38581014253e7c450a72175

SHA512
9ec8208e8bc44d59154dee9c542020bea9435b1dadd2ff75c2c234817ce6c36c1f0971d8e77f84610e29f3aae924a63b3cbf8193be57d49d4036c4929468aaf8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6cef959fa52df3b5f1cfafd050586427

SHA1
ca50113856419ceab5c0c4eb907dcf994d85f670

SHA256
fce3c62ceb0b226300e9758da96727d4a9875cb330c3e3fae066bfb7758f8a48

SHA512
7d1dee542ca8edb79e1f686ded9f6e4ac729ddb4c118daedb3c6f877a11f2a14fcf4ebb2738286303fc0542e646ce8a27808519aee497933fe1226e39d36a4cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
125062e3af0196b8d13609f1227f6b7f

SHA1
88c6079eb6aff4a01d48add59d04c78b487dce46

SHA256
a11ce341a3ee75716f5f4ef44b568920f7ba046b65a40c231dc5347c747dfaab

SHA512
b71fe91d37ed4f8602f9584b830be6e891f4ca3bf4a86508c30ac67b63b62f564a5202c45699b122a0db0942c3fafdbefd27c0170265f390dcdeb766ac2b2e16

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b63a43336419a59f904b4d23d6c326dc

SHA1
c4f69e12c9f304328b6d707d396a0c7fc113bf32

SHA256
16b70db8b76750d2728378d280246c92c6631d2e643a117d1f50e777467f128b

SHA512
f8c87b2f5a9d796e571b25a07405b9303f5343b2d9fae196385004aeff62b6fafabb11fd96aabca233204c31914157191d6cb67e7c429cb15259a26be90f1086

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
40ca464ef8b2de6e45249e0a741b71d4

SHA1
d763ab2ca3198597825f781a5e788293830cddba

SHA256
b57d13636e05c26ab79b298673deb53d2e3775b5e6cca82dff55c53237f47ffa

SHA512
e43b7641acdaed26d5647a4ed909de370e7e774eb6267faf5e517278e87b8723132dac3df9e0b121d92bb5605e7b914d03c30bb8bbf2c41ce65eeecda930b168

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5a79153810148b43919ddf3a9fc77191

SHA1
3315b392ed3e56a6397d4c53ff47feb1c2721115

SHA256
ce61f53797a6afcdc9f2d815cd404fb68375bf583bdc0caa1d84eba68c6acdb7

SHA512
671fbc65b6d04240c3e9520bdc2bcb7a5755aedbca9ae99030c990778d2f3e04e7a1b9d7ab231c8b8d06e413b3ccf4b8c27990bc9d295642767a103ae055924c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b8cba8c08e45f5db29d3c52ddc4b26e3

SHA1
9e0e66e3e29d9d4fc2aaacaaa7c995db908cf98a

SHA256
0ce55c19900f361d64db2f738ebd97498133c63abb348026f27e8f8b80b83651

SHA512
5086cd95e525ea7e573e6e18ea7e646f14b57baaffd637a0c3138d00ad88a60b187c0656077669973e49b28d5af6ed6f54586daa07e75c83592e91e7fa56aba2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
768d545291b377dad7c218993be53d05

SHA1
5a9dd3e8eca2dc6d4eeae495b34da06130609fe6

SHA256
d0fcede25108661e226e43239fb9b36c546e05793d757b131c7aec749ae4564e

SHA512
c66db8a9f2eed5b6640968eef6313eaa0387f46bf072afe30598dffdca1138814b33a79627abf42b08ffc636d43c425367466246115e6125f44eddae956610f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1bf6446aa007203845c2ca8cb35996ca

SHA1
c80ddd553d81894cbdac650cf9e15c8c14b78882

SHA256
a2c95cf1f2ab5004560c2eb98b8c1cdc8369656dde874152b6221737345a7ce2

SHA512
71b26349e3646f7bce5d08ef18e17ff3027f5f1286f2d107cfd2dc113fd651be489b4bcd468a33e34cbe96e3f85dc0460b40cb796c0e583dfdefe8ffdaaed596

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
68d97b38dc3e1cd25154f6bd89b3d086

SHA1
9ec283908cd36452ef10a780e60b13ee7848ab7d

SHA256
a2a75baf1d14947b77ca7ad4d947e45aa76e4c9858566f2d36ad095485fef264

SHA512
14ac91ab9e4569a8d58a13492343e60679b5191b874c581d7c8e5ae1ad75f17a901bb10c219ffab8000ba96394e2c19c92ea712ab17a361141dbae60bd4ffb85

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eabd297906a3884ea81c01ed33b1aadd

SHA1
62a8c7465ed68879e719002e54a9fab0b6a2b542

SHA256
10c5d20a29af3c043ab95967c61ddfed5c6f9f880df9405b672a670302de710e

SHA512
5d4eabd968db51f15da83ffd00d54909174d14297964a3060933315748dc46d7fb6de9e5b3072680fef7e60ac0f64439b830ab37107f00b5182dc7a9c4a2ca34

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
783ccefd7365efe0b8351dbefe1f2dfe

SHA1
30643d261397d33240a3e5248e7dfd3aea282e31

SHA256
dde845bac50788fdf65353d0e24266f9be13a669827e453f8c0e15a53ad1753d

SHA512
501f8f8d24511423631b1cc9c0c328658f463436815dc1939633980908e36fb45b7009aa8d1c0a4ea797194ac63ea2d232565ca2c3b98ea7b951d23ad244b1f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1c206eb677a810b1185cd249240056fc

