db8d8c8bd4c8fe9b03c5ea364d5fff74caf4ff1e820998e27d70f899b869e3cb

Analysis

max time kernel
150s
max time network
169s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
01-09-2024 14:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

UbisoftConnect.exe
Size

507KB
MD5

031d24c2b5b45c8d5980936094c13c48
SHA1

933c3bd5be1fe0f655cf5c49b9e32c804f52e8f3
SHA256

4063c60bf11b12ec5072e9024e1f625e682b26689a8e816f05e50a5b07068df2
SHA512

d93388ae400a523a7d6d8c5e1345bfaa11ec4bd9d33294be9dd74cf615728120a3becd6141b61164c3f443531ef9d8ec74cbf58b23419491ed500ae61b7f733f
SSDEEP

6144:BcFpRE1eO52o+QMh3smMHsckDKdtcn8qXmGLC:BkAeO2B53smMQ+aLC

Score

5^/10

discovery persistence privilege_escalation

Malware Config

Signatures

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs

pid	Process
1496	upc.exe
1492	UplayService.exe
380	UplayService.exe

Drops file in Program Files directory 6 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\chrome_ComponentUnpacker_BeginUnzipping1496_528624759\_platform_specific\win_x86\widevinecdm.dll.sig	upc.exe
File created	C:\Program Files (x86)\chrome_ComponentUnpacker_BeginUnzipping1496_528624759\_platform_specific\win_x86\widevinecdm.dll	upc.exe
File created	C:\Program Files (x86)\chrome_ComponentUnpacker_BeginUnzipping1496_528624759\LICENSE	upc.exe
File created	C:\Program Files (x86)\chrome_ComponentUnpacker_BeginUnzipping1496_528624759\manifest.json	upc.exe
File created	C:\Program Files (x86)\chrome_ComponentUnpacker_BeginUnzipping1496_528624759\_metadata\verified_contents.json	upc.exe
File created	C:\Program Files (x86)\chrome_ComponentUnpacker_BeginUnzipping1496_528624759\manifest.fingerprint	upc.exe

System Location Discovery: System Language Discovery 1 TTPs 17 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	UbisoftConnect.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	UplayService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	UplayWebCore.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	UplayWebCore.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	UplayWebCore.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	UplayWebCore.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	UplayWebCore.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	upc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	UplayService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	UplayWebCore.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	UplayWebCore.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	UplayWebCore.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	UplayWebCore.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	UplayWebCore.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	UplayWebCore.exe

