44caliber | 86433799d988249d068f359d031290b2b2fafec2a1934326badb0d2c9b68c7ee

Resubmissions

07-01-2025 16:37

250107-t48jqayqhx 10

07-01-2025 03:09

250107-dnnava1paw 10

Analysis

max time kernel
460s
max time network
456s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
07-01-2025 16:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe
Size

606KB
MD5

4a214f6d4b7e901a5971625216309d97
SHA1

539ca0a658f41d1b8451c31bd6d1f1b57a95856b
SHA256

86433799d988249d068f359d031290b2b2fafec2a1934326badb0d2c9b68c7ee
SHA512

7b692770f61122f055015c9ee2265f17e9fd7dfc01ba909b1109b62b5719febc7281bbf0871270b8e9416759a608b552703e808ddeddcebd7ccc6af219f54be0
SSDEEP

12288:QZo9wqaX9lAytIcWlkhfMZVJt3uITOI7RxKPgcMQolSIBxzQQUpCW31:ZaX9lAytIclhEJkIT7igcNjIB5Qg

Score

10^/10

44caliber defense_evasion discovery phishing spyware stealer

Malware Config

Signatures

44Caliber
An open source infostealer written in C#.
stealer 44caliber
44Caliber family
44caliber
Downloads MZ/PE file
A potential corporate email address has been identified in the URL: code-prettify@master
phishing

Executes dropped EXE 5 IoCs

pid	Process
2220	processhacker-2.39-setup.exe
1128	processhacker-2.39-setup.tmp
2276	ProcessHacker.exe
660	ProcessHacker.exe
2624	ProcessHacker.exe

Loads dropped DLL 36 IoCs

pid	Process
2276	ProcessHacker.exe
2276	ProcessHacker.exe
2276	ProcessHacker.exe
2276	ProcessHacker.exe
2276	ProcessHacker.exe
2276	ProcessHacker.exe
2276	ProcessHacker.exe
2276	ProcessHacker.exe
2276	ProcessHacker.exe
2276	ProcessHacker.exe
2276	ProcessHacker.exe
2276	ProcessHacker.exe
660	ProcessHacker.exe
660	ProcessHacker.exe
660	ProcessHacker.exe
660	ProcessHacker.exe
660	ProcessHacker.exe
660	ProcessHacker.exe
660	ProcessHacker.exe
660	ProcessHacker.exe
660	ProcessHacker.exe
660	ProcessHacker.exe
660	ProcessHacker.exe
660	ProcessHacker.exe
2624	ProcessHacker.exe
2624	ProcessHacker.exe
2624	ProcessHacker.exe
2624	ProcessHacker.exe
2624	ProcessHacker.exe
2624	ProcessHacker.exe
2624	ProcessHacker.exe
2624	ProcessHacker.exe
2624	ProcessHacker.exe
2624	ProcessHacker.exe
2624	ProcessHacker.exe
2624	ProcessHacker.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 1 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\F:	ProcessHacker.exe

Looks up external IP address via web service 19 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
28	freegeoip.app
237	freegeoip.app
240	freegeoip.app
259	freegeoip.app
230	freegeoip.app
355	freegeoip.app
421	freegeoip.app
423	freegeoip.app
24	freegeoip.app
232	freegeoip.app
245	freegeoip.app
256	freegeoip.app
414	freegeoip.app
416	freegeoip.app
418	freegeoip.app
1	freegeoip.app
3	freegeoip.app
26	freegeoip.app
243	freegeoip.app

Checks system information in the registry 2 TTPs 2 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	ProcessHacker.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	ProcessHacker.exe

Drops file in Program Files directory 42 IoCs

description	ioc	Process
File created	C:\Program Files\Process Hacker 2\plugins\is-IF60B.tmp	processhacker-2.39-setup.tmp
File opened for modification	C:\Program Files\Process Hacker 2\plugins\OnlineChecks.dll	processhacker-2.39-setup.tmp
File created	C:\Program Files\Process Hacker 2\plugins\is-64M55.tmp	processhacker-2.39-setup.tmp
File created	C:\Program Files\Process Hacker 2\plugins\is-ST9MT.tmp	processhacker-2.39-setup.tmp
File created	C:\Program Files\Process Hacker 2\is-QTSBM.tmp	processhacker-2.39-setup.tmp
File created	C:\Program Files\Process Hacker 2\is-L9O87.tmp	processhacker-2.39-setup.tmp
File created	C:\Program Files\Process Hacker 2\plugins\is-FFGRQ.tmp	processhacker-2.39-setup.tmp
File opened for modification	C:\Program Files\Process Hacker 2\plugins\ExtendedNotifications.dll	processhacker-2.39-setup.tmp
File opened for modification	C:\Program Files\Process Hacker 2\x86\ProcessHacker.exe	processhacker-2.39-setup.tmp
File opened for modification	C:\Program Files\Process Hacker 2\plugins\UserNotes.dll	processhacker-2.39-setup.tmp
File created	C:\Program Files\Process Hacker 2\unins000.dat	processhacker-2.39-setup.tmp
File created	C:\Program Files\Process Hacker 2\is-CBRGD.tmp	processhacker-2.39-setup.tmp
File created	C:\Program Files\Process Hacker 2\plugins\is-HHIHV.tmp	processhacker-2.39-setup.tmp
File created	C:\Program Files\Process Hacker 2\plugins\is-B98T7.tmp	processhacker-2.39-setup.tmp
File opened for modification	C:\Program Files\Process Hacker 2\plugins\NetworkTools.dll	processhacker-2.39-setup.tmp
File opened for modification	C:\Program Files\Process Hacker 2\x86\plugins\DotNetTools.dll	processhacker-2.39-setup.tmp
File opened for modification	C:\Program Files\Process Hacker 2\plugins\SbieSupport.dll	processhacker-2.39-setup.tmp
File opened for modification	C:\Program Files\Process Hacker 2\plugins\Updater.dll	processhacker-2.39-setup.tmp
File created	C:\Program Files\Process Hacker 2\is-EG0Q6.tmp	processhacker-2.39-setup.tmp
File opened for modification	C:\Program Files\Process Hacker 2\ProcessHacker.exe	processhacker-2.39-setup.tmp
File opened for modification	C:\Program Files\Process Hacker 2\plugins\ExtendedServices.dll	processhacker-2.39-setup.tmp
File opened for modification	C:\Program Files\Process Hacker 2\unins000.dat	processhacker-2.39-setup.tmp
File created	C:\Program Files\Process Hacker 2\plugins\is-96N4T.tmp	processhacker-2.39-setup.tmp
File created	C:\Program Files\Process Hacker 2\is-S7V1V.tmp	processhacker-2.39-setup.tmp
File opened for modification	C:\Program Files\Process Hacker 2\peview.exe	processhacker-2.39-setup.tmp
File opened for modification	C:\Program Files\Process Hacker 2\plugins\HardwareDevices.dll	processhacker-2.39-setup.tmp
File created	C:\Program Files\Process Hacker 2\is-GVC1N.tmp	processhacker-2.39-setup.tmp
File created	C:\Program Files\Process Hacker 2\x86\is-VMMQI.tmp	processhacker-2.39-setup.tmp
File created	C:\Program Files\Process Hacker 2\plugins\is-3BAUF.tmp	processhacker-2.39-setup.tmp
File created	C:\Program Files\Process Hacker 2\plugins\is-Q7OSB.tmp	processhacker-2.39-setup.tmp
File created	C:\Program Files\Process Hacker 2\plugins\is-745OE.tmp	processhacker-2.39-setup.tmp
File created	C:\Program Files\Process Hacker 2\plugins\is-TJB4M.tmp	processhacker-2.39-setup.tmp
File opened for modification	C:\Program Files\Process Hacker 2\plugins\DotNetTools.dll	processhacker-2.39-setup.tmp
File opened for modification	C:\Program Files\Process Hacker 2\plugins\ExtendedTools.dll	processhacker-2.39-setup.tmp
File opened for modification	C:\Program Files\Process Hacker 2\plugins\ToolStatus.dll	processhacker-2.39-setup.tmp
File created	C:\Program Files\Process Hacker 2\is-DMMCF.tmp	processhacker-2.39-setup.tmp
File created	C:\Program Files\Process Hacker 2\is-LE1MM.tmp	processhacker-2.39-setup.tmp
File opened for modification	C:\Program Files\Process Hacker 2\plugins\WindowExplorer.dll	processhacker-2.39-setup.tmp
File created	C:\Program Files\Process Hacker 2\is-737VO.tmp	processhacker-2.39-setup.tmp
File created	C:\Program Files\Process Hacker 2\is-E6O3I.tmp	processhacker-2.39-setup.tmp
File created	C:\Program Files\Process Hacker 2\x86\plugins\is-QPICU.tmp	processhacker-2.39-setup.tmp
File created	C:\Program Files\Process Hacker 2\plugins\is-GBBS2.tmp	processhacker-2.39-setup.tmp