SHA1
ddf2f802a79f0ee9271f1df2cce162fca7f48953

SHA256
d2d06089fd9fb8081a4754f77c032f2315255b74e31c29abeaa7f9272861004c

SHA512
a3524df3f1812ad2acea8abc18a793409c54c3e65a45b69ce215169438e88c4a63a0c4baf0509c64a21cb8eb88696d759cea31aab5f2fc8237273ad29a511894

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0f277a1e8b01eaff6350cc207926b90b

SHA1
cbc08975eabbdc602fbefc98de2b9c9a3e5fae2e

SHA256
7e4e45f2c3ea57267a5f98025e3fbc8dbc3cf08fad74ec5538606d6fe99fad5e

SHA512
9243c4af401449e4efceee9f50290411505a47d2847c6777dd0ffee6ed11d253042b4adc0b300bfdaa1df6f6097b1b3c9af607b64b809d5ccf1f3651f59501d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7c8995ca88811f37967a944d271d138a

SHA1
e3499be49a3f313bfe017a053c7f35302abc39df

SHA256
74fb24a754dacc4016f7db48520df0d40c31f5952edb2245e8f2eb32aea2fd74

SHA512
46de3e0c73efc81d533e2c884fc1246fb18d068715b57fdee04c0b47faa29ec1965307a1dce95814aea8d93998df989f01dec233d45995060c6e14786e1149fa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
80a0ba5dd4aec7d085a199dcce59e940

SHA1
34258407c1d253737d9926f381bf2c212cba3626

SHA256
219e22ed56dc71722073e8ac670fd56cd1e2119d26a8467caeef74cd58feaf83

SHA512
24b2ec56294790488f8032ab69945652a47ed85ace325ff4a00e2e34e80b903b2f8d46b60095a0c799d483b11589dee4545b5168071c64aed955921597c6d295

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5e05d1d457b480cd9fae3a0f8ca61840

SHA1
0c61d915146c4c9f3751cbba4ea8ab7778d9964f

SHA256
24f7bdd54817b98d637e206dd4b7577076c888a921dff9b585947ab00fafe3b9

SHA512
0c9061ff9cb256accc46ddd1c05ae3444825b31c1db0cc53ef13eff2a93bb3f05140aaac96ef1a4a2ecd7dd28996f4182ffe9956c327636052a91ba04efdea02

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ce60afe51549670d20f492c5149cad6d

SHA1
3ca1391c185d5f1fe91fcfc24215bc22af7b714f

SHA256
982037d920d6478a46f3bc0ec5a8daf64d92722969cecd2068f2f5bd047aa8e0

SHA512
f94bbefa0315ce8480b6e558699758c7a74092d0688388f735f38cbf011ff9e5166568716b4598312b03a2c64ecd4d018c49fba2278f6316a32eafe9a8d9c891

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
96f6e7ad790ca9f42df0ed4dc60c3c77

SHA1
dcf1e9b8a5f9eb4dc77196d9665be4caca94861e

SHA256
56d5565ccdc93e4249197db2e3e5ee5e108222c259af88b019d2b3318b7885c9

SHA512
75871a66041c6650bbe3a4c20e7b458954bc691da3fee69d834a34d18725b88756971e7a61cd1367015391a7bc81f5864ed2d16b661186eb8339708754d0e599

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9393dd097072bc3d5348cb2ba0c19207

SHA1
9bea357f4eed7f350fd7510a4c228521875c9347

SHA256
8816e06d95e23b159dc50b2145c649a1b3f9d167f2359565ca0c5688a3bdcfd7

SHA512
9b34a81b56119fad2549b8745bc9317042bff94a97edcae2ffebf3286829d8bef99927633d2a3d396e9f80b99b1acb71224b4ceeeed2e5daabc055a6efe3a1a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a0dafa7330fee99ea3bc222eebf25db7

SHA1
bee51e2e153454d2eb77922ffeb4a075fb2395c7

SHA256
5c1a159026a67a76a5e0691afd8c87cb0e39547010c29388d8c1dafac333c5f1

SHA512
d752d9abaed8f87d56b78bcf94cc7798e3d166970ba85c73db47ffcb787baa955f7ef5d8677954a95d042db8feec22a40824a1ce0ac50c0b9b27b39f92dec810

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5e8bacbbf8814018fab7e833d42f9523

SHA1
e649358ae944a7a008199cc80af394592d6dcd9c

SHA256
207ca5507d9b8218248bbbb7f942c7820356e3714fe332a885b58eb92b32796d

SHA512
aabe378917ecc23d553cd49622a40b62730255d4c92e5aa57d6b5f156601f74da0e82a730f827f474151eb39534828022c05a082bdbc1d85a75911bd24767ab3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
01b1e96aae3448a6ccf1398379508055

SHA1
2b9837ead043ac2c216f56273dfc18b03dee1d72

SHA256
fe9b934aeb3c61bd4f2434cd7507722829fad5afdffd2b8d5ba77739e3980adc

SHA512
b8ee168139571a532e7f320d6c72cbd6fc6219638e300fcd66d70ba63cacbf5acd13d943d973d2ac7cc2390da5da9c350d165f38a5d9089e0bf68aa2bc1c2dc0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b294f0a74e5064bab7b0775b6b660fb1