Modifies registry class 20 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F63B89DB-D3AE-4908-A6CB-435B2B648F74}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\UbisoftExtension.exe"	UplayService.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{F63B89DB-D3AE-4908-A6CB-435B2B648F74}\AppIdFlags = "8"	UplayService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\uplay	UplayService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\uplay\DefaultIcon	UplayService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\uplay\DefaultIcon\ = "upc.exe"	UplayService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\uplay\Shell\Open\Command	UplayService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\uplay\Shell\Open	UplayService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F63B89DB-D3AE-4908-A6CB-435B2B648F74}\ = "UbisoftExtension"	UplayService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F63B89DB-D3AE-4908-A6CB-435B2B648F74}\AppId = "{F63B89DB-D3AE-4908-A6CB-435B2B648F74}"	UplayService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{F63B89DB-D3AE-4908-A6CB-435B2B648F74}\RunAs = "Interactive User"	UplayService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{F63B89DB-D3AE-4908-A6CB-435B2B648F74}\AccessPermission = 010014807c00000088000000140000003000000002001c0001000000110014000400000001010000000000100010000002004c0002000000000014000b000000010100000000000100000000000030000b000000010800000000000f0200000076c8b566b196b8807bdf0386522d4758fa9855746bd04da4099286d401010000000000050a00000001020000000000052000000021020000	UplayService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\uplay\ = "URL:uplay protocol"	UplayService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\uplay\URL Protocol	UplayService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\uplay\Shell	UplayService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F63B89DB-D3AE-4908-A6CB-435B2B648F74}	UplayService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{F63B89DB-D3AE-4908-A6CB-435B2B648F74}\ = "UbisoftExtension"	UplayService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{F63B89DB-D3AE-4908-A6CB-435B2B648F74}\LaunchPermission = 010014807c00000088000000140000003000000002001c0001000000110014000400000001010000000000100010000002004c0002000000000014000b000000010100000000000100000000000030000b000000010800000000000f0200000076c8b566b196b8807bdf0386522d4758fa9855746bd04da4099286d401010000000000050a00000001020000000000052000000021020000	UplayService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\uplay\Shell\Open\Command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\upc.exe\" \"%1\""	UplayService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F63B89DB-D3AE-4908-A6CB-435B2B648F74}\LocalServer32	UplayService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{F63B89DB-D3AE-4908-A6CB-435B2B648F74}	UplayService.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1496	upc.exe
1496	upc.exe
1496	upc.exe
1496	upc.exe
1492	UplayService.exe
1492	UplayService.exe
380	UplayService.exe
380	UplayService.exe
968	UplayWebCore.exe
968	UplayWebCore.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1496	upc.exe
Token: SeCreatePagefilePrivilege	1496	upc.exe
Token: SeShutdownPrivilege	1496	upc.exe
Token: SeCreatePagefilePrivilege	1496	upc.exe
Token: SeShutdownPrivilege	1496	upc.exe
Token: SeCreatePagefilePrivilege	1496	upc.exe
Token: SeShutdownPrivilege	1496	upc.exe
Token: SeCreatePagefilePrivilege	1496	upc.exe
Token: SeShutdownPrivilege	1496	upc.exe
Token: SeCreatePagefilePrivilege	1496	upc.exe
Token: SeShutdownPrivilege	1496	upc.exe
Token: SeCreatePagefilePrivilege	1496	upc.exe
Token: SeShutdownPrivilege	1496	upc.exe
Token: SeCreatePagefilePrivilege	1496	upc.exe
Token: SeShutdownPrivilege	1496	upc.exe
Token: SeCreatePagefilePrivilege	1496	upc.exe
Token: SeShutdownPrivilege	1496	upc.exe
Token: SeCreatePagefilePrivilege	1496	upc.exe
Token: SeShutdownPrivilege	1496	upc.exe
Token: SeCreatePagefilePrivilege	1496	upc.exe
Token: SeShutdownPrivilege	1496	upc.exe
Token: SeCreatePagefilePrivilege	1496	upc.exe
Token: SeShutdownPrivilege	1496	upc.exe
Token: SeCreatePagefilePrivilege	1496	upc.exe
Token: SeShutdownPrivilege	1496	upc.exe
Token: SeCreatePagefilePrivilege	1496	upc.exe
Token: SeShutdownPrivilege	1496	upc.exe
Token: SeCreatePagefilePrivilege	1496	upc.exe
Token: SeShutdownPrivilege	1496	upc.exe
Token: SeCreatePagefilePrivilege	1496	upc.exe
Token: SeShutdownPrivilege	1496	upc.exe
Token: SeCreatePagefilePrivilege	1496	upc.exe
Token: SeShutdownPrivilege	1496	upc.exe
Token: SeCreatePagefilePrivilege	1496	upc.exe
Token: SeShutdownPrivilege	1496	upc.exe
Token: SeCreatePagefilePrivilege	1496	upc.exe
Token: SeShutdownPrivilege	1496	upc.exe
Token: SeCreatePagefilePrivilege	1496	upc.exe
Token: SeShutdownPrivilege	1496	upc.exe
Token: SeCreatePagefilePrivilege	1496	upc.exe
Token: SeShutdownPrivilege	1496	upc.exe
Token: SeCreatePagefilePrivilege	1496	upc.exe
Token: SeShutdownPrivilege	1496	upc.exe
Token: SeCreatePagefilePrivilege	1496	upc.exe
Token: SeShutdownPrivilege	1496	upc.exe
Token: SeCreatePagefilePrivilege	1496	upc.exe
Token: SeShutdownPrivilege	1496	upc.exe
Token: SeCreatePagefilePrivilege	1496	upc.exe
Token: SeShutdownPrivilege	1496	upc.exe
Token: SeCreatePagefilePrivilege	1496	upc.exe
Token: SeShutdownPrivilege	1496	upc.exe
Token: SeCreatePagefilePrivilege	1496	upc.exe
Token: SeShutdownPrivilege	1496	upc.exe
Token: SeCreatePagefilePrivilege	1496	upc.exe
Token: SeShutdownPrivilege	1496	upc.exe
Token: SeCreatePagefilePrivilege	1496	upc.exe
Token: SeShutdownPrivilege	1496	upc.exe
Token: SeCreatePagefilePrivilege	1496	upc.exe
Token: SeShutdownPrivilege	1496	upc.exe
Token: SeCreatePagefilePrivilege	1496	upc.exe
Token: SeShutdownPrivilege	1496	upc.exe
Token: SeCreatePagefilePrivilege	1496	upc.exe
Token: SeShutdownPrivilege	1496	upc.exe
Token: SeCreatePagefilePrivilege	1496	upc.exe

