02ab5eaa36cd584cb56f5f384d9a3c6e1cb19620c8e23e72d72097c023c93372

Resubmissions

23-09-2024 22:46

240923-2p23ds1cpr 10

23-09-2024 22:44

240923-2n5f5avbpe 10

Analysis

max time kernel
445s
max time network
446s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
23-09-2024 22:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Spotify Gen2.exe
Size

56.1MB
MD5

86480d87daa6bdcc81fc5fa224ae47a4
SHA1

86685b537b073b4fa43503b64ce9dbdd402d3033
SHA256

02ab5eaa36cd584cb56f5f384d9a3c6e1cb19620c8e23e72d72097c023c93372
SHA512

ec0743f111dc144023a7f3e6bb01123144c5a81601ae31fab6765edcf6f08a9b1c5ff58887408943097381fd826129bed6d2ed49dc29c0dd558220bc3b808b88
SSDEEP

1572864:AvxZQglHWE7vaSk8IpG7V+VPhqQdSiE70lg7SDPz:AvxZxF3eSkB05awkSge7gb

Score

9^/10

discovery evasion execution persistence upx

Malware Config

Signatures

Enumerates VirtualBox DLL files 2 TTPs 4 IoCs

File and Directory Discovery

T1083

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
File opened (read-only)	C:\windows\system32\vboxhook.dll	Spotify Gen2.exe
File opened (read-only)	C:\windows\system32\vboxmrxnp.dll	Spotify Gen2.exe
File opened (read-only)	C:\windows\system32\vboxhook.dll	Saturn Boostrapper.exe
File opened (read-only)	C:\windows\system32\vboxmrxnp.dll	Saturn Boostrapper.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

execution

PowerShell

T1059.001

pid	Process
2604	powershell.exe
4436	powershell.exe

Sets file to hidden 1 TTPs 1 IoCs

Modifies file attributes to stop it showing in Explorer etc.

evasion

Hidden Files and Directories

T1564.001

pid	Process
2260	attrib.exe

Executes dropped EXE 2 IoCs

pid	Process
3664	Saturn Boostrapper.exe
812	Saturn Boostrapper.exe

Loads dropped DLL 64 IoCs

pid	Process
5088	Spotify Gen2.exe
5088	Spotify Gen2.exe
5088	Spotify Gen2.exe
5088	Spotify Gen2.exe
5088	Spotify Gen2.exe
5088	Spotify Gen2.exe
5088	Spotify Gen2.exe
5088	Spotify Gen2.exe
5088	Spotify Gen2.exe
5088	Spotify Gen2.exe
5088	Spotify Gen2.exe
5088	Spotify Gen2.exe
5088	Spotify Gen2.exe
5088	Spotify Gen2.exe
5088	Spotify Gen2.exe
5088	Spotify Gen2.exe
5088	Spotify Gen2.exe
5088	Spotify Gen2.exe
5088	Spotify Gen2.exe
5088	Spotify Gen2.exe
5088	Spotify Gen2.exe
5088	Spotify Gen2.exe
5088	Spotify Gen2.exe
5088	Spotify Gen2.exe
5088	Spotify Gen2.exe
5088	Spotify Gen2.exe
5088	Spotify Gen2.exe
5088	Spotify Gen2.exe
5088	Spotify Gen2.exe
5088	Spotify Gen2.exe
5088	Spotify Gen2.exe
5088	Spotify Gen2.exe
5088	Spotify Gen2.exe
5088	Spotify Gen2.exe
5088	Spotify Gen2.exe
5088	Spotify Gen2.exe
5088	Spotify Gen2.exe
5088	Spotify Gen2.exe
5088	Spotify Gen2.exe
5088	Spotify Gen2.exe
5088	Spotify Gen2.exe
5088	Spotify Gen2.exe
5088	Spotify Gen2.exe
5088	Spotify Gen2.exe
5088	Spotify Gen2.exe
5088	Spotify Gen2.exe
5088	Spotify Gen2.exe
5088	Spotify Gen2.exe
5088	Spotify Gen2.exe
5088	Spotify Gen2.exe
5088	Spotify Gen2.exe
5088	Spotify Gen2.exe
5088	Spotify Gen2.exe
5088	Spotify Gen2.exe
5088	Spotify Gen2.exe
5088	Spotify Gen2.exe
5088	Spotify Gen2.exe
5088	Spotify Gen2.exe
5088	Spotify Gen2.exe
5088	Spotify Gen2.exe
5088	Spotify Gen2.exe
5088	Spotify Gen2.exe
5088	Spotify Gen2.exe
5088	Spotify Gen2.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Saturn Swapper = "C:\\Users\\Admin\\Saturn Swapper\\Saturn Boostrapper.exe"	Spotify Gen2.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
21	discord.com
2	discord.com
3	discord.com
15	drive.google.com

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
74	ifconfig.me
32	ifconfig.me

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000100000002af1f-1159.dat	upx
behavioral1/memory/5088-1163-0x00007FF81C0E0000-0x00007FF81C6D2000-memory.dmp	upx
behavioral1/files/0x000100000002aecc-1170.dat	upx
behavioral1/memory/5088-1171-0x00007FF826120000-0x00007FF826144000-memory.dmp	upx
behavioral1/memory/5088-1173-0x00007FF8261D0000-0x00007FF8261DF000-memory.dmp	upx
behavioral1/files/0x000100000002aae0-1169.dat	upx
behavioral1/files/0x000100000002aade-1174.dat	upx
behavioral1/memory/5088-1177-0x00007FF826100000-0x00007FF826119000-memory.dmp	upx
behavioral1/files/0x000100000002af39-1201.dat	upx
behavioral1/memory/5088-1218-0x00007FF81FDD0000-0x00007FF81FDFD000-memory.dmp	upx
behavioral1/files/0x000100000002aea0-1216.dat	upx
behavioral1/files/0x000100000002aaea-1215.dat	upx
behavioral1/files/0x000100000002aae8-1213.dat	upx
behavioral1/files/0x000100000002aae7-1212.dat	upx
behavioral1/files/0x000100000002aae6-1211.dat	upx
behavioral1/files/0x000100000002aae5-1210.dat	upx
behavioral1/files/0x000100000002aae3-1209.dat	upx
behavioral1/files/0x000100000002aae2-1208.dat	upx
behavioral1/files/0x000100000002aae1-1207.dat	upx
behavioral1/files/0x000100000002aadf-1206.dat	upx
behavioral1/files/0x000100000002aadd-1205.dat	upx
behavioral1/files/0x000100000002af49-1204.dat	upx
behavioral1/files/0x000100000002af3a-1202.dat	upx
behavioral1/files/0x000100000002af2e-1200.dat	upx
behavioral1/files/0x000100000002af2d-1199.dat	upx
behavioral1/files/0x000100000002af23-1198.dat	upx
behavioral1/files/0x000100000002aada-1197.dat	upx
behavioral1/files/0x000100000002aad9-1196.dat	upx
behavioral1/files/0x000100000002aad8-1195.dat	upx
behavioral1/files/0x000100000002aad7-1194.dat	upx
behavioral1/files/0x000100000002aef5-1193.dat	upx
behavioral1/files/0x000100000002aef0-1192.dat	upx
behavioral1/files/0x000100000002aed6-1191.dat	upx
behavioral1/files/0x000100000002aed5-1190.dat	upx
behavioral1/files/0x000100000002aed4-1189.dat	upx
behavioral1/files/0x000100000002aed3-1188.dat	upx
behavioral1/files/0x000100000002aed2-1187.dat	upx
behavioral1/files/0x000100000002aed1-1186.dat	upx
behavioral1/files/0x000100000002aed0-1185.dat	upx
behavioral1/files/0x000100000002aecf-1184.dat	upx
behavioral1/files/0x000100000002aece-1183.dat	upx
behavioral1/files/0x000100000002aecd-1182.dat	upx
behavioral1/files/0x000100000002aecb-1181.dat	upx
behavioral1/files/0x000100000002aec4-1180.dat	upx
behavioral1/files/0x000100000002aae9-1214.dat	upx
behavioral1/files/0x000100000002aae4-1178.dat	upx
behavioral1/memory/5088-1222-0x00007FF80AE70000-0x00007FF80B399000-memory.dmp	upx
behavioral1/memory/5088-1220-0x00007FF825CB0000-0x00007FF825CC4000-memory.dmp	upx
behavioral1/memory/5088-1226-0x00007FF822340000-0x00007FF82234D000-memory.dmp	upx
behavioral1/memory/5088-1224-0x00007FF823120000-0x00007FF823139000-memory.dmp	upx
behavioral1/memory/5088-1230-0x00007FF81C9E0000-0x00007FF81CAAD000-memory.dmp	upx
behavioral1/files/0x000100000002aeb3-1233.dat	upx
behavioral1/memory/5088-1229-0x00007FF81FAF0000-0x00007FF81FB23000-memory.dmp	upx
behavioral1/memory/5088-1239-0x00007FF826120000-0x00007FF826144000-memory.dmp	upx
behavioral1/memory/5088-1238-0x00007FF822330000-0x00007FF82233D000-memory.dmp	upx
behavioral1/memory/5088-1237-0x00007FF81BFC0000-0x00007FF81C0DC000-memory.dmp	upx
behavioral1/memory/5088-1236-0x00007FF81FAC0000-0x00007FF81FAE6000-memory.dmp	upx
behavioral1/memory/5088-1235-0x00007FF81FDC0000-0x00007FF81FDCB000-memory.dmp	upx
behavioral1/memory/5088-1234-0x00007FF81C0E0000-0x00007FF81C6D2000-memory.dmp	upx
behavioral1/memory/5088-1240-0x00007FF81F920000-0x00007FF81F956000-memory.dmp	upx
behavioral1/memory/5088-1245-0x00007FF80AE70000-0x00007FF80B399000-memory.dmp	upx
behavioral1/memory/5088-1244-0x00007FF81FA90000-0x00007FF81FA9C000-memory.dmp	upx
behavioral1/memory/5088-1243-0x00007FF825CB0000-0x00007FF825CC4000-memory.dmp	upx
behavioral1/memory/5088-1241-0x00007FF81FAB0000-0x00007FF81FABB000-memory.dmp	upx

