hxxps://github[.]com/gboy17-source/DBDPakInstallerGUI2/releases/tag/dpdpakinstallerv2[.]2[.]1

Analysis

max time kernel
42s
max time network
147s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09/10/2024, 20:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/gboy17-source/DBDPakInstallerGUI2/releases/tag/dpdpakinstallerv2.2.1

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 32 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2F3B5E31-867B-11EF-B38B-EAF82BEC9AF0} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000078a0cc6b0b830b4fbbc12dd3fac6f54200000000020000000000106600000001000020000000973946c3049f5223791a4e9437a0a4f582f13e7d87bc6522da336c7ed3c47cbc000000000e80000000020000200000004ee80eb5b6a8453b08155664e0f2ec56256ec1b1f7ae1a9d886af3aa8b7da75a90000000a7af9f52509ce17f16c2c4ba574503f9e96ae8fda8e714ef2cb7ac81060fb24fae761d975300fbfc1c8415d3e7eddd07c155043a84d82e52a0c5e8431b92d400a4874467fc649dc9c85aed2b3be73ce5a1a982a32fd1c660ad0b6611e5805eb8ae2f22715c611183f87bf738feec2c6294aebacc78c86876661b2b24e4f125397cfea036ee43ded8aa8adc702145405c400000003d437c8fb93e4fcf026ad142eb5fc20e96d612903a151e54f81998113f01880bbf1bdce5a7b1968ef32ed1365d16cf1cb812a0fe3fbdce80d2dda48c7ec5534e	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 505ddc0a881adb01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000078a0cc6b0b830b4fbbc12dd3fac6f54200000000020000000000106600000001000020000000df5387631df5f75bb01c70baccb2425e28e58db7c8c5c856ad0c27dd7141988a000000000e80000000020000200000004f74c49c456843945fa8d58fb4cc05a3d2ec3cc821fe3ba757699d4fc21342ae2000000094b99fa7647f7b8f36cca95e4290d0ba2561a30ce3a8faa499fd927ad6db09ca40000000ec7bbe4cd805114da2b0c71897dddb77a6be66fab8281d9ae18752d7cb3d7baa6324114e9341475f0cbdbf890bbf2115a3665a934091989f2cbe6eeb0e009f93	iexplore.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
584	chrome.exe
584	chrome.exe