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\processhacker-2.39-setup.exe:Zone.Identifier	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	processhacker-2.39-setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	processhacker-2.39-setup.tmp

Checks SCSI registry key(s) 3 TTPs 21 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	ProcessHacker.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000\LogConf	ProcessHacker.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\LowerFilters	ProcessHacker.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000\LogConf	ProcessHacker.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	ProcessHacker.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Service	ProcessHacker.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\LowerFilters	ProcessHacker.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000\Control	ProcessHacker.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	ProcessHacker.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	ProcessHacker.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	ProcessHacker.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Service	ProcessHacker.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\UpperFilters	ProcessHacker.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\DeviceDesc	ProcessHacker.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\UpperFilters	ProcessHacker.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000\Control	ProcessHacker.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	ProcessHacker.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\DeviceDesc	ProcessHacker.exe

Checks processor information in registry 2 TTPs 53 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\Registry\Machine\Hardware\Description\System\CentralProcessor	ProcessHacker.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0	JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0	JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	ProcessHacker.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	ProcessHacker.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\FeatureSet	ProcessHacker.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0	JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	ProcessHacker.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	ProcessHacker.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	ProcessHacker.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0	JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0	JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0	JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0	JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0	JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0	JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0	JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0	JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	ProcessHacker.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Identifier	ProcessHacker.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0	JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0	JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0	JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	ProcessHacker.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	ProcessHacker.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	ProcessHacker.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	ProcessHacker.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0	JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	ProcessHacker.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\FeatureSet	ProcessHacker.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\VendorIdentifier	ProcessHacker.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	ProcessHacker.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	ProcessHacker.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0	JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0	JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe
Key enumerated	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor	ProcessHacker.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000\Software\Microsoft\Internet Explorer\TypedURLs	ProcessHacker.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133807415318933824"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4249425805-3408538557-1766626484-1000\{8D514948-BE0B-4742-A405-E367862A3007}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings	taskmgr.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\processhacker-2.39-setup.exe:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4324	JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe
4324	JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe
4324	JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe
4324	JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
3560	JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe
3560	JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe
3560	JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe
4440	taskmgr.exe
3560	JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4776	JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe
4776	JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe
4776	JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe
4776	JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
488	JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe
488	JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe
488	JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe
488	JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4164	chrome.exe
4164	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 4 IoCs

pid	Process
4440	taskmgr.exe
2276	ProcessHacker.exe
660	ProcessHacker.exe
2624	ProcessHacker.exe

Suspicious behavior: LoadsDriver 3 IoCs

pid	Process
664	Process not Found
664	Process not Found
664	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 27 IoCs

