hxxps://web[.]archive[.]org/web/20240101170001/hxxps://www[.]chromnius[.]com/download1/public/Setup[.]exe

Analysis

max time kernel
219s
max time network
217s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
21-11-2024 11:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://web.archive.org/web/20240101170001/https://www.chromnius.com/download1/public/Setup.exe

Score

8^/10

defense_evasion discovery execution

Malware Config

Signatures

Blocklisted process makes network request 1 IoCs

Processes:

powershell.exe

flow pid process

19 3612 powershell.exe
Downloads MZ/PE file
Executes dropped EXE 2 IoCs

Processes:

Setup.exeSetup.exe

pid process

4484 Setup.exe
876 Setup.exe

flow	pid	process
19	3612	powershell.exe

pid	process
4484	Setup.exe
876	Setup.exe

Loads dropped DLL 20 IoCs

Processes:

MsiExec.exeMsiExec.exeMsiExec.exe

pid	process
1288	MsiExec.exe
1288	MsiExec.exe
1288	MsiExec.exe
1288	MsiExec.exe
1288	MsiExec.exe
1288	MsiExec.exe
1288	MsiExec.exe
1288	MsiExec.exe
1288	MsiExec.exe
1288	MsiExec.exe
1288	MsiExec.exe
1288	MsiExec.exe
1288	MsiExec.exe
1288	MsiExec.exe
3184	MsiExec.exe
3184	MsiExec.exe
3184	MsiExec.exe
3184	MsiExec.exe
3184	MsiExec.exe
3876	MsiExec.exe

Enumerates connected drives 3 TTPs 64 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

Setup.exeSetup.exemsiexec.exe

description	ioc	process
File opened (read-only)	\??\I:	Setup.exe
File opened (read-only)	\??\W:	Setup.exe
File opened (read-only)	\??\Y:	Setup.exe
File opened (read-only)	\??\Z:	Setup.exe
File opened (read-only)	\??\S:	Setup.exe
File opened (read-only)	\??\X:	Setup.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\E:	Setup.exe
File opened (read-only)	\??\L:	Setup.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\A:	Setup.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\A:	Setup.exe
File opened (read-only)	\??\S:	Setup.exe
File opened (read-only)	\??\R:	Setup.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\B:	Setup.exe
File opened (read-only)	\??\G:	Setup.exe
File opened (read-only)	\??\H:	Setup.exe
File opened (read-only)	\??\L:	Setup.exe
File opened (read-only)	\??\R:	Setup.exe
File opened (read-only)	\??\P:	Setup.exe
File opened (read-only)	\??\U:	Setup.exe
File opened (read-only)	\??\J:	Setup.exe
File opened (read-only)	\??\W:	Setup.exe
File opened (read-only)	\??\T:	Setup.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\E:	Setup.exe
File opened (read-only)	\??\P:	Setup.exe
File opened (read-only)	\??\V:	Setup.exe
File opened (read-only)	\??\O:	Setup.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\O:	Setup.exe
File opened (read-only)	\??\J:	Setup.exe
File opened (read-only)	\??\K:	Setup.exe
File opened (read-only)	\??\Z:	Setup.exe
File opened (read-only)	\??\Q:	Setup.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\K:	Setup.exe
File opened (read-only)	\??\X:	Setup.exe
File opened (read-only)	\??\V:	Setup.exe
File opened (read-only)	\??\Y:	Setup.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\M:	Setup.exe
File opened (read-only)	\??\T:	Setup.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\G:	Setup.exe
File opened (read-only)	\??\M:	Setup.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\U:	Setup.exe
File opened (read-only)	\??\H:	Setup.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\I:	Setup.exe
File opened (read-only)	\??\B:	Setup.exe
File opened (read-only)	\??\N:	Setup.exe

Drops file in Windows directory 23 IoCs

Processes:

MsiExec.exechrome.exemsiexec.exe

description	ioc	process
File created	C:\Windows\SystemTemp\scrB46E.ps1	MsiExec.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\Installer\e5aaf7b.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIB075.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIB134.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIB144.tmp	msiexec.exe
File created	C:\Windows\SystemTemp\~DF9FF9326E7C90ACF8.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIB1C2.tmp	msiexec.exe
File created	C:\Windows\SystemTemp\msiB46D.txt	MsiExec.exe
File opened for modification	C:\Windows\SystemTemp\ProB4B0.tmp	MsiExec.exe
File created	C:\Windows\Installer\e5aaf7b.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIB113.tmp	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\SystemTemp\~DF46CACFE4A673F903.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIB26F.tmp	msiexec.exe
File created	C:\Windows\SystemTemp\scrB46F.txt	MsiExec.exe
File opened for modification	C:\Windows\SystemTemp\pssB4AF.ps1	MsiExec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIB103.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\SourceHash{419A8FA6-AC6C-4F9F-8D6F-9E6BD143F1FD}	msiexec.exe
File created	C:\Windows\SystemTemp\~DF7EFD362FCA34B5D1.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\~DF5DE3E2ED210E364C.TMP	msiexec.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs
When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.
defense_evasion

SIP and Trust Provider Hijacking
T1553.003

Processes:

chrome.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\Setup.exe:Zone.Identifier chrome.exe
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs
Using powershell.exe command.
execution

PowerShell
T1059.001

Processes:

powershell.exe

pid process

3612 powershell.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Setup.exe:Zone.Identifier	chrome.exe

pid	process
3612	powershell.exe

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

MsiExec.exeSetup.exeMsiExec.exeMsiExec.exeSetup.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.exe

System Time Discovery 1 TTPs 1 IoCs
Adversary may gather the system time and/or time zone settings from a local or remote system.
discovery

System Time Discovery
T1124

Processes:

Setup.exe

pid process

876 Setup.exe

pid	process
876	Setup.exe

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

vssvc.exe

description	ioc	process
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000008e4795fcec2d58710000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800008e4795fc0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809008e4795fc000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d8e4795fc000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000008e4795fc00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 47 IoCs

Processes:

powershell.exemsiexec.exechrome.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	powershell.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	powershell.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133766626407581857"	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	powershell.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	powershell.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	powershell.exe

NTFS ADS 1 IoCs

Processes:

chrome.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\Setup.exe:Zone.Identifier chrome.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Setup.exe:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

chrome.exechrome.exemsiexec.exepowershell.exe

pid	process
2480	chrome.exe
2480	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
3644	chrome.exe
4472	msiexec.exe
4472	msiexec.exe
3612	powershell.exe
3612	powershell.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