Suspicious use of AdjustPrivilegeToken 52 IoCs

description	pid	Process
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe

Suspicious use of FindShellTrayWindow 54 IoCs

pid	Process
3000	iexplore.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
3000	iexplore.exe
3000	iexplore.exe
2360	IEXPLORE.EXE
2360	IEXPLORE.EXE
3000	iexplore.exe
2360	IEXPLORE.EXE
2360	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3000 wrote to memory of 2360	3000	iexplore.exe	30
PID 3000 wrote to memory of 2360	3000	iexplore.exe	30
PID 3000 wrote to memory of 2360	3000	iexplore.exe	30
PID 3000 wrote to memory of 2360	3000	iexplore.exe	30
PID 584 wrote to memory of 1956	584	chrome.exe	34
PID 584 wrote to memory of 1956	584	chrome.exe	34
PID 584 wrote to memory of 1956	584	chrome.exe	34
PID 584 wrote to memory of 2904	584	chrome.exe	36
PID 584 wrote to memory of 2904	584	chrome.exe	36
PID 584 wrote to memory of 2904	584	chrome.exe	36
PID 584 wrote to memory of 2904	584	chrome.exe	36
PID 584 wrote to memory of 2904	584	chrome.exe	36
PID 584 wrote to memory of 2904	584	chrome.exe	36
PID 584 wrote to memory of 2904	584	chrome.exe	36
PID 584 wrote to memory of 2904	584	chrome.exe	36
PID 584 wrote to memory of 2904	584	chrome.exe	36
PID 584 wrote to memory of 2904	584	chrome.exe	36
PID 584 wrote to memory of 2904	584	chrome.exe	36
PID 584 wrote to memory of 2904	584	chrome.exe	36
PID 584 wrote to memory of 2904	584	chrome.exe	36
PID 584 wrote to memory of 2904	584	chrome.exe	36
PID 584 wrote to memory of 2904	584	chrome.exe	36
PID 584 wrote to memory of 2904	584	chrome.exe	36
PID 584 wrote to memory of 2904	584	chrome.exe	36
PID 584 wrote to memory of 2904	584	chrome.exe	36
PID 584 wrote to memory of 2904	584	chrome.exe	36
PID 584 wrote to memory of 2904	584	chrome.exe	36
PID 584 wrote to memory of 2904	584	chrome.exe	36
PID 584 wrote to memory of 2904	584	chrome.exe	36
PID 584 wrote to memory of 2904	584	chrome.exe	36
PID 584 wrote to memory of 2904	584	chrome.exe	36
PID 584 wrote to memory of 2904	584	chrome.exe	36
PID 584 wrote to memory of 2904	584	chrome.exe	36
PID 584 wrote to memory of 2904	584	chrome.exe	36
PID 584 wrote to memory of 2904	584	chrome.exe	36
PID 584 wrote to memory of 2904	584	chrome.exe	36
PID 584 wrote to memory of 2904	584	chrome.exe	36
PID 584 wrote to memory of 2904	584	chrome.exe	36
PID 584 wrote to memory of 2904	584	chrome.exe	36
PID 584 wrote to memory of 2904	584	chrome.exe	36
PID 584 wrote to memory of 2904	584	chrome.exe	36
PID 584 wrote to memory of 2904	584	chrome.exe	36
PID 584 wrote to memory of 2904	584	chrome.exe	36
PID 584 wrote to memory of 2904	584	chrome.exe	36
PID 584 wrote to memory of 2904	584	chrome.exe	36
PID 584 wrote to memory of 2904	584	chrome.exe	36
PID 584 wrote to memory of 2892	584	chrome.exe	37
PID 584 wrote to memory of 2892	584	chrome.exe	37
PID 584 wrote to memory of 2892	584	chrome.exe	37
PID 584 wrote to memory of 1004	584	chrome.exe	38
PID 584 wrote to memory of 1004	584	chrome.exe	38
PID 584 wrote to memory of 1004	584	chrome.exe	38
PID 584 wrote to memory of 1004	584	chrome.exe	38
PID 584 wrote to memory of 1004	584	chrome.exe	38
PID 584 wrote to memory of 1004	584	chrome.exe	38
PID 584 wrote to memory of 1004	584	chrome.exe	38
PID 584 wrote to memory of 1004	584	chrome.exe	38
PID 584 wrote to memory of 1004	584	chrome.exe	38
PID 584 wrote to memory of 1004	584	chrome.exe	38
PID 584 wrote to memory of 1004	584	chrome.exe	38
PID 584 wrote to memory of 1004	584	chrome.exe	38
PID 584 wrote to memory of 1004	584	chrome.exe	38
PID 584 wrote to memory of 1004	584	chrome.exe	38
PID 584 wrote to memory of 1004	584	chrome.exe	38

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://github.com/gboy17-source/DBDPakInstallerGUI2/releases/tag/dpdpakinstallerv2.2.1
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3000
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3000 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2360