pid	Process
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4324	JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe
Token: SeDebugPrivilege	4440	taskmgr.exe
Token: SeSystemProfilePrivilege	4440	taskmgr.exe
Token: SeCreateGlobalPrivilege	4440	taskmgr.exe
Token: SeDebugPrivilege	3560	JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe
Token: SeDebugPrivilege	4776	JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe
Token: SeDebugPrivilege	488	JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4440	taskmgr.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4980	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4164 wrote to memory of 4320	4164	chrome.exe	91
PID 4164 wrote to memory of 4320	4164	chrome.exe	91
PID 4164 wrote to memory of 2916	4164	chrome.exe	92
PID 4164 wrote to memory of 2916	4164	chrome.exe	92
PID 4164 wrote to memory of 2916	4164	chrome.exe	92
PID 4164 wrote to memory of 2916	4164	chrome.exe	92
PID 4164 wrote to memory of 2916	4164	chrome.exe	92
PID 4164 wrote to memory of 2916	4164	chrome.exe	92
PID 4164 wrote to memory of 2916	4164	chrome.exe	92
PID 4164 wrote to memory of 2916	4164	chrome.exe	92
PID 4164 wrote to memory of 2916	4164	chrome.exe	92
PID 4164 wrote to memory of 2916	4164	chrome.exe	92
PID 4164 wrote to memory of 2916	4164	chrome.exe	92
PID 4164 wrote to memory of 2916	4164	chrome.exe	92
PID 4164 wrote to memory of 2916	4164	chrome.exe	92
PID 4164 wrote to memory of 2916	4164	chrome.exe	92
PID 4164 wrote to memory of 2916	4164	chrome.exe	92
PID 4164 wrote to memory of 2916	4164	chrome.exe	92
PID 4164 wrote to memory of 2916	4164	chrome.exe	92
PID 4164 wrote to memory of 2916	4164	chrome.exe	92
PID 4164 wrote to memory of 2916	4164	chrome.exe	92
PID 4164 wrote to memory of 2916	4164	chrome.exe	92
PID 4164 wrote to memory of 2916	4164	chrome.exe	92
PID 4164 wrote to memory of 2916	4164	chrome.exe	92
PID 4164 wrote to memory of 2916	4164	chrome.exe	92
PID 4164 wrote to memory of 2916	4164	chrome.exe	92
PID 4164 wrote to memory of 2916	4164	chrome.exe	92
PID 4164 wrote to memory of 2916	4164	chrome.exe	92
PID 4164 wrote to memory of 2916	4164	chrome.exe	92
PID 4164 wrote to memory of 2916	4164	chrome.exe	92
PID 4164 wrote to memory of 2916	4164	chrome.exe	92
PID 4164 wrote to memory of 2916	4164	chrome.exe	92
PID 4164 wrote to memory of 1180	4164	chrome.exe	93
PID 4164 wrote to memory of 1180	4164	chrome.exe	93
PID 4164 wrote to memory of 2920	4164	chrome.exe	94
PID 4164 wrote to memory of 2920	4164	chrome.exe	94
PID 4164 wrote to memory of 2920	4164	chrome.exe	94
PID 4164 wrote to memory of 2920	4164	chrome.exe	94
PID 4164 wrote to memory of 2920	4164	chrome.exe	94
PID 4164 wrote to memory of 2920	4164	chrome.exe	94
PID 4164 wrote to memory of 2920	4164	chrome.exe	94
PID 4164 wrote to memory of 2920	4164	chrome.exe	94
PID 4164 wrote to memory of 2920	4164	chrome.exe	94
PID 4164 wrote to memory of 2920	4164	chrome.exe	94
PID 4164 wrote to memory of 2920	4164	chrome.exe	94
PID 4164 wrote to memory of 2920	4164	chrome.exe	94
PID 4164 wrote to memory of 2920	4164	chrome.exe	94
PID 4164 wrote to memory of 2920	4164	chrome.exe	94
PID 4164 wrote to memory of 2920	4164	chrome.exe	94
PID 4164 wrote to memory of 2920	4164	chrome.exe	94
PID 4164 wrote to memory of 2920	4164	chrome.exe	94
PID 4164 wrote to memory of 2920	4164	chrome.exe	94
PID 4164 wrote to memory of 2920	4164	chrome.exe	94
PID 4164 wrote to memory of 2920	4164	chrome.exe	94
PID 4164 wrote to memory of 2920	4164	chrome.exe	94
PID 4164 wrote to memory of 2920	4164	chrome.exe	94
PID 4164 wrote to memory of 2920	4164	chrome.exe	94
PID 4164 wrote to memory of 2920	4164	chrome.exe	94
PID 4164 wrote to memory of 2920	4164	chrome.exe	94
PID 4164 wrote to memory of 2920	4164	chrome.exe	94
PID 4164 wrote to memory of 2920	4164	chrome.exe	94
PID 4164 wrote to memory of 2920	4164	chrome.exe	94
PID 4164 wrote to memory of 2920	4164	chrome.exe	94
PID 4164 wrote to memory of 2920	4164	chrome.exe	94

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe"
1⤵
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4324

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
1⤵
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4440

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3324

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe"
1⤵
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3560

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe"
1⤵
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4776

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe"
1⤵
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:488

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8291dcc40,0x7ff8291dcc4c,0x7ff8291dcc58
  2⤵
  PID:4320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1760,i,16003421410783214786,7346022580094430705,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1752 /prefetch:2
  2⤵
  PID:2916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2028,i,16003421410783214786,7346022580094430705,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2132 /prefetch:3
  2⤵
  PID:1180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2208,i,16003421410783214786,7346022580094430705,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2172 /prefetch:8
  2⤵
  PID:2920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,16003421410783214786,7346022580094430705,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:3036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3168,i,16003421410783214786,7346022580094430705,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4456,i,16003421410783214786,7346022580094430705,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4432 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4772,i,16003421410783214786,7346022580094430705,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4788 /prefetch:8
  2⤵
  PID:4368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4820,i,16003421410783214786,7346022580094430705,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4312 /prefetch:8
  2⤵
  PID:3256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5016,i,16003421410783214786,7346022580094430705,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4812 /prefetch:8
  2⤵
  PID:552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4800,i,16003421410783214786,7346022580094430705,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4784 /prefetch:8
  2⤵
  PID:4420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4312,i,16003421410783214786,7346022580094430705,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4584 /prefetch:8
  2⤵
  PID:3148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4260,i,16003421410783214786,7346022580094430705,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5132 /prefetch:8
  2⤵
  PID:2928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5228,i,16003421410783214786,7346022580094430705,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5160 /prefetch:2
  2⤵
  PID:1624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5348,i,16003421410783214786,7346022580094430705,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:2252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3292,i,16003421410783214786,7346022580094430705,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:4832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5608,i,16003421410783214786,7346022580094430705,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5640,i,16003421410783214786,7346022580094430705,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:4804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5820,i,16003421410783214786,7346022580094430705,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:3340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5384,i,16003421410783214786,7346022580094430705,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3804 /prefetch:1
  2⤵
  PID:432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5784,i,16003421410783214786,7346022580094430705,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3224 /prefetch:8
  2⤵
  PID:1372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3340,i,16003421410783214786,7346022580094430705,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3320 /prefetch:8
  2⤵
  - Modifies registry class
  PID:724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5280,i,16003421410783214786,7346022580094430705,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:3360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5948,i,16003421410783214786,7346022580094430705,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5924 /prefetch:1
  2⤵
  PID:3916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5296,i,16003421410783214786,7346022580094430705,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6040 /prefetch:1
  2⤵
  PID:2736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5876,i,16003421410783214786,7346022580094430705,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:4744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=5912,i,16003421410783214786,7346022580094430705,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5920 /prefetch:1
  2⤵
  PID:3944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=5208,i,16003421410783214786,7346022580094430705,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=5584,i,16003421410783214786,7346022580094430705,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5368 /prefetch:1
  2⤵
  PID:352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=6084,i,16003421410783214786,7346022580094430705,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=868 /prefetch:8
  2⤵
  PID:4528

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3460

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2116

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe"
1⤵
- Checks processor information in registry
PID:1196

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe"
1⤵
- Checks processor information in registry
PID:3928

C:\Users\Admin\Desktop\JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe
"C:\Users\Admin\Desktop\JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe"
1⤵
- Checks processor information in registry
PID:4544

C:\Users\Admin\Desktop\JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe
"C:\Users\Admin\Desktop\JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe"
1⤵
- Checks processor information in registry
PID:2628

C:\Users\Admin\Desktop\JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe
"C:\Users\Admin\Desktop\JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe"
1⤵
- Checks processor information in registry
PID:4548