Processes:

chrome.exe

pid process

2480 chrome.exe
2480 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2480	chrome.exe
Token: SeCreatePagefilePrivilege	2480	chrome.exe
Token: SeShutdownPrivilege	2480	chrome.exe
Token: SeCreatePagefilePrivilege	2480	chrome.exe
Token: SeShutdownPrivilege	2480	chrome.exe
Token: SeCreatePagefilePrivilege	2480	chrome.exe
Token: SeShutdownPrivilege	2480	chrome.exe
Token: SeCreatePagefilePrivilege	2480	chrome.exe
Token: SeShutdownPrivilege	2480	chrome.exe
Token: SeCreatePagefilePrivilege	2480	chrome.exe
Token: SeShutdownPrivilege	2480	chrome.exe
Token: SeCreatePagefilePrivilege	2480	chrome.exe
Token: SeShutdownPrivilege	2480	chrome.exe
Token: SeCreatePagefilePrivilege	2480	chrome.exe
Token: SeShutdownPrivilege	2480	chrome.exe
Token: SeCreatePagefilePrivilege	2480	chrome.exe
Token: SeShutdownPrivilege	2480	chrome.exe
Token: SeCreatePagefilePrivilege	2480	chrome.exe
Token: SeShutdownPrivilege	2480	chrome.exe
Token: SeCreatePagefilePrivilege	2480	chrome.exe
Token: SeShutdownPrivilege	2480	chrome.exe
Token: SeCreatePagefilePrivilege	2480	chrome.exe
Token: SeShutdownPrivilege	2480	chrome.exe
Token: SeCreatePagefilePrivilege	2480	chrome.exe
Token: SeShutdownPrivilege	2480	chrome.exe
Token: SeCreatePagefilePrivilege	2480	chrome.exe
Token: SeShutdownPrivilege	2480	chrome.exe
Token: SeCreatePagefilePrivilege	2480	chrome.exe
Token: SeShutdownPrivilege	2480	chrome.exe
Token: SeCreatePagefilePrivilege	2480	chrome.exe
Token: SeShutdownPrivilege	2480	chrome.exe
Token: SeCreatePagefilePrivilege	2480	chrome.exe
Token: SeShutdownPrivilege	2480	chrome.exe
Token: SeCreatePagefilePrivilege	2480	chrome.exe
Token: SeShutdownPrivilege	2480	chrome.exe
Token: SeCreatePagefilePrivilege	2480	chrome.exe
Token: SeShutdownPrivilege	2480	chrome.exe
Token: SeCreatePagefilePrivilege	2480	chrome.exe
Token: SeShutdownPrivilege	2480	chrome.exe
Token: SeCreatePagefilePrivilege	2480	chrome.exe
Token: SeShutdownPrivilege	2480	chrome.exe
Token: SeCreatePagefilePrivilege	2480	chrome.exe
Token: SeShutdownPrivilege	2480	chrome.exe
Token: SeCreatePagefilePrivilege	2480	chrome.exe
Token: SeShutdownPrivilege	2480	chrome.exe
Token: SeCreatePagefilePrivilege	2480	chrome.exe
Token: SeShutdownPrivilege	2480	chrome.exe
Token: SeCreatePagefilePrivilege	2480	chrome.exe
Token: SeShutdownPrivilege	2480	chrome.exe
Token: SeCreatePagefilePrivilege	2480	chrome.exe
Token: SeShutdownPrivilege	2480	chrome.exe
Token: SeCreatePagefilePrivilege	2480	chrome.exe
Token: SeShutdownPrivilege	2480	chrome.exe
Token: SeCreatePagefilePrivilege	2480	chrome.exe
Token: SeShutdownPrivilege	2480	chrome.exe
Token: SeCreatePagefilePrivilege	2480	chrome.exe
Token: SeShutdownPrivilege	2480	chrome.exe
Token: SeCreatePagefilePrivilege	2480	chrome.exe
Token: SeShutdownPrivilege	2480	chrome.exe
Token: SeCreatePagefilePrivilege	2480	chrome.exe
Token: SeShutdownPrivilege	2480	chrome.exe
Token: SeCreatePagefilePrivilege	2480	chrome.exe
Token: SeShutdownPrivilege	2480	chrome.exe
Token: SeCreatePagefilePrivilege	2480	chrome.exe

Suspicious use of FindShellTrayWindow 48 IoCs

Processes:

chrome.exeSetup.exe

pid	process
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
4484	Setup.exe
4484	Setup.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

chrome.exe

pid	process
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe
2480	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