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef63f9758,0x7fef63f9768,0x7fef63f9778
  2⤵
  PID:1956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1148 --field-trial-handle=1312,i,454031665274427912,2431670651588560768,131072 /prefetch:2
  2⤵
  PID:2904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1520 --field-trial-handle=1312,i,454031665274427912,2431670651588560768,131072 /prefetch:8
  2⤵
  PID:2892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1560 --field-trial-handle=1312,i,454031665274427912,2431670651588560768,131072 /prefetch:8
  2⤵
  PID:1004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2160 --field-trial-handle=1312,i,454031665274427912,2431670651588560768,131072 /prefetch:1
  2⤵
  PID:1164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2168 --field-trial-handle=1312,i,454031665274427912,2431670651588560768,131072 /prefetch:1
  2⤵
  PID:1588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1208 --field-trial-handle=1312,i,454031665274427912,2431670651588560768,131072 /prefetch:2
  2⤵
  PID:1544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1332 --field-trial-handle=1312,i,454031665274427912,2431670651588560768,131072 /prefetch:2
  2⤵
  PID:1520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3344 --field-trial-handle=1312,i,454031665274427912,2431670651588560768,131072 /prefetch:1
  2⤵
  PID:2744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1464 --field-trial-handle=1312,i,454031665274427912,2431670651588560768,131072 /prefetch:8
  2⤵
  PID:2920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3596 --field-trial-handle=1312,i,454031665274427912,2431670651588560768,131072 /prefetch:8
  2⤵
  PID:2756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3716 --field-trial-handle=1312,i,454031665274427912,2431670651588560768,131072 /prefetch:8
  2⤵
  PID:2732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3776 --field-trial-handle=1312,i,454031665274427912,2431670651588560768,131072 /prefetch:8
  2⤵
  PID:2940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3816 --field-trial-handle=1312,i,454031665274427912,2431670651588560768,131072 /prefetch:1
  2⤵
  PID:2776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2300 --field-trial-handle=1312,i,454031665274427912,2431670651588560768,131072 /prefetch:1
  2⤵
  PID:1248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4152 --field-trial-handle=1312,i,454031665274427912,2431670651588560768,131072 /prefetch:8
  2⤵
  PID:2452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4120 --field-trial-handle=1312,i,454031665274427912,2431670651588560768,131072 /prefetch:1
  2⤵
  PID:340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4204 --field-trial-handle=1312,i,454031665274427912,2431670651588560768,131072 /prefetch:1
  2⤵
  PID:1912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4040 --field-trial-handle=1312,i,454031665274427912,2431670651588560768,131072 /prefetch:8
  2⤵
  PID:2000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3680 --field-trial-handle=1312,i,454031665274427912,2431670651588560768,131072 /prefetch:8
  2⤵
  PID:2176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2792 --field-trial-handle=1312,i,454031665274427912,2431670651588560768,131072 /prefetch:8
  2⤵
  PID:2684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1752 --field-trial-handle=1312,i,454031665274427912,2431670651588560768,131072 /prefetch:8
  2⤵
  PID:1948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1580 --field-trial-handle=1312,i,454031665274427912,2431670651588560768,131072 /prefetch:8
  2⤵
  PID:336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1568 --field-trial-handle=1312,i,454031665274427912,2431670651588560768,131072 /prefetch:8
  2⤵
  PID:2256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3884 --field-trial-handle=1312,i,454031665274427912,2431670651588560768,131072 /prefetch:8
  2⤵
  PID:2240

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1068

C:\Users\Admin\Downloads\DBDPakInstallerGUIv2.2.1.exe
"C:\Users\Admin\Downloads\DBDPakInstallerGUIv2.2.1.exe"
1⤵
PID:2588
- C:\Users\Admin\Downloads\Temp\PakBypass.exe
  "C:\Users\Admin\Downloads\Temp\PakBypass.exe"
  2⤵
  PID:2256
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c pause
    3⤵
    PID:1080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A66A8DB907BADC9D16AD67B2FBFFDD5C

Filesize
281B

MD5
a501695f12846d7e321a681d569de8a4

SHA1
3dba1559b323bf4564ba47c5ec0da5316644a504

SHA256
34e0dbf7c6224376f6f63c2c86a023169063c7a2cb7c6dd8a922175d665cd0dd

SHA512
f1a8512064d4dd8cda77d177498386364cef966d690eea26384fc6137f8faf241255e36d5233f7971abcd933eb88ee7dbb6b7ee90c4ffee124eb2d52d62be7d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25

