hxxps://1fichier[.]com/?tmdm0n8jfdp44gwomdrp&af=62851

Analysis

max time kernel
1047s
max time network
1146s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
23-12-2024 14:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://1fichier.com/?tmdm0n8jfdp44gwomdrp&af=62851

Score

7^/10

microsoft discovery persistence phishing privilege_escalation

Malware Config

Signatures

A potential corporate email address has been identified in the URL: =@L
phishing
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 13 IoCs

pid	Process
4592	SuperMeatBoy.exe
5804	SuperMeatBoy.exe
5156	SuperMeatBoy.exe
6108	DXSETUP.exe
4860	infinst.exe
4616	infinst.exe
180	infinst.exe
1940	infinst.exe
5344	SuperMeatBoy.exe
956	SuperMeatBoy.exe
4036	vcredist_x64.exe
2216	install.exe
1028	SuperMeatBoy.exe

Loads dropped DLL 16 IoCs

pid	Process
4592	SuperMeatBoy.exe
5804	SuperMeatBoy.exe
5156	SuperMeatBoy.exe
6108	DXSETUP.exe
6108	DXSETUP.exe
6108	DXSETUP.exe
6108	DXSETUP.exe
6108	DXSETUP.exe
6108	DXSETUP.exe
6108	DXSETUP.exe
6108	DXSETUP.exe
1852	regsvr32.exe
5344	SuperMeatBoy.exe
956	SuperMeatBoy.exe
2216	install.exe
1028	SuperMeatBoy.exe

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Videos\Captures\desktop.ini	svchost.exe

Enumerates connected drives 3 TTPs 48 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\J:	install.exe
File opened (read-only)	\??\O:	install.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\F:	install.exe
File opened (read-only)	\??\B:	install.exe
File opened (read-only)	\??\I:	install.exe
File opened (read-only)	\??\W:	install.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\E:	install.exe
File opened (read-only)	\??\L:	install.exe
File opened (read-only)	\??\Q:	install.exe
File opened (read-only)	\??\S:	install.exe
File opened (read-only)	\??\V:	install.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\G:	install.exe
File opened (read-only)	\??\K:	install.exe
File opened (read-only)	\??\U:	install.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\H:	install.exe
File opened (read-only)	\??\R:	install.exe
File opened (read-only)	\??\X:	install.exe
File opened (read-only)	\??\Z:	install.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\A:	install.exe
File opened (read-only)	\??\N:	install.exe
File opened (read-only)	\??\P:	install.exe
File opened (read-only)	\??\T:	install.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\M:	install.exe
File opened (read-only)	\??\Y:	install.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe

Network Service Discovery 1 TTPs 3 IoCs

Attempt to gather information on host's network.

discovery

Network Service Discovery

T1046

pid	Process
1980	GameBarPresenceWriter.exe
4928	GameBarPresenceWriter.exe
3624	GameBarPresenceWriter.exe

Detected potential entity reuse from brand MICROSOFT.
phishing microsoft

Drops file in System32 directory 30 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\SET2310.tmp	infinst.exe
File opened for modification	C:\Windows\SysWOW64\SET235E.tmp	DXSETUP.exe
File created	C:\Windows\SysWOW64\SET241A.tmp	DXSETUP.exe
File opened for modification	C:\Windows\SysWOW64\SET2504.tmp	DXSETUP.exe
File opened for modification	C:\Windows\SysWOW64\XAudio2_6.dll	DXSETUP.exe
File opened for modification	C:\Windows\SysWOW64\xinput1_3.dll	DXSETUP.exe
File created	C:\Windows\system32\SET2310.tmp	infinst.exe
File opened for modification	C:\Windows\SysWOW64\SET241A.tmp	DXSETUP.exe
File opened for modification	C:\Windows\system32\XAPOFX1_4.dll	infinst.exe
File created	C:\Windows\SysWOW64\SET22E1.tmp	DXSETUP.exe
File created	C:\Windows\system32\SET2591.tmp	infinst.exe
File created	C:\Windows\system32\SET2592.tmp	infinst.exe
File opened for modification	C:\Windows\system32\xinput1_3.dll	infinst.exe
File created	C:\Windows\system32\SET23CC.tmp	infinst.exe
File opened for modification	C:\Windows\system32\SET24B6.tmp	infinst.exe
File opened for modification	C:\Windows\SysWOW64\D3DX9_42.dll	DXSETUP.exe
File opened for modification	C:\Windows\SysWOW64\D3DCompiler_42.dll	DXSETUP.exe
File opened for modification	C:\Windows\system32\SET2592.tmp	infinst.exe
File opened for modification	C:\Windows\SysWOW64\SET2524.tmp	DXSETUP.exe
File opened for modification	C:\Windows\system32\XAudio2_6.dll	infinst.exe
File opened for modification	C:\Windows\system32\SET2591.tmp	infinst.exe
File opened for modification	C:\Windows\SysWOW64\SET22E1.tmp	DXSETUP.exe
File created	C:\Windows\SysWOW64\SET235E.tmp	DXSETUP.exe
File opened for modification	C:\Windows\system32\SET23CC.tmp	infinst.exe
File created	C:\Windows\system32\SET24B6.tmp	infinst.exe
File created	C:\Windows\SysWOW64\SET2504.tmp	DXSETUP.exe
File opened for modification	C:\Windows\system32\D3DCompiler_42.dll	infinst.exe
File opened for modification	C:\Windows\SysWOW64\XAPOFX1_4.dll	DXSETUP.exe
File opened for modification	C:\Windows\system32\D3DX9_42.dll	infinst.exe
File created	C:\Windows\SysWOW64\SET2524.tmp	DXSETUP.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\InstallTemp\20241223142513117.0\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_0296e955.manifest	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20241223142513117.1\mfc90u.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20241223142513148.0\9.0.21022.8.policy	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\153AA053AF120723B8A73845437E66DA\9.0.21022\FL_msdia71_dll_2_60035_amd64_ln.3643236F_FC70_11D3_A536_0090278A1BB8	msiexec.exe
File opened for modification	C:\Windows\WinSxS\InstallTemp\20241223142513163.0	msiexec.exe
File opened for modification	C:\Windows\Logs\DirectX.log	infinst.exe
File created	C:\Windows\WinSxS\InstallTemp\20241223142513148.1\9.0.21022.8.cat	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20241223142513132.1\amd64_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_1ece11b1.manifest	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20241223142513117.1\mfcm90.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20241223142513132.1\vcomp90.dll	msiexec.exe
File opened for modification	C:\Windows\WinSxS\InstallTemp\20241223142513148.0	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20241223142513101.0\amd64_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_6336d6c9.cat	msiexec.exe
File opened for modification	C:\Windows\WinSxS\InstallTemp\20241223142513132.0	msiexec.exe
File created	C:\Windows\Installer\e5c7f5d.msi	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20241223142513132.0\mfc90ita.dll	msiexec.exe
File opened for modification	C:\Windows\WinSxS\InstallTemp\20241223142513132.2	msiexec.exe
File opened for modification	C:\Windows\WinSxS\InstallTemp\20241223142513117.1	msiexec.exe
File created	C:\Windows\Installer\e5c7f59.msi	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20241223142513132.0\mfc90esp.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20241223142513132.0\mfc90fra.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20241223142513148.1\9.0.21022.8.policy	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20241223142513163.1\9.0.21022.8.policy	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20241223142513132.0\mfc90deu.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20241223142513132.0\mfc90chs.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20241223142513132.0\mfc90enu.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20241223142513117.0\msvcp90.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20241223142513132.2\9.0.21022.8.policy	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\153AA053AF120723B8A73845437E66DA\9.0.21022	msiexec.exe
File opened for modification	C:\Windows\DirectX.log	infinst.exe
File created	C:\Windows\WinSxS\InstallTemp\20241223142513117.1\amd64_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d37d5c5a.manifest	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20241223142513132.0\amd64_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_43fdd01a.manifest	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20241223142513132.0\mfc90cht.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20241223142513163.0\9.0.21022.8.cat	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20241223142513132.0\mfc90esn.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20241223142513148.0\9.0.21022.8.cat	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI81BA.tmp	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20241223142513117.1\amd64_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d37d5c5a.cat	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20241223142513132.0\amd64_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_43fdd01a.cat	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\153AA053AF120723B8A73845437E66DA	msiexec.exe
File opened for modification	C:\Windows\Logs\DirectX.log	infinst.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\SourceHash{350AA351-21FA-3270-8B7A-835434E766AD}	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20241223142513163.1\9.0.21022.8.cat	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\153AA053AF120723B8A73845437E66DA\9.0.21022\FL_msdia71_dll_2_60035_amd64_ln.3643236F_FC70_11D3_A536_0090278A1BB8	msiexec.exe
File opened for modification	C:\Windows\WinSxS\InstallTemp\20241223142513132.1	msiexec.exe
File opened for modification	C:\Windows\WinSxS\InstallTemp\20241223142513163.1	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20241223142513117.0\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_0296e955.cat	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20241223142513132.1\amd64_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_1ece11b1.cat	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20241223142513132.2\9.0.21022.8.cat	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20241223142513101.0\amd64_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_6336d6c9.manifest	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20241223142513132.0\mfc90jpn.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20241223142513132.0\mfc90kor.dll	msiexec.exe
File opened for modification	C:\Windows\Logs\DirectX.log	infinst.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20241223142513117.1\mfc90.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20241223142513117.1\mfcm90u.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20241223142513117.0\msvcm90.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20241223142513117.0\msvcr90.dll	msiexec.exe
File opened for modification	C:\Windows\WinSxS\InstallTemp\20241223142513117.0	msiexec.exe
File opened for modification	C:\Windows\Logs\DirectX.log	DXSETUP.exe
File opened for modification	C:\Windows\WinSxS\InstallTemp\20241223142513148.1	msiexec.exe
File opened for modification	C:\Windows\WinSxS\InstallTemp\20241223142513101.0	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20241223142513101.0\atl90.dll	msiexec.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DXSETUP.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vcredist_x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SuperMeatBoy.exe