Setup.exeSetup.exe

pid process

4484 Setup.exe
876 Setup.exe

pid	process
4484	Setup.exe
876	Setup.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2480 wrote to memory of 2100	2480	chrome.exe	chrome.exe
PID 2480 wrote to memory of 2100	2480	chrome.exe	chrome.exe
PID 2480 wrote to memory of 644	2480	chrome.exe	chrome.exe
PID 2480 wrote to memory of 644	2480	chrome.exe	chrome.exe
PID 2480 wrote to memory of 644	2480	chrome.exe	chrome.exe
PID 2480 wrote to memory of 644	2480	chrome.exe	chrome.exe
PID 2480 wrote to memory of 644	2480	chrome.exe	chrome.exe
PID 2480 wrote to memory of 644	2480	chrome.exe	chrome.exe
PID 2480 wrote to memory of 644	2480	chrome.exe	chrome.exe
PID 2480 wrote to memory of 644	2480	chrome.exe	chrome.exe
PID 2480 wrote to memory of 644	2480	chrome.exe	chrome.exe
PID 2480 wrote to memory of 644	2480	chrome.exe	chrome.exe
PID 2480 wrote to memory of 644	2480	chrome.exe	chrome.exe
PID 2480 wrote to memory of 644	2480	chrome.exe	chrome.exe
PID 2480 wrote to memory of 644	2480	chrome.exe	chrome.exe
PID 2480 wrote to memory of 644	2480	chrome.exe	chrome.exe
PID 2480 wrote to memory of 644	2480	chrome.exe	chrome.exe
PID 2480 wrote to memory of 644	2480	chrome.exe	chrome.exe
PID 2480 wrote to memory of 644	2480	chrome.exe	chrome.exe
PID 2480 wrote to memory of 644	2480	chrome.exe	chrome.exe
PID 2480 wrote to memory of 644	2480	chrome.exe	chrome.exe
PID 2480 wrote to memory of 644	2480	chrome.exe	chrome.exe
PID 2480 wrote to memory of 644	2480	chrome.exe	chrome.exe
PID 2480 wrote to memory of 644	2480	chrome.exe	chrome.exe
PID 2480 wrote to memory of 644	2480	chrome.exe	chrome.exe
PID 2480 wrote to memory of 644	2480	chrome.exe	chrome.exe
PID 2480 wrote to memory of 644	2480	chrome.exe	chrome.exe
PID 2480 wrote to memory of 644	2480	chrome.exe	chrome.exe
PID 2480 wrote to memory of 644	2480	chrome.exe	chrome.exe
PID 2480 wrote to memory of 644	2480	chrome.exe	chrome.exe
PID 2480 wrote to memory of 644	2480	chrome.exe	chrome.exe
PID 2480 wrote to memory of 644	2480	chrome.exe	chrome.exe
PID 2480 wrote to memory of 2024	2480	chrome.exe	chrome.exe
PID 2480 wrote to memory of 2024	2480	chrome.exe	chrome.exe
PID 2480 wrote to memory of 3048	2480	chrome.exe	chrome.exe
PID 2480 wrote to memory of 3048	2480	chrome.exe	chrome.exe
PID 2480 wrote to memory of 3048	2480	chrome.exe	chrome.exe
PID 2480 wrote to memory of 3048	2480	chrome.exe	chrome.exe
PID 2480 wrote to memory of 3048	2480	chrome.exe	chrome.exe
PID 2480 wrote to memory of 3048	2480	chrome.exe	chrome.exe
PID 2480 wrote to memory of 3048	2480	chrome.exe	chrome.exe
PID 2480 wrote to memory of 3048	2480	chrome.exe	chrome.exe
PID 2480 wrote to memory of 3048	2480	chrome.exe	chrome.exe
PID 2480 wrote to memory of 3048	2480	chrome.exe	chrome.exe
PID 2480 wrote to memory of 3048	2480	chrome.exe	chrome.exe
PID 2480 wrote to memory of 3048	2480	chrome.exe	chrome.exe
PID 2480 wrote to memory of 3048	2480	chrome.exe	chrome.exe
PID 2480 wrote to memory of 3048	2480	chrome.exe	chrome.exe
PID 2480 wrote to memory of 3048	2480	chrome.exe	chrome.exe
PID 2480 wrote to memory of 3048	2480	chrome.exe	chrome.exe
PID 2480 wrote to memory of 3048	2480	chrome.exe	chrome.exe
PID 2480 wrote to memory of 3048	2480	chrome.exe	chrome.exe
PID 2480 wrote to memory of 3048	2480	chrome.exe	chrome.exe
PID 2480 wrote to memory of 3048	2480	chrome.exe	chrome.exe
PID 2480 wrote to memory of 3048	2480	chrome.exe	chrome.exe
PID 2480 wrote to memory of 3048	2480	chrome.exe	chrome.exe
PID 2480 wrote to memory of 3048	2480	chrome.exe	chrome.exe
PID 2480 wrote to memory of 3048	2480	chrome.exe	chrome.exe
PID 2480 wrote to memory of 3048	2480	chrome.exe	chrome.exe
PID 2480 wrote to memory of 3048	2480	chrome.exe	chrome.exe
PID 2480 wrote to memory of 3048	2480	chrome.exe	chrome.exe
PID 2480 wrote to memory of 3048	2480	chrome.exe	chrome.exe
PID 2480 wrote to memory of 3048	2480	chrome.exe	chrome.exe
PID 2480 wrote to memory of 3048	2480	chrome.exe	chrome.exe

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://web.archive.org/web/20240101170001/https://www.chromnius.com/download1/public/Setup.exe
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff967ccc40,0x7fff967ccc4c,0x7fff967ccc58
  2⤵
  PID:2100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1784,i,11653850397501325950,10232709044891998108,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1740 /prefetch:2
  2⤵
  PID:644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2032,i,11653850397501325950,10232709044891998108,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2088 /prefetch:3
  2⤵
  PID:2024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2156,i,11653850397501325950,10232709044891998108,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2356 /prefetch:8
  2⤵
  PID:3048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3068,i,11653850397501325950,10232709044891998108,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3104 /prefetch:1
  2⤵
  PID:4040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3096,i,11653850397501325950,10232709044891998108,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:1332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4680,i,11653850397501325950,10232709044891998108,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4716 /prefetch:8
  2⤵
  PID:4668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4668,i,11653850397501325950,10232709044891998108,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4860 /prefetch:8
  2⤵
  PID:2276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4308,i,11653850397501325950,10232709044891998108,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4716 /prefetch:8
  2⤵
  PID:3644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5204,i,11653850397501325950,10232709044891998108,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4256 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5292,i,11653850397501325950,10232709044891998108,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4712 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:1420

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2260

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1344

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4668

C:\Users\Admin\Downloads\Setup.exe
"C:\Users\Admin\Downloads\Setup.exe"
1⤵
- Executes dropped EXE
- Enumerates connected drives
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:4484
- C:\Users\Admin\Downloads\Setup.exe
  "C:\Users\Admin\Downloads\Setup.exe" /i C:\Users\Admin\AppData\Local\Temp\{419A8FA6-AC6C-4F9F-8D6F-9E6BD143F1FD}\ChromniusPublic.msi AI_EUIMSI=1 APPDIR="C:\Program Files\Chromnius Browser" SECONDSEQUENCE="1" CLIENTPROCESSID="4484" CHAINERUIPROCESSID="4484Chainer" ACTION="INSTALL" EXECUTEACTION="INSTALL" CLIENTUILEVEL="0" ADDLOCAL="MainFeature" ALLUSERS="1" PRIMARYFOLDER="APPDIR" ROOTDRIVE="C:\" AI_DETECTED_INTERNET_CONNECTION="1" AI_SETUPEXEPATH="C:\Users\Admin\Downloads\Setup.exe" SETUPEXEDIR="C:\Users\Admin\Downloads\" EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1731948417 " TARGETDIR="C:\" AI_SETUPEXEPATH_ORIGINAL="C:\Users\Admin\Downloads\Setup.exe" AI_INSTALL="1"
  2⤵
  - Executes dropped EXE
  - Enumerates connected drives
  - System Location Discovery: System Language Discovery
  - System Time Discovery
  - Suspicious use of SetWindowsHookEx
  PID:876