Filesize
1KB

MD5
e136d0e2e11a5e36fd34dc0ff7e84c09

SHA1
c2dd12f174d763ae4036ac46fca8467ef5e28696

SHA256
5fbcd6854fc7efc658bc08f216b45f6faf6d5d55e985bb384de1b73a0fb99e5d

SHA512
31b34d6d1bc6b879e1820482b08137e87661dc7f19f241773db3298e491cba98975696bcbce358162893bcb78a65df0801bdcf4eb5bda2969a0190bfd171313a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90

Filesize
978B

MD5
1f54bc3fae4c43bb8e1a16905df19c9f

SHA1
eef09574f76ed2849c30d27fa6082229d5254ea1

SHA256
1ad66c7f532abcdb7b65a157e0a16c8d35f911630cce44c2f9eaad39e815f6bd

SHA512
f9c434660e98b38e72fcbedc311cd425e750b598f0090cce558aa2093eb5d540de182077cd10364246383a7a3c43fdf49612a1fffdd59271b8a5dfa8cc0727a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
dc78dfa2c660fb6957213ae05f7e87f0

SHA1
a4888289e82c59eaa73943c81d45e68f8e8805c6

SHA256
9fdc66c6cb801c2217c78621a4b270e5a116aa4218ae9cf2214577121ec9b233

SHA512
f17ab71a16158bfadc7ae4beec53422a7ce2c2b2f1ce224686aa8ba1d93b5a10af52b4992721bfb583b99e77a6292c8ba2f4c7c1cb9734a76d644dfd44e0021b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3a11f0e66c8aa443117f0deef04ba08a

SHA1
dc88708834c3dbab0b6b285bfe88694cef63a5a6

SHA256
0840f3e1ed9dd5cd994b472308ea0f38f1486ed810f0ab2f80f47409de8aa15c

SHA512
0c2113a8bd795ce2bdcdf1c984092eb7c151d2ab3f0d5db2a201876e4415c94b30244c52895206644f001bc1a015baa72e8c576a5e07626d367c39b18f310d26

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
553e1803b7ca554e513505214e72926b

SHA1
844ff843fc8e15814d45634de16cc673adb42f41

SHA256
40b7bb2d8317364a5391bacc3240e383d5d23c991a1501f076373de78e6538a5

SHA512
d153db5a524921de5395b89297696fc596348b962ab99859d3f8e20ce0a265d738b2575abdd4800002419aceffb8ec9ef6b01449ec735f221d905b0f74f625a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
00f24e1a176a70b4f7380c2544771a88

SHA1
20da46a11f8c4ca12a4049d2799b4a7fb74ffa3a

SHA256
156963cb2de83b1565d4124cae0279eadafce9b82b7f7fdfa599483bc4d6a37e

SHA512
9baf359ce408567715cb8eb8d5432c0aebc350399a2954776ea24311fb6f61975f27cf902d1029793b3006c207e30f723b8dee358a9b10eb8105888a1ad1bd17

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6fb86d62e7b3026777837e2c68002329

SHA1
66132a6bcd051723542cafd3298d3718a22e71c8

SHA256
a9bbf6262d4fa85ef54a47a4072b3fdebdc8a06a637dd4243d60fbb0aa894823

SHA512
76f5f0a2e6a00719a9ff108aca92a66be40d5765979efa0f07bcffb45b7c0699fe7d494a0187c5200a394531b06c110a4a79d9810c9c47d0e2591fd9338fb9e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c5a80bc9510caf5e5a51de1187209ad8

SHA1
4066166cd9fcfcc80df4ca251f2dac19153e34f7

SHA256
69bdf9d9f429c05f4bb3b731e2bb90683d064e47f967bd3d0a3b710e8c554c60

SHA512
0a5ba6725c9e99eb6ddc370f9f65fc85c8a2b7904713c6c38b78660331b911679076637515e55793c226ec978d83279df19335ed4fe32f5c1e62f9341c39688e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
723c3c1c10e6591c1a8d6192dd67459c