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 000000000400000041ba55ff39bb976e0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff00000000270101000008000041ba55ff0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff00000000070001000068090041ba55ff000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d41ba55ff000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00000000000000000000000041ba55ff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 6 IoCs

description	ioc	Process
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133794372010546375"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4050598569-1597076380-177084960-1000\{172139E6-98D9-413E-B51B-3CA1684627C8}	svchost.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4050598569-1597076380-177084960-1000\{5824384D-FF03-4E70-A8F9-E9CC160629AF}	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3eda9b49-2085-498b-9bb2-39a6778493de}	DXSETUP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\policy.9.0.Microsoft.VC90.MFC,version="9.0.21022.8",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="amd64",type="win32-policy" = 5d002c0026002700350038004c007600350034005b0053006e003100430058006800300067006000460054005f00560043005f005200650064006900730074005f004d00460043005f007800360034003e0035005b006f004f006f00390031007900520036006e0052005a00640078006d006a0043003d00330000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\41A387AA3A7A33D3590FA953D1350011	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\153AA053AF120723B8A73845437E66DA\SourceList\Net	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{e48c5a3f-93ef-43bb-a092-2c7ceb946f27}\InProcServer32\ = "C:\\Windows\\SysWow64\\XAudio2_6.dll"	DXSETUP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{e48c5a3f-93ef-43bb-a092-2c7ceb946f27}\InProcServer32\ThreadingModel = "Both"	DXSETUP.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\Microsoft.VC90.MFC,version="9.0.21022.8",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="amd64",type="win32" = 5d002c0026002700350038004c007600350034005b0053006e003100430058006800300067006000460054005f00560043005f005200650064006900730074005f004d00460043005f007800360034003e0060002e00490063006800320063006200470038006d007500270026005a0041006e007e006a00310000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\153AA053AF120723B8A73845437E66DA\SourceList\LastUsedSource = "n;1;f:\\e93bf666c0b769756024\\"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\153AA053AF120723B8A73845437E66DA\Version = "151015966"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\153AA053AF120723B8A73845437E66DA\SourceList	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings	chrome.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{cecec95a-d894-491a-bee3-5e106fb59f2d}\ = "AudioReverb"	DXSETUP.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\Microsoft.VC90.CRT,version="9.0.21022.8",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="amd64",type="win32" = 5d002c0026002700350038004c007600350034005b0053006e003100430058006800300067006000460054005f00560043005f005200650064006900730074005f004300520054005f007800360034003e00360072005d00350048005e007e0030002e003800750042002900660038004d007d0049004c006b0000000000	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\Microsoft.VC90.OpenMP,version="9.0.21022.8",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="amd64",type="win32" = 5d002c0026002700350038004c007600350034005b0053006e003100430058006800300067006000460054005f00560043005f005200650064006900730074005f004f00700065006e004d0050005f007800360034003e0046007600590040003f00320068006c002400340067002c005100500041006500340077007500500000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\153AA053AF120723B8A73845437E66DA\VC_RED_enu_amd64_net_SETUP	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\153AA053AF120723B8A73845437E66DA\FT_VC_Redist_ATL_x64 = "VC_Redist_12222_amd64_enu"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3eda9b49-2085-498b-9bb2-39a6778493de}\InProcServer32\ = "C:\\Windows\\SysWow64\\XAudio2_6.dll"	DXSETUP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{cecec95a-d894-491a-bee3-5e106fb59f2d}	regsvr32.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\policy.9.0.Microsoft.VC90.CRT,version="9.0.21022.8",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="amd64",type="win32-policy" = 5d002c0026002700350038004c007600350034005b0053006e003100430058006800300067006000460054005f00560043005f005200650064006900730074005f004300520054005f007800360034003e0068002d004600730076005b006a0043004e0033007200550045005e004c002700530035003900370000000000	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\policy.9.0.Microsoft.VC90.OpenMP,version="9.0.21022.8",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="amd64",type="win32-policy" = 5d002c0026002700350038004c007600350034005b0053006e003100430058006800300067006000460054005f00560043005f005200650064006900730074005f004f00700065006e004d0050005f007800360034003e0041004c00620021007a0058004d007a0062003600460056005b002c0078004700520039003d00310000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\153AA053AF120723B8A73845437E66DA	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\153AA053AF120723B8A73845437E66DA\SourceList\Net\1 = "f:\\e93bf666c0b769756024\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{cecec95a-d894-491a-bee3-5e106fb59f2d}\ = "AudioReverb"	regsvr32.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\Microsoft.VC90.ATL,version="9.0.21022.8",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="amd64",type="win32" = 5d002c0026002700350038004c007600350034005b0053006e003100430058006800300067006000460054005f00560043005f005200650064006900730074005f00410054004c005f007800360034003e005000370066005200310029007d005f007000330046002e00370041003600700048006b007e00520000000000	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\policy.9.0.Microsoft.VC90.MFCLOC,version="9.0.21022.8",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="amd64",type="win32-policy" = 5d002c0026002700350038004c007600350034005b0053006e003100430058006800300067006000460054005f00560043005f005200650064006900730074005f004d00460043004c004f0043005f007800360034003e004500330045003d00210033004300620050003500360045002b00260028005f004900670039006a0000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\153AA053AF120723B8A73845437E66DA\Servicing_Key	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\153AA053AF120723B8A73845437E66DA\SourceList\Media	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{e48c5a3f-93ef-43bb-a092-2c7ceb946f27}\InProcServer32	DXSETUP.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\policy.9.0.Microsoft.VC90.ATL,version="9.0.21022.8",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="amd64",type="win32-policy" = 5d002c0026002700350038004c007600350034005b0053006e003100430058006800300067006000460054005f00560043005f005200650064006900730074005f00410054004c005f007800360034003e00460050005100510043005900300059004b0035007e0034005f0079006d002500600026004300610000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\153AA053AF120723B8A73845437E66DA\FT_VC_Redist_MFC_x64 = "VC_Redist_12222_amd64_enu"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3eda9b49-2085-498b-9bb2-39a6778493de}\InProcServer32\ = "C:\\Windows\\system32\\XAudio2_6.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\153AA053AF120723B8A73845437E66DA\FT_VC_Redist_CRT_x64 = "VC_Redist_12222_amd64_enu"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\Microsoft.VC90.MFCLOC,version="9.0.21022.8",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="amd64",type="win32" = 5d002c0026002700350038004c007600350034005b0053006e003100430058006800300067006000460054005f00560043005f005200650064006900730074005f004d00460043004c004f0043005f007800360034003e006700590079005b0045006c00260045006a003500490068006000570046005a005d0066002d00380000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\153AA053AF120723B8A73845437E66DA\FT_VC_Redist_OpenMP_x64 = "VC_Redist_12222_amd64_enu"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\153AA053AF120723B8A73845437E66DA\SourceList\Media\DiskPrompt = "[1]"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\153AA053AF120723B8A73845437E66DA\SourceList\Media\1 = ";1"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3eda9b49-2085-498b-9bb2-39a6778493de}\InProcServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{e48c5a3f-93ef-43bb-a092-2c7ceb946f27}\ = "AudioVolumeMeter"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\153AA053AF120723B8A73845437E66DA\AdvertiseFlags = "388"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{cecec95a-d894-491a-bee3-5e106fb59f2d}\InProcServer32\ThreadingModel = "Both"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\153AA053AF120723B8A73845437E66DA	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\41A387AA3A7A33D3590FA953D1350011\153AA053AF120723B8A73845437E66DA	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{cecec95a-d894-491a-bee3-5e106fb59f2d}	DXSETUP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{e48c5a3f-93ef-43bb-a092-2c7ceb946f27}\InProcServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4050598569-1597076380-177084960-1000\{C8BBD654-8D4E-4922-9343-637DF33BF670}	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\153AA053AF120723B8A73845437E66DA\ProductName = "Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\153AA053AF120723B8A73845437E66DA\DeploymentFlags = "3"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\153AA053AF120723B8A73845437E66DA\SourceList\PackageName = "vc_red.msi"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{e48c5a3f-93ef-43bb-a092-2c7ceb946f27}	DXSETUP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3eda9b49-2085-498b-9bb2-39a6778493de}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3eda9b49-2085-498b-9bb2-39a6778493de}\ = "XAudio2"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\153AA053AF120723B8A73845437E66DA\Language = "1033"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\153AA053AF120723B8A73845437E66DA\InstanceType = "0"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\153AA053AF120723B8A73845437E66DA\AuthorizedLUAApp = "1"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\153AA053AF120723B8A73845437E66DA\Clients = 3a0000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3eda9b49-2085-498b-9bb2-39a6778493de}\InProcServer32	DXSETUP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{cecec95a-d894-491a-bee3-5e106fb59f2d}\InProcServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{cecec95a-d894-491a-bee3-5e106fb59f2d}\InProcServer32\ = "C:\\Windows\\system32\\XAudio2_6.dll"	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings	chrome.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3eda9b49-2085-498b-9bb2-39a6778493de}\ = "XAudio2"	DXSETUP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{cecec95a-d894-491a-bee3-5e106fb59f2d}\InProcServer32\ThreadingModel = "Both"	DXSETUP.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4136	chrome.exe
4136	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
112	chrome.exe
112	chrome.exe
4884	msiexec.exe
4884	msiexec.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 62 IoCs