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
PID:4472
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding F672D8E97B502F688A79A2F390C08AA1 C
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:1288
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
  2⤵
  PID:4932
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 62B86944719016DC82AC8C5F46EA9F45
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:3184
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 91E2BEEF18ED07866E2D095E89FB44F1 E Global\MSI0000
  2⤵
  - Loads dropped DLL
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  PID:3876
- - C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
    -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Windows\SystemTemp\pssB4AF.ps1" -propFile "C:\Windows\SystemTemp\msiB46D.txt" -scriptFile "C:\Windows\SystemTemp\scrB46E.ps1" -scriptArgsFile "C:\Windows\SystemTemp\scrB46F.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
    3⤵
    - Blocklisted process makes network request
    - Command and Scripting Interpreter: PowerShell
    - Modifies data under HKEY_USERS
    - Suspicious behavior: EnumeratesProcesses
    PID:3612

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
PID:4120

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Time Discovery

T1124

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9CB4373A4252DE8D2212929836304EC5_6C354C532D063DF5607A63BA827F5164

Filesize
1KB

MD5
82a8b7d90e1bab77afee12be4fee9ccc

SHA1
79a78cefe3315b3a22fe65eb4b266e567b61ad64

SHA256
a37c0a3de43a7c1ec5fd566a626f6cb1c4d0ef692b8a88b38c7ee41b276460df

SHA512
42a7f320e3e274836c5d0c8e7536731997ef9748460ce75a92aba8c1ee499a52ccaba52cac9dd93a18c23f44c52234eca5a4a75260974f6b3eb53a3ea5fda24f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A1D627669EFC8CD4F21BCF387D97F9B5_4E6F055104377B531318FB7FFF3FE1CA

Filesize
1KB

MD5
2255344d57fcc328ef525776cb00e920

SHA1
5ad650962cab05f67f5a145e3d0470fc66021d82

SHA256
05a0ef05329240ab623efa57e29377b762c3ef499bf313e1abd68d1243428805

SHA512
bbfe568a4d982e5d023782e53c8d199a5b450de84cb397766709896e03c4e3f415887ffa051798b3273a23809aced639b9ac70291c0eacb93163a20c6cfbcc9b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9CB4373A4252DE8D2212929836304EC5_6C354C532D063DF5607A63BA827F5164

Filesize
532B

MD5
ad902cb45bafbbbc6b89b2b939104500

SHA1
684d9940fa042b842d0a4ef3afa6096d105a5597

SHA256
277142bb2765514df180ec0302b1c2009e30d43fa3e82f434e8c70c9d66b030b

SHA512
8014274ecb0b162392548f39768e7d27170bff323e80f56d866e1dce87d28b40c45b6e9e9faf68c373393ce6c5bc1fb549d9fa93f4dea2f542260c9079670c41

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A1D627669EFC8CD4F21BCF387D97F9B5_4E6F055104377B531318FB7FFF3FE1CA

Filesize
544B

MD5
46a3ec31cd782415ccc0486ce465f159

SHA1
f0ecd873849bfffd80c419db2eee677392c5262f

SHA256
6f4bf62eed181a3d7a37f7f5bb953c4e0faa7c0ed171d8c7bc470d47b678ae24

SHA512
605a299d4169ff1097d44bfce1eb3452e466c3b80247757b08a7719c0130ce65d8d943a5219c8656d5351f13d4bc3d2cad146f2e4eb29803c4e10ac01772ace3

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\452e1bb7-2546-4b91-bd5a-06a6cb6148b1.tmp

Filesize
116KB

MD5
c7f2218ee3fd39837fd917b0f002a47a

SHA1
7c6ee5b9630f67cfd1d5c4a5dfab2ae6e9eebe72

SHA256
eaf310c086d0d76b0cd031b7d777ee8342ec3806f642caa4ef687aec893d6e9a

SHA512
ed5af8dd53f367bdd56fbde1f943a15ecdf199dc21be095856e2f2dc84d4da2880c69557bdc1cd0512558ebafcfb7f22e9157d718d75dcf83d6d966faa436ec3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\113642ed-8fe9-44c3-acd4-d27f60229b90.tmp

Filesize
9KB

MD5
38026e117235ab933913e0f61a0518e0

SHA1
c4e47ab4460e8565e8960631deda4ae03bebbe9a

SHA256
151a98631f98c59ef38db89cdab37fe22384d57427c85db445db690638edcc93

SHA512
bf56dd063694500a3fdbc497d2f5e0efe594c9be3082f98f8eddefa36f5ee348bab03963b44212bd0174e09e695430b96bf2a16fa877e4f11b0c2801fec6d6f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
5646d50019550114bbcf209132802e32

SHA1
5ccb65766252ce410a9ac4ed88c247d3761f1827

SHA256
36b36324bb0e77c2addfd26252f8fb0ab3b1e7f8337b876ce4a3aeb759bb1b54

SHA512
bb5fae07189d9f31671f61131a7f7802095ca7c21bade0a218884b94518bce7d1cfa5f3fba4794949a8138c11a5eb1a0c669bb81a86b52c33b77734f13802aa3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
e2afa11e5923639d476127b7e759b6c9

SHA1
946a201a4327b883cad357aaa1d3afb08f77c41b

SHA256
9fb14cee0b1768d97702577c6883e8d09c475a9fffbdca8185400f0165abfb1c

SHA512
85e8e7b5d3a5999e94e8006e6bba29c24d605fcd9925da163a25b8e600b17a63985eeb6ce16b6fce28d0d8f74c50dae7b8aa308f5513437ba222180ce6cd33fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
342425b9162c4a5174aa8611542e02bb

SHA1
de9f18003c29e20c00e8f707d2e8bde975cdcb7b

SHA256
cd8c8677b17712a5d22cd55a0be3378a6b3277e7407a690b03e243b8e415fa1c

SHA512
93091617c5f230d92fd5463a775a97a6a0dad3ab547eade099a801febcae129f8ae2a7356e7c9689a40c3535f4c39b9e49289ec7a866239b71d0e46e5ced0fff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
6c8548467661eaeb565a1bde7fe17f1c

SHA1
ecb99ede1105c88503d4371badf3e47caa1ad6ac

SHA256
c0a47e63dc0fee3311f5a943a30f53adc34b00d7bbf1b95391db62be94e6da09

SHA512
c5a3cec8edeed79eb818cd5bc3e30c90871005e8dc729f49c07358183104faf1389fe506d316557921760e065abc1585dd4f2c517c2dbe01ea1e4920798f4f7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
8e65a1e2c9e81e13ecf49262098aba1c

SHA1
8329b2bde19d3ae6a643936d261da45aa6493b22

SHA256
3d2accc0ae8864bc189fc275a8de7ead282f686a55904abd735567c56297ef7b

SHA512
5d168e27a54b9a5f5161f97c9e22878cd44a352e6b8d39b84e83c96f5d2a294f305c157bfcc3be70abb4a62c3c07ee2756df807fc9a87c5de01ebc80491a883a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
692B