SHA1
1a1fcf878a40437625cfefa97591e06b042cb21a

SHA256
2172f30b02aa63422daa83157b99b043fa5e49ca0fe389aa6d2e5462f11f8996

SHA512
e8f7c85aaec4a81ea497a916a0f33031ffd9f151762a0b37859f76c62fedd662ee27304a43ac3ff7e5b98df73c3ec5c69d12c7d2a4a5766c02c7a8a1b4e9cfdd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f6989abc6ac8b6be567a08beacd3a5a4

SHA1
dd49551498911cf9b78cc985709f26c71180bf23

SHA256
0065539d44aecd07755418b858dfab84f21026f375e1af354ece181cd21bd644

SHA512
a776d338afd00d736f1575ab37e489aa5b24384b39e5fc2faa9b127d01ce95461eb72f0f3ccda950c9061adbd04d138bbfa8d9544acc1274e436b88974ed22cb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9d041d85ecbdae0245eb4372453f40e8

SHA1
1d93ef413f2df1cfaa6ff49984e38b4d82f05a5f

SHA256
1a2cd13394ca02baf8a924b34f3b35a5382742a119901f4006d78b2aba871d2b

SHA512
0dcad8eaf1b5da15e6e0717e7a6b08aff468c13d5d340df2318bd82c89fe61b577f893b30e7197d3d5c23451a20fc99a1dc6af97828427b56a1d2b18b4cda0a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4ff51208a6a29d565b6db344bf4b8281

SHA1
49960671bd189192339c6d367f7eccf787c32e88

SHA256
72688491065da8d350ad1613b2a53ac030aad27ad9c6599ea007c960ed20041e

SHA512
e5aad3d19f0908d7967abaffefa7fdbcdf5976b33adbdabe53037a87eb4909680327ecddd7969a6430bc1275a66be8a54c500c24d45221af749b62c912760d63

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ea256633f2efbe8b1104f1b54db5d798

SHA1
e74440f3f69e40346797cf3a1da9f3efeda60804

SHA256
7c9db9bb386dbb1d96bb88571fe2df9b58850367b06ba471408476e4a5578526

SHA512
92ad474ed1db845b605243bb844f77226de27b2fe786f92cca52f1f414ae988899c2725cc79ee9a296aa9d4b9588eda7854252b55c18a3e9a83e4b46c5756ba6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
05d5ffb3cf7cdbce21d58e9a1817d16b

SHA1
703724e15e58d36f9fd8e952f599f6f43697d8f4

SHA256
6ac078c4bfaf8e9a36bea4d28d766cc28326526db08e6e78fb02b8268909edd0

SHA512
9c9669e284328033f18a744f0c73c2d01e92984250d2b7471cd177a384926dce42eef8fa08fc03e2295d59fc68d5be127e77ce0fc5392fb6a4871122ca9db3e1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c1880fb3c611d366a49c47ae3220c121

SHA1
d254361ee7eebe05e3b7d7e3d16954d8e2dd82b3

SHA256
cd0d0e0951e98c18c8bafd1ccff4792f29e0272fdaad2c8e065b751f451ca030

SHA512
59371b2fff52632c4d1cfd80b0c5594a940e39f775241163c8b26fc518eea90fd64c426fd9f2895c34b8f9deb0677d6260f493ac1ff4c39033cffb2be6409c07

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ac1861236f99bf28cae9d76faae5bfa5

SHA1
9b3bf66f0cc28c49845efe8d6166f7fc9c373481

SHA256
7407647d2b832948247c55117bff8ff391929c3254e7bde10f6c66c4f5f3df59

SHA512
450126b444e7588037d5a30976bee4eab7db87261a12d09b3e0f1da9a81966c4a93bc88fd1858c68a36823f25abb69df504b8e587f72ce6287d1a87e3c6db47a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A66A8DB907BADC9D16AD67B2FBFFDD5C