SHA1
1d2e84f819c4c910bc4fb40f0a867c32c3f4f3bb

SHA256
e95e18d6ed9aed14f53a99e75e9f6215ab6450da2de22a6f13f0706150129ea2

SHA512
ef791a202707afe669f514209a099ce57991ee16c8b9cf162977d75bd6287412f9738436345c9914bf73ff4545bcdba1ceffc3d6312a999c5c9bbdf8b0d51aa3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d79c359aaf5cbfe07b1b73eb48ea95ec

SHA1
b3cc167be26e74114585e43f88b018789f69aa90

SHA256
0be972dd850a4406f8153e45863788505500ba3cbf23c8f6ae77300d0e49810d

SHA512
4ed6aa72a25ef069d194f676f9eeeaf47b1d2253e1eb6c01f92cc0cff02b533a63dc07ad1a19af81ba2d52fe43df4e0f434b2579e4be491ee1b59427bc1e4340

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7af35655afea4286a83f5317a150563a

SHA1
b0475c06bcacdd1c2e97849cb1d04362d64efe6c

SHA256
baf4bd80af5b1f6c813a7cb40fd4cba2c0bb56935a153023025378bdeed63db9

SHA512
1e0a50875cddb6be71f4b6b85d2ac656a0b279849b15e87a4b62fe1feb02628f3fa5d8a0f000caf0c88cc9a7a78aa41aaefbf05c5dbf5c81f1dc09100c5825d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e78fec3b841c2118dd3c52557de22e5b

SHA1
a2305cf019ccbc53b1349e9bb754173b87162aca

SHA256
39ed67b96bb05068afd44b53d72c4879b59531dccef1d967ed5d79c9b31c5956

SHA512
a95ff6a63d3636139afbbe6a51989ecd3d6061f2aaef37f091a6968ddd16e2d0752f106ae93f882d3145bb203a53a914f136044bb03e444d0e3f0053ce80dbdf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
257a35f2a30c6c29c022b0014449db83

SHA1
18765185f527e78042b2b26356c5fb862ada6800

SHA256
ee67162a5c3f9efffb580fc0e0ed82b1e7697d8c41c3c3ebaacef9e3bf98833f

SHA512
8ec5d509dd4f9cabe8d4d0f7bd76e63e63f49efd8d0441f46f54bf5ec6bbafe226056b9970cc11a506888c8fa16c0c2b1a75c48658d35650071e74aaf0bd204f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
141eae1e188b558b1f94741de479f2da

SHA1
c47d9ab83d87537a069b6743f8c15fd56b66cb18

SHA256
4a7c51ba6863b7ac46826ccc8103ff5d8a4311c8f363d73f1d6a6dcccdafb516

SHA512
0f464004a1c5f4b5deda9354d6f838a5f607495495e1975994e13ab9584412c9e86c8fd7aea5a528095bcf809fe35ced315cae4bbc1a77d592bdca185693032c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
bd79c04f802bf6a99d0a2f29b927dbe3

SHA1
23ba6a1d9c5b54313174ab171fbcb1089c7666c9

SHA256
5cafd25135a46f4f1884897eab5a1ae3d713a104c6466d97ab9fe6ad35b42aa7

SHA512
d2d2364a1f88cf02865bc4d41b0800b7ed1a2f8cc630de0cbd89a7eaba4da70928920a9c41409ef760eef219e4071f9bc0c002e4529a207dd356cd047f978c8e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1

Filesize
242B

MD5
607885db4d5853ece83cb437be8222fc

SHA1
c35927a18967f8421cb16362f2ae1cad5e65692c

SHA256
b3c58f275c79073af0b48155970ac8412547827c4515deb869349f434b9b69fe

SHA512
ff9eca5150ea7491e01519a2db8952bcfa5e9c3dbe1ffb3bff4f7eacf1acee91a25d18dd1ce37d5ad004da3e6e02a6c56c1c7583b1c7422abf9c6679228b2433

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
afb41067687ecea644b43e2cc260fb66

SHA1
27e6a6607b864a0e0d91023dfbd58a811be6642f

SHA256
b2ddecb055ae02e1b4e3732a92153d3f6ad7965ee69ab9e3d71557aac026844d

SHA512
648ce3fcb7b07e030e507d962e823ca68b999a5aa972724441c00d410598fd61790037f1943a3f0f642fa01b6e8f37218d01d023a7b1a7e274a5c533bc1fee86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\78092a7f-f183-453c-861f-86164e5020f7.tmp

Filesize
6KB

MD5
43f43462857aa69c9872a856f9d4609c

SHA1
004f5b047ce0e24f8e12fc0feac433821270e61b

SHA256
5a376b7fd506301a164015bea0462f3a54d95717cc6eae55004f383efe6b5ec3

SHA512
423a0b4246c22e637f0f1ac04be8f85248c06350fcbfc8d5cffb31c3f277c006e04613138b88fbfff175b833a13ff920e4aa3bea5296160c9fd777158ceca1fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
854c7e1718090d04aef77fa60cc715db

SHA1
4109b269e1fd988d5b90dbc53e7083d338eff47f

SHA256
8c8abf035ef2cab8dfb940bf969ceabe6a27e9c1a35e12ba278e34f88aa451d5

SHA512
220837d5224c6cbef26dccd0af1a331f28c74a3431c9374fa9b81e8d04c73d6676f639e3203103ccc9e3d2cd16405ceaebdee1a4303fac18853b9ca8b734c726