C:\Users\Admin\Desktop\JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe
"C:\Users\Admin\Desktop\JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe"
1⤵
- Checks processor information in registry
PID:2276

C:\Users\Admin\Desktop\JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe
"C:\Users\Admin\Desktop\JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe"
1⤵
- Checks processor information in registry
PID:1800

C:\Users\Admin\Desktop\JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe
"C:\Users\Admin\Desktop\JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe"
1⤵
- Checks processor information in registry
PID:3036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:1756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8291dcc40,0x7ff8291dcc4c,0x7ff8291dcc58
  2⤵
  PID:3452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1860,i,17064612823299996327,13828851200677473509,262144 --variations-seed-version=20250107-050125.110000 --mojo-platform-channel-handle=1856 /prefetch:2
  2⤵
  PID:4204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1944,i,17064612823299996327,13828851200677473509,262144 --variations-seed-version=20250107-050125.110000 --mojo-platform-channel-handle=2128 /prefetch:3
  2⤵
  PID:1496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2220,i,17064612823299996327,13828851200677473509,262144 --variations-seed-version=20250107-050125.110000 --mojo-platform-channel-handle=2188 /prefetch:8
  2⤵
  PID:2764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,17064612823299996327,13828851200677473509,262144 --variations-seed-version=20250107-050125.110000 --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:1700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3220,i,17064612823299996327,13828851200677473509,262144 --variations-seed-version=20250107-050125.110000 --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3744,i,17064612823299996327,13828851200677473509,262144 --variations-seed-version=20250107-050125.110000 --mojo-platform-channel-handle=4460 /prefetch:1
  2⤵
  PID:2472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4100,i,17064612823299996327,13828851200677473509,262144 --variations-seed-version=20250107-050125.110000 --mojo-platform-channel-handle=3716 /prefetch:1
  2⤵
  PID:1092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3468,i,17064612823299996327,13828851200677473509,262144 --variations-seed-version=20250107-050125.110000 --mojo-platform-channel-handle=3404 /prefetch:8
  2⤵
  PID:3960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4836,i,17064612823299996327,13828851200677473509,262144 --variations-seed-version=20250107-050125.110000 --mojo-platform-channel-handle=4852 /prefetch:8
  2⤵
  PID:1940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3288,i,17064612823299996327,13828851200677473509,262144 --variations-seed-version=20250107-050125.110000 --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:1116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3344,i,17064612823299996327,13828851200677473509,262144 --variations-seed-version=20250107-050125.110000 --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:2920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5036,i,17064612823299996327,13828851200677473509,262144 --variations-seed-version=20250107-050125.110000 --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:1752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5320,i,17064612823299996327,13828851200677473509,262144 --variations-seed-version=20250107-050125.110000 --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5132,i,17064612823299996327,13828851200677473509,262144 --variations-seed-version=20250107-050125.110000 --mojo-platform-channel-handle=4436 /prefetch:1
  2⤵
  PID:4008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5584,i,17064612823299996327,13828851200677473509,262144 --variations-seed-version=20250107-050125.110000 --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5920,i,17064612823299996327,13828851200677473509,262144 --variations-seed-version=20250107-050125.110000 --mojo-platform-channel-handle=5940 /prefetch:8
  2⤵
  PID:4212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5928,i,17064612823299996327,13828851200677473509,262144 --variations-seed-version=20250107-050125.110000 --mojo-platform-channel-handle=6076 /prefetch:8
  2⤵
  PID:1028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5956,i,17064612823299996327,13828851200677473509,262144 --variations-seed-version=20250107-050125.110000 --mojo-platform-channel-handle=6240 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:4148
- C:\Users\Admin\Downloads\processhacker-2.39-setup.exe
  "C:\Users\Admin\Downloads\processhacker-2.39-setup.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2220
- - C:\Users\Admin\AppData\Local\Temp\is-T7PTP.tmp\processhacker-2.39-setup.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-T7PTP.tmp\processhacker-2.39-setup.tmp" /SL5="$705A0,1874675,150016,C:\Users\Admin\Downloads\processhacker-2.39-setup.exe"
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    PID:1128
  - - C:\Program Files\Process Hacker 2\ProcessHacker.exe
      "C:\Program Files\Process Hacker 2\ProcessHacker.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Enumerates connected drives
      Checks system information in the registry
      Checks SCSI registry key(s)
      Checks processor information in registry
      Modifies Internet Explorer settings
      Suspicious behavior: GetForegroundWindowSpam
      PID:2276

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4000

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4600

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4980

C:\Program Files\Process Hacker 2\ProcessHacker.exe
"C:\Program Files\Process Hacker 2\ProcessHacker.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Suspicious behavior: GetForegroundWindowSpam
PID:660

C:\Users\Admin\Desktop\JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe
"C:\Users\Admin\Desktop\JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe"
1⤵
- Checks processor information in registry
PID:1536

C:\Users\Admin\Desktop\JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe
"C:\Users\Admin\Desktop\JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe"
1⤵
- Checks processor information in registry
PID:2676

C:\Users\Admin\Desktop\JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe
"C:\Users\Admin\Desktop\JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe"
1⤵
- Checks processor information in registry
PID:1696

C:\Program Files\Process Hacker 2\ProcessHacker.exe
"C:\Program Files\Process Hacker 2\ProcessHacker.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Suspicious behavior: GetForegroundWindowSpam
PID:2624

C:\Users\Admin\Desktop\JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe
"C:\Users\Admin\Desktop\JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe"
1⤵
- Checks processor information in registry
PID:2396

C:\Users\Admin\Desktop\JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe
"C:\Users\Admin\Desktop\JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe"
1⤵
- Checks processor information in registry
PID:700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Process Hacker 2\ProcessHacker.exe

Filesize
1.6MB

MD5
b365af317ae730a67c936f21432b9c71

SHA1
a0bdfac3ce1880b32ff9b696458327ce352e3b1d

SHA256
bd2c2cf0631d881ed382817afcce2b093f4e412ffb170a719e2762f250abfea4

SHA512
cc3359e16c6fe905a9e176a87acf4c4ed5e22c29bfca11949799caf8442e00ec0d1679b3d8754dbc3e313528d3e8e82c0ec1941e2c3530b48229c1cb337f6b8b

Download Submit
C:\ProgramData\44\Browsers\Firefox\Bookmarks.txt

Filesize
315B

MD5
71227f862899452aa270d580a8b090c8

SHA1
13a6dc9506be2066777ec34acbe5ab62684c4929

SHA256
22e5316f3216208507c8ae67cbb2a90cfcf4389dae87f8f71c3388593eca57c1

SHA512
126c549e82d679bb9d3e229b09c3dded86b72aa5a98cb956a0d2a740ca43a4da14049134c3836c49ef50e76bb0a69fe158bb776a4c86a7e7b04893ced8ba5b5a