pid	Process
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
112	chrome.exe
112	chrome.exe
112	chrome.exe
112	chrome.exe
112	chrome.exe
112	chrome.exe
112	chrome.exe
112	chrome.exe
112	chrome.exe
112	chrome.exe
112	chrome.exe
112	chrome.exe
112	chrome.exe
112	chrome.exe
112	chrome.exe
112	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
112	chrome.exe
112	chrome.exe
112	chrome.exe
112	chrome.exe
112	chrome.exe
112	chrome.exe
112	chrome.exe
112	chrome.exe
112	chrome.exe
112	chrome.exe
112	chrome.exe
112	chrome.exe
112	chrome.exe
112	chrome.exe
112	chrome.exe
112	chrome.exe
112	chrome.exe
112	chrome.exe
112	chrome.exe
112	chrome.exe
112	chrome.exe
112	chrome.exe
112	chrome.exe
112	chrome.exe

Suspicious use of SetWindowsHookEx 15 IoCs

pid	Process
5804	SuperMeatBoy.exe
2024	OpenWith.exe
5156	SuperMeatBoy.exe
1984	OpenWith.exe
6108	DXSETUP.exe
4860	infinst.exe
4616	infinst.exe
180	infinst.exe
1940	infinst.exe
956	SuperMeatBoy.exe
5308	OpenWith.exe
4036	vcredist_x64.exe
2216	install.exe
1028	SuperMeatBoy.exe
4060	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4136 wrote to memory of 2352	4136	chrome.exe	82
PID 4136 wrote to memory of 2352	4136	chrome.exe	82
PID 4136 wrote to memory of 2480	4136	chrome.exe	83
PID 4136 wrote to memory of 2480	4136	chrome.exe	83
PID 4136 wrote to memory of 2480	4136	chrome.exe	83
PID 4136 wrote to memory of 2480	4136	chrome.exe	83
PID 4136 wrote to memory of 2480	4136	chrome.exe	83
PID 4136 wrote to memory of 2480	4136	chrome.exe	83
PID 4136 wrote to memory of 2480	4136	chrome.exe	83
PID 4136 wrote to memory of 2480	4136	chrome.exe	83
PID 4136 wrote to memory of 2480	4136	chrome.exe	83
PID 4136 wrote to memory of 2480	4136	chrome.exe	83
PID 4136 wrote to memory of 2480	4136	chrome.exe	83
PID 4136 wrote to memory of 2480	4136	chrome.exe	83
PID 4136 wrote to memory of 2480	4136	chrome.exe	83
PID 4136 wrote to memory of 2480	4136	chrome.exe	83
PID 4136 wrote to memory of 2480	4136	chrome.exe	83
PID 4136 wrote to memory of 2480	4136	chrome.exe	83
PID 4136 wrote to memory of 2480	4136	chrome.exe	83
PID 4136 wrote to memory of 2480	4136	chrome.exe	83
PID 4136 wrote to memory of 2480	4136	chrome.exe	83
PID 4136 wrote to memory of 2480	4136	chrome.exe	83
PID 4136 wrote to memory of 2480	4136	chrome.exe	83
PID 4136 wrote to memory of 2480	4136	chrome.exe	83
PID 4136 wrote to memory of 2480	4136	chrome.exe	83
PID 4136 wrote to memory of 2480	4136	chrome.exe	83
PID 4136 wrote to memory of 2480	4136	chrome.exe	83
PID 4136 wrote to memory of 2480	4136	chrome.exe	83
PID 4136 wrote to memory of 2480	4136	chrome.exe	83
PID 4136 wrote to memory of 2480	4136	chrome.exe	83
PID 4136 wrote to memory of 2480	4136	chrome.exe	83
PID 4136 wrote to memory of 2480	4136	chrome.exe	83
PID 4136 wrote to memory of 1116	4136	chrome.exe	84
PID 4136 wrote to memory of 1116	4136	chrome.exe	84
PID 4136 wrote to memory of 4144	4136	chrome.exe	85
PID 4136 wrote to memory of 4144	4136	chrome.exe	85
PID 4136 wrote to memory of 4144	4136	chrome.exe	85
PID 4136 wrote to memory of 4144	4136	chrome.exe	85
PID 4136 wrote to memory of 4144	4136	chrome.exe	85
PID 4136 wrote to memory of 4144	4136	chrome.exe	85
PID 4136 wrote to memory of 4144	4136	chrome.exe	85
PID 4136 wrote to memory of 4144	4136	chrome.exe	85
PID 4136 wrote to memory of 4144	4136	chrome.exe	85
PID 4136 wrote to memory of 4144	4136	chrome.exe	85
PID 4136 wrote to memory of 4144	4136	chrome.exe	85
PID 4136 wrote to memory of 4144	4136	chrome.exe	85
PID 4136 wrote to memory of 4144	4136	chrome.exe	85
PID 4136 wrote to memory of 4144	4136	chrome.exe	85
PID 4136 wrote to memory of 4144	4136	chrome.exe	85
PID 4136 wrote to memory of 4144	4136	chrome.exe	85
PID 4136 wrote to memory of 4144	4136	chrome.exe	85
PID 4136 wrote to memory of 4144	4136	chrome.exe	85
PID 4136 wrote to memory of 4144	4136	chrome.exe	85
PID 4136 wrote to memory of 4144	4136	chrome.exe	85
PID 4136 wrote to memory of 4144	4136	chrome.exe	85
PID 4136 wrote to memory of 4144	4136	chrome.exe	85
PID 4136 wrote to memory of 4144	4136	chrome.exe	85
PID 4136 wrote to memory of 4144	4136	chrome.exe	85
PID 4136 wrote to memory of 4144	4136	chrome.exe	85
PID 4136 wrote to memory of 4144	4136	chrome.exe	85
PID 4136 wrote to memory of 4144	4136	chrome.exe	85
PID 4136 wrote to memory of 4144	4136	chrome.exe	85
PID 4136 wrote to memory of 4144	4136	chrome.exe	85
PID 4136 wrote to memory of 4144	4136	chrome.exe	85