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000009.dbtmp

Filesize
16B

MD5
979c29c2917bed63ccf520ece1d18cda

SHA1
65cd81cdce0be04c74222b54d0881d3fdfe4736c

SHA256
b3524365a633ee6d1fa9953638d2867946c515218c497a5ec2dbef7dc44a7c53

SHA512
e38f694fd6ab9f678ae156528230d7a8bfb7b59a13b227f59f9c38ab5617db11ebb6be1276323a905d09c4066a3fe820cf58077ab48bf201f3c467a98516ee7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
136B

MD5
31ef6d3cf063afc5c395597070adbb8b

SHA1
934f3af470bacb6ca7f5fa7e4038cd60ea6e88d2

SHA256
41ea2fd203b4892a23c9cdfb295e1dec03d95735eb903ba2c9e8cd5112c39336

SHA512
c40fe52788c2f96fa592f62e8fff085152efeeb5d42881f57c70c8c0034bb3d8af4149620b8b6ff072e3e6c86a645df5cd7cd2b16019d395e17002f853473ab4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
136B

MD5
8ec61f8aa138a647cddef9673ef4cd9b

SHA1
e3319f818c30b8bdaa184b72101738acbc7be3d1

SHA256
77933f4609225a3db7aac2a01eb07f63927ec8ba39bac0a62c4cfac0acd53308

SHA512
beb9ba0f6b4951f62d28ad1960f6d9bdd1784d24e4ae84853f427239a695c06eecc9fb08c07e422c390d3efe5b320869db8404c0673e6f2b8777a34c1d00c971

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
08f33f064f95d5cf55eb73a4432ad40c

SHA1
67c3d78cfe1d4ff59eabc6010ba97ba3249a7e17

SHA256
a97afc6fb5a8940513ec43cd4422a418eacacc807a01bd6596a2ff357c88a045

SHA512
bfdc444c19e819b19178dd59e4c64fbaaee572ef9b95a4ba7dfb485cb7b9faef6f5f779386e3869374790fd87dceec1319b2bc210d1cd692e216799dc7efa322

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
7755845e9ce5e4a33dcc153878eb7027

SHA1
a9027478b56de41738372cebb88e91e894bc4b31

SHA256
7becaa724b7c42c8c008a84caf43fd5f1f72e44db1622236e24427c90d83f733

SHA512
72e0dfa3be4e8e3da5d0e04d536368c5e3a2bdc9533e91e1562be80f59d3419d60facbc84c11b08539bb855385c6a41ab0ccac8aef673c44b9e8d6485e5e62da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
fe626cf33264cf6661b803e39e789d49

SHA1
398aad4f7b63c7b0469ef8c66dc0f6fa249175e5

SHA256
0d275b60a5632173a00b4a3b4c47a5ea2af22d771f5dc92a5a4d41c43a2ca9fd

SHA512
6da57a095ab4c2b3c7634dffec2b8571312a53975ce4630189312415ca41758e14bbbae6aff52452f38110bcdac79ae2ea6d2d1d71163152a94f8d16c2ea0727

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
526B

MD5
d4c74c9324e080c3ae6bb1e61be239b4

SHA1
88e25812e33eef30d2ae3451978dc6352a675b67

SHA256
1da250b8d3249953488587443de91b83955320dbf9e43988c12476b970713706

SHA512
8386a9c4fb12326270b8c6e9f42da52d31402bd5aa5df4cec60f153f75d33e5df9ed297353c1bc0c59b732553c11673132169f26e67ff7f7b825cb83213a9b63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
1fd9b59abe9f9da6e418951546998824

SHA1
c58568da4da2957b85c4fe308d4ab6767db81661

SHA256
8fd96e32827378c4579a8ab446cfdc403de46e669aaf725ed5d12669a51d8af0

SHA512
9d174cedce0323d2670f3fe9a829943cf7cade39662e3808ce607e3359d2c54f6f3a644ba576d48d5d53b3cd9a435e052fbaec9191b42a02a8ea85da77287c33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
196bc9ea8b4e9be68f6b9c3b0105a517

SHA1
02cc7231aca9ea2912851d8466bc494541a804bd

SHA256
85e816d1aad77d1d1879290c6562f0325050b29d040f524d677213d7f04a9878

SHA512
f47f281ab779475814d04df4bb16a9932414fb1a0846d3a4b82e0e49bcba4ce7f93749d0602e568890727075e5309ba838e22987f30045f48af4d1e835173a7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
51915e0364b8ff17e1b712b18096c7a5

SHA1
323dbcee21cc0c6439cf22f968aaeadefa5d341b

SHA256
174c434508a232402328b11273c8bf9d921f6c89470dd9b5ea1ea9eace0aca8b

SHA512
50b759c5ce6c17b34cfa3ded280d30e260ca9414e7f59b05e7fc93a273fd008b4bdb467f21f04a45de881e2042813c6aa2128344018569348d2184413e2132f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
beb45d43912fcbfbf1810b83d6998382

SHA1
5a58aa530ff165ab3949fc1c9710194ec3d796b9

SHA256
16dfe65005de5a89079729b3dba5826b3183102bfe02185273562b4117631a07

SHA512
feaea93abb4558324ee0392d8795024029077f00c600d97562fa4a11f9f437333955df09972563a829d8b47e6a1ea71b386dccf7f8b2bf246a6ca4a29d6690eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
86509951cc1cb4611275d56d7e4cf45a