Download Submit
C:\ProgramData\44\Browsers\Firefox\Bookmarks.txt

Filesize
420B

MD5
01735e34db13c5f93eead0f8572adb67

SHA1
5b819f76344907d93f62ecd11e2a2cbd514bee2f

SHA256
bca74f82c72da083cf88a725f198e0730982595bfa6a137e46d0b77b81552f4d

SHA512
e833925ccd15947e9234b72cf06e2620b3d982dd4840e5c5cae31634f437702b10c29db85fbb5115490f1d72f4bb5b935815fb14f6221ace756216604101924c

Download Submit
C:\ProgramData\44\Browsers\Firefox\Bookmarks.txt

Filesize
525B

MD5
74d90dd5a73f1679bd73fdce50983c50

SHA1
6f374995ce4842a9f07fc1a935833003066820bb

SHA256
da34d9a479cfcc31980c9be0a13eb90defa37ec3438f114f03f12649a415cfb9

SHA512
ad173b782022b72727c9a1d66aa7509ac316450d18561b018ddf563fe921636ea32d9615019ee0fb3be7a8b781154c5e09f6916547bbb7ab4484d3fea509b95f

Download Submit
C:\ProgramData\44\Browsers\Firefox\Bookmarks.txt

Filesize
630B

MD5
aef24d8d3c507674cea8b016e2f4e6a3

SHA1
411eb0cddf04fa969a50736544ac4a6a9a545b80

SHA256
0fe82ba06f72db753abdf7a51b016bb6ccb880deb1850f56c921264fb2d419da

SHA512
33904ba625025eb67370ac60d07a2150cb3e4228867716f109e7fb9a470e71987178f1aa209eac6de20734e4e41fbb336c0e9671b4397dab90edc2d6c41b883f

Download Submit
C:\ProgramData\44\Browsers\Firefox\Bookmarks.txt

Filesize
735B

MD5
fc161acb0edaa484d705d83835de0e24

SHA1
00850bbea1ef2db2a16dbb4427822bffbb173d54

SHA256
6f355f6b050ea450b7f36f8c66121c77fbd5fbf62fba28a5c3305e37977342be

SHA512
fdccf446d488e5561c71096e00200d384c7870d546433b8dffea7bad1807cc14a98bc6837dd10e12e8fbf70482cce8cf15b02062bbd1bd39dfc416dc67381a0e

Download Submit
C:\ProgramData\44\Information.txt

Filesize
680B

MD5
1d3912c857861554ea1706c00471b543

SHA1
bd85270cf440c201684e7984d83d4fed7a6df8ec

SHA256
56f174d400e7667d0717b331f493175c53d9ec839e823baaba71a36b63dcb2c0

SHA512
14748df1682d1275d55cd823a10bb6b173aecec49d7c20412a734a381062735a342e9dd92427c8bd42b4cedae0983195a151da05c73a4ac35c3d8b5d5966accf

Download Submit
C:\ProgramData\44\Information.txt

Filesize
669B

MD5
1bf4166f91913c01e95cdbe1a62bdbaa

SHA1
bf8df2772963d3374e291bfe5adf7e6ef87c898f

SHA256
7b239b3303e417660e274f565adae68dd430f8c357f9f036ac778ce97f143a3e

SHA512
6a2e333fc3210bb8440681aa39e8300d3ddcfb7a97613bc122d5065b0a2f919b12dcd78c375e4b48b393e23ed30d21d85011ff5f599ffa463f0645d21bf9d2d3

Download Submit
C:\ProgramData\44\Information.txt

Filesize
669B

MD5
d6f627370969e7aed63ea2db5ad38b2f

SHA1
7db18d4072fd0908c93a9d5dba51b1c7771359fc

SHA256
817425b0daf59f43832d1620bf302285407232825e20994a38efca373cf9cf6c

SHA512
670db7df085b777540a902dd277fdb29fd5a00715621bd3ff6e862d464abfa216640a6b0f4c624035ffb2f46bc027a6f92779b014a5eedd3a2e96c3f0d360fec

Download Submit
C:\ProgramData\44\Information.txt

Filesize
669B

MD5
cfa1f3a86625f158f55e1407b0cd160a

SHA1
540433420e2927b3e6ca30f12318f944d6e79df5

SHA256
d585c466fb9b6e8eedf9c587c2e3c0230c3fdf8d9b48cc472a7b5e8b7faed47b

SHA512
5f277d54411036a45f6b287fbd46d88451bc712be69702c22ef6eb0803d22126bddba974ebd103a05b38eca16cb077d960336f8ae91aae76cef616227c356451

Download Submit
C:\ProgramData\44\Information.txt

Filesize
669B

MD5
b850c1d0dcbd0ab5bbf723133fbcaeec

SHA1
6b84b55d2c4e4f93d31dc3fbab7a03f22592185e

SHA256
f18db78d8441b699980aaef1b162515cc68b63ee7b070e20049187b5d43d52c1

SHA512
278205ed80fa6ecc50d3bea5a343e511dc52281d0834b1c6e095ea0f1adbf73f6e963beaa02eac14df04206e9f7ac1e9fc84e3d3ed9c7968028162a32d2dbb13

Download Submit
C:\ProgramData\44\Information.txt

Filesize
680B

MD5
6b70881602af648b41367eee1e6fc3f0

SHA1
f82ad093c0dbf5a593688bf1e22c71b3931d8c23

SHA256
33762d6cf1044832d221d1f7a600a69d659c524e603120fc69a21753f25f7dbf

SHA512
13240b3d08d5943cd2814acbdb50b00d67a4547c0b6493af9c1a4a932df4ac044860077dffd3563e9f693cd38c10142fa186a9c8e3b09edd2ca585459774f0d8

Download Submit
C:\ProgramData\44\Process.txt

Filesize
1KB

MD5
bd5318d014dc832ae9b05f7f9d45b43c

SHA1
4373d1ad53e1dbea047485b41f267dfca0e7078f

SHA256
1c43f3218b4acac936d80424fd4fb8e31116eb9d5756d7a2d0e80727447a5ba5

SHA512
5c33b5c51c1e1f9079124a01658f5c7c0e9a5ede782cdcb2da812751cb193509c22d4e589e4d5b9d43aaad2fcafb71282ca7d006cb6217bf0185a7a06f53a328

Download Submit
C:\ProgramData\44\Process.txt

Filesize
2KB

MD5
f3bc540fcc3bdacfed553c1a61b47012

SHA1
e148f96396688a628a2434712d1d06e23f17b6c3

SHA256
5bafd91a028fc7709cd7fd1c42a7c1fbebd808b23299aaebbb4e96ff39c4b1c4

SHA512
d291b36f842dd536be97c8a4fa7b6db46c6a8cd02139c1145737f68e43b7427539deee0e56dffd71dbdca30277b3715dde50744f160285b66f83082e85c653b7