Filesize
480B

MD5
7db3cae30d22d12894e848b17e21bdc6

SHA1
ffc3460971a5553501333b4628c31e7e0d2e2f9c

SHA256
2d64b4f7483820cd627b873d97f5f3f06287c671ed7980c7f66490deb9b88185

SHA512
2d57894ed26beb837a4afd7a9881543fb0c47b777c61315f886bb5709e01337d97b2f982fc8421de14bd4a984965a2f231e9936024f0905ea25fe97575f55a63

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25

Filesize
482B

MD5
eb607c6c61569f54f15a2bbea4a74f08

SHA1
0ff108c5d954981e43255fe1871ca24f094ea263

SHA256
af97d494fe5681d1f195a0657b8011bb1061f834c0619f3d69a18a2e0a663c47

SHA512
e0828e31294f4599db963dab3656f353aa8612ec4283d1e298f25bc89132bb15fbd8fcb8902dee65b0d750d936724f8cd6934690d8545e7495593a0ebdafd917

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90

Filesize
480B

MD5
ae94e87e5f1137812f8671c79d634845

SHA1
503dd7b041e3bfdae494e12bc9cfaeb5a8a175df

SHA256
50ed2e343d64dd169cc9cb0a9ca5c9b53803448c4f7c0940f92bea309fa856a7

SHA512
233d461c5cf5e73afaafe4f3644df3f7ed6c924f3869bcd6813373e7b95c058dc0824770ef60bd91c09e7f23fd678e8196e4615595f822e05583706581229778

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
c8141299552e46156e5b06176f26b441

SHA1
a63636b052b5cd3a8abbb6e4aa762b22434863eb

SHA256
7b1e7b536b19bc8d83d44b71fe6f584a2aaf3e738ff5830e9fef613a25c36fda

SHA512
61853a3c1ae4ad3721ec41aa14b06e115f4f3a01868655ade08481450133aef94b75387ff253bf2ca88077fd87418f4cc58a8821ea268ab332acb65c115828bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State~RFf781584.TMP

Filesize
987B

MD5
18810e28aa12b2d6744ad1b45823a602

SHA1
85531643b4fe71f1ceb977ec04bccbb89b490d43

SHA256
6a5907c71874e184696c110cad9b1c0495e6fa88a4b99bbc660398c02de320ec

SHA512
a251700b5536772059effe141a9ae87caa633b98ce466af5ed77089062ae1bbe0e2201377f557c6d0ca3e92723d6f48caf4d18cff4bff1ac6fd7e8c0b3a4b8f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bc18bae466db43c2219b8aa49dc657cb

SHA1
e5ff35a4046ac0646c537abdcb00f0ed45cc0d65

SHA256
751b5b1765781e34c5af1448b0cab9d9b58ed565db9efefb5e0db5c3c97f9666

SHA512
b5b7355b7ad8a95bfc528e5c8c9344bee825a6307400c66c273d3989096bcfe360a50de1689ee7b3e78f81d9feccfeb9bbb5baab833dcdd55d6c0d2e298167dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8c5432ab2bf640cb407cf011e888b3e6

SHA1
ecdffa753189f0b6db6aa2fee583fc0bcdd3ef6c

SHA256
ddd3efe8fca9e6bd91b09c136771ead770fb401fe1935fb4a618ca3c75e49526

SHA512
a4917e870fbb4a57c8dbb787e5510b99af423a9446f720a2c3afa10af86aebe63865e55fc76f0a91ad730abfed06f751317325d4827a79d16b824d70c8f686e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
6ae946f55b9cd98db7cc8456ffba550f

SHA1
a16463d4a4c2dfe5be89d7f4b1ac04cbff144a5c

SHA256
131e7670580dee64814918956c3545d08c89ab1b5aed697fd28dcd2ff42c7c4e

SHA512
d889cb02239c080b47934c823527191b42fdf0666eeaf7801fa4675d44679e5f87efd1a1e53aaef8e80373b6258436c35fcb380525d46b924597e32542dd1067