MD5
44daa170626086563fca54a099c147a1

SHA1
04995b97e9161807d35ca83dc098e9b85c2f3bae

SHA256
e11404b76c757f8a859a657e3b75725d82cd41689625e6c2024a3ad4883c5c2f

SHA512
51f2253d661468c22b24cbc79c2a413ffb5f08862f8cd7a0fdb9fac28e9681094c846a9f1e6027d76d8f9e294744861499a83d7b2ac898b379a0279a902f6ea1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2fae10f29c74bfdcddc5efa8a5ea883e

SHA1
d18011044314b8ff834c9556e45ee34f4a0f5fc4

SHA256
eff9b88db79bbe90b5cc40c68f4b785645429aa9d0ed8179a77906e7e024861b

SHA512
25059dc657190530b3b9d58999eb5663dbd5f850389bc5d537c51e34fed888c9b569dabfbee001d2a627286c5fa79ed396a22aa21fa9e4ac797ae27e9b72bfe9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
65a04e202905f408696951f47330bc2c

SHA1
4997253b479695e6e690487745ea480ec74d7862

SHA256
ee1cb7f07bed88f895d5b2427d40817314ae9ea0d437799b67bdb19b9d7a47d2

SHA512
91cda1426790ce34699a4ddcd61cb728776b0823177fb53c0815d79aff1eda9e529eca61b69e88dc0480d791ded6fd035997edbbaf6f8d22742f1192cb6be710

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0fa1173b090f48d22226ae8c3f07784b

SHA1
db80b626bdb45a20e98607f573d74238226a661e

SHA256
e1d195e14c3c50df8afe9cecfc3cadc5be07cdd8da9c3d270862c0f74d31e5c0

SHA512
0f0026dc3503e82fcd74b74566c475593e43e9b317013ee1ef787de5ed983da0ffc04892f02ff67311827d7ada437a5945e48483697a675f572b5919ea5c2d46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bdeb592e6bcac507c5a232798b46ad49

SHA1
80b4baa3ad18f1bdf56983fdac7f1bb99a5b2c7d

SHA256
1d96bac7dc67c60dd0c845fc8f8c0d6afaf025c9beaf31cb8097e5391cb723e2

SHA512
98cebdffbfc34eb67b2bdf00805615f76aff563957e8bba4cdec58cbf62495b94654042dee90e4e8e1cb3ecd4acaa2bb2d7f4bffe84a22bb3d38ba356c75f9e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d586fd1d5a8e7b52c0d23adda715e071

SHA1
4bad8af99cfe04c00d0ceada8999659df946dc3b

SHA256
42ad403b743b5e05ac32c581c4eb7dc9aac46cc51f30acccad6767b8c0f2aa9e

SHA512
5987e3f5bdcdeebc0bd93ed197fb43fde89d5cb410300bdc08cd06da7132f9db7d5339678a7ea58c8398edf3e27113de3b88e16d39bdca9fb8e002f929d91087

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6286dd122fc7a2b822a40b7460ab3d56

SHA1
9da9775c3530a3c4f249fc7aa1c32d30940a1ff3

SHA256
dca460ba81091848d0660689b57b0e4430851d3edc5540d0b6d2dcb5cefbf015

SHA512
a56f23307f91cf578a247614cd6912c274b61a639892ef7dfd24fa3ed339134c759c5076024eee51046a4f7787df4a0b419f834e81bd24ad77c182d751f8a421

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0a20e329b606b6e44b8fc3fa28028dd1

SHA1
08c7cf5d1a8720bd117bef487f4d35fdff93c958

SHA256
2ac49457c53a798fe670312351bf11f540a195318de262e324a061224f41823f

SHA512
fedaad9c396d83789826c1380b72078fccbe98e3d6b9d904165aa6ab6032113402ed18e2ec869907c9de7f7a506a7431b604dc9727ddcddc3328586b1a71464f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6ffaf61540778b39f8c3ba1812681d49

SHA1
bb96a7948f1645a5cbe91c0f68a81c22c801773e

SHA256
dcea69b87f7925f3dcf4985ca89e092dbc8179c260e8869683549a3c22a2b247

SHA512
29fc7fdcf13085418c4423a1375a89d00a236a582ea12f0bdecf8f86ab30ccc2e97cb127aeb4a5f02c696561ee12b74a33754ce177fc113877a6715bc36bc392

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1818c289235495d790ece66ede54f7ab

SHA1
f3b7d26ed7b4c01764157b84e2feab7fc527459b

SHA256
abc11d3f05be793a4f365d5036780501191b99c0c57c70e42a2e0fad470aab32

SHA512
ce6a0f1c4a0b37b07e5f18427c277fded23c0fc1847908953ae82d5f4f47956e6be8e483012bbfad80e0cc132ee52923167d06fbb8c8bffd8ef5622026ab9d6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
1fa5d17b4cd8a98531862046cec42d67

SHA1
029aeef70897233320fb93ed85c9b5d8a79c9244

SHA256
8a46d55011374f0542b4a3eaa313c0ce9ea0da88bddf239826377177649a740a

SHA512
573de7abc1652ac5cb69ea3da3b8231af69de3d9fac13c54eeaf1180e6ce74f2915b5af4f8e18159cc112db33cee5fc2bedeb15b81e172ba44073b6d4a8e4d5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
a8cb16c56626e8c2d254ab513424d118

SHA1
ca88d4321f34a048d804ced130fbc0c1f59c66a6

SHA256
3f545df304ed205399b3870c0a41e0d59146767df3547566772c9a0893c15719

SHA512
2f0da4da6b13b745dbacbc0956afc0a1c573acc79914eaf0cb1bf4343f3c0fc88d02ab935ac34a74b93fb28caacb87d4cd46d7337d67b73c4ef5a855f8cd0adc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
df1666be57955421a54390d4a41b82ff

SHA1
174f04bebe662b678a93060266efaf7d17028620

SHA256
9c83c460643a6e85dab39c6a752b00f2dec6e2e50deaaca3f5302078421a30c6

SHA512
702fba134cb0bef782f5b9c07a58c88d489ceb1e09061c51f690d906a2b2f4268a97b0b65a1eb8e9cf6131bddf2713bfbc0ba9177bd8e1dcfe706edf18581bf8

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_4484\banner.jpg

Filesize
4KB

MD5
d5a55a78cd38f45256807c7851619b7d

SHA1
9d8269120d1d096e9ab0192348f3b8f81f5f73d9

SHA256
be83c8592906fd9651634b0823a2f45abe96aae082674568944c639b5b4a95dc

SHA512
959e7410e3006cfef9d14315e8741e34b6e81c4f9160c5d66f3abd77ce72f55f907ab3a0e500780b5c0e0e017e8639f135cc258976b4ab4b9d1aaed6242ce9f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_4484\dialog.jpg