Suspicious use of WriteProcessMemory 48 IoCs

description	pid	Process	procid_target
PID 4400 wrote to memory of 1496	4400	UbisoftConnect.exe	89
PID 4400 wrote to memory of 1496	4400	UbisoftConnect.exe	89
PID 4400 wrote to memory of 1496	4400	UbisoftConnect.exe	89
PID 1496 wrote to memory of 1492	1496	upc.exe	91
PID 1496 wrote to memory of 1492	1496	upc.exe	91
PID 1496 wrote to memory of 1492	1496	upc.exe	91
PID 1496 wrote to memory of 380	1496	upc.exe	93
PID 1496 wrote to memory of 380	1496	upc.exe	93
PID 1496 wrote to memory of 380	1496	upc.exe	93
PID 1496 wrote to memory of 1772	1496	upc.exe	95
PID 1496 wrote to memory of 1772	1496	upc.exe	95
PID 1496 wrote to memory of 1772	1496	upc.exe	95
PID 1496 wrote to memory of 968	1496	upc.exe	96
PID 1496 wrote to memory of 968	1496	upc.exe	96
PID 1496 wrote to memory of 968	1496	upc.exe	96
PID 1496 wrote to memory of 772	1496	upc.exe	97
PID 1496 wrote to memory of 772	1496	upc.exe	97
PID 1496 wrote to memory of 772	1496	upc.exe	97
PID 1496 wrote to memory of 4920	1496	upc.exe	98
PID 1496 wrote to memory of 4920	1496	upc.exe	98
PID 1496 wrote to memory of 4920	1496	upc.exe	98
PID 1496 wrote to memory of 1972	1496	upc.exe	99
PID 1496 wrote to memory of 1972	1496	upc.exe	99
PID 1496 wrote to memory of 1972	1496	upc.exe	99
PID 1496 wrote to memory of 4120	1496	upc.exe	100
PID 1496 wrote to memory of 4120	1496	upc.exe	100
PID 1496 wrote to memory of 4120	1496	upc.exe	100
PID 1496 wrote to memory of 3412	1496	upc.exe	101
PID 1496 wrote to memory of 3412	1496	upc.exe	101
PID 1496 wrote to memory of 3412	1496	upc.exe	101
PID 1496 wrote to memory of 4928	1496	upc.exe	102
PID 1496 wrote to memory of 4928	1496	upc.exe	102
PID 1496 wrote to memory of 4928	1496	upc.exe	102
PID 1496 wrote to memory of 2508	1496	upc.exe	103
PID 1496 wrote to memory of 2508	1496	upc.exe	103
PID 1496 wrote to memory of 2508	1496	upc.exe	103
PID 1496 wrote to memory of 2408	1496	upc.exe	104
PID 1496 wrote to memory of 2408	1496	upc.exe	104
PID 1496 wrote to memory of 2408	1496	upc.exe	104
PID 1496 wrote to memory of 3648	1496	upc.exe	106
PID 1496 wrote to memory of 3648	1496	upc.exe	106
PID 1496 wrote to memory of 3648	1496	upc.exe	106
PID 1496 wrote to memory of 1272	1496	upc.exe	111
PID 1496 wrote to memory of 1272	1496	upc.exe	111
PID 1496 wrote to memory of 1272	1496	upc.exe	111
PID 1496 wrote to memory of 968	1496	upc.exe	119
PID 1496 wrote to memory of 968	1496	upc.exe	119
PID 1496 wrote to memory of 968	1496	upc.exe	119