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CyberTriageCollectorGUI.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CyberTriageCollector.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
1876	taskkill.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133716052432680682"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\MRUListEx = 00000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000100000000000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0\MRUListEx = ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Generic"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe100000004ba13ecbede4da01e83a44750a0edb01828cac3e0b0edb0114000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616193"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0\NodeSlot = "6"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	chrome.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Cyber Triage.zip:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
5088	Spotify Gen2.exe
5088	Spotify Gen2.exe
5088	Spotify Gen2.exe
5088	Spotify Gen2.exe
5088	Spotify Gen2.exe
5088	Spotify Gen2.exe
2604	powershell.exe
2604	powershell.exe
812	Saturn Boostrapper.exe
812	Saturn Boostrapper.exe
812	Saturn Boostrapper.exe
812	Saturn Boostrapper.exe
812	Saturn Boostrapper.exe
812	Saturn Boostrapper.exe
4436	powershell.exe
4436	powershell.exe
2064	chrome.exe
2064	chrome.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
3000	CyberTriageCollectorGUI.exe
1484	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	5088	Spotify Gen2.exe
Token: SeDebugPrivilege	2604	powershell.exe
Token: SeDebugPrivilege	1876	taskkill.exe
Token: SeDebugPrivilege	812	Saturn Boostrapper.exe
Token: SeDebugPrivilege	4436	powershell.exe
Token: SeShutdownPrivilege	2064	chrome.exe
Token: SeCreatePagefilePrivilege	2064	chrome.exe
Token: SeShutdownPrivilege	2064	chrome.exe
Token: SeCreatePagefilePrivilege	2064	chrome.exe
Token: SeShutdownPrivilege	2064	chrome.exe
Token: SeCreatePagefilePrivilege	2064	chrome.exe
Token: SeShutdownPrivilege	2064	chrome.exe
Token: SeCreatePagefilePrivilege	2064	chrome.exe
Token: SeShutdownPrivilege	2064	chrome.exe
Token: SeCreatePagefilePrivilege	2064	chrome.exe
Token: SeShutdownPrivilege	2064	chrome.exe
Token: SeCreatePagefilePrivilege	2064	chrome.exe
Token: SeShutdownPrivilege	2064	chrome.exe
Token: SeCreatePagefilePrivilege	2064	chrome.exe
Token: SeShutdownPrivilege	2064	chrome.exe
Token: SeCreatePagefilePrivilege	2064	chrome.exe
Token: SeShutdownPrivilege	2064	chrome.exe
Token: SeCreatePagefilePrivilege	2064	chrome.exe
Token: SeShutdownPrivilege	2064	chrome.exe
Token: SeCreatePagefilePrivilege	2064	chrome.exe
Token: SeShutdownPrivilege	2064	chrome.exe
Token: SeCreatePagefilePrivilege	2064	chrome.exe
Token: SeShutdownPrivilege	2064	chrome.exe
Token: SeCreatePagefilePrivilege	2064	chrome.exe
Token: SeShutdownPrivilege	2064	chrome.exe
Token: SeCreatePagefilePrivilege	2064	chrome.exe
Token: SeShutdownPrivilege	2064	chrome.exe
Token: SeCreatePagefilePrivilege	2064	chrome.exe
Token: SeShutdownPrivilege	2064	chrome.exe
Token: SeCreatePagefilePrivilege	2064	chrome.exe
Token: SeShutdownPrivilege	2064	chrome.exe
Token: SeCreatePagefilePrivilege	2064	chrome.exe
Token: SeShutdownPrivilege	2064	chrome.exe
Token: SeCreatePagefilePrivilege	2064	chrome.exe
Token: SeShutdownPrivilege	2064	chrome.exe
Token: SeCreatePagefilePrivilege	2064	chrome.exe
Token: SeShutdownPrivilege	2064	chrome.exe
Token: SeCreatePagefilePrivilege	2064	chrome.exe
Token: SeShutdownPrivilege	2064	chrome.exe
Token: SeCreatePagefilePrivilege	2064	chrome.exe
Token: SeShutdownPrivilege	2064	chrome.exe
Token: SeCreatePagefilePrivilege	2064	chrome.exe
Token: SeShutdownPrivilege	2064	chrome.exe
Token: SeCreatePagefilePrivilege	2064	chrome.exe
Token: SeShutdownPrivilege	2064	chrome.exe
Token: SeCreatePagefilePrivilege	2064	chrome.exe
Token: SeShutdownPrivilege	2064	chrome.exe
Token: SeCreatePagefilePrivilege	2064	chrome.exe
Token: SeShutdownPrivilege	2064	chrome.exe
Token: SeCreatePagefilePrivilege	2064	chrome.exe
Token: SeShutdownPrivilege	2064	chrome.exe
Token: SeCreatePagefilePrivilege	2064	chrome.exe
Token: SeShutdownPrivilege	2064	chrome.exe
Token: SeCreatePagefilePrivilege	2064	chrome.exe
Token: SeShutdownPrivilege	2064	chrome.exe
Token: SeCreatePagefilePrivilege	2064	chrome.exe
Token: SeShutdownPrivilege	2064	chrome.exe
Token: SeCreatePagefilePrivilege	2064	chrome.exe
Token: SeShutdownPrivilege	2064	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe
3000	CyberTriageCollectorGUI.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
812	Saturn Boostrapper.exe
3000	CyberTriageCollectorGUI.exe
3428	CyberTriageCollector.exe
1484	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5000 wrote to memory of 5088	5000	Spotify Gen2.exe	78
PID 5000 wrote to memory of 5088	5000	Spotify Gen2.exe	78
PID 5088 wrote to memory of 4480	5088	Spotify Gen2.exe	79
PID 5088 wrote to memory of 4480	5088	Spotify Gen2.exe	79
PID 5088 wrote to memory of 2604	5088	Spotify Gen2.exe	81
PID 5088 wrote to memory of 2604	5088	Spotify Gen2.exe	81
PID 5088 wrote to memory of 4556	5088	Spotify Gen2.exe	83
PID 5088 wrote to memory of 4556	5088	Spotify Gen2.exe	83
PID 4556 wrote to memory of 2260	4556	cmd.exe	85
PID 4556 wrote to memory of 2260	4556	cmd.exe	85
PID 4556 wrote to memory of 3664	4556	cmd.exe	86
PID 4556 wrote to memory of 3664	4556	cmd.exe	86
PID 4556 wrote to memory of 1876	4556	cmd.exe	87
PID 4556 wrote to memory of 1876	4556	cmd.exe	87
PID 3664 wrote to memory of 812	3664	Saturn Boostrapper.exe	89
PID 3664 wrote to memory of 812	3664	Saturn Boostrapper.exe	89
PID 812 wrote to memory of 2160	812	Saturn Boostrapper.exe	90
PID 812 wrote to memory of 2160	812	Saturn Boostrapper.exe	90
PID 812 wrote to memory of 4436	812	Saturn Boostrapper.exe	92
PID 812 wrote to memory of 4436	812	Saturn Boostrapper.exe	92
PID 2064 wrote to memory of 2632	2064	chrome.exe	97
PID 2064 wrote to memory of 2632	2064	chrome.exe	97
PID 2064 wrote to memory of 2124	2064	chrome.exe	98
PID 2064 wrote to memory of 2124	2064	chrome.exe	98
PID 2064 wrote to memory of 2124	2064	chrome.exe	98
PID 2064 wrote to memory of 2124	2064	chrome.exe	98
PID 2064 wrote to memory of 2124	2064	chrome.exe	98
PID 2064 wrote to memory of 2124	2064	chrome.exe	98
PID 2064 wrote to memory of 2124	2064	chrome.exe	98
PID 2064 wrote to memory of 2124	2064	chrome.exe	98
PID 2064 wrote to memory of 2124	2064	chrome.exe	98
PID 2064 wrote to memory of 2124	2064	chrome.exe	98
PID 2064 wrote to memory of 2124	2064	chrome.exe	98
PID 2064 wrote to memory of 2124	2064	chrome.exe	98
PID 2064 wrote to memory of 2124	2064	chrome.exe	98
PID 2064 wrote to memory of 2124	2064	chrome.exe	98
PID 2064 wrote to memory of 2124	2064	chrome.exe	98
PID 2064 wrote to memory of 2124	2064	chrome.exe	98
PID 2064 wrote to memory of 2124	2064	chrome.exe	98
PID 2064 wrote to memory of 2124	2064	chrome.exe	98
PID 2064 wrote to memory of 2124	2064	chrome.exe	98
PID 2064 wrote to memory of 2124	2064	chrome.exe	98
PID 2064 wrote to memory of 2124	2064	chrome.exe	98
PID 2064 wrote to memory of 2124	2064	chrome.exe	98
PID 2064 wrote to memory of 2124	2064	chrome.exe	98
PID 2064 wrote to memory of 2124	2064	chrome.exe	98
PID 2064 wrote to memory of 2124	2064	chrome.exe	98
PID 2064 wrote to memory of 2124	2064	chrome.exe	98
PID 2064 wrote to memory of 2124	2064	chrome.exe	98
PID 2064 wrote to memory of 2124	2064	chrome.exe	98
PID 2064 wrote to memory of 2124	2064	chrome.exe	98
PID 2064 wrote to memory of 2124	2064	chrome.exe	98
PID 2064 wrote to memory of 4996	2064	chrome.exe	99
PID 2064 wrote to memory of 4996	2064	chrome.exe	99
PID 2064 wrote to memory of 2616	2064	chrome.exe	100
PID 2064 wrote to memory of 2616	2064	chrome.exe	100
PID 2064 wrote to memory of 2616	2064	chrome.exe	100
PID 2064 wrote to memory of 2616	2064	chrome.exe	100
PID 2064 wrote to memory of 2616	2064	chrome.exe	100
PID 2064 wrote to memory of 2616	2064	chrome.exe	100
PID 2064 wrote to memory of 2616	2064	chrome.exe	100
PID 2064 wrote to memory of 2616	2064	chrome.exe	100
PID 2064 wrote to memory of 2616	2064	chrome.exe	100
PID 2064 wrote to memory of 2616	2064	chrome.exe	100

Views/modifies file attributes 1 TTPs 1 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
2260	attrib.exe

C:\Users\Admin\AppData\Local\Temp\Spotify Gen2.exe
"C:\Users\Admin\AppData\Local\Temp\Spotify Gen2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5000
- C:\Users\Admin\AppData\Local\Temp\Spotify Gen2.exe
  "C:\Users\Admin\AppData\Local\Temp\Spotify Gen2.exe"
  2⤵
  - Enumerates VirtualBox DLL files
  - Loads dropped DLL
  - Adds Run key to start application
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:5088
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:4480
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\Saturn Swapper\""
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2604
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Saturn Swapper\activate.bat""
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4556
  - - C:\Windows\system32\attrib.exe
      attrib +s +h .
      4⤵
      Sets file to hidden
      Views/modifies file attributes
      PID:2260
  - - C:\Users\Admin\Saturn Swapper\Saturn Boostrapper.exe
      "Saturn Boostrapper.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:3664
    - - C:\Users\Admin\Saturn Swapper\Saturn Boostrapper.exe
        
        "Saturn Boostrapper.exe"
        5⤵
        Enumerates VirtualBox DLL files
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:812
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "ver"
        6⤵
        
        PID:2160
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\Saturn Swapper\""
        6⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:4436
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im "Spotify Gen2.exe"
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:1876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x104,0x108,0x10c,0xe4,0x110,0x7ff8181dcc40,0x7ff8181dcc4c,0x7ff8181dcc58
  2⤵
  PID:2632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1784,i,11795363872476417459,1040812194893748154,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1780 /prefetch:2
  2⤵
  PID:2124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2056,i,11795363872476417459,1040812194893748154,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2116 /prefetch:3
  2⤵
  PID:4996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2208,i,11795363872476417459,1040812194893748154,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2160 /prefetch:8
  2⤵
  PID:2616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3088,i,11795363872476417459,1040812194893748154,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3112 /prefetch:1
  2⤵
  PID:3080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3340,i,11795363872476417459,1040812194893748154,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4452,i,11795363872476417459,1040812194893748154,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4432 /prefetch:1
  2⤵
  PID:4056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4376,i,11795363872476417459,1040812194893748154,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4684 /prefetch:8
  2⤵
  PID:4188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4788,i,11795363872476417459,1040812194893748154,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4772 /prefetch:8
  2⤵
  PID:2088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4988,i,11795363872476417459,1040812194893748154,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4308 /prefetch:1
  2⤵
  PID:2016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4560,i,11795363872476417459,1040812194893748154,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:2732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5032,i,11795363872476417459,1040812194893748154,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4432 /prefetch:1
  2⤵
  PID:1848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5320,i,11795363872476417459,1040812194893748154,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5472 /prefetch:8
  2⤵
  - NTFS ADS
  PID:2628

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:916

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2892

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3452

C:\Users\Admin\Downloads\Cyber Triage\Cyber Triage\CyberTriageCollectorGUI.exe
"C:\Users\Admin\Downloads\Cyber Triage\Cyber Triage\CyberTriageCollectorGUI.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3000
- C:\Users\Admin\Downloads\Cyber Triage\Cyber Triage\CyberTriageCollector.exe
  ./CyberTriageCollector.exe --dtypes us,pr,st,sc,co,nw,nc,lo,wb,fs,ns,ud --skip_file_contents --ruleset_file filesets.yaml
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:3428

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:4628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8181dcc40,0x7ff8181dcc4c,0x7ff8181dcc58
  2⤵
  PID:1096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1932,i,13912316572258075139,13175842922321256633,262144 --variations-seed-version=20240923-050122.947000 --mojo-platform-channel-handle=1928 /prefetch:2
  2⤵
  PID:1580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1820,i,13912316572258075139,13175842922321256633,262144 --variations-seed-version=20240923-050122.947000 --mojo-platform-channel-handle=1964 /prefetch:3
  2⤵
  PID:2832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2200,i,13912316572258075139,13175842922321256633,262144 --variations-seed-version=20240923-050122.947000 --mojo-platform-channel-handle=2280 /prefetch:8
  2⤵
  PID:776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3068,i,13912316572258075139,13175842922321256633,262144 --variations-seed-version=20240923-050122.947000 --mojo-platform-channel-handle=3120 /prefetch:1
  2⤵
  PID:3452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,13912316572258075139,13175842922321256633,262144 --variations-seed-version=20240923-050122.947000 --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:1296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3064,i,13912316572258075139,13175842922321256633,262144 --variations-seed-version=20240923-050122.947000 --mojo-platform-channel-handle=4400 /prefetch:1
  2⤵
  PID:3988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4772,i,13912316572258075139,13175842922321256633,262144 --variations-seed-version=20240923-050122.947000 --mojo-platform-channel-handle=4792 /prefetch:8
  2⤵
  PID:4880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4976,i,13912316572258075139,13175842922321256633,262144 --variations-seed-version=20240923-050122.947000 --mojo-platform-channel-handle=4984 /prefetch:8
  2⤵
  PID:996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5176,i,13912316572258075139,13175842922321256633,262144 --variations-seed-version=20240923-050122.947000 --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:3592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3460,i,13912316572258075139,13175842922321256633,262144 --variations-seed-version=20240923-050122.947000 --mojo-platform-channel-handle=3400 /prefetch:8
  2⤵
  PID:756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3408,i,13912316572258075139,13175842922321256633,262144 --variations-seed-version=20240923-050122.947000 --mojo-platform-channel-handle=4220 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3412,i,13912316572258075139,13175842922321256633,262144 --variations-seed-version=20240923-050122.947000 --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:4212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4312,i,13912316572258075139,13175842922321256633,262144 --variations-seed-version=20240923-050122.947000 --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:3452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4900,i,13912316572258075139,13175842922321256633,262144 --variations-seed-version=20240923-050122.947000 --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:3792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5528,i,13912316572258075139,13175842922321256633,262144 --variations-seed-version=20240923-050122.947000 --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:2080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5324,i,13912316572258075139,13175842922321256633,262144 --variations-seed-version=20240923-050122.947000 --mojo-platform-channel-handle=4808 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6084,i,13912316572258075139,13175842922321256633,262144 --variations-seed-version=20240923-050122.947000 --mojo-platform-channel-handle=5716 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:1484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=6072,i,13912316572258075139,13175842922321256633,262144 --variations-seed-version=20240923-050122.947000 --mojo-platform-channel-handle=5988 /prefetch:8
  2⤵
  PID:4056