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://1fichier.com/?tmdm0n8jfdp44gwomdrp&af=62851
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffa202ecc40,0x7ffa202ecc4c,0x7ffa202ecc58
  2⤵
  PID:2352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1956,i,17314103719966853487,15422558059291942268,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1972 /prefetch:2
  2⤵
  PID:2480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2128,i,17314103719966853487,15422558059291942268,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  PID:1116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2232,i,17314103719966853487,15422558059291942268,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2200 /prefetch:8
  2⤵
  PID:4144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,17314103719966853487,15422558059291942268,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:3148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3128,i,17314103719966853487,15422558059291942268,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:3604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4616,i,17314103719966853487,15422558059291942268,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4628 /prefetch:8
  2⤵
  PID:5020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=208,i,17314103719966853487,15422558059291942268,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4860 /prefetch:1
  2⤵
  PID:3196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4884,i,17314103719966853487,15422558059291942268,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4856 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5088,i,17314103719966853487,15422558059291942268,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:3664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5212,i,17314103719966853487,15422558059291942268,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5224,i,17314103719966853487,15422558059291942268,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5364,i,17314103719966853487,15422558059291942268,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:1736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5652,i,17314103719966853487,15422558059291942268,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:2420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5800,i,17314103719966853487,15422558059291942268,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:1128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5836,i,17314103719966853487,15422558059291942268,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5968 /prefetch:1
  2⤵
  PID:4812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5844,i,17314103719966853487,15422558059291942268,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6124 /prefetch:1
  2⤵
  PID:1584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5516,i,17314103719966853487,15422558059291942268,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6272 /prefetch:1
  2⤵
  PID:4780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5532,i,17314103719966853487,15422558059291942268,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6280 /prefetch:1
  2⤵
  PID:536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=6132,i,17314103719966853487,15422558059291942268,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6332,i,17314103719966853487,15422558059291942268,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6284 /prefetch:1
  2⤵
  PID:4088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5524,i,17314103719966853487,15422558059291942268,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6460 /prefetch:1
  2⤵
  PID:3776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6448,i,17314103719966853487,15422558059291942268,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6440 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6756,i,17314103719966853487,15422558059291942268,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6472 /prefetch:1
  2⤵
  PID:1272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=6896,i,17314103719966853487,15422558059291942268,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6780 /prefetch:1
  2⤵
  PID:5132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=6904,i,17314103719966853487,15422558059291942268,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7032 /prefetch:1
  2⤵
  PID:5140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=6924,i,17314103719966853487,15422558059291942268,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7196 /prefetch:1
  2⤵
  PID:5240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=7336,i,17314103719966853487,15422558059291942268,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7352 /prefetch:1
  2⤵
  PID:5372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=7472,i,17314103719966853487,15422558059291942268,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7488 /prefetch:1
  2⤵
  PID:5428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=7512,i,17314103719966853487,15422558059291942268,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7608 /prefetch:1
  2⤵
  PID:5436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=7768,i,17314103719966853487,15422558059291942268,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7640 /prefetch:1
  2⤵
  PID:5540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=7760,i,17314103719966853487,15422558059291942268,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7892 /prefetch:1
  2⤵
  PID:5548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=7516,i,17314103719966853487,15422558059291942268,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8048 /prefetch:1
  2⤵
  PID:5652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=8164,i,17314103719966853487,15422558059291942268,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8060 /prefetch:1
  2⤵
  PID:5664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=8336,i,17314103719966853487,15422558059291942268,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8348 /prefetch:1
  2⤵
  PID:5764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=6496,i,17314103719966853487,15422558059291942268,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6632 /prefetch:1
  2⤵
  PID:6064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=6928,i,17314103719966853487,15422558059291942268,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6884 /prefetch:1
  2⤵
  PID:5196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=7000,i,17314103719966853487,15422558059291942268,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6960 /prefetch:1
  2⤵
  PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=7500,i,17314103719966853487,15422558059291942268,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6576 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=7632,i,17314103719966853487,15422558059291942268,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8596 /prefetch:1
  2⤵
  PID:5488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=8232,i,17314103719966853487,15422558059291942268,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8556 /prefetch:1
  2⤵
  PID:5776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=7380,i,17314103719966853487,15422558059291942268,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6540 /prefetch:1
  2⤵
  PID:5784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=8552,i,17314103719966853487,15422558059291942268,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8180 /prefetch:1
  2⤵
  PID:5440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=8896,i,17314103719966853487,15422558059291942268,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8768 /prefetch:1
  2⤵
  PID:5584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=8248,i,17314103719966853487,15422558059291942268,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:5272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=7004,i,17314103719966853487,15422558059291942268,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7492 /prefetch:1
  2⤵
  PID:5672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=8940,i,17314103719966853487,15422558059291942268,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8188 /prefetch:1
  2⤵
  PID:5680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --field-trial-handle=7612,i,17314103719966853487,15422558059291942268,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8988 /prefetch:1
  2⤵
  PID:5976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --field-trial-handle=7552,i,17314103719966853487,15422558059291942268,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3688 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --field-trial-handle=8780,i,17314103719966853487,15422558059291942268,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4332 /prefetch:1
  2⤵
  PID:3524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --field-trial-handle=5760,i,17314103719966853487,15422558059291942268,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6284 /prefetch:1
  2⤵
  PID:5788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=8040,i,17314103719966853487,15422558059291942268,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6120 /prefetch:8
  2⤵
  PID:5892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=6276,i,17314103719966853487,15422558059291942268,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6256 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3836

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4572

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2540

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4340

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Super.Meat.Boy.Build.3241924.Win64.Public.7z"
1⤵
PID:2624

C:\Users\Admin\Desktop\Super Meat Boy\SuperMeatBoy.exe
"C:\Users\Admin\Desktop\Super Meat Boy\SuperMeatBoy.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:4592

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa202ecc40,0x7ffa202ecc4c,0x7ffa202ecc58
  2⤵
  PID:1128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2176,i,3470500986665600337,5864123885430974105,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  PID:6028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1900,i,3470500986665600337,5864123885430974105,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  PID:1904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2316,i,3470500986665600337,5864123885430974105,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2520 /prefetch:8
  2⤵
  PID:1884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3168,i,3470500986665600337,5864123885430974105,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:5196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3196,i,3470500986665600337,5864123885430974105,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:5492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3796,i,3470500986665600337,5864123885430974105,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3820 /prefetch:1
  2⤵
  PID:3724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4856,i,3470500986665600337,5864123885430974105,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4868 /prefetch:8
  2⤵
  PID:6108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4868,i,3470500986665600337,5864123885430974105,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5028 /prefetch:8
  2⤵
  PID:5864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4864,i,3470500986665600337,5864123885430974105,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5204 /prefetch:8
  2⤵
  PID:1848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4888,i,3470500986665600337,5864123885430974105,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5348 /prefetch:8
  2⤵
  PID:5800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5220,i,3470500986665600337,5864123885430974105,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5484 /prefetch:8
  2⤵
  PID:5388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5200,i,3470500986665600337,5864123885430974105,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5476 /prefetch:8
  2⤵
  PID:1808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5696,i,3470500986665600337,5864123885430974105,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5356 /prefetch:2
  2⤵
  PID:3656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5436,i,3470500986665600337,5864123885430974105,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:2608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5500,i,3470500986665600337,5864123885430974105,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5580 /prefetch:8
  2⤵
  PID:2156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5568,i,3470500986665600337,5864123885430974105,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:3636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5848,i,3470500986665600337,5864123885430974105,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:4468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5836,i,3470500986665600337,5864123885430974105,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5924 /prefetch:1
  2⤵
  PID:888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5548,i,3470500986665600337,5864123885430974105,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=3164,i,3470500986665600337,5864123885430974105,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6380,i,3470500986665600337,5864123885430974105,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:4264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6032,i,3470500986665600337,5864123885430974105,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:2656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5424,i,3470500986665600337,5864123885430974105,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6112 /prefetch:1
  2⤵
  PID:672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5084,i,3470500986665600337,5864123885430974105,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:1716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5248,i,3470500986665600337,5864123885430974105,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:2068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=3272,i,3470500986665600337,5864123885430974105,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:3692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3404,i,3470500986665600337,5864123885430974105,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3368 /prefetch:8
  2⤵
  PID:5352

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2072

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:6088

C:\Users\Admin\Desktop\Super Meat Boy\SuperMeatBoy.exe
"C:\Users\Admin\Desktop\Super Meat Boy\SuperMeatBoy.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:5804

C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
1⤵
- Network Service Discovery
PID:4928

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:2024

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Drops desktop.ini file(s)
- Checks processor information in registry
- Modifies registry class
PID:1300

C:\Users\Admin\Desktop\Super Meat Boy\SuperMeatBoy.exe
"C:\Users\Admin\Desktop\Super Meat Boy\SuperMeatBoy.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:5156

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:1984

C:\Users\Admin\Desktop\Super Meat Boy\Prerequisites\DXSETUP.exe
"C:\Users\Admin\Desktop\Super Meat Boy\Prerequisites\DXSETUP.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:6108
- C:\Users\Admin\AppData\Local\Temp\DX212C.tmp\infinst.exe
  C:\Users\Admin\AppData\Local\Temp\DX212C.tmp\infinst.exe xinput1_3_x64.inf, Install_Driver
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Suspicious use of SetWindowsHookEx
  PID:4860
- C:\Users\Admin\AppData\Local\Temp\DX212C.tmp\infinst.exe
  C:\Users\Admin\AppData\Local\Temp\DX212C.tmp\infinst.exe D3DX9_42_x64.inf
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Suspicious use of SetWindowsHookEx
  PID:4616
- C:\Users\Admin\AppData\Local\Temp\DX212C.tmp\infinst.exe
  C:\Users\Admin\AppData\Local\Temp\DX212C.tmp\infinst.exe D3DCompiler_42_x64.inf
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Suspicious use of SetWindowsHookEx
  PID:180
- C:\Users\Admin\AppData\Local\Temp\DX212C.tmp\infinst.exe
  C:\Users\Admin\AppData\Local\Temp\DX212C.tmp\infinst.exe XAudio2_6_x64.inf
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Suspicious use of SetWindowsHookEx
  PID:1940
- C:\Windows\system32\regsvr32.exe
  C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\XAudio2_6.dll
  2⤵
  - Loads dropped DLL
  - Modifies registry class
  PID:1852