C:\Users\Admin\AppData\Local\Temp\UbisoftConnect.exe
"C:\Users\Admin\AppData\Local\Temp\UbisoftConnect.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4400
- C:\Users\Admin\AppData\Local\Temp\upc.exe
  "C:\Users\Admin\AppData\Local\Temp\upc.exe"
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1496
- - C:\Users\Admin\AppData\Local\Temp\UplayService.exe
    "C:\Users\Admin\AppData\Local\Temp\UplayService.exe" -uplayservice_perform_updates -upc_platform_mode 0
    3⤵
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    PID:1492
- - C:\Users\Admin\AppData\Local\Temp\UplayService.exe
    "C:\Users\Admin\AppData\Local\Temp\UplayService.exe" -uplayservice_set_app_user_model_id -upc_platform_mode 0
    3⤵
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:380
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\System32\regsvr32.exe" /u /s npuplaypc.dll
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1772
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\System32\regsvr32.exe" /u /s npuplaypchub.dll
    3⤵
    - System Location Discovery: System Language Discovery
    PID:968
- - C:\Users\Admin\AppData\Local\Temp\UplayWebCore.exe
    C:/Users/Admin/AppData/Local/Temp/UplayWebCore.exe --type=gpu-process --no-sandbox --locales-dir-path=C:/Users/Admin/AppData/Local/Temp/locales/1 --log-severity=disable --user-agent-product=ConnectPC --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --upc_cache=C:/Users/Admin/AppData/Local/Temp/cache/http2/ --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Users\Admin\AppData\Local\Temp\debug.log" --mojo-platform-channel-handle=2216 --field-trial-handle=2324,i,8034538048772908629,13551994836428054052,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:772
- - C:\Users\Admin\AppData\Local\Temp\UplayWebCore.exe
    C:/Users/Admin/AppData/Local/Temp/UplayWebCore.exe --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --locales-dir-path=C:/Users/Admin/AppData/Local/Temp/locales/1 --log-severity=disable --user-agent-product=ConnectPC --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --upc_cache=C:/Users/Admin/AppData/Local/Temp/cache/http2/ --log-file="C:\Users\Admin\AppData\Local\Temp\debug.log" --mojo-platform-channel-handle=2652 --field-trial-handle=2324,i,8034538048772908629,13551994836428054052,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4920
- - C:\Users\Admin\AppData\Local\Temp\UplayWebCore.exe
    C:/Users/Admin/AppData/Local/Temp/UplayWebCore.exe --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --locales-dir-path=C:/Users/Admin/AppData/Local/Temp/locales/1 --log-severity=disable --user-agent-product=ConnectPC --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --upc_cache=C:/Users/Admin/AppData/Local/Temp/cache/http2/ --log-file="C:\Users\Admin\AppData\Local\Temp\debug.log" --mojo-platform-channel-handle=2680 --field-trial-handle=2324,i,8034538048772908629,13551994836428054052,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1972
- - C:\Users\Admin\AppData\Local\Temp\UplayWebCore.exe
    C:/Users/Admin/AppData/Local/Temp/UplayWebCore.exe --type=renderer --locales-dir-path=C:/Users/Admin/AppData/Local/Temp/locales/1 --log-severity=disable --user-agent-product=ConnectPC --disable-spell-checking --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --upc_cache=C:/Users/Admin/AppData/Local/Temp/cache/http2/ --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Local\Temp\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2860 --field-trial-handle=2324,i,8034538048772908629,13551994836428054052,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:1
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4120
- - C:\Users\Admin\AppData\Local\Temp\UplayWebCore.exe
    C:/Users/Admin/AppData/Local/Temp/UplayWebCore.exe --type=renderer --locales-dir-path=C:/Users/Admin/AppData/Local/Temp/locales/1 --log-severity=disable --user-agent-product=ConnectPC --disable-spell-checking --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --upc_cache=C:/Users/Admin/AppData/Local/Temp/cache/http2/ --no-sandbox --log-file="C:\Users\Admin\AppData\Local\Temp\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2868 --field-trial-handle=2324,i,8034538048772908629,13551994836428054052,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:1
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3412
- - C:\Users\Admin\AppData\Local\Temp\UplayWebCore.exe
    C:/Users/Admin/AppData/Local/Temp/UplayWebCore.exe --type=renderer --locales-dir-path=C:/Users/Admin/AppData/Local/Temp/locales/1 --log-severity=disable --user-agent-product=ConnectPC --disable-spell-checking --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --upc_cache=C:/Users/Admin/AppData/Local/Temp/cache/http2/ --no-sandbox --log-file="C:\Users\Admin\AppData\Local\Temp\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=5040 --field-trial-handle=2324,i,8034538048772908629,13551994836428054052,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:1
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4928
- - C:\Users\Admin\AppData\Local\Temp\UplayWebCore.exe
    C:/Users/Admin/AppData/Local/Temp/UplayWebCore.exe --type=renderer --locales-dir-path=C:/Users/Admin/AppData/Local/Temp/locales/1 --log-severity=disable --user-agent-product=ConnectPC --disable-spell-checking --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --upc_cache=C:/Users/Admin/AppData/Local/Temp/cache/http2/ --no-sandbox --log-file="C:\Users\Admin\AppData\Local\Temp\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4496 --field-trial-handle=2324,i,8034538048772908629,13551994836428054052,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:1
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2508
- - C:\Users\Admin\AppData\Local\Temp\UplayWebCore.exe
    C:/Users/Admin/AppData/Local/Temp/UplayWebCore.exe --type=renderer --locales-dir-path=C:/Users/Admin/AppData/Local/Temp/locales/1 --log-severity=disable --user-agent-product=ConnectPC --disable-spell-checking --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --upc_cache=C:/Users/Admin/AppData/Local/Temp/cache/http2/ --no-sandbox --log-file="C:\Users\Admin\AppData\Local\Temp\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5352 --field-trial-handle=2324,i,8034538048772908629,13551994836428054052,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:1
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2408
- - C:\Users\Admin\AppData\Local\Temp\UplayWebCore.exe
    C:/Users/Admin/AppData/Local/Temp/UplayWebCore.exe --type=renderer --locales-dir-path=C:/Users/Admin/AppData/Local/Temp/locales/1 --log-severity=disable --user-agent-product=ConnectPC --disable-spell-checking --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --upc_cache=C:/Users/Admin/AppData/Local/Temp/cache/http2/ --no-sandbox --log-file="C:\Users\Admin\AppData\Local\Temp\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5176 --field-trial-handle=2324,i,8034538048772908629,13551994836428054052,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:1
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3648
- - C:\Users\Admin\AppData\Local\Temp\UplayWebCore.exe
    C:/Users/Admin/AppData/Local/Temp/UplayWebCore.exe --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-sandbox --locales-dir-path=C:/Users/Admin/AppData/Local/Temp/locales/1 --log-severity=disable --user-agent-product=ConnectPC --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --upc_cache=C:/Users/Admin/AppData/Local/Temp/cache/http2/ --log-file="C:\Users\Admin\AppData\Local\Temp\debug.log" --mojo-platform-channel-handle=3800 --field-trial-handle=2324,i,8034538048772908629,13551994836428054052,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1272
- - C:\Users\Admin\AppData\Local\Temp\UplayWebCore.exe
    C:/Users/Admin/AppData/Local/Temp/UplayWebCore.exe --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-sandbox --locales-dir-path=C:/Users/Admin/AppData/Local/Temp/locales/1 --log-severity=disable --user-agent-product=ConnectPC --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --upc_cache=C:/Users/Admin/AppData/Local/Temp/cache/http2/ --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Users\Admin\AppData\Local\Temp\debug.log" --mojo-platform-channel-handle=3880 --field-trial-handle=2324,i,8034538048772908629,13551994836428054052,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:968

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\chrome_ComponentUnpacker_BeginUnzipping1496_528624759\LICENSE

Filesize
473B

MD5
f6719687bed7403612eaed0b191eb4a9

SHA1
dd03919750e45507743bd089a659e8efcefa7af1

SHA256
afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59

SHA512
dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56

Download Submit
C:\Program Files (x86)\chrome_ComponentUnpacker_BeginUnzipping1496_528624759\manifest.json

Filesize
984B

MD5
0359d5b66d73a97ce5dc9f89ed84c458

SHA1
ce17e52eaac909dd63d16d93410de675d3e6ec0d

SHA256
beeab2f8d3833839399dde15ce9085c17b304445577d21333e883d6db6d0b755

SHA512
8fd94a098a4ab5c0fcd48c2cef2bb03328dd4d25c899bf5ed1ca561347d74a8aab8a214ba2d3180a86df72c52eb26987a44631d0ecd9edc84976c28d6c9dc16a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Installed_files.txt