SHA1
c99f89c40ff29c443ea7c2009887f958b1e65a6e

SHA256
4700272ed57625cea008891a4bcc3b8eb6c525e8568688d9f7e6f13a8d144ae1

SHA512
5dc7045f67b98a54c6505a1b0c11c21b2c6eed1c0d3c04726a2c0726f105dfea2037889156d3b8856b2253a4bb47f7f2910af3c727aaebe01d951f3c4fac2b7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000009.log

Filesize
38B

MD5
e9c694b34731bf91073cf432768a9c44

SHA1
861f5a99ad9ef017106ca6826efe42413cda1a0e

SHA256
01c766e2c0228436212045fa98d970a0ad1f1f73abaa6a26e97c6639a4950d85

SHA512
2a359571c4326559459c881cba4ff4fa9f312f6a7c2955b120b907430b700ea6fd42a48fbb3cc9f0ca2950d114df036d1bb3b0618d137a36ebaaa17092fe5f01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
247B

MD5
79f66b8a2807f6db6eb887c3ca31a46a

SHA1
bcabefa4073c47ce55dde3e78fc3dfa694345d97

SHA256
d84cf4da88c501731b09f93dfa4534481a132ec8c6622506ba1d216072fafb78

SHA512
df63343fedbd50277f324f8b50c2155831a4557b3213f00134599113b34cbcf5d04efad5dcc25f780fd1ff1425bc48beaf9802a929d5b837f3c9fe085472e8ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000007

Filesize
90B

MD5
b6d5d86412551e2d21c97af6f00d20c3

SHA1
543302ae0c758954e222399987bb5e364be89029

SHA256
e0b2fdc217d9c571a35f41c21ed2596309f3f00a7297a8d1ded05f54f0e68191

SHA512
5b56ae73a61add9e26f77d95c9b823f82a7fcdc75eed64b388fb4967f5c6c42cb0796b0b99dc25c89f38952786176c10d173dec7862a8a5ce5f820280f72d665

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
136B

MD5
08f860ad873e9b2db0c628cf243a4c2a

SHA1
7693eb46876279eefa11eb67c98a608c398a2fbc

SHA256
34bddb695777a5be62c4aaa93d0e90581236fdaee23e4af5df2eb73488a334f7

SHA512
8379fe43aa2927e969a6836085cc9b209e0f59c601eb686d915ad4c9e924c0bec5b38b6bc8ef5eab7edaf3cf67a7e55efc43fd0386cf7e3261634be4aaf00a7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\MANIFEST-000007

Filesize
107B

MD5
22b937965712bdbc90f3c4e5cd2a8950

SHA1
25a5df32156e12134996410c5f7d9e59b1d6c155

SHA256
cad3bbec41899ea5205612fc1494fa7ba88847fb75437a2def22211a4003e2eb

SHA512
931427ad4609ab4ca12b2ee852d4965680f58602b00c182a2d340acf3163d888be6cfad87ca089f2b47929ddfa66be03ab13a6d24922397334d6997d4c8ede3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000008.ldb

Filesize
1KB

MD5
38cdf797e7528d6142f72e2994a28bb9

SHA1
22ce7898f1982cda0258a6d62a0af7f915407f28

SHA256
afb45450e5c136fcf15a928e5ef58104f88525bef3aa15d9eaaf8b3dd7d28901

SHA512
e1cfadb8f85f55f3efcb534d035e33a43c13db470c87b7f245e348fed01a193717dd6c1f27cd64187069b78bd179734286ef49e2ac27ec0b3cd35e1c70349371

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
250B

MD5
71dad094f730228fa00db258d70f2423

SHA1
443ea71c517b02d5a32d4e11368f76dba48fc59f

SHA256
26190a1939cd91ac26494c07d0b30e557e24dd346276eb1af76fe66325f3b537

SHA512
02da9047ac957d86484689800129021398e65b1959824a059735056a1f9b6716b5f6d35b2cdb47dcdd601eb42041eb33692cb7947e69f2b92cc3e0d994e38652

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000007

Filesize
250B

MD5
6316ced427e0896eabba65c73a534940

SHA1
efd205e6f424ead848d34c60dbc1c78b6224328e

SHA256
0a54d5903ab8a4927d4ef07ffa5ad577cfd670da9e92da498fecbc70f6710f38

SHA512
381a08f735c4867750e5540841c10a911f3af98e42089fb50a69766ce9f6902e265e88dec1695bda15b7a709d3ccf311dc3c0252d7f5592fda0d5fda6875fa86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000008.ldb

Filesize
485B

MD5
808f0a3224b9c0b15cd2eca91210a0a2

SHA1
684ff7864a978b1ad1d9beffd0a42537375dd832

SHA256
bcd02577e9f9afeabebc982cf26ef595656fb6ff1117dedcad85eb421d29e1b7

SHA512
47a6bacf906548171dc92e438fa977a99e8b9ef37b0fa610c260ae0addf6bbae81547aac64d20cd2dcbb95fe42c68c6ebbf9149574046756e1402507e77c7c78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000009.log

Filesize
19B

MD5
a2f36fd75efcba856d1371d330ed4751

SHA1
fb7c3dff0fa2b47c6f0026287d12d16d05d14d8b

SHA256
561fe33b81dac187686e9e50103590f3a857f4e1b9c8ada714d43964b938ea7f

SHA512
79ca96560a074fa678cfdc06007d0e1e01718831d18c4a800c5361b8ba8091b46acada47418a8d7be3b626d2d9af5cf346abcdd88166a9d1634f81157ab1ad6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
249B