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2892

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:332

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D8 0x00000000000004E8
1⤵
PID:5032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Browser Information Discovery

T1217

File and Directory Discovery

T1083

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
1eb34c97499d5de69f067ed37f2a3a5c

SHA1
0f9e5c1792e5c8e03075f09c7b15af959d73b38b

SHA256
d1f4804c565d6079ee2472b8c87f2a37dc7d3836c1fc4186d309fe79b74ef124

SHA512
240db569ceecba6bdd8131d2bd0cf07ae24aaccbcdbea5076d7110d557419d055173212ef63d81f16ffcb765f2d9afab552924115eb05fdbed991b3cddf04727

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\02f89f83-4e83-4347-896c-2574658a3ce3.tmp

Filesize
10KB

MD5
856b23ca4b7c697a7c7f33034dacb2d3

SHA1
452c4503500383bdac5285ba1801070e9417c98c

SHA256
e51f93a0d09fe88bc95cbda03f6379e79d62b34d239ceaaf11a0685ee96473fc

SHA512
bb01e537223ba730071ea03b88265fee51f90d418e81fdb85d8324a3f927ff439192f6143fdbdbbbfba9fafea8b21c4e19c6ec332186dee370f095a9f0dc780f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
957b316212d17ba22b353d00de96ff10

SHA1
ae3ebc719baf0472f695b86664483e6b5c01db1e

SHA256
03c2d9482c895358f993415de058db54afffff946c55f61786e775a4db411282

SHA512
9881100b9c55da59cdde4d2f3d697e09c7f974069e7eec9ca7e1907a76cc16af8af742205fb62494d1f35c8b2dad94605cc5c0d9114fd164c53c6360b7a55c90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000041

Filesize
108KB

MD5
ff5f6eb22cad5bfbac357077bc963f07

SHA1
7926b4fc2d292ec4e007bfbfb08b6a1ca93cbdd3

SHA256
aeb909116881e83f54f709a0cdd20f8e70c9d035b76e1e65ffa6f80d739fc523

SHA512
f10efd05b45ef5baca758c2de80c31853b25268264dfddbb0f513d33cb96c91886be7abcf343fbb347318d7df5d437d538821e4bf0ce8d165c9fa7f15840b1a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000042

Filesize
69KB

MD5
559fb6508d8ec4c44c616d4347fbb753

SHA1
04610efac21b43057f30fc21dcdd928e09cec7e4

SHA256
090840deedd634d2e08de899bb59bd61e6b8ec863829bd0e032ad11d5a93ea19

SHA512
c180d6d8c537982e6c92be4576b7b59894600ccfa33df716351c06c1093c0efb7553bf470bb4de7908ad486a1333a350d53542aebb71e56699e081fe814c47f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000043

Filesize
22KB

MD5
1f3a963d3e34e75a25377e0fd4221085

SHA1
217857bb3574572fbe55cb17bfae6cc347ff4665

SHA256
fdc3b4468fba0d97dbce6aed516fc44a603da2e5f2393d33aeea68e6c8e91e0d

SHA512
d3b60c24e4b09a35eba4b153f8dbb0454f0eb173486027b1469517e467a3a070f58438932204a665af2e044ba7ff2e694444236d3679d15af795e6ec0dcc0819

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000059

Filesize
937KB

MD5
378beae704fb82dd06572289861f8ee1

SHA1
36c2c93f54554b14ccd96aada378c25b54189a83

SHA256
1c522a739dcf50f7f309475731ce04841f330b85161904f03df2e84a67bcf634

SHA512
31fed0e9cf87dd565a2ac643270c6364666211289f2e4b9a2a9f662bb186af53fa9ff1706b9c721e4bc71c344fdbe4c37b7e19be9e55bad08dc313fae488c5e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005a

Filesize
572KB

MD5
d966c46b65c8b09a9ca1436123814ae8

SHA1
63f8901b4cc5c75656d1752dd29772732365b8ff

SHA256
5983af227557d3204e3f730817ce04d560bf1829828475e54fe5d3bd532533b1

SHA512
a691ec9730441ed6a01d35832c938701d698cec9b4dffd7901a52b73f09c207da05df279b2e6c00b8a2d1030f882a2ad21baf33a000775123c4aca3ac55fe90b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005d

Filesize
1024KB

MD5
491b173ac580bc5849257687bf49faf3

SHA1
5db3e03e7debbc3e6100586572342b797657d0ff

SHA256
9f78df835bff95c97a258e6be9cd91308e04a32c6e89236e225c60e9de52d62f

SHA512
5150ffd9c0d4cfe33193ad1f4e225e64808ef150b6055254db5e2cbd6210eef0945acf53bd905ccbb84ec46c72230c4ee0eeb2bf298e6e6d587fecc056277165

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\21e5b7e5b7b4e2b6_0

Filesize
39KB

MD5
cf4d0fbb7331b3ed6de8fedca752e0d5

SHA1
55097ed6c27023fb4da2490a543eb92c35765cf7

SHA256
b268f3543ae7daffd5602737e75d2b620f04f2a0df58e3370595d0cf7f085e92

SHA512
dd021d973c8d138cd39461eee7cdedd01b5c956c6dbc98e20091ff9ca1f06b0dc389413a4799042d2c858e595be57e2081f5962504b102c432c185681534efc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\6b25ff515f1dadf8_0

Filesize
295B

MD5
d29bb68708a4409cda0c417e9273a6b9

SHA1
177b190a49f49a34905517953c014ea4ab9915dd

SHA256
0e7917e07e39260e9844b89c8d1eff1ea5b308f4345f1f5d00ad5a2f59ec5925

SHA512
a383a411dccac141c0ba6a21aaaf67bfe54527d6b44f1400c5dc73c73057bf632aae691eb7ec909a6d1b29114e8ea58f1f439683e665462867fc2b64a1aca685

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9ae01db7bdde946e_0

Filesize
269B

MD5
5b9d0b3db3d10623ad7f76dbb6fcbeb7

SHA1
29a934116a335304a88bf58b15862e2fcb250129

SHA256
d5d3ef58b3c46a859355adb994ec931ae8e9ca44586cdc03195a62eab7aec63a

SHA512
1865969658bde5dd956256f61333fb139586a299bd58559ad232f10c918a7fad3a7eefd24fc240c76a80c1fd618a86b1b2f249398e4264ae8a892c041228f98c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d9644dbf3b921690_0

Filesize
463KB

MD5
e043f4e00f8239ec77e9b4551fb2ef50

SHA1
e5f7b67d70e2dd369b102ebdd99a2ffaca74f4fe

SHA256
830ca36c0efa8d8734edc2d337b9cee8877f587a63e8e22e1b18d576bfb066cf

SHA512
352a9ca82a7aaefdd6a58f3e3da18ed5f32407756b8c8554cc913006da088f0203485b56c47706ce0013a373d351d9b2955cabd189d113c9ee614ddd868b9da7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
893f9892fe730522f7653583ce9507a7

SHA1
11a23480217535b269b3c196593230b3bb01c5dd

SHA256
362820d32253dddf7c841eeb9a2a7c5064d870fa3cbec0887b64b9718feb7ebb

SHA512
e7da451ad082c4541d35a0a8d893d43cb936545da5dfc7dfbc6f23439c7551de596d1b04638c8419428b6f4e164b02454bb0eaf476f8155617d0ae4fb1f76d29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
095bca817ea6a44182c05f50d845eaab

SHA1
6953e6517dbd402d0da52795493bf7897b752d7b

SHA256
b9fd368f2f6a381c73b963ff3bad9dfbe5071861933dc34aae5e8319c832be63

SHA512
1e2e4d515ac659a8d169c9e88eee985059281c257ff121623f16d072493e5ba4098b32098c178e8b663f39c7eeeb7211be5600e8928a012e60a04cf0fe127a1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
39929f57cdef6c6c10b1f7ad07536be3

SHA1
1673793504b572d78f6160ef86ea07c027bede99

SHA256
52110ed7fc25836bd2b72deabfb821b92251126d2496bea3448aa4001601fe49

SHA512
d5eb54c5af10807f40e75633b2f724092ac14595f02714b8cd53ce4855efff2b1c0348c4746bb6365930308acb5e9300b7e9aa9b9302f7d9a25773f00fd77c74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
960B

MD5
0b43cee79dbe214f31ea097964893f23

SHA1
4a456202c13b374bef89072763eb164b12a65614

SHA256
33c3cd6df872d2012ade68f763a7cffd489b4b505beb4d6b9bb5e6151509bf8f

SHA512
6fba45d61230ed2544736418492ab4c92f6db419fc655b0b6d28e81071794270d1e9d1bc52631e980d4dd085eb398ac2117fb49597b0aefb38cd43936df98d5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
45e804a9733515a3e6319538b7fc374e

SHA1
af67dfce32638fc42c7d7c571974a823d4a39db7

SHA256
56a0b99f2da420e796b650728e41626d4abcde169f9b3f75130ab4a8262e3de0

SHA512
9cfc84a1ae238a9071385c371cea589c6715764a7e4182c0beae392a1690fc10567381ef568c790e8bcf23ecbdd655153fc7d15ff468520796f01268715252dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
40118a8217e8b0fef8821d2589cbd2eb

SHA1
0692a0d930256f7c222beb8112549d3c426b5193

SHA256
f5c50a3da005261257e01cab47ff2f4cc8c30d02c199f72009b9440c34b86468

SHA512
19897284e59bb2d6754b7dac1216dc44ac12d457cb2a75f472a85f522e2e6da6ac2b05fe151146b3750404d09fcf6f3d4697148fbebef7d5902960552fde6889

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
9c99105c302b385439d2b546c1dea0e8

SHA1
31645e38d54d8811e38ceb6c490c31c280077369

SHA256
9cd70cebd9ad176fbcada58faf85c9b90f52285cc5ceef3686cd91a4b2479157

SHA512
fbc0c4086694d13c3149756390a71c1a07c27570a8f6a329f4c3080321ae13da22935186615e4bf38d3d5229e0530463e112fb8480116ee50b60e799d77d85ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
6ba660aeedcf6a6cfd712f11d33bc5ea

SHA1
45770e01170ecc20e4024083e525af17b7585516

SHA256
c06db1bed4ef92cbf3317e3630e578a4d3ba0778579a76868f3d18eab7825c50

SHA512
e057f34d083298ee224a68d05ffc2cace73f667ce033f2439d471fe818237da5abe589151640ab58659585f91249171d5e943b2bdbc9f5a6c359d9b734a434bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
13KB

MD5
640f6acb7948d1018c5063e8f8d3c4cb

SHA1
2a4c61c52d77be5165ac741fe47ff73c26c5e825

SHA256
043a63ba7910653ee95d7fa73970988788f117f63ee3670b31a452680189a099

SHA512
47d8f9d17ce069a720a7ab688b3e87ce615afff04b1b9d52e9051db764ea96e7bcca3de890a209e1a8599e898dbd22629bc11a75ed3238c86cf2191410ca484d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
13KB

MD5
10a98de9a33559fb0b8113ee9397bd06

SHA1
40a57e4017f7ebb3e23e65d5e8c4840706f2d6d7

SHA256
008dd80a58f7be261f8a2cffccac34618f08d284324232a9272442f26669a8cc

SHA512
60ea74ec5cc75c08681b189ea93b6c758ab703c72c8578639453372ec04717be7e6043c35514b8cf1dc1d7daaa3b01b0b808a12e05a91fe53cae025b1a8881d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
2e4f8e01ca0987c4cbed9f22ee8611a3

SHA1
4772e26b1324174e1ce0ebbfe768ceb0380e8f92

SHA256
72bd68ea4a2f67a0c09c843a9fd47cf69137d9dcbeb0626ab310f821551ad0f7

SHA512
c5bec0254cf840c26774d0a3a47d1d9eefa76d5a71d74855c1615e76c2f175b6a984a37915dbc71810665658e4b6c3debadf49152ed8e3340d36fd36a23cb7b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0d5aa58eea07a79542b0e7c4816fa69f