Filesize
900B

MD5
bf91a43188f9ca1c0b05a1b6ab636670

SHA1
91c79c34303c815e064889c97010732c1bb44d4c

SHA256
5adfbca384835eca73bb16895d5b90c21a5a6c4ddc9799c74282681358d3a8ff

SHA512
97450d8603b2280a4245216da6d7143a14b3bd8ed3276ec7f07fa685398548f57c056027349b1faa7579f59719b77afd5487bdcbbc8875a3ddbc483f8503063a

Download Submit
C:\Users\Admin\AppData\Local\Temp\cache\http2\Cache\Cache_Data\f_00001b

Filesize
211KB

MD5
e7226392c938e4e604d2175eb9f43ca1

SHA1
2098293f39aa0bcdd62e718f9212d9062fa283ab

SHA256
d46ec08b6c29c4ca56cecbf73149cc66ebd902197590fe28cd65dad52a08c4e1

SHA512
63a4b99101c790d40a813db9e0d5fde21a64ccaf60a6009ead027920dbbdb52cc262af829e5c4140f3702a559c7ac46efa89622d76d45b4b49a9ce01625ef145

Download Submit
C:\Users\Admin\AppData\Local\Temp\cache\http2\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
622aba992f55712eb4b81f1055247d1a

SHA1
c67bf49f182bb878dca09c3dfe14c43af72cebd1

SHA256
ebadd222c3a43abeebab186da1039cc4f0ed6fae5b27f325f3957cd0804b39ac

SHA512
085a60e8ef178c5cd4b7605ea2b3bee796a2d53922c54859e1b1a5d94b079eb6667d1968adc5f678c1ef1c35f9dd54aaf2c60ee3f9e72d4b265f2ffe6ff64509

Download Submit
C:\Users\Admin\AppData\Local\Temp\cache\http2\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
408092758fee88baf5d2906750087b84

SHA1
ec925cc25d8acc143840a43c1e2300e4525e5e47

SHA256
6fc5247b43bd8013d1077dc53b802da1623e6095e0386ef5e8e3aaf7d50b80dc

SHA512
cb443f73d162ef7b0f74f31c16aeb777fbb911bbea5d568089d274a3ca733cae8437ce8e909b0c74d5b184efa43c417a580fd5b13e44f447d1082f6831668294

Download Submit
C:\Users\Admin\AppData\Local\Temp\cache\http2\Local Storage\leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\cache\http2\LocalPrefs.json

Filesize
693B

MD5
3fee2611d7552d163e35dd66775678e1

SHA1
61465b15d47a266d95a04cbc69d7c04a40d7ed51

SHA256
42d0c7b26efe8205c49f1f5ffa3ec5afe6c31596284a167c8d6bc81ab49c476c

SHA512
56e0c93d37b03babc23820921ce8620842d9dd76312018f9ac479114687b181c97dc81f023c102afb701934ffade5c8ec185e43829499f039132fe7227c8f901

Download Submit
C:\Users\Admin\AppData\Local\Temp\cache\http2\LocalPrefs.json

Filesize
786B

MD5
aa2cd96b90c0da4140474f3c00b67149

SHA1
cd187b2aa60378e1b661fabe65fcdfbd30a7a283

SHA256
02f71559fe28dde63405c677454c8bef06bc090a71f8f5da0ee10faf259bc5a4

SHA512
1a11e2dac00cb2e74a98cab25fee8df21fd806f9bba5bf5f2a1d249a1f522775a808f4f087e1351a482256f04e3c36e444eee71627564e4be5a65756ce8a9045

Download Submit
C:\Users\Admin\AppData\Local\Temp\cache\http2\LocalPrefs.json~RFe58df4f.TMP

Filesize
484B

MD5
a151a6d8c99fe0e199290772fe2cc00c

SHA1
966e00ece9fa86a0caf6f35621d096f8bc7347d1

SHA256
7b741de77a4a69571dc19265c25b7fc6a8e63669ad7134da602f19eccd11553a

SHA512
0619f1605594640f0bb7871a93f97d3e1f6a2c3963eb1e48255d64dde867665411a72087b4aa5a134659ce1378d3070fabedf2e536277936af35eada48c054ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\cache\http2\Network\Network Persistent State

Filesize
1KB

MD5
06db12b7b6817538fa8725cf694d3e91

SHA1
298f266565c17de568287acd8d0c3441c6dd42e4

SHA256
b51f26da566a7e0ba957dd3505f0a11ca23b46a066eebab130e68e6d576b3c08

SHA512
8ce079dd0d115aeffb9da2b37f9bfd96043259c4ec0e0ad3865ae516fc5daf76b4e42979fbac88653ad09fedcccca903e224aebb7e9e22a91213dd822e87af20

Download Submit
C:\Users\Admin\AppData\Local\Temp\cache\http2\Network\Network Persistent State~RFe58eda7.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cache\http2\Network\TransportSecurity

Filesize
356B

MD5
257cae1eb09c4e83e174c74d1622bf36

SHA1
c016779c92f4d27a816ef4b62b3cb2eb359e2149

SHA256
66889851375b662b68c13b99ca5f90f74ef7ca7ff399bf7655d317d6ac59d5c6

SHA512
e96c5aa4c7e9748f88319bf7bb077fc78a4eedc06fb8860fbeb96e058d1efedc45aeeb1d948518f765e721b9ddf41f0557c202fc906795d304e120f980d841e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\cache\http2\Network\TransportSecurity~RFe583b9d.TMP