MD5
23775f5bc3079fe83e3292739086ffde

SHA1
91fc85b5b4b3216ab919f98e9e38aec866489e07

SHA256
d62bdeb70db9e48524e5dd4fcdbbba805ac65b7e53b9d94d334e8ea1ae17bb8a

SHA512
10982cb4e80fd6dd1553104d57c6b10b2c93df6722a94022da6a0e35d7fedbea7f4a63543176cc9a16b031729ffd22783731ebb9c1c7ff5f1064601c2782c48b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\MANIFEST-000007

Filesize
98B

MD5
1c0c23649f958fa25b0407c289db12da

SHA1
5f6b10cd5a39fe8c30353bcf4cd4e4a60ef35574

SHA256
d5134b804a775cfb79c6166d15b5721d38ffc2da11948a6c1263595d6c2941cf

SHA512
b691e882018833a108bd286bc76c55a140d00d5a266617a3a381af1ceff01aefaef17acef29d14dec931d7051455726cde8974cd04cc07302f1c3cc452fe2f52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000008.ldb

Filesize
317B

MD5
61d3d743bf643c6502a58878cdae3a90

SHA1
3a643602e7f632494720c7df44aa929f42a15a05

SHA256
b50d65c0bc4d224dc6e1bf0272b738cac50af4035e722bb1cec02c3496a95eb9

SHA512
11a928e5c56120d63c8a3081ef100ae4ace4028db134bdb0e55391f9c0094800f57117b19a38ffc61403b36019edfc05c68e53ef7fe836063e5ab15a373f79c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000009.log

Filesize
34B

MD5
12275f46db968e27e4edb23a4517904d

SHA1
1bd41f5f55dc8532c45c5ed91bd0823deabe3d3a

SHA256
0b9769e63620205002586d7dbefa19d6c3573ffa65bc86eb49113ec271feea4a

SHA512
084364c331be5c6b8c537a6c56b732ccdbb45f0d74a1e0ed89ac195e9ae43e15f15c953e3ed188990f0abb7e0e6456fa4b6b34562a02c180f7c061a7728c8b66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000010.dbtmp

Filesize
16B

MD5
60e3f691077715586b918375dd23c6b0

SHA1
476d3eab15649c40c6aebfb6ac2366db50283d1b

SHA256
e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee

SHA512
d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
249B

MD5
00943e6ae05635e174339598d729b361

SHA1
64d4ebeaa4cd9818f3eb8b9df80a9fb0133af071

SHA256
b9e9ae370adc44a3431afb5b83871c720e8b2c83e679c28039bbe5ff461f679d

SHA512
c5c06b68020841adfca62355789b61a0c28c3201147e90d2168a69c6c28c04111ea28dc86f5f232c0be9292db4e88b1b3dc8b81aba21fb44f02264fc2609b0f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\MANIFEST-000007

Filesize
118B

MD5
57cba4ba43f92e769e66adb7fc574db9

SHA1
4b3ab55791b650cb9925abbf99ad57f44d0c4699

SHA256
95e97b08b5e7d134ea9cd1c2eef3382f5468f1270e715a99b872ed46e3a9eae2

SHA512
6fcfdc442a281e714cb4a9acae213672580509647783b122458265d2500ce9eb29fb26c4389b018eceaffad04c2dc5bd0bd2181e49eccffad5a9bac58de92950

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
165KB

MD5
1586b53a88606408a194ad1f49cf9d72

SHA1
4e064ab6c8cc8312ae1b006c14ede5274ff49aa1

SHA256
9ecc1584a5b4e8b2834b3761a1b414856ea4ac771ee76617f313877f84df2809

SHA512
02430aa3dde98d8ca95dabcee9bd934bcfbc2c3df682de698fcc78efff57c51b6b4f0d41554fc185a9177995d1c493555d429a438f8f51fbc0d93258d1de124a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
165KB

MD5
0fce7ce722aeb9b142cee82e5e85c640

SHA1
a4f0f5adeb2a801937154e6b7d73a549cb6b95d6

SHA256
baf5d4e5c5722a6a02e6f91e3e9ce84dd5b847c8f1bd60f131efeb4e819b0ea5

SHA512
5c219430f418aa810b6d45ddf6720070db824e6ba38c46bf2203fca39ba29f50371fbda7b34c2f055ce095abc1b61809e71c8841a2d3a0a44cd2389373086f7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\a7608fc6-9108-401c-9bb6-f44c043a6d45.tmp

Filesize
315KB

MD5
f04d2eda87d53f1d02261ee700caec9e

SHA1
e4bb099aec4ce0d6b49d0f55284e0a8c54ff77d9

SHA256
4ab07ddc0518704b5861c5389d185862d2de22653212b07ef026b81a23d6f412

SHA512
407cc1ea52830b62079e5887ee70d98e5579a49690bb64b7caf57cda5b07b6221105141385da5029346a3042f0b28e2963359a276d6eda382951950b5740de04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\c2sxdb0\imagestore.dat

Filesize
15KB

MD5
04c0bd588844226ea88a31bbbe607589

SHA1
87ac6436373d10cdbaae32267062ba31862aaaa2

SHA256
34b2ffe8ca0b83a6c3f2e01c64c03032c3715172e0b0dd92c0dd2e70f0cf45dc

SHA512
ee82d19135e637ab1239ec85ca4f8b2e505aab4aceb6713ff5f455b85ed49463c8477f7ad394ed687e2427f2f89d6202322cbfaa09da600a5cbac8a4cff1bac1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2UK8J8K8\zoomin[1].cur