SHA1
3b10f9f7b81d8ccf4300fa6c9493ea38bbcead57

SHA256
2e6c3d454e00ff8b58d8ef137358da68a4c000270519319a8023a74ee556487a

SHA512
9f1fea3857010b3401c9e7cd970bc9374a10a9df23eb8f5eb084ac835c857865f4a81d255c21e845c775cfca805d74c52b98c959976ee077f96bfe7ba66f9786

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e904514f52f4aad79f634f6a349f8847

SHA1
ceba164defe239259014528456aefa13d49fcbdc

SHA256
4172ab1ce7fd9f0057e8a3910f21d6facc2f72be18c67d7df4c654ceaabbbf8c

SHA512
ad9a9ed26f761fe56b50e9090fff548322c095b449bfc7844263c6de9ebe0530dff6fb84f8f67f39983e75b7c23a70572e688cce3f1f8a587e78f1be8f452843

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
4ad30e1552b54e9967f2ed9b645f0e5b

SHA1
c4fbe48674e938d0392894aac6c75ff8f2273c3c

SHA256
8b88691ad78532fb340cb30b50bd0fed8157ccbaf9ffb0bc03b0a1da64ad3141

SHA512
8544f76381673ed4bbc33da63b166bd3ad85c33a28e8a9c66232ed28f075cafaccbf2c2533a09b41d0c446f0e5722a82a31650c6e30713338701bab61fbf905f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
7bb1379f2c5d244e263eb58fb1cea457

SHA1
463753356f4e0a938cc4dc46363ff44680d6425c

SHA256
255325270b743ef54b0cf7407e706b56423e0b461800b340e9057381c7bf59d6

SHA512
dbc9dce3169cc361c103174505a4163ed57df0d88b1ccf4d03b6d8a75df957d6d8c3aac944b5e3577e9e2c7174aa0a9c011996f0c9268fe805cc0bb42a192c23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5962280a393b305efd75ea13f5c4562f

SHA1
2a5ac074de0b070a2a770a3e68e56c82c540e655

SHA256
aef9056648fc239c493d3d1d8de553760b3410fd9de8d689232670e71ed01639

SHA512
8979fc518fa10e382210a762c0c1e60c09055747b9972962993835f3434e926dfd7cd9fc6ecbefd8ba96681564e850b8322524d7b8da35c1582ad16e70458f10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
73b7dca11e70861f76cc3a1ab4317ed6

SHA1
5a0f989a1bc3f7875b0d26962f81c49becaa5ed9

SHA256
88cb026376255d670ad799849aab0c364e4994b8eceb6b3522cb8b2bfe8953f4

SHA512
61df86a238e7d169f40066f176fe9744c2862e1c731cad175583b65a9c275075713621e8fecb3a8bd3247261eda2e239d946244d2ad4aed9da564e4221f7e8bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
1924e20ccd373b08ecb99a5447b0904b

SHA1
0ffd0d04c3598c62d41c60a273df849ceee3bfd7

SHA256
29cfec55e565ca4321ee732eed3f82b76dad9eefa0ad60e7b9708695f6e93fdc

SHA512
6e34c6aa04fb86f026b42ec6078ca6209784b58519699ea253d6ede2267304aca88d22d6ba14bd45696cf874bc95f13961d2e1efaa93def667a34a7a988bf354

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
36c0967549b9c945e5b89add7ad2d872

SHA1
80bd1933b9c7d148eab851feb6c35a35e21646f8

SHA256
c9c686157a81c4aa4d2214c5b834f4bce2026872d615ebe7303ce76543be2658

SHA512
ab7b78d5a31ebe90feb5c31824511aa3f239058c6444c6e4ec0fa772faebaddb427b686ec577fa527c936ea42cf0cbe0b377e7f9cf91069c476902df633dd326

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
6fa5105cded6af7cdf75309ccaa2c19c

SHA1
4812d01d64cde4d0b7b86b5cbccd25bff93fccfc

SHA256
80f68a579d9b8ca4080a94e74099d315ab3d0e0f6151edc5bef15b1c96820395

SHA512
878d2e34de9a7696048cbbbf7cbabc7aafc5e06d46e78f2553189edf5eaeca642e893963187f2372fbef99a16f1379612f41b8fd2cd74510ecae1d50ae620cca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
f864dbab1baa328092b95044195f129d

SHA1
7a91166c45985c3a4601957210ac65c81009f9f3

SHA256
0c8f29056d3392fa2aec8f339624418c5d65685765cd5f8a068b4ffc3b505549

SHA512
b4df37d69bd7e8c3e94711a5d44bb614ce5c066814bd170a6f6531aa8cc33fb51d4fef8c4d7094d4eac2e1bcda37daa2d5ed581d65d715bada7fcb62f26e2aac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
ddb7df8299beabb27480c1253f887fdc

SHA1
d6f0c715905462abddaf9137252aac50345c84b2

SHA256
9ce8e96dbe1d2d0b160f64b65030a5edfa340e618ca1a23e950be0bde4ad3ffa

SHA512
d4616431040d67a7a640c9f6079efec736d39076efa4157b23948d6fa9d7efc186b33b46892eeac2da1e8f9d9dda2531fc298604a4b7e2a433d31e9cded00823

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
0b38810aeaf6ecdb693513cfb0cce401

SHA1
53378368de8a44d53671673e651b565ce275576c

SHA256
fb3b11af2b5159d41012b79780a225c7623580653c4f4eca6484d9b3db676259

SHA512
dbae29a4e44cd8fd106f71f0c70a02c001b8c112ecfcfa3d23f055b05349d37fc9ab34c10abf809150c6d6b3a8b23f93986a1642b89a5b899aa549bedfc7a75c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
f62b2742a31213c6c9be416daf331060

SHA1
82e1918466339c605250f55d17dac60c4f3d4b1f

SHA256
f4e102923d3e6e18938fb9de3e2cc0432bc2d3f586b59a88f695384f5d91aa75

SHA512
d83a8a52a360a4913a7b47cc76c6cbfbcfc4360f9e25f4bc5a61c3fde41aa43d5ac5f4af8c3f961d8b262ee05152522845f2831de90d79a0a6a36da22069b46c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
d72f92a1fe2d99684b4079916d19902e

SHA1
053f16734f5d5d7f2e3aadb84f2cc9ba0bf00293

SHA256
68ea8f9240110a34bcb120713d9fbb275cd68a0b1ae084afaaf7f9d7df802721

SHA512
e2d0af85e96f118076cf5783b4ebee71e859b6971205dc7aa5abf71b0316bd877169dbbdbdda9b93dc90955eb6e733d6d6655b74da3458400f61406066600a6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
b3f9030cede487fcb73040ab7023165f

SHA1
d5fba5bc8a9386cff96626d90290e27610169f3a

SHA256
c6b47a8bd287be1c074bdab4a575881d902e9f82e352ba39d42b87a31914084e

SHA512
c06770222be04711f832e5c750a82fd414939b70c24c1410daf0406e3fce66a8e05ec6c858259a4742f79b72d97a713df490391562072d1d64b9c001899bf886

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
f9c689c05aed168ed6b05a586a9a59bb

SHA1
6b464d5dc22bbbf84b79ffe89c011306b2463f9d

SHA256
8ba6e3a61931f11c44ebbfa0641bb31262711807c8ef88f5b5a116997ed25818

SHA512
d403d431ba5c05174a45683e82ce86087befd1c3f85da965eef0ea38d2127e005e922a46a115ba1cb21c5fa8ce9df872d764536af21760ee56792e88ed9c5dce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4004f31f753f888f6416ee8f105a4286

SHA1
e0e08f23e74eae42e213b19ca850531bafea01d4

SHA256
fa7b39f19f83978cf672209db192b1757e644d5757989551f8863f5c763cb03e

SHA512
a76841a2539b6ccf2f06d50f9deaf29ea4178de221a24a999e27b75bc58c509d1b69c79c413413fcd20024e009c024eb5ba0aca52158eec22037f0e2a97f1c13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5f70aad073a1b2c63b0b79fa4491e7ba

SHA1
8f7d9b7daa7d4843179ac14ed1d74ea062d8849c

SHA256
6ff58579aba9a87af34ac5720f533b8e9bac07badd404300c25cf8d189c5f8f5

SHA512
5b489a25da946858404deaae0198a593003e2ede6c7684aed3d79f9671503303b379e240a5486897eb4424071794b164f5daecd2e202d0d15e91289343c19eeb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9c880f2cc747eaa1dfebf1c09f36f5eb

SHA1
0b3e2a78447ac0c0c5bfbf16f2a137a74699c67c

SHA256
0ffd205927bd3486cbe401b34b6d9576405a08062358bef6354acc727e01f324

SHA512
4395ced80a80769a64603c15c6871d759991423e68020b76d0c101144dfaaf7f7430b3b678c49c5fbf8a89ab171cfcd4355280470d204a883bd6a2a2aee4288c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7eedf39e88617a58fdb3515e09bf942d

SHA1
9cf3c2e99764600dc22a76ff323d25aca334b332

SHA256
9d95a8c99ed398c6a5f93e954a294684064599e43bdc864107c33a9ec6094df7

SHA512
f8bd68aa5aeaf420ae3e8d30d27535fd97873a02bc8e7d7a16ae62871c4d653a2613c0a86e188e7c06650505d915ca3d364d188d456f22f7075cc54e89ab55c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
5f0a9be93bdefcc758663892d05a4647

SHA1
aa36abeed030ef1aa5b8c09797f8e0e78a9ab4fb

SHA256
b2de3374c2aedc046e1ca5c429e508de360397a6b45e37afebf4549bf8cafe01

SHA512
f61bfe2b0715a418b1f40da1909cb21175e8fd972c9ac5ee43f82b3d71212d167bea83e140cf26a98417f6c7328dbc557fc8e527a8861c4df5a6471152ca1a7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
906be16561661943fa8c83de5c38070a

SHA1
0245a273f16768d34556ae026812c059922dac45

SHA256
448242847e5ead869a4d3be1364696c86bf6c9ddad82d5edb856c42cdeb7eb9d

SHA512
bada50f55f0b29e145804b8665600d9f7816eae1274b7c76487d7e676decb3719c172f775d45eba220fe14154c69aaab6632cbe642df967d1beb4e554eddebcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
ccc7215f136c47c906ee12289445657f

SHA1
25de6fd7ea019bea60d54b2022ccd769e0224a09

SHA256
92ec1856e818f876863bce23780f678bd5bde7d4584321be323d471f3bf5e008

SHA512
26674ba201b80f1d057ebec72a562c026398fff08d608fc757b26d02a798d212e560a5729c8094d0a647aecab84655024fc0f6fe5faf3c606c8d5c12382c1276

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
04af9a9472cf41082eef44e9165316e8

SHA1
b90ae59d2c922d97b511ff7eacc13b5f840e2f63

SHA256
40637c468fe7da9d68bfeedb9fc5ca002dacfc40ec515b1eb5d1ead83dc5ce91

SHA512
6a81d84bee7fa719e666b6155b4d5970dbdfc5bfbd44502537a69049de9f4fa4b18fae5bc9c7c9ad2a94428657ef8950faa25e5b54b6c09c528cddaf9edd1b91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0a984bd26ca47a3da35a729c2cc1994c

SHA1
d9080f772784d0da60449fd3523472910a573f1e

SHA256
e296d40e766626c544b5cf99f3fded7656f494de6eda580e2a758dd7d2ab9322

SHA512
3aed92c6a47e166f06842bf890c29ddd8c384767e5a756d9ef04469300090b328f97694eac046be75b0fafd6008b00c2fea785f30a6aab683f18915a1486f127

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
1bfea6b11789c68ece0ce11a74c73d42

SHA1
23bae1f892c1626b9baaefdbd83bcbc7753a96fd

SHA256
91b17ffb6f19303136629cc7371fad10714cb347ca5affd2a728e8bb16f96759

SHA512
3d6e1456cdb59bb4c72933a6e1804555d622397abed5dfae71872613480512be5a0bbd137fe945165e2098b4873d511bdea69d91a74392a5082de80ff04bfffd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
11a9aee689b5b71fb41e63fc65b49abc

SHA1
874e54e8c37b80dc2f555a2505dcec7700563c35

SHA256
1ed83952d2876dd963a4765d4bc8ca1f8f2b8c47813e9aab73f928bc1d9ef87a

SHA512
da70fb45800d749d8d4291e5ec03b00a00feabc6b4914a68e73d05c67faf1283af142f8edfd498a9508ecdfeb3e34612f34aad78e10118bd946ecf5c4781e30f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
47715b0ad074d1e87a010f99a3448a73