Download Submit
C:\ProgramData\44\Process.txt

Filesize
3KB

MD5
4441839ed08be1fcdcb4850bb4146dff

SHA1
cf2f1238cd297dcc1396668ff5aa15e9c5906377

SHA256
cd41a5f286b47b6f4e2899a1e55ed000e52238564d10768a68b93e2df5077e9f

SHA512
c96f75cc5a1d7b68d41f83901455aa52470429a46d88ecaca6720887d43aeb5a665efc4478979361a5402b503832fd0bd4d52ddbd9fbe7d922e285b942e74bc5

Download Submit
C:\ProgramData\44\Process.txt

Filesize
4KB

MD5
77aefd48eaf60c40c0f73dbdc14069fa

SHA1
6352263264fffa16f5d0be671c63ef7f7cfeb97a

SHA256
ec7d24d39e7eac9640fa6265f73de2ff5e72b7dc2081fafb005bdb957e052a83

SHA512
da958e5da7ff210acde15c22ccf75832a2d3da86e534cc44b28b67589dd5bb1bc317e2a48889f829215068bd5c1657a6e50ab3f2b8d47d1521e458ff0452d918

Download Submit
C:\ProgramData\44\Process.txt

Filesize
4KB

MD5
40d97c7faf679f35538684529b58cf0b

SHA1
597950215e03ee9585f8c76cacb6de99f190aba4

SHA256
e105141b54144d4dcf8e0b52e4fa65cf15178f405f48e32399b7c69d2176c8bb

SHA512
6b334d79b3e3da0666c7d044c795a3f3218d3ee9e98c150aaf6caa27fe59fc57759307fed5b5a23bad0a5a5f30ee010525b757906b2c29a240d1c2580ab87946

Download Submit
C:\ProgramData\44\Process.txt

Filesize
5KB

MD5
a9d746b752166d2d98f74841f0116e32

SHA1
5b8b3c5403861d603dff3e0b628d2b9631ed0645

SHA256
88dce02b4d4e659de4c5b14d7ba5c20c6c0c52044e8ad49e224a4defc405d147

SHA512
73bbb8781ae65723607c5e4c3f0b6abed9eb4765b5217902625903e7a5724fe39fe57c627f04c795cfad5329015b655e9a434567018acc7dd05e6ce14691117a

Download Submit
C:\ProgramData\44\Process.txt

Filesize
7KB

MD5
4083caa15eb867318ea1cd01b849f6e6

SHA1
c3db52cdeb2a08098e57c2a14558279f1d3f91c6

SHA256
86f43ebf653a11937e9ac39a0f6e30881205b85dfbe3212bb4a41ab2fa5e798a

SHA512
a4a36731eb788792335d8168d9e0072f80c09ecdc306fedc99b356b9607fa7923c00f4c4a889d195b1a9d20e2b5b4f22e59a1515a7222f8f6fa768032792794d

Download Submit
C:\ProgramData\44\Process.txt

Filesize
8KB

MD5
0f580a6aceab0c2d8321bd2afd975850

SHA1
7f2484bf6520d763c1837a9eaa5ccf3add998063

SHA256
9af558eb9c45bec62856f297f61d6e72a4bff9f3db1bade70e320099f7a19155

SHA512
82170cd3366afefbdfbb25b28dc54d06478e50c77f26c2575cf3ef506995036a46bcd0e1e66d8f8beec9fb43928eb82afbf883346b894fd5649aaa8aa7c56203

Download Submit
C:\ProgramData\44\Process.txt

Filesize
2KB

MD5
e954656fb4c99d3088c6e6fc241a426d

SHA1
bad5c3af154189b25e1199038d1f54ef60db90e3

SHA256
75bf4b497456277f5d461c87eaabb0d6757d570319bbddc8c95c3739d32c9f5a

SHA512
e1836afc7789174cd40c1d359dcc7fcabdb270c6fc3a82970519e0d7a39745fac05530c0b6f5e065e260590ba9d978b2ca04c49f938d0ee043bf991130a456d9

Download Submit
C:\ProgramData\44\Process.txt

Filesize
752B

MD5
86f5a33fd0c63e03428552288a26ecbf

SHA1
3d994ea31202c7afc421691f42a66f9be79b1314

SHA256
ab6459cc39d96be427e4ab918e2f655ea3536774eba22aa03f6919416e48f8be

SHA512
ef10c5356bf269e72dd6d2c40f382c7043e019c39a47f653cda0e690f05f69ddfbe357c6a65440c535d1314445b9e255aa72cf479f0011d62eafd4aa57b90e33

Download Submit
C:\ProgramData\44\Screen.png

Filesize
228KB

MD5
97351c5c3c17756edd595c47d59128ee

SHA1
5ce0c9d3d314bd02115ca326914e551c7c52ee2e

SHA256
dc3778ab341de33c431eeb4fa8a3a47689ab2edc276f5d205595a89634cf5cde

SHA512
0272359b8e8256f981dd42961ee9931f0b51daaf6169d5125e9a6992aac429aa858622a63776d966702946416c57403efb2e9e94e5ffdf124d268fdf6089a16b

Download Submit
C:\Users\Admin\AppData\Local\44\Information.txt

Filesize
669B

MD5
d7918f631ffcb8d7dd8fcf67482ca6ab

SHA1
eecd288b4bde11975231795d4aab0ed3e9e82793

SHA256
9cce166a6d07fec747b9c627266ecf5183b61980b1c153601fbec8f3dd3fcf20

SHA512
4debd5083ee3df680c5c978f5a69bb187f070b5c0783b0d549dfdf608816f4e27eea3a075e5be11e03264f931f43063876c295129e9803c2d83da72e82bcc42f

Download Submit
C:\Users\Admin\AppData\Local\44\Process.txt

Filesize
597B

MD5
173d68ebf3c7f67cf2312962cd74a448

SHA1
d878125254dba87fbaaa3386b46a9e1725d5062b

SHA256
0abd1643fabc84a526a45302c0954b3bd5f74c91524274882c36f6e2c44569e4

SHA512
5361ce620e692aeacbb39d1bc1ba3d8b384de8334a57df8a5cd0abb5aab1eb0a96c1a787145d61f8110a952535032d263012509352df44d71942917ad68dfca6

Download Submit
C:\Users\Admin\AppData\Local\44\Process.txt

Filesize
1KB

MD5
836b01a8ee501320d83174106b338bb5

SHA1
de4fca51692768297c546ff0c3cd967e7dd94a53

SHA256
bd50063dccb07cbf52dd876d5d1b48972ec6f6f5cbef34e7a0cb867c9d4ec4d4

SHA512
ebce841714b64f3bf7748d7722fb934192b71daa84f8dea56222f5ae947ecccd969dca1cebc3736fcd88c2a6d0530f3df70c34dd39fc01daec115780741da500