Filesize
12KB

MD5
5f6253cff5a8b031bfb3b161079d0d86

SHA1
7645b13610583fb67247c74cf5af08ff848079e7

SHA256
36d9bab35d1e4b50045bf902f5d42b6f865488c75f6e60fc00a6cd6f69034ab0

SHA512
d1fdc364bedf931512000fbf05e854d5aceccb48abb9ec49e68476a5dc2907267490290d92acbb267ffb7bdba9b7a1c88f1eb77830cf953443f4624995dabdc3

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_4484\frame_bottom_left.bmp

Filesize
92B

MD5
0edd17e9905d463ce23fbae64563c8da

SHA1
2c26d30e1b7a5761f5048d9494349cafe40979d9

SHA256
237e098ed029198e9f7cfe71babd6bf9ff3962ed78a263dc7426ea663e601467

SHA512
fc358ad0f2e482ad51af201f2883259dfcf0d577db1be8cff2b9048f22827278cf0cb8a3f76475222d86be7e945ce9b34aa9b86fc625c908ffaea0ad6b1ea2c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_4484\frame_bottom_left_inactive.bmp

Filesize
92B

MD5
1b38ef93df0c5d4c6c2a10ca0115a28d

SHA1
17fa1779a66696f9ee1406da73133745eb4429dd

SHA256
4292ea3565b63946777d999352a1986e8f5950f1e8e51f030443f05dbdbde57d

SHA512
1b0b3c6fe0f359ae383d3d5b069341a900aff610e91d7752d4290fafe11ac73dff3ca349deb6599a6d358add4c769ae6cb05c2b751dbbce738bae4082167e8e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_4484\frame_bottom_mid.bmp

Filesize
68B

MD5
445b2b911b105ced9b1a3a5caaa594dd

SHA1
c326010a040a6d19837360907745a7a05982254f

SHA256
ecfc46e3ba63cc8d7de04134a271b171d9efd714e4ce9611115836a5b4518e63

SHA512
1ded63a90006bd2bfddb1de399d0cb483e52a94113e43b3099b6bf3dc7a9a0c7ae74249ebaa600d0d184615661f2ff557b62ed65f073bfaefc4f84e0cb420360

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_4484\frame_bottom_mid_inactive.bmp

Filesize
68B

MD5
7610648b8e31404e1621a7a5b510b86d

SHA1
d51d517a8472bfe40c469afa8869385d5a0e9783

SHA256
48837b62a6a6bc71359ff74bbe8a672d6b23cc30344c12e006698f069890a2b3

SHA512
24b03969fd28de9919d86609bec03e6ed732ed78b8e0de3f2fe5253180817d1471e3ed004abb5ecd91885b6281cef1b8e508e38e6f76fdcfb88a29e308ac78dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_4484\frame_bottom_right.bmp

Filesize
92B

MD5
c288357164d52b2cfd695c792074323b

SHA1
c8b7b1ddb78c929ad56d8bbd57ff5449afa04be3

SHA256
709d6fdbe00694f7dc115e923188f62cdc72d39e739280a1aff072d1a49d2674

SHA512
8d07e5c163c9e4b0d04a861e00be1f578d7a77c2f3eba80deb3895b2b354d4015ff1905a2dfcdccc1b8ec839359dcc302e09f753623aa7f0df212540ce8a56b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_4484\frame_bottom_right_inactive.bmp

Filesize
92B

MD5
2c84c848bbcd7bd57579d3431e8a363a

SHA1
5dc73f68798e73318d03979810bc00a4e94956d9

SHA256
f212b152d4647edcd36d2218713296afbf9ac5e86965c309df8f245fb89a06e3

SHA512
5af2bff30850458ef08340fe4ef9ae9e78d5ae1124c3a9dd365b6dd0e97a30ba079e466ec7f127485f5a89be7350d27371fee665b9d6214cd94532ed346effa3

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_4484\frame_caption.bmp

Filesize
144B

MD5
a8a4420fbe5dbe8fff5a4457fbdc0923

SHA1
4475046bf4a5b7af62099521d2a28df47eb14fc8

SHA256
4e504366b5a0b48020ee2e29beb17092010cedb50caa9a901bd6b2e921803582

SHA512
dac1a4fce6a95b965259eb7b92fa73bf532f3f2af929d5930538e16a2bab40d58384ea924ce63dac9235cb6e5585171a21b835ec2b2e359091bb2c7861263bc4

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_4484\frame_caption_inactive.bmp

Filesize
144B

MD5
3d8494dd57ae17b57726e6530fc60237

SHA1
09b19ee5fc72b2a07452ed242983c464e2ed5eb0

SHA256
196bf30cc41139ccaecb41584fcdc4a61842c246f81a3c7c4a6ba2a5bea4038c

SHA512
3e02e2c06c922ff58c7a6bb9e6b320e7e9a1dc70cd283986657b02ececf41219454a1d64b5fc02733744f1a2d31b507691b6854e362639ff943ad5e719238343

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_4484\frame_left.bmp

Filesize
68B

MD5
78e5adef0e9078c2a76ddea85c1c4dc4

SHA1
8da1ed8372eea6f5ce10154a52b5bd9bcbf1cc18

SHA256
84cf7696e5b73513bcf78b1611de3fac76e9f99cf9112dd9ea963850441b62fe

SHA512
a1f6ee057ad820ee4fe4bb9b9c7703da8bb9e47109ee384e828e6cb16cab7fc9a258e39d413ffdf40ca51e2275737f0b68acd32cf7c6577ee9d7740069a3da07

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_4484\frame_left_inactive.bmp

Filesize
68B

MD5
39cbd0b2cf89509c50ee74963f89f70d

SHA1
777755cb3e7eac9f8377552820dec7bf9d48fbfb

SHA256
a46d900fb1d3ba41e6f608587f4a4a414314f48a56cdca10716491415d38a07f

SHA512
8d4486150f12cf144d242735c9940c296deafffa4fd92029909f7b402c4f26f7b3e8ae9f2dfa5518edf5c8bfb6b622b6cbe3cd6ef39c4ec40eb601f3c51b310d