SHA1
fbff8b69db4a83a321f16e74c0d9face642c01af

SHA256
16ec311590c7872ca45f58dbb680952dbabda9b24a4857ffe2b00c89b9d1e220

SHA512
0941055410849d53925532f74243e62690e2a9994473858f36bf7fcc0afe256957f3e546845e2415980b4de0baa8c16ba285e8ace844f2d6a9b5bc6dba4e1695

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
55664c3f486d8da41257fe7cb90f98aa

SHA1
97ad40e7c08065d65e092b57c84895be412856e7

SHA256
e91516bbf3e228ac43722a86cbb7cd468b33355d59690668bdbd478accb90730

SHA512
22b4043a85e051712c7871b0b1bee83dd52e1e027f5d3384f2f32dd81267b8a5520b84cdd225c73950e909f64278d6e2f32053a9259ae7b1af855ea9fce69238

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7b6ca4bc9ee057425253c678acfe4f10

SHA1
5142d26c7638b6935719ca0a268a128b29e3cffc

SHA256
4376bbbc739446ac607bfc1cdcb81348ff2c5ef769120a3809473fddf0f56c39

SHA512
3fd4e1c69c3dfe34a7b1cfa1533a1058ad910301670ebaebd8fe299e464cd9a35533eec8b8a75807a9007a3a1ace7602bc77528e115f46de89d5084d63b38900

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
490f7f2df733e40be929c12cb8c571bd

SHA1
d4dd45255cbd9dc9243581b5bd376437c535832a

SHA256
3acb1b1d38534b7f5afa036e0b9ddbb6f98903d6e72c55fc66ccb1f2a5a5df1c

SHA512
75e6589563574e48e1a68768f52ba0d91669d59ee53d59b6cd97f267782744b1baf3f3992a4dba77266fc02615e9c488a00931f5c3baa950c856a11896431dbf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
105a2d3d122bf4b0e061f58d220aafe6

SHA1
007961b34bfcb240f5c21b3121ed20b458a62c9a

SHA256
371af8f64cee84a08ceb82cdf410617d8ad442d1cd42d2b5f6c728f0438340f7

SHA512
c125fbe8f8939552f8df81089789dae492e8ec0ed25e0c570a1179cbb3c96357fd48c1fb0caea83f758644be1c10175fb0de3e7f5199d3296b34b852d3ec46ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
74c6ea86453f66efc476ca5fa76be5b2

SHA1
33120ae42d7c280a525b329402d7ff785d129222

SHA256
926a7ea406a3ce36cb2c1e6da2ba2ffe6c898796aeec76810f6b77eb2ce76cb5

SHA512
f39a8b77f25ee9a613372837285d593954b82b1ce7ab8b7888bd111179f26b1a27b9a5b50b24950d8558d66a8a11bc1900858d7e87d27827d375646a7d253655

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
8c4ae3d605e547e74888b9f4d15b4f04

SHA1
b369926291d85296b0b2e2c600bcc36a14706aed

SHA256
d331928204a1e6fc523b3b6723cf62d73e7f7ee2c5b589af0286adf34fe9ddb7

SHA512
b643e473728197de7e250fbcf48acaf547c3c498d522f6c0a9fc7c5df5f494bc2a1913fa373d09c21ebc3e984e645fa8f833b2babc41ccb9bb05d7a216015538

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c050b0b1f7ade123ca218a131f17594c

SHA1
e6ca208b2a4dda55634f731ccc46d98298fcbd00

SHA256
7d3a640c6038904468a856f982d1d0438740c5a73a9408b91c2bc69aa351e42d

SHA512
c82db86f69ae91814de960d44eeffc4aa1f20f6988e747c690d8e313a6c46d07d1eb65cb9be94f2aa073fb3b4f0c64885292aa8f551762bcb4aba1a615e26fa3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b466ccf97ec6ef05653523ced8a4b9c6

SHA1
346bca75451243e2dccf13f9827d269a3615c884

SHA256
e5235af66164c45c55cba28f32fe5fca9b02a8a1a878a7a451c437f231e84df0

SHA512
0219596e8f7a8ee631040ed8970e9e891b886164c94ae00d44ee1db68ad961215f3a0a0ab442fa4bbc3cc3ca7eacd82f7f1bbac7131f2a4dc65e739e13964d1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
0540ecbc5075bb645c8439879e9f1edc

SHA1
4ad8ff33b407b8142cf542d4da3fde6261335e95

SHA256
46f791c9300d403dcbaa30fb1f03de4d932350684598be68a299fa2ea898dfa5

SHA512
f930f2f78b8ad54e78324c034d168bcbfb773666b26a21e1a16e2a435219b5cf6c332a2b96a3ff0d2471e464437aabccca4002559e0fca1ab436a0b4edb1e79a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
c629f9ba91ef83ef70c56b8ac9bcbf38

SHA1
f7d1a20b0d1d01a5290ff5fcac727f5fd25a0209

SHA256
04d6f290c2945e38418e2f17062615b38b2baa02194b2be45838c899f8b32464

SHA512
1697c7dfa2b5692f859a6b6ef9d6f621e077ae174534f2cec4af5059a748031e53ef523e02e45110d0325416ec70e8bd6c64b1118ac550d4e19d6512ce840042

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\3\IndexedDB\indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\3\IndexedDB\indexeddb.leveldb\LOG.old

Filesize
370B

MD5
c12251faddabc1b142eccaa4214b818c

SHA1
cb3165f84f8b49950c3c1c56305f4eaaa43c549d

SHA256
a930a474a4a920017ae9ab44af6460ad9863fd131c2ac3a08a9221de1bcef0b8

SHA512
1f52a62084a629b1d95ebc06740c4a3da06c06243b1dd22162eaff4b4a405d3010c13451b360245b22bd4b9f0a9d4f28ca44457af07b574a7172c3fd7eb86ca9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\3\IndexedDB\indexeddb.leveldb\LOG.old~RFe5cab99.TMP

Filesize
329B

MD5
3b9e04838532e8673d8f2dd3bd9d68ef

SHA1
097beee69f93d5b9fc58ea9046e166f1c971aa63

SHA256
6c254363739e39591704857dd5b03376db3582595c396cb3f37a35f007e39d38

SHA512
673726babd2c71a9f294244131efc5fcca9a8b826d6245fbd6861235f8a65ac16de7ff06abc915c4f53a5203bbfa1493dfc9bb5b5adcea16f7ab59d3dc1ea038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\3\IndexedDB\indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
211KB

MD5
e15295b09481fff24cda9dafdaa17d60

SHA1
d7235c0f84037c955e47735a77196a62e759ee78

SHA256
e3ed7091eae96ebb1790dfa923f7b9aa10f5177a70879920a3a96a6b0c8d62f3

SHA512
43016d06644d16654a7dd0cd6da8396a44ce09556429f3b38398e7305dca13eb1733d281a9bfa7bb930f9408102202eb399d3a5b9c24635c6dc1e74498b519dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
115KB

MD5
cb5ae37a8c7407f22423cbaff9f4104e

SHA1
540f1554eba1fcaa17b394ede70398173099649e

SHA256
3b5ab4b243c28c39312238162943c2ee44c073ef01df0184347b610420272c61

SHA512
906a08170242e9152dab725302e84f46588b87bc0ebb159890b006293a954cef40f0d4ff00729d53196e12da4b5523fce5aff7dbd25ed01db84d2c444f5c3110

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
211KB

MD5
04abdf01dc7f5050a15e8cdde4525135

SHA1
203340329fb27de25e73f17e3876ae1b1258d4c5

SHA256
d9c0e47a7ba814c8ee9fcf9eb18fa28aba10e085aba688e76bd244c91a09b888

SHA512
66ba4b5bb894d4220ae8ef91d635fa57d53af1ad492c84749bfe5c9ff2c0f385a2edd9e738e3e27771c37737da53e460b5a9a52c2c378f64fc4976e3a7c1bd1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
211KB

MD5
75e6772e6c51c3147716b5d30fa75f61

SHA1
715fbdaa09f040360bb144f6064bd8e1da596b07

SHA256
7ba611eb50590552a9f1b6d63aba38ea0322186cec995d9cbc9e21c1658b614e

SHA512
a19be7ab1f1c6448ec254c27edff7f73d20616eeed7bb7ba23ef07e884b89ab29281a47a0e2dd92bed6410b772ad22d931d46df3b6897a34b13e16f533a8c247

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI36642\cryptography-43.0.0.dist-info\INSTALLER

Filesize
4B

MD5
365c9bfeb7d89244f2ce01c1de44cb85

SHA1
d7a03141d5d6b1e88b6b59ef08b6681df212c599

SHA256
ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

SHA512
d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50002\SDL2.dll

Filesize
635KB

MD5
ec3c1d17b379968a4890be9eaab73548

SHA1
7dbc6acee3b9860b46c0290a9b94a344d1927578

SHA256
aaa11e97c3621ed680ff2388b91acb394173b96a6e8ffbf3b656079cd00a0b9f

SHA512
06a7880ec80174b48156acd6614ab42fb4422cd89c62d11a7723a3c872f213bfc6c1006df8bdc918bb79009943d2b65c6a5c5e89ad824d1a940ddd41b88a1edb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50002\SDL2_image.dll

Filesize
58KB

MD5
25e2a737dcda9b99666da75e945227ea

SHA1
d38e086a6a0bacbce095db79411c50739f3acea4

SHA256
22b27380d4f1f217f0e5d5c767e5c244256386cd9d87f8ddf303baaf9239fc4c

SHA512
63de988387047c17fd028a894465286fd8f6f8bd3a1321b104c0ceb5473e3e0b923153b4999143efbdd28684329a33a5b468e43f25214037f6cddd4d1884adb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50002\SDL2_mixer.dll

Filesize
124KB

MD5
b7b45f61e3bb00ccd4ca92b2a003e3a3

SHA1
5018a7c95dc6d01ba6e3a7e77dd26c2c74fd69bc

SHA256
1327f84e3509f3ccefeef1c12578faf04e9921c145233687710253bf903ba095

SHA512
d3449019824124f3edbda57b3b578713e9c9915e173d31566cd8e4d18f307ac0f710250fe6a906dd53e748db14bfa76ec1b58a6aef7d074c913679a47c5fdbe7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50002\SDL2_ttf.dll

Filesize
601KB

MD5
eb0ce62f775f8bd6209bde245a8d0b93

SHA1
5a5d039e0c2a9d763bb65082e09f64c8f3696a71

SHA256
74591aab94bb87fc9a2c45264930439bbc0d1525bf2571025cd9804e5a1cd11a

SHA512
34993240f14a89179ac95c461353b102ea74e4180f52c206250bb42c4c8427a019ea804b09a6903674ac00ab2a3c4c686a86334e483110e79733696aa17f4eb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50002\VCRUNTIME140.dll

Filesize
116KB

MD5
be8dbe2dc77ebe7f88f910c61aec691a

SHA1
a19f08bb2b1c1de5bb61daf9f2304531321e0e40

SHA256
4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83

SHA512
0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50002\VCRUNTIME140_1.dll

Filesize
48KB

MD5
f8dfa78045620cf8a732e67d1b1eb53d

SHA1
ff9a604d8c99405bfdbbf4295825d3fcbc792704

SHA256
a113f192195f245f17389e6ecbed8005990bcb2476ddad33f7c4c6c86327afe5

SHA512
ba7f8b7ab0deb7a7113124c28092b543e216ca08d1cf158d9f40a326fb69f4a2511a41a59ea8482a10c9ec4ec8ac69b70dfe9ca65e525097d93b819d498da371

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50002\_asyncio.pyd

Filesize
36KB

MD5
a1f2bcbc1307cca32e55c07cc60a7dad

SHA1
165728d14f6e16facf865cbf355dbb16f767a27c

SHA256
ecf1020a0a5fd3c188e467f207b9bac653448599f07853c9f67ef67ff378c2c4

SHA512
aac6ce45573b4d2edce5e91af04e03591acd9bc239a76beaf9564a6b254241c861274b38de287cffa2d2c3ec847fa21619c50a384c5ff33fe7997519f2df6c6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50002\_bz2.pyd

Filesize
48KB

MD5
3bd0dd2ed98fca486ec23c42a12978a8

SHA1
63df559f4f1a96eb84028dc06eaeb0ef43551acd

SHA256
6beb733f2e27d25617d880559299fbebd6a9dac51d6a9d0ab14ae6df9877da07

SHA512
9ffa7da0e57d98b8fd6b71bc5984118ea0b23bf11ea3f377dabb45b42f2c8757216bc38ddd05b50c0bc1c69c23754319cef9ffc662d4199f7c7e038a0fb18254

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50002\_cffi_backend.cp311-win_amd64.pyd