Download Submit
C:\Users\Admin\AppData\Local\44\Process.txt

Filesize
1KB

MD5
4bc8d2f19ca7627c77e0b217d51ecf68

SHA1
b4da534e3c4a7f342106b87f2067806497203341

SHA256
51a13de85d72636e58de7f67d88ba538794a56ebbf6db91d4521652744cff090

SHA512
565c3c82a324779bdb2386c757baaab72596bc2b647f687f07160b64adfe3b77e68071b88f7d6a5e1c6bb9c35802dd57c803866a807d7c38c35e09bf2f7746a3

Download Submit
C:\Users\Admin\AppData\Local\44\Process.txt

Filesize
1KB

MD5
042a767bc351415f2bd9ea4699c84bf9

SHA1
1d979d536adae3e96ade25e38aa5ee722cfdbac8

SHA256
899413ff1782ca04cf3500e8082e745ddafb16ec8fee3abe1e1f5e4a12917308

SHA512
401304775b6381f7df8b217c832c3b6c91c3b395d48281cd6a2e3d6abb7f7db527d15b475558feed40ada1b15d975ef7b961567a4c0864cb4983e057fdd41337

Download Submit
C:\Users\Admin\AppData\Local\44\Process.txt

Filesize
2KB

MD5
4f44611eb8d85573386ec1cf804c3e8a

SHA1
6264e353322f1f64849bcb58ad03374f62e32f87

SHA256
0ac0ce580627393f5c66eead6820d287499966e8317617c7a6dad34e4011ff93

SHA512
c9269a4cc5d0132b615688d73e8d84ac18db0f5706544ea0b6da114003c9e31d68bbe91a3fd3124542464599404ad62c806de1f1dbc3f3896dd788f6a3806a90

Download Submit
C:\Users\Admin\AppData\Local\44\Process.txt

Filesize
3KB

MD5
cb339dacfb147f96bdd02c606dfe95e3

SHA1
53c0e497acdc5837f118de46bca7545f4464560f

SHA256
102424d605e0842fc319ed7ce58042dcd2449ac4e4fcae8461009d82c81c845e

SHA512
dd54bdd1e89fae4f6007375a244288a9e65640446c8bacc5c4036712badb5a64f80bfe2549a86790c4a54e8cb23d6d16a5a3c6ae57978914d8b8d27750e2a708

Download Submit
C:\Users\Admin\AppData\Local\44\Process.txt

Filesize
3KB

MD5
5bb7d258d62f229dd909e2fbf4483de0

SHA1
49c271000d3a9287cb502c3d3308a170d88d8c21

SHA256
c3d7d9a38a9bc08fc7aaac385a0e5cf8a4610dc3cc43e649cfa40920d87fb2c5

SHA512
de38cc1c558368277052192f6dc623ca7a45d9a891b4358584bf1d6b5fc9e28e45efae9de3f0d8cf62e82a17ea7b8dd59017e71358108abc95e73a6697b3e4d3

Download Submit
C:\Users\Admin\AppData\Local\44\Process.txt

Filesize
4KB

MD5
249f92af9ce35499b9c1707871acb259

SHA1
0ef32daacd3722b70f93c99734b28f1abee0e02a

SHA256
01aa9ae3c646cfa89e401b359ce763840e530d14b255de9c7b10787f8c9accfd

SHA512
c8a508bf32c3296e2bac83d425495f035e12c875fa9d93deedf022a6c41a44b18451afdbc7d4d2a0393589c6f110f37d5a48593c2bb852270bfa99e37bfe25fd

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
2d6ad887d6f7cacf70a0be38f3d13b9d

SHA1
eaf80beca7cc5f330b0380d968ee0f00393e674f

SHA256
d5265f99818094497cc66af1a6749e8ee14ac5efd2716c7e47206184383011ee

SHA512
4f87495446d2068c831dee42bcfc868710e8c36c5cb20386d95e86a30c7a2d23df7ac57aa1cf021b5b059e26d29de12f17548aff43684aa79ece096f4f6c6e45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\5132dcb4-2b86-45f1-8b78-f29d1dbe57cf.tmp

Filesize
9KB

MD5
ea833f7e7cee6189a0c2cd7fa3981b31

SHA1
27b21501d44d3640924f6e95de6aa544fb95215c

SHA256
f7bd8ba547bd0b07671cb923ac8095561bc44e490cf694b36e046bbf6235cb41

SHA512
099cbdf9fe7068e09c6c7f73f3f055469198ee6f33116933313aa81787fc51faacae1b3a7b20de5f46c1db31f740a1e7f37a0079910767d7249ab0705f224948

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\6add190f-0823-48db-8958-1b4e0a873774.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
25446e746042855ae18045372849c4d2

SHA1
b6f9208179665ac04fb3ae68ec1daac15d7d6e0f

SHA256
afb1b83c2caed4a2f161024d4d9a1897546bb84af813750d622f5e079d0be0c1

SHA512
89900597ece84cfd031b840baf72f883b232d1252c8a4a4bd808e9fc59e0f90f8f09e163a624d039446e439364a0272ee1e848ccf712f9fa0ffe636218cbfad7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
118KB

MD5
ec3bb52a00e176a7181d454dffaea219

SHA1
6527d8bf3e1e9368bab8c7b60f56bc01fa3afd68

SHA256
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c

SHA512
e8c5daf01eae68ed7c1e277a6e544c7ad108a0fa877fb531d6d9f2210769b7da88e4e002c7b0be3b72154ebf7cbf01a795c8342ce2dad368bd6351e956195f8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
93KB

MD5
9032e0b32a569ab0b8d07121289ae266

SHA1
ebde64ac0a4c5258dc21625e01aa31f30232a251

SHA256
1d542cd6dcf2232fe2813d5cca3c918d0cb98796f4e5b49fbf463e84b4039004

SHA512
19cfd87122f3cd18f32837e1741815efda9960a51a1e4aef94d0ef38169b89f75d1c6899c0773ca06d4ae9b1511904f4bbb3d6a10be836f6c3059c28c196d9ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
75KB

MD5
6e49e784dd6b875532894c9d0220b90a

SHA1
4ebd6334acd7a6d47be5e0b60f6563d2f8d0ef21

SHA256
e4bb028725b7dbaa023630ac19c3acc047cb1f95ee02c1c7a6eed79a375cc919

SHA512
c0ea683a289e110c6f9c18b21ad44dd09a02fe4fc4627a0b6ff6d166cdfaadbd79fda0b55db52c5cae946836f6aeaa1da9de8a71393e1f6ab6cdb709ad61dc80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
174KB