Filesize
356B

MD5
b7525a26a8400ce92379ec0fae427653

SHA1
209030b886149892fddba53bf1e0fc194a80f1f9

SHA256
61c453a76c694abe21b2c4afd538c7199646e7f42efb6b809bd57e5effd52364

SHA512
1e409ec62a630ec4d19107b090d8beeb0544a388b26a5606518c81131824668b4ae83b3681cef4592acbbf0f86b1e9554184390b5944be70c909489411239b65

Download Submit
C:\Users\Admin\AppData\Local\Temp\cache\http2\Service Worker\CacheStorage\b38c19bfbb73f63907d476835e2abf4b91abe898\26d790c1-e0dd-4a6f-8afd-829e7b6ff53c\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cache\http2\Service Worker\CacheStorage\b38c19bfbb73f63907d476835e2abf4b91abe898\26d790c1-e0dd-4a6f-8afd-829e7b6ff53c\index-dir\the-real-index

Filesize
168B

MD5
e283ddae4d7fa846c6d4d37dd81b77a9

SHA1
166a192f3dcf96619fc750ee6f6905e134353e03

SHA256
0e630680d1726b56473128424141e56498759de17ca63a1891a8a3c4e58971ee

SHA512
8a7824685115b8b846a32945cc2e5ea172a07346d93027f4f96bb3345e56927a4fabd7415cb7f40128d577b910fbfb81fd977177e28cd99c2ea4e33409a9bc1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\cache\http2\Service Worker\CacheStorage\b38c19bfbb73f63907d476835e2abf4b91abe898\26d790c1-e0dd-4a6f-8afd-829e7b6ff53c\index-dir\the-real-index~RFe586c71.TMP

Filesize
48B

MD5
7be22f5a19c25b3803e263fa758dd720

SHA1
1d9303e9bf3b397956f268ec6b1a52dae0ade64f

SHA256
bd6fadc0ac661b60fda172fc8989f67db925ee8601d66f5031277ac1e0bee2ba

SHA512
be5b58f90d5f80eb706c57a74ece4e6b7e51d884a312326e21d9d1d3c64ece6a8a23cf2b44d178acf1275565490b6a3f3517af773dda791f9a86aba2196b4e12

Download Submit
C:\Users\Admin\AppData\Local\Temp\cache\http2\Service Worker\CacheStorage\b38c19bfbb73f63907d476835e2abf4b91abe898\2a48d862-a2a7-44c9-a624-69b096c837fb\index-dir\the-real-index

Filesize
216B

MD5
c9125f342f738c3a4f673b7a5054bc2f

SHA1
e3d090b4a3bb26876f74fc8b4337d4e41e048ff6

SHA256
0a10690a36a416ae0611780b44dd9d95ed66c44f140a1267033f7cbd068da441

SHA512
c5ffd15a31f2782e8bee09d681fdd93bdd77ff052f43ed88160996ba219e4b9f34504bdf24f36ed3ea9503b3d3db8858fc3088c0f6fefac15d47f6329d1de633

Download Submit
C:\Users\Admin\AppData\Local\Temp\cache\http2\Service Worker\CacheStorage\b38c19bfbb73f63907d476835e2abf4b91abe898\2a48d862-a2a7-44c9-a624-69b096c837fb\index-dir\the-real-index~RFe587191.TMP

Filesize
48B

MD5
21678774b344603cd99359ac90ef7544

SHA1
e7202d7b352ec78a3a8379507d6c8d7f201ba531

SHA256
6da169ca203743644fd1087407b305af30c12287133643e682a562186b62d96f

SHA512
6e8f2c1c7a3b17c2d4436cb612e4ebe105f97b1336e5761960635534d2f0078cf54044fe7985b50be9aeea7e80c491b92ee395554465f2a8f5f0269224987481

Download Submit
C:\Users\Admin\AppData\Local\Temp\cache\http2\Service Worker\CacheStorage\b38c19bfbb73f63907d476835e2abf4b91abe898\aca324eb-7905-4f6a-86b7-9d1f795195a1\index-dir\the-real-index

Filesize
2KB

MD5
aaf3f2f2486d279a8911af445ce6b742

SHA1
ebf46d7c7d8831d601e811ecaa11c4632c64df54

SHA256
a34ac8a4d350dec1630ec924cbd8efeac6aaf733ed578aa67cb27a420d144858

SHA512
57fdbe484e9ac324bc18f5bb721b323e47165fa3dfdcd069a0d0d7cb30cf90a6cc998618fad989de183632a6829c997b2ec94aa8d0642222d10bef1b161b8626

Download Submit
C:\Users\Admin\AppData\Local\Temp\cache\http2\Service Worker\CacheStorage\b38c19bfbb73f63907d476835e2abf4b91abe898\aca324eb-7905-4f6a-86b7-9d1f795195a1\index-dir\the-real-index~RFe58655c.TMP

Filesize
48B

MD5
0131196dd3b26a56b135cb209463f4c0

SHA1
f9f28301763f76974ffc98eca1391b49c5e17579

SHA256
a1d32b526bd8cb525e33900d052dfc0183a78ace04f240daaab831ce89c531d6

SHA512
e39bd48a450f09f392d22c134f77158b473b97cd57cb9622e5e3a6d9f3070b8aefe7e2c90b6b606251e1a3b6fcf31830082dec17740a33fa3d58d26bb055c997