Filesize
70KB

MD5
e1f65dcab42d11ca55a5931a87a3740d

SHA1
89e0c217a3efed465bc9a7d67fcb11137ab942b7

SHA256
d340b566a88b6d79941d243eccc81979d3771d43e6a61f12c47ac2de6bcaa1ac

SHA512
171b652a198428c1e33ca21a9366f5b2b42875b5b3020e2a6d3efe25e08129f9aee2ccf3070074856494a186565bcea5e388de43c3799dd010c5389b6e8b5154

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50002\_ctypes.pyd

Filesize
58KB

MD5
343e1a85da03e0f80137719d48babc0f

SHA1
0702ba134b21881737585f40a5ddc9be788bab52

SHA256
7b68a4ba895d7bf605a4571d093ae3190eac5e813a9eb131285ae74161d6d664

SHA512
1b29efad26c0a536352bf8bb176a7fe9294e616cafb844c6d861561e59fbda35e1f7c510b42e8ed375561a5e1d2392b42f6021acc43133a27ae4b7006e465ba8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50002\_decimal.pyd

Filesize
107KB

MD5
8b623d42698bf8a7602243b4be1f775d

SHA1
f9116f4786b5687a03c75d960150726843e1bc25

SHA256
7c2f0a65e38179170dc69e1958e7d21e552eca46fcf62bbb842b4f951a86156c

SHA512
aa1b497629d7e57b960e4b0ab1ea3c28148e2d8ebd02905e89b365f508b945a49aacfbd032792101668a32f8666f8c4ef738de7562979b7cf89e0211614fa21a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50002\_elementtree.pyd

Filesize
57KB

MD5
8f4e961278e1867539ca6963f43400c4

SHA1
cdd90ae506dca7241b587f9edd44e4c50c27cefb

SHA256
9bc5c866a80b7a5fc3d883f8e5f071620b0b6e0040c8054082bdfa973d0f7272

SHA512
bfbafaa732ecd386d7362909b2de568b6512d83dc876e718af698f75033c746ee689fff66e41854a1d27bf028c58b0ef420cdf0fedaaed7cf3dcd6c3841e4187

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50002\_hashlib.pyd

Filesize
35KB

MD5
d71df4f6e94bea5e57c267395ad2a172

SHA1
5c82bca6f2ce00c80e6fe885a651b404052ac7d0

SHA256
8bc92b5a6c1e1c613027c8f639cd8f9f1218fc4f7d5526cfcb9c517a2e9e14c2

SHA512
e794d9ae16f9a2b0c52e0f9c390d967ba3287523190d98279254126db907ba0e5e87e5525560273798cc9f32640c33c8d9f825ff473524d91b664fe91e125549

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50002\_lzma.pyd

Filesize
86KB

MD5
932147ac29c593eb9e5244b67cf389bb

SHA1
3584ff40ab9aac1e557a6a6009d10f6835052cde

SHA256
bde9bccb972d356b8de2dc49a4d21d1b2f9711bbc53c9b9f678b66f16ca4c5d3

SHA512
6e36b8d8c6dc57a0871f0087757749c843ee12800a451185856a959160f860402aa16821c4ea659ea43be2c44fcdb4df5c0f889c21440aceb9ee1bc57373263c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50002\_multiprocessing.pyd

Filesize
26KB

MD5
a83e0b54c0f1fdcebe65972485a54af8

SHA1
81e9726e3e2ddb6a74825b6342c7646154405fc3

SHA256
6f5bdbb8d12dfa4f81affc68991d0556e2853174817c88fa2f5d3cc7a15b857a

SHA512
b254ec59a9a96b4cdefda7412e2bf22c2b6dc92c113ea56f9cbea97359e2bcb7a2cf7255fcd64b5e1aabfe3d83b4177b4741b01d2806f19b5bc715b76703a328

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50002\_overlapped.pyd

Filesize
32KB

MD5
cfa7d89e8d09fe54d32a609ffca57a5a

SHA1
c6152b1758b59a90a848e4a7482b80327daa7e00

SHA256
1d8257a5f8ed087d3affb225b8c23a2b196b20653c2fb0031e7768f1abdccf78

SHA512
334f734461875d12fedf6706b7dda02dde12000af2ab5d7dfd1ff407e13630efade76134f7fc4100fb0adb9887c3223e643a54e10aebb7a21431113f4959e0dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50002\_queue.pyd

Filesize
25KB

MD5
0e5997263833ce8ce8a6a0ec35982a37

SHA1
96372353f71aaa56b32030bb5f5dd5c29b854d50

SHA256
0489700a866dddfa50d6ee289f7cca22c6dced9fa96541b45a04dc2ffb97122e

SHA512
a00a667cc1bbd40befe747fbbc10f130dc5d03b777cbe244080498e75a952c17d80db86aa35f37b14640ed20ef21188ea99f3945553538e61797b575297c873f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50002\_socket.pyd

Filesize
43KB

MD5
2957b2d82521ed0198851d12ed567746

SHA1
ad5fd781490ee9b1ad2dd03e74f0779fb5f9afc2

SHA256
1e97a62f4f768fa75bac47bba09928d79b74d84711b6488905f8429cd46f94a2

SHA512
b557cf3fe6c0cc188c6acc0a43b44f82fcf3a6454f6ed7a066d75da21bb11e08cfa180699528c39b0075f4e79b0199bb05e57526e8617036411815ab9f406d35

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50002\_sqlite3.pyd

Filesize
56KB

MD5
a9d2c3cf00431d2b8c8432e8fb1feefd

SHA1
1c3e2fe22e10e1e9c320c1e6f567850fd22c710c

SHA256
aa0611c451b897d27dd16236ce723303199c6eacfc82314f342c7338b89009f3

SHA512
1b5ada1dac2ab76f49de5c8e74542e190455551dfd1dfe45c9ccc3edb34276635613dbcfadd1e5f4383a0d851c6656a7840c327f64b50b234f8fdd469a02ef73

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50002\_ssl.pyd

Filesize
65KB

MD5
e5f6bff7a8c2cd5cb89f40376dad6797

SHA1
b854fd43b46a4e3390d5f9610004010e273d7f5f

SHA256
0f8493de58e70f3520e21e05d78cfd6a7fcde70d277e1874183e2a8c1d3fb7d5

SHA512
5b7e6421ad39a61dabd498bd0f7aa959a781bc82954dd1a74858edfea43be8e3afe3d0cacb272fa69dc897374e91ea7c0570161cda7cc57e878b288045ee98d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50002\_tkinter.pyd

Filesize
38KB

MD5
bc9e88f8f65fb3bd18ca9e59cd914408

SHA1
cdc90c5aad0eed4c111a7ee3d0c79f3bd4960661

SHA256
79d1865d2a3b2ce453cfab6efe623d0c2ebd602eb0d3cb2ef21bc3ab28f229ec

SHA512
77597db0010867ee91a01ef9897d3a1c6fa6b07c0cf8a0620b084862701dc5634f27c48d1e6d19a5a5b9ba917fc67e5ee69bf745a76b4ed1853813924fae49c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50002\_uuid.pyd

Filesize
24KB

MD5
cc2fc10d528ec8eac403f3955a214d5b

SHA1
3eefd8e449532c13ae160aa631fdb0ad8f6f2ea4

SHA256
e6aa7f1637e211251c9d6f467203b2b6d85e5bc2d901699f2a55af637fa89250

SHA512
bf18089bd0b3a880930827d2035302060ea9db529ad1020879e5be6de42693bd0a01b40270b4e93ceaea3cfed20dad1e2942d983cde8bb2c99159b32209b34bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50002\base_library.zip

Filesize
1.4MB

MD5
bec1bfd6f5c778536e45ff0208baeeb8

SHA1
c6d20582764553621880c695406e8028bab8d49e

SHA256
a9d7fa44e1cc77e53f453bf1ca8aba2a9582a842606a4e182c65b88b616b1a17

SHA512
1a684f5542693755e8ca1b7b175a11d8a75f6c79e02a20e2d6433b8803884f6910341555170441d2660364596491e5b54469cfd16cb04a3790128450cd2d48fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50002\charset_normalizer\md.cp311-win_amd64.pyd

Filesize
9KB

MD5
347c9de8147ee24d980ca5f0da25ca1c

SHA1
e19c268579521d20ecfdf07179ee8aa2b4f4e936

SHA256
b6c3e565d152392aa2f1ea5a73952ae2a2b80e7d337759fce0ab32cd03c44287

SHA512
977a6e6e374e46b8bf699f285496dbb9777c8488bb16d61c0d46002ae4fcf5b2f9cd8cd8fa0e35ca442c43c9c286250edc10ef6eb1d2ef56578bcaac580f9fbb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50002\crypto_clipper.json

Filesize
167B

MD5
6f7984b7fffe835d59f387ec567b62ad

SHA1
8eb4ed9ea86bf696ef77cbe0ffeeee76f0b39ee0

SHA256
519fc78e5abcdba889647540ca681f4bcb75ab57624675fc60d60ab0e8e6b1c5

SHA512
51d11368f704920fa5d993a73e3528037b5416213eed5cf1fbbea2817c7c0694518f08a272ad812166e15fcc5223be1bf766e38d3ee23e2528b58500f4c4932a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50002\freetype.dll

Filesize
292KB

MD5
04a9825dc286549ee3fa29e2b06ca944

SHA1
5bed779bf591752bb7aa9428189ec7f3c1137461

SHA256
50249f68b4faf85e7cd8d1220b7626a86bc507af9ae400d08c8e365f9ab97cde

SHA512
0e937e4de6cbc9d40035b94c289c2798c77c44fc1dc7097201f9fab97c7ff9e56113c06c51693f09908283eda92945b36de67351f893d4e3162e67c078cff4ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50002\libcrypto-3.dll

Filesize
1.6MB

MD5
7f1b899d2015164ab951d04ebb91e9ac

SHA1
1223986c8a1cbb57ef1725175986e15018cc9eab

SHA256
41201d2f29cf3bc16bf32c8cecf3b89e82fec3e5572eb38a578ae0fb0c5a2986

SHA512
ca227b6f998cacca3eb6a8f18d63f8f18633ab4b8464fb8b47caa010687a64516181ad0701c794d6bfe3f153662ea94779b4f70a5a5a94bb3066d8a011b4310d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50002\libffi-8.dll

Filesize
29KB

MD5
08b000c3d990bc018fcb91a1e175e06e

SHA1
bd0ce09bb3414d11c91316113c2becfff0862d0d

SHA256
135c772b42ba6353757a4d076ce03dbf792456143b42d25a62066da46144fece

SHA512
8820d297aeda5a5ebe1306e7664f7a95421751db60d71dc20da251bcdfdc73f3fd0b22546bd62e62d7aa44dfe702e4032fe78802fb16ee6c2583d65abc891cbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50002\libjpeg-9.dll

Filesize
108KB

MD5
c22b781bb21bffbea478b76ad6ed1a28

SHA1
66cc6495ba5e531b0fe22731875250c720262db1

SHA256
1eed2385030348c84bbdb75d41d64891be910c27fab8d20fc9e85485fcb569dd

SHA512
9b42cad4a715680a27cd79f466fd2913649b80657ff042528cba2946631387ed9fb027014d215e1baf05839509ca5915d533b91aa958ae0525dea6e2a869b9e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50002\libmodplug-1.dll

Filesize
117KB

MD5
2bb2e7fa60884113f23dcb4fd266c4a6

SHA1
36bbd1e8f7ee1747c7007a3c297d429500183d73

SHA256
9319bf867ed6007f3c61da139c2ab8b74a4cb68bf56265a101e79396941f6d3b

SHA512
1ddd4b9b9238c1744e0a1fe403f136a1def8df94814b405e7b01dd871b3f22a2afe819a26e08752142f127c3efe4ebae8bfd1bd63563d5eb98b4644426f576b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50002\libogg-0.dll

Filesize
16KB

MD5
0d65168162287df89af79bb9be79f65b

SHA1
3e5af700b8c3e1a558105284ecd21b73b765a6dc

SHA256
2ec2322aec756b795c2e614dab467ef02c3d67d527ad117f905b3ab0968ccf24

SHA512
69af81fd2293c31f456b3c78588bb6a372fe4a449244d74bfe5bfaa3134a0709a685725fa05055cfd261c51a96df4b7ebd8b9e143f0e9312c374e54392f8a2c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50002\libopus-0.dll

Filesize
181KB

MD5
3fb9d9e8daa2326aad43a5fc5ddab689

SHA1
55523c665414233863356d14452146a760747165

SHA256
fd8de9169ccf53c5968eec0c90e9ff3a66fb451a5bf063868f3e82007106b491

SHA512
f263ea6e0fab84a65fe3a9b6c0fe860919eee828c84b888a5aa52dea540434248d1e810a883a2aff273cd9f22c607db966dd8776e965be6d2cfe1b50a1af1f57