Filesize
326B

MD5
805e9d70e907f9b8151c43357de8af77

SHA1
8dd0e088ec7172185c2363e9b5f83eedb4e8dac4

SHA256
1318ef5f4f0e2f32fb2fd399260c54b5f15c6d9d909a3e224fab4bb7760a0cff

SHA512
f013550e7ebb240ecd7aa90fad34b5036e88d9a91e1d1bc42327555553317ca011c383fe05b29ed139f73442176eafb8cec531ac917edfcc621ea3a2f4692f7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X761FPIN\favicon[1].ico

Filesize
14KB

MD5
764305ef1a26ad2cb3a191bee732210e

SHA1
b3d4744ce75742dc07aca74558714d354563c1e2

SHA256
43a7a5b182e2a5e571f53be7f2e185efd7728bc826f9958b89f418d3e2b9e919

SHA512
e2b7a41eb651e687f8f3700de2cfa00abe5e9bf38944725a2f9a4c5e4ffea8fd311c25d8d9024dd99603ff56ec550dd66634bbb87c8b5f6524e04985ec726493

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2F4C.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2F5F.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-K9IR5.tmp\7z.dll

Filesize
1.1MB

MD5
2b9774bab8d55d15b5ec3ca8144eb0ef

SHA1
eba7a2b35cbcf4fae45374c579ad6a7e1786c1d7

SHA256
aeaaf45f0233ecd10a32b8f4d9326f87dff13b57cccc4a3e461b56c15a322c59

SHA512
e1ead8caae090f9411cf6119a1c6572ac9e89200ba78d305f25cf105dc935710d52bb91a77b8a1157f9f023ad4056bd68792592eccf3d7ac1d9f0bd9d5034ded

Download Submit
\Program Files (x86)\Among Us\Among Us.exe

Filesize
626KB

MD5
254321c6fdf0b1de79aff77fa6ad825e

SHA1
1b48f9688e4703dba7b127c2bf4f40cabf341247

SHA256
2587aa207e251d7e35937e11e2cf3426ba933a0a36c4cc8b7289933678bd26df

SHA512
7625fc3b6a47d31abcb3142bbb7d03d21d5d52fbc71db337f5f29c137b3a5d20dd708c66b89ff930edf03bd290680c3b7ffe99e0496498236bfe0747ecdcdc90

Download Submit
\Program Files (x86)\Among Us\unins000.exe

Filesize
2.0MB

MD5
6d9d1630e34b879c7348bcedf12107fe

SHA1
4583c5149f43e4fe650b47d24d9fbc5bdbe7a53c

SHA256
c259303341e3493b28818269bf5f17c9aced81da243c0803b315eecbd8a4d636

SHA512
5a2c30a676545ac96289503ea46f6af3049e2a2bf8f14f157c3370b34de9022683d73c32b3bc723c2716671a22341837be3d69a4a6e94f5afd13be91c1f6e688

Download Submit
\Users\Admin\AppData\Local\Temp\is-K9IR5.tmp\CLS-srep.dll

Filesize
90KB

MD5
e68c32297a0b144d13c0b5870ca8c8d8

SHA1
c58efb877ee8691900702faaf1e90e35d7b90cbb

SHA256
6954112104ba041d18760de5eb7e6825cc14cec98ff49939a587cc6b27908bd2

SHA512
2f7c36451ffd6ae7af29c003c6e03e954e478c44fa2ca13b6080b9ffbd44bb45a7e17149f9f72e2f18488d9cfeedff3c501bab24a336d6a62f43938b54dbc035

Download Submit
\Users\Admin\AppData\Local\Temp\is-K9IR5.tmp\CallbackCtrl.dll

Filesize
4KB

MD5
f07e819ba2e46a897cfabf816d7557b2

SHA1
8d5fd0a741dd3fd84650e40dd3928ae1f15323cc

SHA256
68f42a7823ed7ee88a5c59020ac52d4bbcadf1036611e96e470d986c8faa172d

SHA512
7ed26d41ead2ace0b5379639474d319af9a3e4ed2dd9795c018f8c5b9b533fd36bfc1713a1f871789bf14884d186fd0559939de511dde24673b0515165d405af

Download Submit
\Users\Admin\AppData\Local\Temp\is-K9IR5.tmp\ISDone.dll

Filesize
452KB

MD5
4feafa8b5e8cdb349125c8af0ac43974

SHA1
7f17e5e1b088fc73690888b215962fbcd395c9bd

SHA256
bb8a0245dcc5c10a1c7181bad509b65959855009a8105863ef14f2bb5b38ac71

SHA512
d63984ee385b4f1eba8e590d6de4f082fb0121689295ec6e496539209459152465f6db09e6d8f92eec996a89fc40432077cbfa807beb2de7f375154fef6554bc

Download Submit
\Users\Admin\AppData\Local\Temp\is-K9IR5.tmp\WinTB.dll

Filesize
75KB

MD5
a2eee508e6a51c6335650532e05ac550

SHA1
8703fb138bb8443f17c0c24da7edd69b1f2660b1

SHA256
75fb2984e1b06f4278fb7b3c77e9fec84e02a3b4bf82d35120f8cbe7bdbc76bf

SHA512
14e1abea3109c17f1fbe6ec455593bf91ba1b811ea302806a83a97a96bf582f1c46e8fe635e1d8739c5c007298eabd41311e07e50961ec2084cf97bde0595370