Download Submit
C:\Users\Admin\AppData\Local\Temp\cache\http2\Service Worker\CacheStorage\b38c19bfbb73f63907d476835e2abf4b91abe898\d98ac94d-d3cc-42e3-b7c5-a37a0a5aadab\index-dir\the-real-index

Filesize
120B

MD5
2f1e8bc8ba94492ba6bf18abb69dc38c

SHA1
9fc50fc213138aab9124dbc4706fc8dc1072256e

SHA256
65b5fbedf56d8552fea08b9b39a1e50c30fefe5fe2279b6c851d8006a807f3e6

SHA512
4a0ee37cbeab28db5cb1ac7bb0e2ce552558a3fd8a41009569041e9331dbd07d7f86f9eacd3fb39c01d6b949ac2e5428b77e8dd05ef5048c5e3b8bd5593bec57

Download Submit
C:\Users\Admin\AppData\Local\Temp\cache\http2\Service Worker\CacheStorage\b38c19bfbb73f63907d476835e2abf4b91abe898\d98ac94d-d3cc-42e3-b7c5-a37a0a5aadab\index-dir\the-real-index~RFe586e65.TMP

Filesize
48B

MD5
90cfc2da2d2cc3823ce64755e2442b43

SHA1
8eb0206e1a6dc0ff3d79bfa1822e0f3eb9f251e4

SHA256
4b464d31e9047118b8309fd19c2815b7ca3e5e71943800f3b1d2a6214093c40b

SHA512
9657080c9e97eb1f316f15830c5359d9f3cc9d65e37409272c5aedf4f623b744efe8bee8f78a4332864d38a73aba4fbef5c947ffcec3b954f6beac1f66487726

Download Submit
C:\Users\Admin\AppData\Local\Temp\cache\http2\Service Worker\CacheStorage\b38c19bfbb73f63907d476835e2abf4b91abe898\index.txt

Filesize
258B

MD5
df5daa85588b35b3f71a3c5f350b7bc1

SHA1
8ecc76b433afa1ba04f796b73cb8c3b72f4f5d62

SHA256
e7707a7b43a2bd48f27a1d0c1fd56c63749c0508a999dd067e7c191ffcff744f

SHA512
00b29afa23f64bdc555c06a8be10b54341c391acfef130788b0f02e8d86a3424db14d8adad5f7b5cd2e83edbf9cd063adf810bd745421d0dc124503d16ea56e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\cache\http2\Service Worker\CacheStorage\b38c19bfbb73f63907d476835e2abf4b91abe898\index.txt

Filesize
327B

MD5
cb61e84004d885096547d2755f1583c8

SHA1
264194f6cc4c78967905ead76c96a7cbcce040f4

SHA256
2ec0c533fc12efc0c63574562ca9ae69b858294903b447a8f7c21ca451fa3c88

SHA512
b274b3d7d00b1b95c75bbc11668981631b0ec0664815d361f36cf63f30fd3a43608dc96b27e3ed601ea51d5ef593ddb7d676b80445cc91c394935ec391299789

Download Submit
C:\Users\Admin\AppData\Local\Temp\cache\http2\Service Worker\CacheStorage\b38c19bfbb73f63907d476835e2abf4b91abe898\index.txt

Filesize
398B

MD5
ddb9c1a90ada5ef01762d92e6637b5d8

SHA1
7c588a54b9f8b69677ff4e54c2935446a885946a

SHA256
8c467d822b8ff2271f97d2440a2af6392c2d938f633d0dcfd26a8076092df5e9

SHA512
47eacd480be3728860f55ffa90f2b070f0763ae7681ea60c2e5c3227aefec34e79862d4c8d69c5cf9f202501a9f7d7ec16a6fe233bb54c863cd89469227f66ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\cache\http2\Service Worker\CacheStorage\b38c19bfbb73f63907d476835e2abf4b91abe898\index.txt

Filesize
394B

MD5
a18bf08a3244de805cc67105f15d359c

SHA1
ff6c52f7117ca6eaf1d9340f0c2326db9d59f388

SHA256
a6f0be0f406a01e0bce8748332cca03b9a28da5ad573cb52e6eb06d9f62beff1

SHA512
1ff6b88838f979a3d4a9e2c9eabc8bbe56e3a0619969360647f82274cc5b0cb9a4767f57f1b97852b4865bdaadd9decca7d6822996620bf731a5a05665e4aedf

Download Submit
C:\Users\Admin\AppData\Local\Temp\cache\http2\Service Worker\CacheStorage\b38c19bfbb73f63907d476835e2abf4b91abe898\index.txt~RFe58179a.TMP

Filesize
195B

MD5
512b378103c8b636d6a9ce3efd2e3774

SHA1
798d999c659a701a8f1de0371c5d9879a82ec673

SHA256
0d081d0aaf648eb093fba7bfc6b24faaf8ce41eb3a204f534fe64897c2fdce1f

SHA512
583c2000f0e4ef7bac5ad1385f9c29b39f351ab9418a03c7d50b699e664e583833a63353f95d3ae6c949ab94103b632a0331339cca5cef07ea259185ea5ed4fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\cache\http2\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
7d6fae91d7108f936e7e2dd70ae47955

SHA1
b48c028fc404ddf930b9efeba004d4780c83db32

SHA256
85a7342b1b19ebaabca940229f2bb07bb075536abdf6a525b79afd5fdcd20dc6

SHA512
1bf0bc483f5907d14e444849f0ae91180064d1d9e55e4a5414e906bd7f540af6eea4947a028822787c67c257901a350a1e94b988a5642955c2c1301be533fb29