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50002\libopus-0.x64.dll

Filesize
217KB

MD5
e56f1b8c782d39fd19b5c9ade735b51b

SHA1
3d1dc7e70a655ba9058958a17efabe76953a00b4

SHA256
fa8715dd0df84fdedbe4aa17763b2ab0db8941fa33421b6d42e25e59c4ae8732

SHA512
b7702e48b20a8991a5c537f5ba22834de8bb4ba55862b75024eace299263963b953606ee29e64d68b438bb0904273c4c20e71f22ccef3f93552c36fb2d1b2c46

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50002\libopusfile-0.dll

Filesize
26KB

MD5
2d5274bea7ef82f6158716d392b1be52

SHA1
ce2ff6e211450352eec7417a195b74fbd736eb24

SHA256
6dea07c27c0cc5763347357e10c3b17af318268f0f17c7b165325ce524a0e8d5

SHA512
9973d68b23396b3aa09d2079d18f2c463e807c9c1fdf4b1a5f29d561e8d5e62153e0c7be23b63975ad179b9599ff6b0cf08ebdbe843d194483e7ec3e7aeb232a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50002\libpng16-16.dll

Filesize
98KB

MD5
55009dd953f500022c102cfb3f6a8a6c

SHA1
07af9f4d456ddf86a51da1e4e4c5b54b0cf06ddb

SHA256
20391787cba331cfbe32fbf22f328a0fd48924e944e80de20ba32886bf4b6fd2

SHA512
4423d3ec8fef29782f3d4a21feeac9ba24c9c765d770b2920d47b4fb847a96ff5c793b20373833b4ff8bc3d8fa422159c64beffb78ce5768ed22742740a8c6c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50002\libssl-3.dll

Filesize
222KB

MD5
264be59ff04e5dcd1d020f16aab3c8cb

SHA1
2d7e186c688b34fdb4c85a3fce0beff39b15d50e

SHA256
358b59da9580e7102adfc1be9400acea18bc49474db26f2f8bacb4b8839ce49d

SHA512
9abb96549724affb2e69e5cb2c834ecea3f882f2f7392f2f8811b8b0db57c5340ab21be60f1798c7ab05f93692eb0aeab077caf7e9b7bb278ad374ff3c52d248

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50002\libtiff-5.dll

Filesize
127KB

MD5
ebad1fa14342d14a6b30e01ebc6d23c1

SHA1
9c4718e98e90f176c57648fa4ed5476f438b80a7

SHA256
4f50820827ac76042752809479c357063fe5653188654a6ba4df639da2fbf3ca

SHA512
91872eaa1f3f45232ab2d753585e650ded24c6cc8cc1d2a476fa98a61210177bd83570c52594b5ad562fc27cb76e034122f16a922c6910e4ed486da1d3c45c24

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50002\libwebp-7.dll

Filesize
192KB

MD5
b0dd211ec05b441767ea7f65a6f87235

SHA1
280f45a676c40bd85ed5541ceb4bafc94d7895f3

SHA256
fc06b8f92e86b848a17eaf7ed93464f54ed1f129a869868a74a75105ff8ce56e

SHA512
eaeb83e46c8ca261e79b3432ec2199f163c44f180eb483d66a71ad530ba488eb4cdbd911633e34696a4ccc035e238bc250a8247f318aa2f0cd9759cad4f90fff

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50002\portmidi.dll

Filesize
18KB

MD5
0df0699727e9d2179f7fd85a61c58bdf

SHA1
82397ee85472c355725955257c0da207fa19bf59

SHA256
97a53e8de3f1b2512f0295b5de98fa7a23023a0e4c4008ae534acdba54110c61

SHA512
196e41a34a60de83cb24caa5fc95820fd36371719487350bc2768354edf39eeb6c7860ff3fd9ecf570abb4288523d7ab934e86e85202b9753b135d07180678cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50002\pyexpat.pyd

Filesize
87KB

MD5
2087de9e99e321af797f5c127f05d4d7

SHA1
23cc94941d068bc3b4dd96eb980448c575515a07

SHA256
8deea951eac26d4bbae96fe5b9bf780130b90a83ade5d9ba74d5405c5b696056

SHA512
82f182d73ad47b4c06641134fb888c2c2cb4c1a2d8c72368f61dcbbf25367f913642e6ecad7569b12cbac21a812f5d76c08c7ca7063d7da3790ea1ad9d8d2ba5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50002\python3.dll

Filesize
65KB

MD5
7e07c63636a01df77cd31cfca9a5c745

SHA1
593765bc1729fdca66dd45bbb6ea9fcd882f42a6

SHA256
db84bc052cfb121fe4db36242ba5f1d2c031b600ef5d8d752cf25b7c02b6bac6

SHA512
8c538625be972481c495c7271398993cfe188e2f0a71d38fb51eb18b62467205fe3944def156d0ff09a145670af375d2fc974c6b18313fa275ce6b420decc729

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50002\python311.dll

Filesize
1.6MB

MD5
ccdbd8027f165575a66245f8e9d140de

SHA1
d91786422ce1f1ad35c528d1c4cd28b753a81550

SHA256
503cd34daed4f6d320731b368bbd940dbac1ff7003321a47d81d81d199cca971

SHA512
870b54e4468db682b669887aeef1ffe496f3f69b219bda2405ac502d2dcd67b6542db6190ea6774abf1db5a7db429ce8f6d2fc5e88363569f15cf4df78da2311

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50002\select.pyd

Filesize
25KB

MD5
e021cf8d94cc009ff79981f3472765e7

SHA1
c43d040b0e84668f3ae86acc5bd0df61be2b5374

SHA256
ab40bf48a6db6a00387aece49a03937197bc66b4450559feec72b6f74fc4d01e

SHA512
c5ca57f8e4c0983d9641412e41d18abd16fe5868d016a5c6e780543860a9d3b37cc29065799951cb13dc49637c45e02efb6b6ffeaf006e78d6ce2134eb902c67

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50002\sqlite3.dll

Filesize
644KB

MD5
74b347668b4853771feb47c24e7ec99b

SHA1
21bd9ca6032f0739914429c1db3777808e4806b0

SHA256
5913eb3f3d237632c2f0d6e32ca3e993a50b348033bb6e0da8d8139d44935f9e

SHA512
463d8864ada5f21a70f8db15961a680b00ee040a41ea660432d53d0ee3ccd292e6c11c4ec52d1d848a7d846ad3caf923cbc38535754d65bbe190e095f5acb8c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50002\tcl86t.dll

Filesize
677KB

MD5
175e94b53e91c27c3e695ad66fc4f752

SHA1
4d32fb6a342bee8eab838f100aca22520ec38f45

SHA256
3bd80114e2019bcadeb6edf751d487aa075be545f21951bc0102b69a0c23096c

SHA512
26750198107f9504d375822a8f8a24609dfa45d94f237dac7d6382fc878a125c7fd15e7e876926bbfd4736c0d68be235897539db74ffc46559713f2a2cb95414

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50002\tk86t.dll

Filesize
624KB

MD5
29589e01ee9292b55cff49cbe6413651

SHA1
95394368ca54786b840e285df557c271ba432c1f

SHA256
0a8eac08c4c806c1f5bf02b8b76ade6bf6b61bb6f0a9a2586e6785ed7185e693

SHA512
460cc98283e764a718d5d71cce1d75a468d227ad94a4b4b7c7fdec46527ea4b02a7a43ef57fe9219e2ccca8075c7b81033885a80579ffd6be77e9ae8e9655941

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50002\unicodedata.pyd

Filesize
295KB

MD5
bc28491251d94984c8555ed959544c11

SHA1
964336b8c045bf8bb1f4d12de122cfc764df6a46

SHA256
f308681ef9c4bb4ea6adae93939466df1b51842554758cb2d003131d7558edd4

SHA512
042d072d5f73fe3cd59394fc59436167c40b4e0cf7909afcad1968e0980b726845f09bf23b4455176b12083a91141474e9e0b7d8475afb0e3de8e1e4dbad7ec0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50002\zlib1.dll

Filesize
52KB

MD5
ee06185c239216ad4c70f74e7c011aa6

SHA1
40e66b92ff38c9b1216511d5b1119fe9da6c2703

SHA256
0391066f3e6385a9c0fe7218c38f7bd0b3e0da0f15a98ebb07f1ac38d6175466

SHA512
baae562a53d491e19dbf7ee2cff4c13d42de6833036bfdaed9ed441bcbf004b68e4088bd453b7413d60faaf1b334aee71241ba468437d49050b8ccfa9232425d

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_33u0uiue.bzo.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\autC78C.tmp

Filesize
4KB

MD5
6dc6c1431914360e50e3d0b2435f66f3

SHA1
c3cc11b413d377efe08505e12a24245058b2523b

SHA256
f5392083a31999bb9e6b4ce092764f5e588188bd0c4424bbb57d2c0f1458a904

SHA512
20570110a0790f5ac547a1025f149dcd9654b5b8f302403d4af4a0599caef76d91a2d6fa79c4747414deec6116c1118657172f52bfccfbad57063f47bb1154ac

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\Cyber Triage.zip.crdownload

Filesize
4.3MB

MD5
ad3cc7d9fe6298896594bd10a2cbbd58

SHA1
f7e9a806304d0921108c21b60ad19bca90bb2bf1

SHA256
f8055fc8de483173260ad89b969c144f052a3c50b17d60f6c44674c6fd28b337

SHA512
0e8489b31e315fb14177d66d071407148c1865de69ab98e1b61bd514c5ae2f46cc8ad8481fdc95bb135a9b3671fedd09438fd2caab71ddafad1decfddb7df8d7

Download Submit
C:\Users\Admin\Saturn Swapper\ss.png

Filesize
1.0MB

MD5
caca7933b207a726e47367613b0718cb

SHA1
c935a25db5c2666c3538a6d3a3f7c7aea778ecf0

SHA256
a1161b7f27d5ff635d2a64e6976efe6d76bb8bd15f7a94bfbd80436c78c8391f

SHA512
a8fc0f68c348c9111a4eb5b9756fb7af36c15074304db99a017a2ee45cf2133043a7b7d008c755b227646ce4b72aafde3bbee1497f0947abd4d5da3749bfa0f5