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
PID:3056

C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
1⤵
PID:5144

C:\Users\Admin\Desktop\Super Meat Boy\SuperMeatBoy.exe
"C:\Users\Admin\Desktop\Super Meat Boy\SuperMeatBoy.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5344

C:\Users\Admin\Desktop\Super Meat Boy\SuperMeatBoy.exe
"C:\Users\Admin\Desktop\Super Meat Boy\SuperMeatBoy.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:956

C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
1⤵
- Network Service Discovery
PID:3624

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:5308

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Checks processor information in registry
- Modifies registry class
PID:5256

C:\Users\Admin\Desktop\Super Meat Boy\Prerequisites\vcredist_x64.exe
"C:\Users\Admin\Desktop\Super Meat Boy\Prerequisites\vcredist_x64.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4036
- \??\f:\e93bf666c0b769756024\install.exe
  f:\e93bf666c0b769756024\.\install.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Enumerates connected drives
  - Suspicious use of SetWindowsHookEx
  PID:2216

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:4884

C:\Users\Admin\Desktop\Super Meat Boy\SuperMeatBoy.exe
"C:\Users\Admin\Desktop\Super Meat Boy\SuperMeatBoy.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1028

C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
1⤵
- Network Service Discovery
PID:1980

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:4060

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Checks processor information in registry
- Modifies registry class
PID:4468

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Network Service Discovery

T1046

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e5c7f5c.rbs

Filesize
25KB

MD5
ce936230f983cdf0301c4eba7cbebe17

SHA1
b108705d159bde15ab31eb2bf0b681a7282e74b8

SHA256
dd7fa1fa576d4336aec522d4086041fcef3ab3a4b09c724c1a6192c5150a535b

SHA512
2485e5d643463cce10c9e086db20712a7831eddf3c0e8dbac6d3ecc030595a5cf631125745ccc4156ef7691b7c2d3d7396514ce96759d66ab29b9f50ac9d10a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
73d076263128b1602fe145cd548942d0

SHA1
69fe6ab6529c2d81d21f8c664da47c16c2e663ae

SHA256
f2dd7199b48e34d54ee1a221f654ad9c04d8b606c02bdbe77b33b82fb2df6b29

SHA512
e371083407ee6a1e3436a3d1ea4e6a84f211c6ad7c501f7a09916a9ada5b50a39dcb9e8be7a4dee664ea88ec33be8c6197c2f0ac2eabe3c0691bc9d0ed4e415d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
bd27c78c73662e2bb0bcb260ecfd272d

SHA1
f972abc21b686de089010af402727a67632be679

SHA256
81330e386e2d0467743b78f4fadf378cc89db4f285e4bca9bfa983ca90bc4f98

SHA512
78b435990a0b23407bb2cda9ba04167bd88d195736ced7ac92d0f4e256e449ac208e2426388f6b7eb2b098700211d71c27269f55014ab43a9ee43ecdb42dd8ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000045

Filesize
119KB

MD5
5767cb8c333bb997452e40d8eaa00766

SHA1
9bbc46938b294ba2f498e236602c9b598e65cf28

SHA256
7686033302977cc687d80f70f43c2512ed5d793be981d6ae70c5f55d9f3cbb30

SHA512
a27fdf55ca9efa772a46762ca5d7ff4aca06baa1d306f60c9c96a37b17d7aa663b3f10101ead66b435022b99d25267208b2f8e2101b67836a1457b3532edb147

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000047

Filesize
52KB

MD5
288965c19247e709727b59478e8742ed

SHA1
8ac4aa8e56fa69e7f89f0ac766b023fce7fa059b

SHA256
5535a3c971ecc6de8a0726d64428e36f9842190cb594dbee80819170f5ade1a7

SHA512
8065df5e2e98a45ceec1eb513381578c5ff61c6790dc7c26197c573b02cc248a0b2daf93f08e162e304f20e894620985b320555598ce75fe818179c87a1eb082

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\17789dcfa107eea0_0

Filesize
252B

MD5
17912ada74ea34449d4365d46fd07d94

SHA1
657799f86b5c53d6f2d111ee9616857d3d909a2f

SHA256
b03c630645f80a9d2f5921c43cd8ffe9f6154e9f13e1eb59026e1f743d6b6f3b

SHA512
343d6c208beb09f4a1b59514de75bcf14cdc422e924ce4e7d7c185af056cd96cc9e80492a95b6786cfd68f37f78c430f317a3dcff0958d55a957d5759eb350b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4a39413adbf58c2b_0

Filesize
263B

MD5
6f9455d0d853c2a9874c54668f8bdfa3

SHA1
405c4a31950a4dfe6ad2eaeeba0cd498fadac929

SHA256
5322df7a494a38a3b71ab5e09bb38c9288d05952c071c27aed114273ca06d178

SHA512
fc34799972d78a95fbda690f55e8d885daed9240adfa30431c0f8ba9213100f295b5d664abf0e542937569d8af5cb657558788355c452a0b8e675d4d940db5e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
a3e32750fd5226539fee97a4194483e2

SHA1
b5fe654a5eae330d12aa8489228607af48291501

SHA256
d04002fc76b15f6eceb2fe16b5bff631a41eb6c1892a67238413634aee72a761

SHA512
cefc5e5a30c0dde6174b602ec2625bd59e15991c410c33ce86ede401fc71af8012ab70ff119ad88f23fbadb9caf70ea1965b1380fef4d8d5a4c86b6498d0549a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
4b9990b16147e19dae0431ba3273df9e

SHA1
93ca9cb949b6fa0a115985e2102500a81541b5e6

SHA256
44abfe375d2e7b9815c1186b03a17df33d401d1e833541159e5e5236f38843bb

SHA512
d2c29c9f136d0c4925005877c3e1591b7138909e8f89506265389883f4fdbae5dd208ad9df0bfb95c0865b221e3f74edc72475a110af0520ead416a3e8f1e399

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
936B

MD5
0c05f328d0c6940319fe05c75eae2fcf

SHA1
f75c72817e2d37aa6c0fc2e62240637c4433df49

SHA256
9ea1769a1962b1c38f184ca08ee57920f446c53ee4178156c90deecef237997f

SHA512
a7d8e8664915bb374b6ba98692e8bdac84c91fdd11e10c68ae32c1f493467f8bc26cd3ab3cbe71bd4c0d4029092d0a4aeb628497dfbec5619984c807f6d42629

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f902b269ccbde7b015abf75c52fc9fb5

SHA1
a78e30314305d176f5fa438e2af5cbfd4fdfec86

SHA256
7927697336ecc2e0df2aff361772f68fadb8b85233c27869a1b48d3e907294de

SHA512
f6afeae957208c28caa8493e6a8208f2a815c8ffa595bbe0d39740aeb4c5e4ea62c49d267fc0f077ff20d45e83240e8ec18315831e3ae1b9801b90d6de48aaa5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
17KB

MD5
0aa1c7deb9d61ff984947c5f3adaf8be

SHA1
2e611064a6efce72040598ffed6ba7ac2e9196f4

SHA256
e253c8e83d9be412aeec88f894c5834833ec66d7e652a4103753fc98cdf2e612

SHA512
f695ad45fd3fd8295e445f809c0b8c808c8d77c05ee3e91f299759ed26fb73cb8f54d6b8ff77a6e7e77da6a5fb9c90dfa1527b4c3535848d3f32aa846f47ec8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
31KB

MD5
796f3fcfd6d8482b8dd38b00440ad290

SHA1
276a0bf747f0d426885646454c93caa1cedcd033

SHA256
2b53a584ad76ab622c4c9c74b68f278dc4dd0a6c8397abd9556d2476b4e97976

SHA512
10a2874c7891bc7ad37f1e1c78035f025800eab0207a8795c83a499160f1610384fb981686b427a0f6732be32ba4585c3ebf680dcd763ee34e80d31afa85b5ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
18KB

MD5
89243b8b7662d78a95963ca6fce865b7

SHA1
f9bfcaf9147f467cb18e02f39e15f0865e1375f3

SHA256
33b84d8bea72b5edde3a1d6c361f65743bc5cfe8e127acfe1de61c5a5bafd1a6

SHA512
18f2f940149beadad25e6af717322192a6933ba23dd4d3599e5423ab4e17f5a61be4f4c286d1dd05197d94a78c4d565008e5166399e18d58462d44936898af37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
9cfe76a9c4ab6b55c0429218449447af

SHA1
43688d7a5cba825016388dba85a57be909a29e26

SHA256
705d63daa556ebaeae83d70dea11979d052d96d636cd4feaedbd7814ec6462a7

SHA512
d69763684e45585d48bb3d7c2b7280b5605c0b65f63ca2de773da73c219c08c89a19b5954231308511ac0935d8d7ba56ab6ec3fa2a33e1e943034599a33637ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
abd0f5a969a05437cbe4464ef91ba2b9