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_4484\frame_right.bmp

Filesize
68B

MD5
2e805b0982cda361e322e201df8cceff

SHA1
a199d51aac3ac44c62b7cf9afae22eea7932c63b

SHA256
c3f2a56930697c4db1ea99bad9f20d7b750f5795181a63eb608c57b7643edd22

SHA512
dade5a2dec58631d4f88129012ae941465397fb498ea52010b2c3abd1e7130d73d47c78bbea0a600b868bd655c2e2b1a141d683b20c7c01099f8e8f116659785

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_4484\frame_right_inactive.bmp

Filesize
68B

MD5
171e23cd227d985b89098c5cc632c144

SHA1
2349eca4f92e1d4dcc2d47bc3d166a7081a5485b

SHA256
c9d87fc1e021caf801e31e1359d3a13e1da0c484e3a21ea173d352f924e1a924

SHA512
d9ae5802b331b6b8f38e129bd1e4e07270b7469df2ddd627ef0d6dc7f1cf33f87c334de00ba35c3033108876291c67aefbf7b34b9434faa42c79a2aae6b4f036

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_4484\frame_top_left.bmp

Filesize
556B

MD5
d4757da90bf3a96d5ca1b7d8fedf0a1f

SHA1
c4be7503191c6926ad33853b05cc43ad87a6b1e8

SHA256
0e8b86d175526133e239a0a4dc6308c6b529d9b2db2e469ce5098a39f3432168

SHA512
b0fa9ac1b48e4c2d9e4289a65a4f8d46edeaaa5d43309089d67778ce72c72f2e352a792b10c24146c75e604f83158e5b0e665fc70df9886dfd4128f4b1fb2471

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_4484\frame_top_left_inactive.bmp

Filesize
556B

MD5
df94017171d579959895edc072d39120

SHA1
0c0facceafac06c603f125cc170973851796d961

SHA256
706d0ec93ab304f05f6d3b8b9da613ca404943e9dbff9061984b5417f15711f8

SHA512
2576993c63b702ee9c6428a7d2698f94d6b7afb5277b60a0f51979ab7494651ea68ed46c0448a6f7d6954455aec9dcf17755cf20e666a7267197adfd4d162a74

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_4484\frame_top_mid.bmp

Filesize
68B

MD5
440363d27344241cf3574cdc43cca3d5

SHA1
cdeb4f94ae64c5bbe4740c3773e9ea8c8502cac2

SHA256
358fe1e6b51dd850c2463506d20d341b6ac09194ce0844734cd5386a4d82692b

SHA512
4f7edee0f1e294995785f792ed03b74991c8cf8a750e996477fc8590e0645187fe9201bc4847cb4fcb790bdaff0ba29c4fdc7f7a088180514583eb3fda29c58d

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_4484\frame_top_mid_inactive.bmp

Filesize
68B

MD5
fc284f137a181d626cbfb9b980265a14

SHA1
af1dc42b8706f65e80b5aa021da38e7c48bf5ac5

SHA256
ebf14004abb9171efb791d5ed78d6f028f09775ec047bfe2bd9a3ad4dc431a0c

SHA512
aab8700806a42877b1b09379a606d49426cd0fa62c0856cc64bccfec6ed1e67130a908fb8d4feba6c6d1b8d530a5acb380fad9d6ed1a170103d3a90a35a788fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_4484\frame_top_right.bmp

Filesize
556B

MD5
50656c6f33cb1490eee92cfcf2f4fa80

SHA1
ca5a3fe9b1f6130e6452cedf5d3734781f6e150b

SHA256
ef8fc7a18af77fed42bf20fd640543b0cfaf312a4c9dfc0c2f35ce1af9ae58e9

SHA512
b8e2e2945fcb5699e063bfdad3fc6ae72be96bf342883dc60b8ac81c4143888aa23ccf237b935f56b5f586afe4772eda39b443e0797385ed358638cb7052eec6

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_4484\frame_top_right_inactive.bmp

Filesize
556B

MD5
4178d84d2cd986063d2a7c91c57295d2

SHA1
fc5ea9402cd9c325716a2b79d070ac3e756c9f2f

SHA256
5365b988c102e46f73418ec36e0de5b1749c2080c3d2da660c507a9c505f333e

SHA512
aca1ca7e16049adf1b26dc8d26e99461069fd133587e748012347e66eef9bdb90fda0d197c86334667cc04b0289cfbe8fe8727eabf3bde9827a1066a71133a32

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_4484\sys_min_down.bmp

Filesize
1KB

MD5
ba8de1a4fb2e3ca280cd7a3f72d28bcd

SHA1
4bcb1fbe1390eb0101df72725b34e364ec0cc551

SHA256
a3f47f44ad19a5e5b42204da311a883025f4f7d951bbd427edb3a20d759fc5e8

SHA512
dfc97335a12e1b33209e2dac7f222dbea7f71b93bcd6e4689dd409cbab6096c78210527f1abe0c3bb00bbe5cb38b3691b9355aa04d92975c3348b2096c141407

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_4484\sys_min_hot.bmp

Filesize
1KB

MD5
02f22afae35430f2092e77bf1ca577b0

SHA1
91f97b9e65a972da62fa1f1254b6d1ef1f0e80b8

SHA256
d36ecf7b57c82496e41f7f5f36fcf21be7f0c061b999c5662f18530909ab6542

SHA512
fae0d6e818c987ef1c7829301b39da098e4766b4a33bac04a7b4d42e68a3b6df3d3a6b4c3e29d31bc0cb48b541c8316d4ecc3216f6c2aa7827e2df5aa1a57786

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_4484\sys_min_inactive.bmp

Filesize
1KB

MD5
216e32733b99d128ba7b1de8748a5d12

SHA1
2b857cb52ce605e9b8470683468bf331a86a042d

SHA256
f856a6e498ef981476b85590200b3cba06b04c80329b434c1a3f89ba7c7240a3

SHA512
3ce39384e4e0138fcf1048819543ba6c6353ae32b597d64c06024f7bf63901d69d23ecf07fd6f754c56e5115a4dcabdb680bd98df86db5d8c729552f80be9d37

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_4484\sys_min_normal.bmp

Filesize
1KB

MD5
eeda62be091f6ef68d9ba7d76c9cfd84

SHA1
822372b556a550dd93f931b1d115c888d611fd20

SHA256
3c746ad942bdd0a9b95414f80cd0e20c32251601a9d579bbdfdab6c9ad7414f8

SHA512
ee394717a1191ed3556ff9359d35861a475a96a14e4026f304d42156e357ec564522333ea745e90bfdcd2ee1a85a01316999ef9b601bdac47b6ed7015f0c8e14