Download Submit
C:\Users\Admin\AppData\Local\Temp\cache\http2\Service Worker\ScriptCache\index-dir\the-real-index~RFe58364d.TMP

Filesize
48B

MD5
8930585b9048b82c4657de090476623f

SHA1
9bf7c6a24e8dd5b37eb458d1a6f2bc329f8f8f4a

SHA256
538bc2dea0cf35a1d0bc75722aa189654832a09ec88f6a9a034e8a0a8e79d451

SHA512
eb7bb41e798de4aa62af67f57fc807ea144540715d72f7af5ae064f9429e4930ec22337c3df623e23a88b8b858ef0fba097302fd0fb28303897f5075cdd14693

Download Submit
C:\Users\Admin\AppData\Local\Temp\cache\http2\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\logs\launcher_log.txt

Filesize
1KB

MD5
e2ab0f525c02b637a685d3c1c0612bfb

SHA1
9482960bde2e1180629c690ee73d0bf7beff836f

SHA256
b16f3876b1f31b1f0adc5338dfb9cba9917ebfbe50d57af506cf0c207e0a947c

SHA512
2a3bb2b7169b75479b3ecf8c02068d12aa5499edad0ea8685d6abb3167b203d74f317cb473d3771eb24c728c8089cfd53d71128b5207d7ac9fa59b595427ee41

Download Submit
C:\Users\Admin\AppData\Local\Temp\logs\network_info.txt

Filesize
3KB

MD5
6e437af665c172cbc3986bb89ca97cae

SHA1
a2e0a445c0a660a3dbabe85fbe5c45ee40b12c72

SHA256
1c2adacb7317103f627fb8eeb11109feb38d9741c74eab91fb100705f5b53739

SHA512
1e2d796bc202b79587c4414ae66b151df46a1660782ba3e2d11aa371943b62c6584f9f252845c6245ea26d0b69b6abcb684b587e043cdb6a9f4a34b7df476e46

Download Submit
C:\Users\Admin\AppData\Local\Temp\logs\service_log.txt

Filesize
344B

MD5
5771e825ebacf35bde51269e580bc1ac

SHA1
9a69fab39410b7a97b7c2eff46083004d02f78c8

SHA256
a0718198d1f019b6204f7c1da209b088010e2aafef77fa3531ccc0fc96521ec4

SHA512
911961ca6e12158dadc0e3eeb47687d96f1bdc381d8608c4919576cfe62cf73dfdd771ead4a1584adbbcf9be7d0cc5110c6a0eda7db8d1bb5addf21fe3d9b63e

Download Submit
memory/380-34-0x0000000000E20000-0x0000000002008000-memory.dmp

Filesize
17.9MB

Download
memory/380-33-0x0000000002030000-0x0000000002031000-memory.dmp

Filesize
4KB

Download
memory/968-672-0x0000000006FB0000-0x0000000006FB1000-memory.dmp

Filesize
4KB

Download
memory/968-665-0x0000000006FB0000-0x0000000006FB1000-memory.dmp

Filesize
4KB

Download
memory/968-674-0x0000000006FB0000-0x0000000006FB1000-memory.dmp

Filesize
4KB

Download
memory/968-676-0x0000000006FB0000-0x0000000006FB1000-memory.dmp

Filesize
4KB

Download
memory/968-675-0x0000000006FB0000-0x0000000006FB1000-memory.dmp

Filesize
4KB

Download
memory/968-677-0x0000000006FB0000-0x0000000006FB1000-memory.dmp

Filesize
4KB

Download
memory/968-673-0x0000000006FB0000-0x0000000006FB1000-memory.dmp

Filesize
4KB

Download
memory/968-671-0x0000000006FB0000-0x0000000006FB1000-memory.dmp

Filesize
4KB

Download
memory/968-666-0x0000000006FB0000-0x0000000006FB1000-memory.dmp

Filesize
4KB

Download
memory/968-667-0x0000000006FB0000-0x0000000006FB1000-memory.dmp

Filesize
4KB

Download
memory/1492-24-0x0000000000E20000-0x0000000002008000-memory.dmp

Filesize
17.9MB

Download
memory/1492-23-0x0000000000980000-0x0000000000981000-memory.dmp

Filesize
4KB

Download
memory/1496-1-0x0000000005D80000-0x0000000005D81000-memory.dmp

Filesize
4KB

Download
memory/1496-2-0x0000000005D90000-0x0000000005D91000-memory.dmp

Filesize
4KB

Download
memory/1496-4-0x0000000005DE0000-0x0000000005DE1000-memory.dmp

Filesize
4KB

Download
memory/1496-3-0x0000000005DC0000-0x0000000005DC1000-memory.dmp

Filesize
4KB

Download
memory/1496-5-0x0000000005DF0000-0x0000000005DF1000-memory.dmp

Filesize
4KB

Download
memory/1496-6-0x0000000005E00000-0x0000000005E01000-memory.dmp

Filesize
4KB

Download
memory/1496-7-0x00000000004B0000-0x0000000003D0F000-memory.dmp

Filesize
56.4MB

Download
memory/1496-0-0x0000000005D70000-0x0000000005D71000-memory.dmp

Filesize
4KB

Download
memory/1496-52-0x000000000AA50000-0x000000000AA66000-memory.dmp

Filesize
88KB

Download