SHA1
82c8feac182b8171d52348ee2074ece869291c38

SHA256
cb7583f344e75e8fc411e11471d2ea4bda05365df7e8e91e6f94c64d54d73411

SHA512
ef737c8358eea763069ede629aab047b748a576e59c977a41bfc8f00eb3c4c87cab3c7e6e30bc8cd83f92a17771695ef2836679af8c790aa5039906c56324638

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
5c9a50fba0513b1879977d549bdd9686

SHA1
450b1ab4b741e00c1641b78c1951385a6c38aec4

SHA256
162063f0f1706d22f449d3afafddb88426e53d698234af42dd1a90a9cdaf40f7

SHA512
7fa58d5399091c9d4c928d5880bb938c09668a81c2459c017764e96d86890c705a17ac9f16383806fee6cffbb51d809b9ac39f0e3305384258440e1afe3844ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
19ab0baf7c87cbbb135043bd547e5cd3

SHA1
3f85ff3a983f1d7d6c504a46d14f6311373565b9

SHA256
08bc11e1de870a8c7d3811d99dc150df152d3693dc8e6e7464e341fee67f2bb4

SHA512
96f5596e7ebe48421ae813be7909df8467fc2aecdad88a49de25841aa557076f7478edb055c287a709c63a65151e7802b9ab890ac77aadfeb21f88df1187a35d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
6c3c3abb93ba090c678a75da3b9bed2b

SHA1
76e320d470da9c0a1fdc9da9af690fd8bdecf7a4

SHA256
e49e8ce7e7ac3aaeb6f97f78b10d2d97f3909ea4a439621cbba7e1b06ee6016b

SHA512
1b969d6d0591715bb75b37f0ab08134c6db6579088200b96d8f39cb0ee01447c10a022e6a432fdb063da28a3f18e20300f9634a2d3c16223d9a244e7cad9a414

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
83d3b1cba7e50f28ebe4d7e11bf22fcd

SHA1
50e2a10a5e4d88b7c9117ac8ec67f6ff24e8ef36

SHA256
cd8af79d8dd0a9c61093f6b468b50b8039699a124b32d2d7da7f3605d44cd3a5

SHA512
5959239120e94cab2b94f8f75ad8b0a440cb09bda6f9463cdaac21012560be0f41950b7cb88819e061a6c268131f287fcad1c9c91ee7d9a4568a4bdd7fb70cbf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
22db1ae23d5f930449efdf7c9038ea04

SHA1
958b8741e04929388c48ca5c3d8ddfe220fbee38

SHA256
c2edc7713e247a08fde2dc51cc2af96ce57fdd7116f527d31821a9f2fda5f7a7

SHA512
117f3893cfb2a947ade64624603d2ed0507d95cf45e0a4ecff0a23d5764861adb29379bac96d85023a868d845bcf9c62aab20bb0dbe4aa84ac82300561e6b481

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e4a6ed073c2c32f76fd7c143f1b83d67

SHA1
126282bf24f100e386fa243a2176289050012ab7

SHA256
89eba4355a15b513537b45b7caa5239b57b6de49eff8c678959ba105239149c6

SHA512
033a3c259d4b03146388ab4e4769354e6d93a2ed62a36f57401104304f02dcf591d90b551ebb056a2323436be86322a7f0a9b31b6c172dccb0d2e3804deb5ea7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9d12dc56202f2b9f2b554eb73373dd10

SHA1
279b6b6925e524b88a3ab7766cb9491e369b8dc9

SHA256
fc33bb0e80963a98d7fedbfac096ab67d59e3f8fbb7eb2cf688f9de8e38c528c

SHA512
6cfff5460d7d43c2461b7319226c2f7dce3c37e44d650d4908c098555704e8b8634f6e6f2e74be74312ddae55d9aa23db45baada061f90a541f55b04c41dc07d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6404aa7fc111e618179f8bab22911603

SHA1
7a62bd50a7b1e3d987a46a9188d528b8962dfde8

SHA256
4eba091da72c8fa7c3cfe37ab45156fc14173e3f12aa52d469b6beba57d92426

SHA512
d6a3c7346dd064d11ab5ca7107d9e7b468bc368851d2d65028de0f1c188d5a3a6868e4367d2c43184cc61578666693e8a4ed2d4c5fbaf9bab5f6a5d3ccf83e2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bca6544b903d8ec59d8bf98e34d8944c

SHA1
f37bda12bf842ae17d7c994692a250e30b41bd03

SHA256
1dc48f0ae45933df2ad906189befc1c5aca8df0c2a0672ae34db0be2b9b5b844

SHA512
778786caac852b37e7bbc63af3fab817fb600475aab5b09b56190e39aec0b1f9bd3c416f6f79cc02faa46e73496b1603c1f90a372f2689000b245ba0a74972a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e140381239dc45463a96b7230f6dc0a3

SHA1
7bc648033a815308b816da76788f5c8329741937

SHA256
58f18195679c2803647b750b4f79ee657e52485b8a79b46e7accaff39d2ce944

SHA512
abb722a5381060fe45ed643e18a4b6a50abc1bc3ebe28405eb2fbb6d0bdf6b609b1976f682c2fede0e3d627a62c30ac1235e025e4910fc480c7809f13f92bc3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
108488b7146eff17f3523385bbacbfbb

SHA1
bbd83e7e5d4223a9c079857537fdb30b7e5f0377

SHA256
e116e7ad8e598bab9a4d3f8c563ecc8c624b7203dc7c3b6f882b2fe58ec28950

SHA512
ab49f4d106828e2008b9d54578b09d3146a2db5a3715edd25fddc9ee9ab751664ab3fadd04957f588cdb5e7f07bee34f1545a69d3d742caa2625091c6d4071b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
90f47074dcb2eb1e07e23c5dfe170d91

SHA1
79a68f3d011baa004675312e4d050895d8254837

SHA256
ebfc1b262a4b98f5f7bbf2e4f690f2e0b574fac230bf2a0b6bbf8767b01c81c7

SHA512
9776619f686ba18945bffd04f435afa27492e7a99f843dcbb78f12fe334c98cd9633f3e8c486dd7e14c172a8a19214ac3489627a9316cead99cf2654672e815f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
69cfb54e9d7e24d22762faafd40dd1c8

SHA1
a21371d06d62e647e39aed10735883042068f165

SHA256
c44d221acdd73af9ce2167157193c2d06fe3ff2a9d364015a96086c3167217c3

SHA512
c2ac8b3a97bc263ae961f15705c0c840171f89dc3ed43b0f6f7929249669796619f62ca7bc0bdb1af4e3db2c55b2c50ec452ece80a19906caac8264df45888e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
97f55aaa2c7df7f9d9c798d896f7ebdb

SHA1
cb6a04604ee1dd607ebba49adcac811fcef6eb69

SHA256
0bb06c48d0be8f9968c031b658b0aca9819d5560e93d3fff8b6e41045a505b10

SHA512
13ed7c222fb21de09dcd2a8000f05afb282ea0a9d221d625b0c0db4b5c548c132527a40fb44925c81499981486f7ed8d1d41603487a4f31ff4356500dd3d1860

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2d15fc8385ea75715fb7035f84f00063

SHA1
7dbdb8a8156bffa82f384b304f8830936e0d3814

SHA256
18a4f1a113e0b4d55a976bf2b6cb78d6ce703c9ac104b0d97586035b146c167b

SHA512
11645ded338642ac6dd3681c1a183e978f59bdb58c60887c4dce15918f0ef4f6c87dd6ba6f8e42ad730ed4085497efaa7f860918a625df7fefce052d929b2515

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
8fbe5ded84821fecc33e38312df60168

SHA1
28c930e036c6ccce174784d50673e9866ba0b1d4

SHA256
857cedcd410c7ccf805e20d4bc8dcf7b3f1f597cdf5360e8ce6c2d73d2bdf944

SHA512
f2650f2587b18a16ca8972fe29aff3834016615eb828c6f307fa3d24488b9e9495d7c91609fc2e2e80b3e544b588d1391f35acfc2aad06b00c237c3283ac136f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
6757f959e342f036cdb15cea569644bc

SHA1
f413160e16fe88ec0c8eea1b096b45b0ef53bf1c

SHA256
bf87a940d4177136993b0f63d5a643c086475b7fd81b70073bf99bd639b914eb

SHA512
220a6256708ce894dc60618d5da3836426d8fca859328c37c46a811dc900d31b90abdbce13194d364a4a11ea1e2ac5b8236158b513bc3d880a984daeb1b41b02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
ef48733031b712ca7027624fff3ab208

SHA1
da4f3812e6afc4b90d2185f4709dfbb6b47714fa

SHA256
c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99

SHA512
ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
4df1266b46a7baaf4a250c1165fc85e3

SHA1
1ff95831190b0de70fbc4eabc50ea634c2930cc8

SHA256
4a4cd68f817e0d06287e255fc870d9006028631641fadb6c394a517332b8935b

SHA512
66607c50718022e0b0e4bcddb61464d52a156883761e43873718dd59645c621fbf3fb483f3c43b496d8a9e46327d633e7e432742f860c891a776ae4d54caa386