Download Submit
memory/812-2793-0x00007FF80ADA0000-0x00007FF80B392000-memory.dmp

Filesize
5.9MB

Download
memory/812-2804-0x00007FF81FAB0000-0x00007FF81FABD000-memory.dmp

Filesize
52KB

Download
memory/812-2799-0x00007FF80A870000-0x00007FF80AD99000-memory.dmp

Filesize
5.2MB

Download
memory/812-2802-0x00007FF81F920000-0x00007FF81F953000-memory.dmp

Filesize
204KB

Download
memory/812-2826-0x00007FF81C970000-0x00007FF81C985000-memory.dmp

Filesize
84KB

Download
memory/812-2827-0x00007FF81C950000-0x00007FF81C962000-memory.dmp

Filesize
72KB

Download
memory/812-2829-0x00007FF81C900000-0x00007FF81C922000-memory.dmp

Filesize
136KB

Download
memory/812-2830-0x00007FF81C840000-0x00007FF81C857000-memory.dmp

Filesize
92KB

Download
memory/812-2831-0x00007FF81C790000-0x00007FF81C7A9000-memory.dmp

Filesize
100KB

Download
memory/812-2832-0x00007FF81C740000-0x00007FF81C78D000-memory.dmp

Filesize
308KB

Download
memory/812-2808-0x00007FF81CB90000-0x00007FF81CBC6000-memory.dmp

Filesize
216KB

Download
memory/812-2794-0x00007FF81FB00000-0x00007FF81FB24000-memory.dmp

Filesize
144KB

Download
memory/5088-1236-0x00007FF81FAC0000-0x00007FF81FAE6000-memory.dmp

Filesize
152KB

Download
memory/5088-1316-0x00007FF81BBF0000-0x00007FF81BC07000-memory.dmp

Filesize
92KB

Download
memory/5088-1318-0x00007FF81BB90000-0x00007FF81BBB2000-memory.dmp

Filesize
136KB

Download
memory/5088-1317-0x00007FF81BBC0000-0x00007FF81BBE1000-memory.dmp

Filesize
132KB

Download
memory/5088-1315-0x00007FF808910000-0x00007FF80AA03000-memory.dmp

Filesize
32.9MB

Download
memory/5088-1431-0x00007FF81BFC0000-0x00007FF81C0DC000-memory.dmp

Filesize
1.1MB

Download
memory/5088-1417-0x00007FF81C0E0000-0x00007FF81C6D2000-memory.dmp

Filesize
5.9MB

Download
memory/5088-1440-0x00007FF81C840000-0x00007FF81C851000-memory.dmp

Filesize
68KB

Download
memory/5088-1438-0x00007FF81C950000-0x00007FF81C969000-memory.dmp

Filesize
100KB

Download
memory/5088-1437-0x00007FF81C970000-0x00007FF81C987000-memory.dmp

Filesize
92KB

Download
memory/5088-1436-0x00007FF81C990000-0x00007FF81C9B2000-memory.dmp

Filesize
136KB

Download
memory/5088-1435-0x00007FF81C9C0000-0x00007FF81C9D4000-memory.dmp

Filesize
80KB

Download
memory/5088-1433-0x00007FF81CB70000-0x00007FF81CB85000-memory.dmp

Filesize
84KB

Download
memory/5088-1432-0x00007FF81F920000-0x00007FF81F956000-memory.dmp

Filesize
216KB

Download
memory/5088-1427-0x00007FF81C9E0000-0x00007FF81CAAD000-memory.dmp

Filesize
820KB

Download
memory/5088-1424-0x00007FF823120000-0x00007FF823139000-memory.dmp

Filesize
100KB

Download
memory/5088-1423-0x00007FF80AE70000-0x00007FF80B399000-memory.dmp

Filesize
5.2MB

Download
memory/5088-1422-0x00007FF825CB0000-0x00007FF825CC4000-memory.dmp

Filesize
80KB

Download
memory/5088-1314-0x00007FF80AA10000-0x00007FF80ACEF000-memory.dmp

Filesize
2.9MB

Download
memory/5088-1313-0x00007FF81BE40000-0x00007FF81BE4C000-memory.dmp

Filesize
48KB

Download
memory/5088-1312-0x00007FF81BCA0000-0x00007FF81BCCB000-memory.dmp

Filesize
172KB

Download
memory/5088-1311-0x00007FF810FE0000-0x00007FF81109C000-memory.dmp

Filesize
752KB

Download
memory/5088-1310-0x00007FF81BC10000-0x00007FF81BC46000-memory.dmp

Filesize
216KB

Download
memory/5088-1306-0x00007FF81BD00000-0x00007FF81BD0D000-memory.dmp

Filesize
52KB

Download
memory/5088-1307-0x00007FF81BCE0000-0x00007FF81BCF2000-memory.dmp

Filesize
72KB

Download
memory/5088-1308-0x00007FF81BCD0000-0x00007FF81BCDC000-memory.dmp

Filesize
48KB

Download
memory/5088-1309-0x00007FF81BE90000-0x00007FF81BE9C000-memory.dmp

Filesize
48KB

Download
memory/5088-1305-0x00007FF81BD90000-0x00007FF81BD9C000-memory.dmp

Filesize
48KB

Download
memory/5088-1298-0x00007FF80ACF0000-0x00007FF80AE6E000-memory.dmp

Filesize
1.5MB

Download
memory/5088-1299-0x00007FF81BE30000-0x00007FF81BE3E000-memory.dmp

Filesize
56KB

Download
memory/5088-1300-0x00007FF81BE10000-0x00007FF81BE1B000-memory.dmp

Filesize
44KB

Download
memory/5088-1301-0x00007FF81BE00000-0x00007FF81BE0B000-memory.dmp

Filesize
44KB

Download
memory/5088-1302-0x00007FF81BE20000-0x00007FF81BE2C000-memory.dmp

Filesize
48KB

Download
memory/5088-1303-0x00007FF81BF10000-0x00007FF81BF28000-memory.dmp

Filesize
96KB

Download
memory/5088-1304-0x00007FF81BDF0000-0x00007FF81BDFC000-memory.dmp

Filesize
48KB

Download
memory/5088-1296-0x00007FF81BF30000-0x00007FF81BF53000-memory.dmp

Filesize
140KB

Download
memory/5088-1297-0x00007FF81BE40000-0x00007FF81BE4C000-memory.dmp

Filesize
48KB

Download
memory/5088-1294-0x00007FF81BF60000-0x00007FF81BF8E000-memory.dmp

Filesize
184KB

Download
memory/5088-1295-0x00007FF81BE50000-0x00007FF81BE5C000-memory.dmp

Filesize
48KB

Download
memory/5088-1292-0x00007FF81BF90000-0x00007FF81BFB9000-memory.dmp

Filesize
164KB

Download
memory/5088-1293-0x00007FF81BE60000-0x00007FF81BE6B000-memory.dmp

Filesize
44KB

Download
memory/5088-1290-0x00007FF81C720000-0x00007FF81C77D000-memory.dmp

Filesize
372KB

Download
memory/5088-1291-0x00007FF81BE70000-0x00007FF81BE7C000-memory.dmp

Filesize
48KB

Download
memory/5088-1289-0x00007FF81BE80000-0x00007FF81BE8B000-memory.dmp

Filesize
44KB

Download
memory/5088-1287-0x00007FF81BEA0000-0x00007FF81BEAB000-memory.dmp

Filesize
44KB

Download
memory/5088-1288-0x00007FF81BE90000-0x00007FF81BE9C000-memory.dmp

Filesize
48KB

Download
memory/5088-1286-0x00007FF81C900000-0x00007FF81C94D000-memory.dmp

Filesize
308KB

Download
memory/5088-1285-0x00007FF81BEB0000-0x00007FF81BEBB000-memory.dmp

Filesize
44KB

Download
memory/5088-1284-0x00007FF81BF10000-0x00007FF81BF28000-memory.dmp

Filesize
96KB

Download
memory/5088-1283-0x00007FF81C970000-0x00007FF81C987000-memory.dmp

Filesize
92KB

Download
memory/5088-1282-0x00007FF80ACF0000-0x00007FF80AE6E000-memory.dmp

Filesize
1.5MB

Download
memory/5088-1281-0x00007FF81BF30000-0x00007FF81BF53000-memory.dmp

Filesize
140KB

Download
memory/5088-1280-0x00007FF81C990000-0x00007FF81C9B2000-memory.dmp

Filesize
136KB

Download
memory/5088-1276-0x00007FF81CB70000-0x00007FF81CB85000-memory.dmp

Filesize
84KB

Download
memory/5088-1277-0x00007FF81BF90000-0x00007FF81BFB9000-memory.dmp

Filesize
164KB

Download
memory/5088-1278-0x00007FF81CB50000-0x00007FF81CB62000-memory.dmp

Filesize
72KB

Download
memory/5088-1279-0x00007FF81BF60000-0x00007FF81BF8E000-memory.dmp

Filesize
184KB

Download
memory/5088-1275-0x00007FF81C720000-0x00007FF81C77D000-memory.dmp

Filesize
372KB

Download
memory/5088-1246-0x00007FF81CF70000-0x00007FF81CF7B000-memory.dmp

Filesize
44KB

Download
memory/5088-1247-0x00007FF81CF60000-0x00007FF81CF6C000-memory.dmp

Filesize
48KB

Download
memory/5088-1248-0x00007FF81CF50000-0x00007FF81CF5C000-memory.dmp

Filesize
48KB

Download
memory/5088-1249-0x00007FF81CF40000-0x00007FF81CF4E000-memory.dmp

Filesize
56KB

Download
memory/5088-1250-0x00007FF81CE80000-0x00007FF81CE8C000-memory.dmp

Filesize
48KB

Download
memory/5088-1251-0x00007FF81F910000-0x00007FF81F91B000-memory.dmp

Filesize
44KB

Download
memory/5088-1252-0x00007FF81CF80000-0x00007FF81CF8C000-memory.dmp

Filesize
48KB

Download
memory/5088-1253-0x00007FF81CE70000-0x00007FF81CE7B000-memory.dmp

Filesize
44KB

Download
memory/5088-1254-0x00007FF823120000-0x00007FF823139000-memory.dmp

Filesize
100KB

Download
memory/5088-1255-0x00007FF81CC70000-0x00007FF81CC7B000-memory.dmp

Filesize
44KB

Download
memory/5088-1256-0x00007FF81CC60000-0x00007FF81CC6C000-memory.dmp

Filesize
48KB

Download
memory/5088-1260-0x00007FF81CB90000-0x00007FF81CB9C000-memory.dmp

Filesize
48KB

Download
memory/5088-1261-0x00007FF81FAF0000-0x00007FF81FB23000-memory.dmp

Filesize
204KB

Download
memory/5088-1262-0x00007FF81C9E0000-0x00007FF81CAAD000-memory.dmp

Filesize
820KB

Download
memory/5088-1257-0x00007FF81BFC0000-0x00007FF81C0DC000-memory.dmp

Filesize
1.1MB

Download
memory/5088-1258-0x00007FF81CBC0000-0x00007FF81CBCD000-memory.dmp

Filesize
52KB

Download
memory/5088-1259-0x00007FF81CBA0000-0x00007FF81CBB2000-memory.dmp

Filesize
72KB

Download
memory/5088-1263-0x00007FF81CC50000-0x00007FF81CC5C000-memory.dmp

Filesize
48KB

Download
memory/5088-1264-0x00007FF81CB70000-0x00007FF81CB85000-memory.dmp

Filesize
84KB

Download
memory/5088-1274-0x00007FF81C780000-0x00007FF81C79E000-memory.dmp

Filesize
120KB

Download
memory/5088-1271-0x00007FF81C950000-0x00007FF81C969000-memory.dmp

Filesize
100KB

Download
memory/5088-1272-0x00007FF81C900000-0x00007FF81C94D000-memory.dmp

Filesize
308KB

Download
memory/5088-1273-0x00007FF81C840000-0x00007FF81C851000-memory.dmp

Filesize
68KB

Download
memory/5088-1270-0x00007FF81C970000-0x00007FF81C987000-memory.dmp

Filesize
92KB

Download
memory/5088-1265-0x00007FF81CB50000-0x00007FF81CB62000-memory.dmp

Filesize
72KB

Download
memory/5088-1267-0x00007FF81C9C0000-0x00007FF81C9D4000-memory.dmp

Filesize
80KB

Download
memory/5088-1268-0x00007FF81C990000-0x00007FF81C9B2000-memory.dmp

Filesize
136KB

Download
memory/5088-1269-0x00007FF81F920000-0x00007FF81F956000-memory.dmp

Filesize
216KB

Download
memory/5088-1266-0x00007FF81FAC0000-0x00007FF81FAE6000-memory.dmp

Filesize
152KB

Download
memory/5088-1242-0x00007FF81FAA0000-0x00007FF81FAAB000-memory.dmp

Filesize
44KB

Download
memory/5088-1241-0x00007FF81FAB0000-0x00007FF81FABB000-memory.dmp

Filesize
44KB

Download
memory/5088-1243-0x00007FF825CB0000-0x00007FF825CC4000-memory.dmp

Filesize
80KB

Download
memory/5088-1244-0x00007FF81FA90000-0x00007FF81FA9C000-memory.dmp

Filesize
48KB

Download
memory/5088-1245-0x00007FF80AE70000-0x00007FF80B399000-memory.dmp

Filesize
5.2MB

Download
memory/5088-1240-0x00007FF81F920000-0x00007FF81F956000-memory.dmp

Filesize
216KB

Download
memory/5088-1234-0x00007FF81C0E0000-0x00007FF81C6D2000-memory.dmp

Filesize
5.9MB

Download
memory/5088-1235-0x00007FF81FDC0000-0x00007FF81FDCB000-memory.dmp

Filesize
44KB

Download
memory/5088-1237-0x00007FF81BFC0000-0x00007FF81C0DC000-memory.dmp

Filesize
1.1MB

Download
memory/5088-1238-0x00007FF822330000-0x00007FF82233D000-memory.dmp

Filesize
52KB

Download
memory/5088-1239-0x00007FF826120000-0x00007FF826144000-memory.dmp

Filesize
144KB

Download
memory/5088-1229-0x00007FF81FAF0000-0x00007FF81FB23000-memory.dmp

Filesize
204KB

Download
memory/5088-1230-0x00007FF81C9E0000-0x00007FF81CAAD000-memory.dmp

Filesize
820KB

Download
memory/5088-1224-0x00007FF823120000-0x00007FF823139000-memory.dmp

Filesize
100KB

Download
memory/5088-1226-0x00007FF822340000-0x00007FF82234D000-memory.dmp

Filesize
52KB

Download
memory/5088-1220-0x00007FF825CB0000-0x00007FF825CC4000-memory.dmp

Filesize
80KB

Download
memory/5088-1222-0x00007FF80AE70000-0x00007FF80B399000-memory.dmp

Filesize
5.2MB

Download
memory/5088-1218-0x00007FF81FDD0000-0x00007FF81FDFD000-memory.dmp

Filesize
180KB

Download
memory/5088-1177-0x00007FF826100000-0x00007FF826119000-memory.dmp

Filesize
100KB

Download
memory/5088-1173-0x00007FF8261D0000-0x00007FF8261DF000-memory.dmp

Filesize
60KB

Download
memory/5088-1171-0x00007FF826120000-0x00007FF826144000-memory.dmp

Filesize
144KB

Download
memory/5088-1163-0x00007FF81C0E0000-0x00007FF81C6D2000-memory.dmp

Filesize
5.9MB

Download