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI6525.tmp

Filesize
588KB

MD5
b7a6a99cbe6e762c0a61a8621ad41706

SHA1
92f45dd3ed3aaeaac8b488a84e160292ff86281e

SHA256
39fd8d36f8e5d915ad571ea429db3c3de6e9c160dbea7c3e137c9ba4b7fd301d

SHA512
a17e4512d906599b7f004ebb2f19ee2566ee93c2c18114ac05b0a0115a8c481592788f6b97da008795d5c31fb8d819ac82a5097b1792248319139c3face45642

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI65F2.tmp

Filesize
1.1MB

MD5
8e3862ecc7a591df93cb916906eae863

SHA1
1c9f1f80be421f8c87662b5ab11749dd7604fcf2

SHA256
b980c67b11cc39f006535303151273749e4ca69dd370cf45b6110a0b5af77b68

SHA512
5d58c26f1f4ed448578e118c526a67159284e68b58062a0ff74492a38785fc94608ca09aadb5473f66dd0161fccdbad3ea4a2ed5c65396bef5e3d6572ac607ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_flmoome2.3eq.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\shi6CA6.tmp

Filesize
5.0MB

MD5
b40e4304f279119d9345be970babce41

SHA1
f76f5b30e7c333efcba1d4e19215ef1fd21d6943

SHA256
06285446d57089fe85b3b6127bbc92508773af458ad5cf20abf4570d41c0fee7

SHA512
ad7e6b30b3ba32d641737f499874f23ccda7c4539def0465d1723d579c79c5e3e981df8526d31f2eb79dc0fe572eb4b71a780eb63df11170d4b6a0786f588299

Download Submit
C:\Users\Admin\AppData\Local\Temp\{419A8FA6-AC6C-4F9F-8D6F-9E6BD143F1FD}\ChromniusPublic.msi

Filesize
3.6MB

MD5
d26c9b053fc4900e20bfae0e7940010d

SHA1
a292adf38d19e5d3aa95d3ad861d22b339df4926

SHA256
a1bcbd4fc0141c45887fa1a1ab72cc5962140690cb102b9fa72c84b0137fefe6

SHA512
938b6fcaddd9a6aad5839a987a237c665c04a43bc28a32aafbf2b287934ff831dda584ec6f12e5dc8482700e640abfe28cc787d8c5cea2efc4e8d818f2cff3b1

Download Submit
C:\Users\Admin\Downloads\Setup.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 912531.crdownload

Filesize
6.9MB

MD5
06da5e36cab8aa9ceef50ceb2e48c026

SHA1
6f5da5c57900190e59e1a04fa3f854dc0caf0ca3

SHA256
94587b41a0eb5e2c592976fa283b0bfc0ef2e2c5cec24bba298cda0eb67270de

SHA512
421d21f891e8e937c1ceedd342ce73e0ef59d2bb6155ab95cd0e18be7b2c6d9c111dff299cecb4eec7a57155ef2b5229d71fbd6fd4ccef62f34fb96ea3c96ffa

Download Submit
C:\Windows\Installer\MSIB144.tmp

Filesize
736KB

MD5
8dd026145833182777a182a646df81f3

SHA1
4f5cb840193eea97df088c83a794fb6e8f67ab07

SHA256
3071af6be43a2611db45205f0d3f1f25aba05acf5f70992fce2fffd63ee9c85d

SHA512
f6c860bf563a24c046a7d76a6bc1e2f6bbfc80a87ac4513de331049f35198dcbbdbb5be7f5d49100e1d1c8ab680ecf3eaaa4fdb8f744c9fd5479a1ba64079391

Download Submit
C:\Windows\Installer\MSIB26F.tmp

Filesize
649KB

MD5
6ea44a4959ff6754793eabf80eb134d6

SHA1
fac049850ca944ec17cda0c20dfbc3a30f348611

SHA256
7a23e492658e6d38873f3ad82f41ec1fa45102da59fa8d87595d85dafca6fa98

SHA512
e620835985a8ef03a55af210d156f9dfa6313d4c36131ea17fdad9b6acab37214041535efe99b7a33355ce8d5ff88e0c1ed10719726f4a23b51650cf7b15ae13

Download Submit
C:\Windows\SystemTemp\pssB4AF.ps1

Filesize
40KB

MD5
829dbb67cd4e66d33e18972457fc673f

SHA1
89279208cd65c5a701e1b123626dc67f3f892867

SHA256
2732a84d856a2928bdc75aba742f19c3018404a607b16f5af1942028d72557b4

SHA512
6d679e3cec0e6430a4cdfc0737d894c8e4d8ee1ed65b3c41c184c8af08b94d29ba9dcbb8bc51d6ef3b04cca5b179b5543eddffd7609a56740680e78084e3562b

Download Submit
C:\Windows\SystemTemp\scrB46E.ps1

Filesize
34KB

MD5
5bd9fc52e06f5784b50dec2367058270

SHA1
54963a0b476186b862a73cdad0df0bb11632b10c

SHA256
c3f34b43ff6d95bd0817ddf6ea2b21bdebd3dfde572c6feb3bd4cf842a57d8cf

SHA512
a990ab30279a91a74c4a529374d0f7625f2f8e1a42a92ac3f5894c13d3894ef708d147fd37df2306fa3d2332b95e2c0b852bb9fca4a672a6fc2a260aa80c58de

Download Submit
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

Filesize
24.6MB

MD5
a40694413f9780e88c991ccffb47b099

SHA1
94f7f7b8f563f0717335e8d909ed4b804ba46743

SHA256
4ef5e681242db94b9b7c7583b9458d8f441506c5f0518b6a0e755439f1d2c0a2

SHA512
49d1e9c45d89127e9a40b934a15e0585fcb950ff7f8347860b85c1c626fbed251854bc7297e0204703d51e8a69c721c7c3ff742e8d6b7ab49d51d5a38848ec2f

Download Submit
\??\Volume{fc95478e-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{42424838-e2d0-4eb2-95cb-1b8a1a302893}_OnDiskSnapshotProp

Filesize
6KB

MD5
47b09cf02e70d4e5b3a4cfb0b2aa3e84

SHA1
0cd4476ceb2973ae98206343973aaf6e103f6511

SHA256
2781feb7199a7c7a2ab96bac071a235ec083d938c624b2a0ad8fca971d2dbda2

SHA512
a075ace0573d73f53b55e70be34678a0286c657c511e8afb41432ee594de05d03e4cf2bac1834ccb5a8cef480080610c285f81d555a627e1784e2931b0f4a4c2

Download Submit
\??\pipe\crashpad_2480_RPZWWZJLEKGVMIAO

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/3612-564-0x000002C0DA820000-0x000002C0DA842000-memory.dmp

Filesize
136KB

Download