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
575b84da06ed62f28cf123eddcf9325a

SHA1
0944160f01129d66ff68d61bbb51165f90ebe606

SHA256
976d053d923dd0af07a4ecf1808d002e0f99d8aa35f6676d00adc993a4b9e0c3

SHA512
2156023322f40f242a1263620104033930d39ccdf0027d06c2c011737e2dbf4bedd2595649d43b08604e2720daf636714d5a32bd4dd7a9225336081e5a3002d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
2707a45c893b723c349f40c931a0bd4d

SHA1
96ecb89f2b4b8288ded11e9dd2dc4e47d361674b

SHA256
f4b775ed9d3d3f38e5a105047ac7da5384a4d16ff555540fe757037b47f839fd

SHA512
09c65a7cdbc8f2409c76c1e47d1b2a936f0dbd6ee1693da1e5ad208f2287c7ed4467bd0c8eb74af4aff0221c5ca47173348ffe6190076fbc0c7bf0ecf5361865

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
f2dbba71e99bdd1ea78f843d2206718a

SHA1
0298618993f932124eb4f962d51db461c74b8ed2

SHA256
409ffb1386dcb1da4250a918e069f50c89bb50da9a5664d394a8afdb9a2be120

SHA512
2bffcefc1e21a5e0f6a7488919b8fdbd703e80b84d84bfe21b12297b0528c5e1493d1de1b5f701b6badb9450563604fafc05ad52a2e83846be0e4bb8e0abe60b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
6312acb8a16b8d1c36d2b1a0ef9d3420

SHA1
1e101fdc5514f2c2d382942d543bfc305d06a8d1

SHA256
74cbf8ba36958f0db14010c8d13e8284e26d36b901d5629522f832793a54025c

SHA512
f17c6be0eecd991e5d587d05e6acf337bcf904ac404abeefe0814dbce8d1bf06314c3134e222264e5f3319ed94bbffbe8abc98c441262b73881d14857a69739f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
b54b39948b48077b5e53e165020acc27

SHA1
fbf05c4d8cbd5d417c659d4d607ce4e59dd3a1d8

SHA256
dd029fe503c6b7f0eecc89977f741c1bdc013a75e0e13cd6d6e0ad9eaf1b4dd1

SHA512
8bdd910202f19e7b0bd4f627757304e7fb0e59085639f5bc5debd5d94fe8e4c8af0bf055d46907cf9e2cb536f944175c898ba7f133e27391bf03604d688946c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
1ea4185392df8b2f74a5073831ce40ad

SHA1
4549223f5d64e6ae19f2c32b1b3a56715a498e08

SHA256
8f56e92f9dcdcb622be702fa5a234d9a9344647c747e667eb1e6cdf787670283

SHA512
a25343d431fe4db663155a03a1e063a826ce94b31fefe3275c8be93a153aa8cac519fd87198c313f22df83d8f81a0fe53b48b27eed625a922d63c32e8af4e4bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\segmentation_platform\ukm_db

Filesize
28KB

MD5
1e1b4193916500cccdf15bdde0c1ffbf

SHA1
36565beaeff05ddc597c6ea2c6a38d27b622ab7e

SHA256
801d192c7a5a3443947f8b3c38fb5a51cd5225f52de7eae62abe31098e530e63

SHA512
d670893a3f75b07415f351dd5461b190b9f895602fe034701bbd09d5899e0732e02e32abdc7480ed0d90896716be4cbb05933561ecaa48c6fca28f70f1db81e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\segmentation_platform\ukm_db-journal

Filesize
20KB

MD5
dd9e9fd63ea8db302576c8880c6eb5dc

SHA1
dbf8c6e4d1090eb1148647c9c1b422ea50733aba

SHA256
ed6b5355b9d505187fb541d5ca66f7db65d518f93a09bb7a2168351c40b8b951

SHA512
b5a0665cd87cce9e60758acb3e099e72ab56d23a00b7dc3320e5a7627cf7e4ad480e2570c23ea25ed290f0e7912d5fec70a4428eb7a11ae7cf42ac4b8750e84f

Download Submit
C:\Users\Admin\AppData\Local\Temp\5c6c3113-f129-42f4-afb5-9adcb0632d8a.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX212C.tmp\AUG2009_D3DCompiler_42_x64.inf

Filesize
830B

MD5
bf489f4a6f1c8772091caf9d3f96628e

SHA1
c0da8b93f1e17acd81e5664ff7f014cf470d12f8

SHA256
8977772e5392b8e79364b3b8d97300e97ad891f38d5a2dd306549401e46b05ff

SHA512
2e21de522c0be4b797262528399d7ec8604fbf466e8de49cc12b9c2e2daa3a8f0977e952bd36135ed4887516d31ff8c782273325d2afad48f8b3202f35b4ffbd

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX212C.tmp\AUG2009_D3DCompiler_42_x86.inf

Filesize
1KB

MD5
e7f9ca8ca804cc404f855be173f6ac61

SHA1
5cbe6a3e7cd65a66bb6ed17930ccfacb8c756fcd

SHA256
bb8834d2366f6899c507bae176a13dadbd44488451a263eac830be95f4bad43f

SHA512
cca663b914f6f6d1b86db83e4f2976b103af041ca171257b9815a689788018434228182bac943fcdc7770d43180d53f887ec987e9639edc26ecabc7d20dbc4e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX212C.tmp\AUG2009_d3dx9_42_x64.inf

Filesize
812B

MD5
ecbefd1db4cb52d5089b1d4b20a08656

SHA1
85134f773bccff3e874d27d7e79dcd1e9485c903

SHA256
4887cbec8545b02152eb16f6296987a43a256b69b408330eaee362184f298d98

SHA512
a50afd834f0d892af5eb33b9c6ffbb330ddebcebd123fc7f706f05efac9491b49dfdcfe6196f3b6a3c9f7ffedf4fa723e0499f03417552404c0fb4f4fa3c046c

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX212C.tmp\AUG2009_d3dx9_42_x86.inf

Filesize
1KB

MD5
dff48361a5cb0dea034dc6f16de99477

SHA1
afa417acf7e9da37923255a623ef34c7f6446c80

SHA256
5989dc367a8f84815bcfa1c46ff756527c6250c62973220d1af354b70027eaf2

SHA512
750b69eee07e7d6e7fbdba722e2e1ce377729dca5fe52b4d57d23dd2b80b28b3af8403aa43c469a5042ad35eb09ba4dbefc40a014a137e1b5d87e0f2de203856

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX212C.tmp\D3DCompiler_42.dll

Filesize
1.9MB

MD5
b33b21db610116262d906305ce65c354

SHA1
38eef8d8917351ee9bdff2cc4fbfaefaa16b8231

SHA256
6c976311406c23aa71018d274da0ecdef43b6e3a3b0b01e941a5e8e4e974386c

SHA512
7049726ccbba90d06b3a56e1dbde8196935d4681b5548248cd3e6a8e38183c268152ba2b07eb90823bbe327c02ec946c59abe3562b59e29d9bcff8fe90e0adcc

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX212C.tmp\FEB2010_XAudio_x64.inf

Filesize
923B

MD5
1c4dc3c97e96135a784867d68d193bef

SHA1
5019f79ea9b624999fe58420daac619c5695994c

SHA256
da63330fd2a1538b714ee6cf2e09256446a04a55f866b3f70237d8a7165cb3e3

SHA512
d529d68ccdacd41a7bb688bf226a23f4d08639213d96e3e428c16176681c5f7d45ca8527291322b2a6d4dd14fea1cab3cf183006bca3b5a45fbf2e05c2ee1437

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX212C.tmp\FEB2010_XAudio_x86.inf

Filesize
1KB

MD5
e6e942a2cfbb587bfcc4203b5bb34fd4

SHA1
2e0172ea1936911a98e11a6e98990703e24172c0

SHA256
74c827ef94881099761e04397ef8f162fd0ccaf4876a5503c4b53a5216d2acca

SHA512
3d70d76e6f459819a1703c5019a2e10fe518ee6e8eb5d3313fe57d3d1b6313b52c4904398a26841c78a9ecf9d715e1201e834ab3df47265e070ec94417a78e4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX212C.tmp\XAPOFX1_4.dll

Filesize
72KB

MD5
e4ce2af32f501a7f7dddd908704a0ee6

SHA1
9dc2976efb15b6fba08bebdeb98929b6961063a5

SHA256
0aee44b12913a95840ee6431d90518b0d72c54a27392e21ee6995e2151554a06

SHA512
ec14a58414d595a36c6b575cdae690f11481cd3f0b35fd2f4c6a6d162a6272882cfe03da865e09a34972775790529f51c80b69056a2fcb909f25b549ed2f7f01