Download Submit
\Users\Admin\AppData\Local\Temp\is-K9IR5.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
\Users\Admin\AppData\Local\Temp\is-K9IR5.tmp\b2p.dll

Filesize
22KB

MD5
ab35386487b343e3e82dbd2671ff9dab

SHA1
03591d07aea3309b631a7d3a6e20a92653e199b8

SHA256
c3729545522fcff70db61046c0efd962df047d40e3b5ccd2272866540fc872b2

SHA512
b67d7384c769b2b1fdd3363fc3b47d300c2ea4d37334acfd774cf29169c0a504ba813dc3ecbda5b71a3f924110a77a363906b16a87b4b1432748557567d1cf09

Download Submit
\Users\Admin\AppData\Local\Temp\is-K9IR5.tmp\botva2.dll

Filesize
37KB

MD5
67965a5957a61867d661f05ae1f4773e

SHA1
f14c0a4f154dc685bb7c65b2d804a02a0fb2360d

SHA256
450b9b0ba25bf068afbc2b23d252585a19e282939bf38326384ea9112dfd0105

SHA512
c6942818b9026dc5db2d62999d32cf99fe7289f79a28b8345af17acf9d13b2229a5e917a48ff1f6d59715bdbcb00c1625e0302abcfe10ca7e0475762e0a3f41b

Download Submit
\Users\Admin\AppData\Local\Temp\is-K9IR5.tmp\lzma2.exe

Filesize
296KB

MD5
5d520f61acf01ad5224a9d376ebef66d

SHA1
b3a956cee1421717d890c74fc44fafe7802b4268

SHA256
df773d36e15fffe4aacedddd765a716ddf477e2f6989f413e1a629ceba1a8666

SHA512
7f78ee8ca0f5019d6e5057271872490eb44f25839cdf76de46bd23d74576c79a1c66e7b3344c6862ade808b37195997c000b1133b46d24808fede93a50e94f31

Download Submit
\Users\Admin\AppData\Local\Temp\is-K9IR5.tmp\unarc.dll

Filesize
317KB

MD5
c8600ee0bad1cb2a899b792cb6c1869b

SHA1
2aab7be28ae6535eb9b0982ee44467751cc42cf3

SHA256
b670f7e828aeff88bbe6351bf3b0775af39adc1bfac3b84af4061a4c78ed174a

SHA512
ebc03d7ffec0ea3751e4e5a31dce1fd212f1ba31134712b022f15bba7d610f77fab02e7590a28528ff6219c0e3753b80ad6e985605b37fb70b56a7de243c4d11

Download Submit
\Users\Admin\AppData\Local\Temp\is-LFG0D.tmp\setup.tmp

Filesize
2.0MB

MD5
f3859c35c8f976a387f8e93888e84bb8

SHA1
f9e499077b1e0850137723029a916e3b7d9f3bea

SHA256
b11dc9cedb88693a8fe5d5cb9893f4826f2a9a7d908c7be53dd71d829cdec3fe

SHA512
dc64d004592240ae2c4ec399498ea212241f5a5e35646f60bcfaa5e515559933fa7d70acbb4f898d05a831a2abf9c639976c0a146e1f52cab650d2501fa5c1cd

Download Submit
memory/2636-0-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/2636-31-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/2636-311-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/2636-2-0x0000000000401000-0x0000000000417000-memory.dmp

Filesize
88KB

Download
memory/2692-36-0x0000000002180000-0x000000000218F000-memory.dmp

Filesize
60KB

Download
memory/2692-283-0x0000000061080000-0x0000000061112000-memory.dmp

Filesize
584KB

Download
memory/2692-34-0x00000000020E0000-0x0000000002157000-memory.dmp

Filesize
476KB

Download
memory/2692-280-0x00000000020E0000-0x0000000002157000-memory.dmp

Filesize
476KB

Download
memory/2692-27-0x0000000002180000-0x000000000218F000-memory.dmp

Filesize
60KB

Download
memory/2692-35-0x0000000074260000-0x0000000074271000-memory.dmp

Filesize
68KB

Download
memory/2692-25-0x0000000074260000-0x0000000074271000-memory.dmp

Filesize
68KB

Download
memory/2692-32-0x0000000000400000-0x0000000000601000-memory.dmp

Filesize
2.0MB

Download
memory/2692-310-0x0000000000400000-0x0000000000601000-memory.dmp

Filesize
2.0MB

Download
memory/2692-17-0x00000000020E0000-0x0000000002157000-memory.dmp

Filesize
476KB

Download
memory/2692-67-0x0000000061080000-0x0000000061112000-memory.dmp

Filesize
584KB

Download
memory/2692-66-0x0000000002180000-0x000000000218F000-memory.dmp

Filesize
60KB

Download
memory/2692-8-0x0000000000400000-0x0000000000601000-memory.dmp

Filesize
2.0MB

Download
memory/2692-64-0x00000000020E0000-0x0000000002157000-memory.dmp

Filesize
476KB

Download
memory/2692-63-0x0000000000400000-0x0000000000601000-memory.dmp

Filesize
2.0MB

Download
memory/2692-279-0x0000000000400000-0x0000000000601000-memory.dmp

Filesize
2.0MB

Download