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0ae28ca979aaa90a3113586eeb76f51d

SHA1
c44a683405db15f7ce21ead162bd2d3d11b28666

SHA256
6033de71f4dc4a9150fdf8006609cdb49d1addf6e2892b297ccb6a1f6e434f42

SHA512
9dd96d3dad72ef538ad42cd2cb5a875fd77cc52866979772b19614bb018eb73139aa8f1e995d9b078d448a0ac2b1db6c992158da49ea01b8b98595665e966bed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\CURRENT

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
340KB

MD5
17da16cb995757a503cd5bb0df8a187a

SHA1
39a37803f10696858211f51888b67f35a747be5a

SHA256
e3c93c52ceda8d6050b30881251108e46a8fdd818c125c12835981e27123f901

SHA512
08d731f4b83114cf0e3dcedb99428aec71ce1189dc8609b86331a6c0143584f745f36ef6850c3e040a50f87c99906642a4409e92235cadf082b47b39c37c734e

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabBFF7.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarCC2A.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\Downloads\DBDPakInstallerGUIv2.2.1.exe

Filesize
3.3MB

MD5
20a14021d169d7b9f4fbcdbed742c967

SHA1
6e4ce3ed1b7cfa794822604f893e43ea934d17ce

SHA256
835c59ca79ebdd6ef5e878b500fd62a5674c50ea9b5aa2faf4c3b0bf4f60b689

SHA512
f89a6e2635dcf84a851f729f491f567c118a76dd419ce72856d1d74b53adf858dd42ff0868ee252b3a49ee4843c078061b09a6304b5f8a123a3fe54f1ecf720d

Download Submit
C:\Users\Admin\Downloads\Temp\PakBypass.exe

Filesize
2.2MB

MD5
de82c7a9fc480a95a3aeba0def93b58b

SHA1
a140452f8f465cab31fd0bbd4382a77d152a5081

SHA256
905ab187800b73839dfba4f130b343ebcfe0adac871f109670aee35e396e3bbd

SHA512
cb8c896bf72e72c8d51c7555ba0c3b158922cb2900bb5e1f4dd0d4b7578240168083dc03e0a2bd2226d57f8bbc0b70e5f2ab2acc35f52d91c7317966779c7e41

Download Submit
memory/2256-1504-0x000000013F5B0000-0x000000013FCCF000-memory.dmp

Filesize
7.1MB

Download
memory/2256-1496-0x000000013F5B0000-0x000000013FCCF000-memory.dmp

Filesize
7.1MB

Download
memory/2588-927-0x0000000071230000-0x000000007191E000-memory.dmp

Filesize
6.9MB

Download
memory/2588-924-0x0000000071230000-0x000000007191E000-memory.dmp

Filesize
6.9MB

Download
memory/2588-926-0x0000000071230000-0x000000007191E000-memory.dmp

Filesize
6.9MB

Download
memory/2588-1495-0x0000000009550000-0x0000000009C6F000-memory.dmp

Filesize
7.1MB

Download
memory/2588-945-0x0000000071230000-0x000000007191E000-memory.dmp

Filesize
6.9MB

Download
memory/2588-1503-0x0000000009550000-0x0000000009C6F000-memory.dmp

Filesize
7.1MB

Download
memory/2588-936-0x000000007123E000-0x000000007123F000-memory.dmp

Filesize
4KB

Download
memory/2588-923-0x0000000000DB0000-0x00000000010FA000-memory.dmp

Filesize
3.3MB

Download
memory/2588-922-0x000000007123E000-0x000000007123F000-memory.dmp

Filesize
4KB

Download
memory/2588-944-0x0000000071230000-0x000000007191E000-memory.dmp

Filesize
6.9MB

Download