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX212C.tmp\XAudio2_6.dll

Filesize
515KB

MD5
4976243bd70fae3d1d24e49739ab2710

SHA1
6ef27b10bcf4e697fe77c3e964b326be11e4444f

SHA256
61b57170f7c6365714396072d22cb98746718c0f44c9f0d5c62fdb1b218639c7

SHA512
af2d6aaad44bed880a1a2ee947618b142c76a5eca42d4608196b74df9108a9649059d8207e84a58b76ad43aefe9b66ffcc519f8126667177011cf4199f163e83

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX212C.tmp\apr2007_xinput_x64.inf

Filesize
860B

MD5
94563a3b9affb41d2bfd41a94b81e08d

SHA1
17cad981ef428e132aa1d571e0c77091e750e0dd

SHA256
0d6e1c0e961d878b319ac30d3439056883448dcf26774003b73920f3377ecac8

SHA512
53cac179d7e11c74772e7b9bd7dd94ffbc810cfc25e28326e4d0844f3f59fd10d9089b44a88358ac6dbd09fb8b456a0937778f78ecc442645764f693ccd620b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX212C.tmp\apr2007_xinput_x86.inf

Filesize
1KB

MD5
e188f534500688cec2e894d3533997b4

SHA1
f073f8515b94cb23b703ab5cdb3a5cfcc10b3333

SHA256
1c798cb80e9e46ce03356ea7316e1eff5d3a88ccdd7cbfbfcdce73cded23b4e5

SHA512
332ccb25c5ed92ae48c5805a330534d985d6b41f9220af0844d407b2019396fcefea7076b409439f5ab8a9ca6819b65c07ada7bd3aa1222429966dc5a440d4f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX212C.tmp\d3dx9_42.dll

Filesize
1.8MB

MD5
c6a44fc3cf2f5801561804272217b14d

SHA1
a173e7007e0f522d47eb97068df0ca43563b22bc

SHA256
f8b9cfab7fffbc8f98e41aa439d72921dc180634a1febca2a9d41a0df35d3472

SHA512
2371844bc86cdce2d1933625b921b982c4d1b84a39698b51180b09a2d45732407d721fa01d294ca92a88777607a1bb00283f6bcdd4231137a388216d0b09dd5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX212C.tmp\dxdllreg_x86.inf

Filesize
724B

MD5
8272579b6d88f2ee435aeea19ec7603d

SHA1
6d141721b4b3a50612b4068670d9d10c1a08b4ac

SHA256
54e098294ef0ad3b14b9c77642838b5992fe4573099d8397a1ef566d9e36da40

SHA512
9f1311803db1607e079b037f49d8643daa43b59ce6eafb173b18d5a40239a5515091c92b244ffe9cfef2da20530fb15deb6cf5937633b434c3262e765d5a3b21

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX212C.tmp\dxupdate.dll

Filesize
169KB

MD5
c4842e139fca422e265c91c44a1341d6

SHA1
299a5ab4644fe7302b515aa10ef0f1715046275c

SHA256
b1f954cd75dc3c9d5bc57f1a4c28720ee3639aa8a4306f3da7b27d3c361ff8f5

SHA512
e85a35164e0feafa73a676dacf67d275b8e8aa5be40d861743662a7d1ac8135625c2d59a73e5c77fe1e3e8bd8523d9c823c89137aa4cb1b32d392cd9a1b59989

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX212C.tmp\dxupdate.inf

Filesize
12KB

MD5
8c281fcb5546d1ed3cdaf6e3f7303139

SHA1
de342a17f2df0386f6584e2f55ae43c558ceb6c4

SHA256
7530c6e18dbb522c5f4fbf6714962c185ea318f9eab7aeb833b0cc07cd2fe656

SHA512
344ea0a375c8851fcf413f441a1cac3013b3748d1630a4d677da72e98f41823bf9427d896de7e1fe35bf868279538cf3b8322aa6ef20025bff48a6bb7f8c42d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX212C.tmp\xinput1_3.dll

Filesize
79KB

MD5
77f595dee5ffacea72b135b1fce1312e

SHA1
d2a710b332de3ef7a576e0aed27b0ae66892b7e9

SHA256
8d540d484ea41e374fd0107d55d253f87ded4ce780d515d8fd59bbe8c98970a7

SHA512
a8683050d7758c248052c11ac6a46c9a0b3b3773902cca478c1961b6d9d2d57c75a8c925ba5af4499989c0f44b34eaf57abafafa26506c31e5e4769fb3439746

Download Submit
C:\Users\Admin\AppData\Local\Temp\VWL8FC4.tmp

Filesize
392B

MD5
57fbb114bdd3b5948f0dd8137abaa4cd

SHA1
5f301b6ae89c46ad0cf2d1148da7959e7aa0f7a1

SHA256
51c5622cfb2ac9b8233815680545afdfd741d7c6cd8f575339d2d816c8d7e97d

SHA512
1170c2ff9cc9b5f85863bcdd37bbfdd986aa30a2b7feadc3d58c88784e7f0856f0ddb83e5b87fb9caff6455663df9e0647d9efeeef2323e5df819bbce22b2bb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir112_902439428\72c7a11c-4212-4428-b258-957818f76375.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir112_902439428\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\Desktop\Super Meat Boy\SuperMeatBoy.exe

Filesize
3.2MB

MD5
802509965409f6c9e61dd03f4af0fefd

SHA1
1e4aa143b26ee982e44468a41130e369b2ff770e

SHA256
e5c6ccf86ae3424d130727567f53df2863f63d8f0736011c9a3ac96b722d6699

SHA512
06c67ac9747ee6a1e5e238aec000dfb58c4277e876add38e12d11b090a82f6e96d6d4c911dd1eaf10db7927c182b1e0711628f1f22d4bda8966d97a0a31a1032

Download Submit
C:\Users\Admin\Desktop\Super Meat Boy\steam_api.dll

Filesize
214KB

MD5
7b857c897bc69313e4936dc3dcce5193

SHA1
4ee43374520904fa6d80c12c273d67eb7b5c984e

SHA256
5b6ef90f822209180ed5cafecb90af849ee84bcf6281eeb21be2f89b3b5c89b6

SHA512
be6406cc367815cc7b813adef24e5ddad6c8244d4964bd37ed0656aaae404496f4f9e38968e9acba91bff1db171127126d8219ebea8757142ebac0c82a233573

Download Submit
C:\Users\Admin\Downloads\d3dx9_43.zip.crdownload

Filesize
873KB

MD5
8f1cae6d6633e85660da84cc300925ff

SHA1
1e1a15b7468bfbcb706b381a928b02d1657f0b07

SHA256
6e5fbaf2c9b5d156e2990ed10cb9bdb89de63ec71021a441218543b6816a632c

SHA512
07cd5d613320ad32041bc1ade4d0c3ed6423fdafff32c8edc40e9fb2c67dd051a71d49bdfe4fe27a007fbf1a648341617502337e3dcc2f9ee51920335670dcd1

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini

Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit
C:\Windows\Installer\e5c7f5d.msi

Filesize
236KB

MD5
d53737cea320b066c099894ed1780705

SHA1
d8dc8c2c761933502307a331660bd3fb7bd2c078

SHA256
be6288737ea9691f29a17202eccbc0a2e3e1b1b4bacc090ceee2436970aec240

SHA512
0af685e4ffb9f7f2e5b28982b9cf3da4ee00e26bd05e830d5316bce277dc91dfee3fe557719ab3406ad866d1ce72644e7a5400dcd561b93d367e12eb96078ffe

Download Submit
C:\Windows\Logs\DirectX.log

Filesize
558B

MD5
1cb16197d1cbeb5eaaac8bff3790fa9a

SHA1
18d39c9ba1bba59ca2a3990b62b3985954bd43b3

SHA256
10b17ac1250d3ee2583758da2854f76bf560fbbf39c11688196822b0f17a4665

SHA512
15505d22bafef09808140e0143ad21c5c52b8467a14044b2042000cb33eb09c13020304280719628fdf6f34fc105654900ddf7cb08f8a5c156e88968ace4c410

Download Submit
C:\Windows\Logs\DirectX.log

Filesize
22KB

MD5
50351cfab10216879009cb85cb913b50

SHA1
3ed4ece992c96e3f1f15311b7f6f351a649bc5d0

SHA256
90e87c788dfaf2de6a3dbb64d9cee4fb0280fd8b7e925242e5ed09caa220208a

SHA512
1ee7706bcb1c30860fdf4de1c44313379377399526396f8d689932a84d3bc283d7d3fe31179c757aa64cea13d64b02453386a6f0dd280f058d771a30efda88f2

Download Submit
F:\e93bf666c0b769756024\eula.1031.txt

Filesize
17KB

MD5
9147a93f43d8e58218ebcb15fda888c9

SHA1
8277c722ba478be8606d8429de3772b5de4e5f09

SHA256
a75019ac38e0d3570633fa282f3d95d20763657f4a2fe851fae52a3185d1eded

SHA512
cc9176027621a590a1d4f6e17942012023e3fabc3316bc62c4b17cd61ce76bf5cf270bd32da95dba7ddf3163e84114be1103a6f810ca1a05d914712895f09705

Download Submit