MD5
d2903014ef18bb6431378c12d43eb3b6

SHA1
d5364115db50be64e0bb5252f0874a92c3715829

SHA256
cef0d0072251d6008a0806f5c6a219fea6846883000131c4a77149042cc8b2de

SHA512
79ada0baace753f66e62caf84463a1f70c0ed56348688eec2a4b8fa386e0f1b448beb69fe2ef0f7d3a3070e6e8f67ed1888c996c021c7c83b09532daad87897f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
33KB

MD5
f7fe50f774f763c6b39cee6222afe8c4

SHA1
7d984735c686d241acfea31aba2da7938850aaa2

SHA256
c725a4cc75bdfdada2de5da633201485edebe96233e21db969de30134492dfd4

SHA512
09d130806496f7795d1a88c1d1ebfb845f5a08f57f3dc3edf80ee60eebe214382ea5d435ab40d6955e3f421d5b998316034b518351d742529562a06687161f95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
83KB

MD5
b30f2e18296637362586bb6d99d2c679

SHA1
4d565c4742c1cf1867839daaed2ee12e9f94bd2f

SHA256
229768c91ff9d6bb0281502919ed8b31256309eb2d050e364518c30f8d5f5124

SHA512
926b4fe59d4911b5cdd365b5aa643e8b96ac0b1ca0cc727129753870ab46d1791c91db269992e77fb47beb7fdfaf1991f964aee3bf77b0c5eb32a69203b052eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
49KB

MD5
dcdc0cc3e0f70f391a47bf4a6c5701a4

SHA1
c95b11d97faa1daf481c2a203abb08c35ac47db0

SHA256
ff1ddd948af756128f185bd7ef704de2cba82949dfc0dbd1eaf15066fd1aa55d

SHA512
1e7ba5eb074f8c3d53acf76fd6892ef55327ea688e0168f7670dd8cddbf1bfc212597ad0019dc71d1a3dd54be82fc7dee8e5e343b9b43565d175e49327675d43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
107KB

MD5
d0b0bc4f725f8e2c71589dc3208c484d

SHA1
a78690e847121f7ddc62ca6582b3b9cfd1f03d3a

SHA256
7ea2891f6c8b1c4705277e24a457d0b3e0157b1e55e1193910acb946a40ef71f

SHA512
1a946d7fd4ac99213c7b6f8ab77940da982e1b51e318a42f87cc179298f32f3aac6081a13e3a0d59cd9d3a8d1e444069ee0cb62380464e188be7051010108f48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
36KB

MD5
a79a1a1dfe2ef66b7ac20027728800cf

SHA1
423a68412119c54faeff57e517c2b15522ad1d73

SHA256
99cfc9ff5b9ff42b257a2093c55a27f2f2d9bf0f955cb7caeecd17f39c063005

SHA512
cac84f9083436a336d939629cab02273ad12ceb411ea92a1eca5dce55b5c4ae95dd2c6104f0d225b77c8cb54fdf0f95717cebb917620275c605624971066158a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
89KB

MD5
b0da2add09a36f9a6add64c401d84822

SHA1
7a9ce210a5bd1c91afb121caff61b766f2e65017

SHA256
9c2957452cb4e709cc0e635ab197da06e70f3972c03e5776bdf4dad8e7d6b270

SHA512
eca7ea8a48d71f35cc3f7facb2c272aea30e1cf4937633270a4392e13daf85d9d3b3a7ca82fc8cbc9214cbf2c514b320857a592761724d5eb65602f8e7f13806

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
16KB

MD5
9c6b5ce6b3452e98573e6409c34dd73c

SHA1
de607fadef62e36945a409a838eb8fc36d819b42

SHA256
cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc

SHA512
4cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000042

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
969eaaaa56bd0a279d680c479913564d

SHA1
c29aa7091225a5a95db4551e60734411245379db

SHA256
9496e11f1c212d399bbefbea20ae941d2d7d79676faab52f1cd8ee678ab1beaf

SHA512
de43069535a9ac4d538437aa22930d483b4b3e867342e41cefd945e3e3f4c6f700543bcfbbba80927f3b521a1ff33dce7df6c064bc3ae02c8ecdae8455fa95b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
c9599d0e0bf78ca1dd301f7f207fffa4

SHA1
27fb8018b2e34808a1a17ca988d4ba28daf0795e

SHA256
8d10ff5c734ce42e4ae244c851bc577e9afb0f4b3420b024a5f5c23e61fa3d93

SHA512
494d8e209a1a1702758bae32789709ff63ca9b0e441909a28568fc9e3e3dc058831574d0fd0595e01bcf9942f42f35e40fa2dec5f3e87d83b5f2375e1923f412

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
90310c6b3594542650ad493298bee78e

SHA1
91082e85cfa520766b05206ad0282d912bfee9a7

SHA256
15cc65a951cf04ae2fa914de95e99b9639796afa5ab773174bdf03c1dd78ebcd

SHA512
0a64d6adc25b623e92efa622ba5ae740e852a0974fae5f8998aca86374e18c79e566867290d0ea093b92f15ca0dc1e273c38049dd491923699ca29dbddffa0fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
15KB

MD5
33ece09e18963d42f826fa2dae823508

SHA1
a896ba94318671ceabf52ebace3abf6d0ce903f2

SHA256
51f9a3cc2948a49d2aa0429577a9928cdce796e15917fef36135afbb8768827b

SHA512
6b38bea577a9c61771a831c45577d0d7f0fa1fba294ad0047c8f295b370c8a0f066621603a05b511ed8aba863f8488abc61a61528522832d2abe382a0ac6914a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
15KB

MD5
ef5b960c0e6717b9dcf1dd85a027af61

SHA1
bad59355b14f3f509a52b4750adb5df8ac9ecf9c

SHA256
1907065c31e11d82c964101731215f2f643e95c5d526da558c6aaa61dea41129

SHA512
3588a58b9f1374163414803d902cddf90a769e3090ddcd2f53127d7f79380a456b4ba65d73da27c86eeef429216a1d729f638492bdeecd7edf09804925cd6121

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
20KB

MD5
561a2c83fea492b8c9a9b8bbb00f71ee

SHA1
d1b97dfba928e888b4a2dbacce791927eb398c4b

SHA256
782bf59fd472245d9fe19834877bd8c3d0726587537f0476c863844c86474e5e

SHA512
8abdd340ecb470ed7b8fec50a2fa03b32526dda5134ce0fe481616288d17edb1fb4ec73cccf6b73096b4a2a215391b4c914f39abac7369a7d2dc123fa4111a0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
035e6d350bfbd77fa6e2efa339da07c9

SHA1
bc55740a5f1c8b5e3d30756f571e4f0539a47ad1

SHA256
525953436bb6310a5708115ca38b6a253344a3c8e55b7a72b03259502e94331d

SHA512
db993b67f717b9ab0722c7cf0a52afef31bf6a42c8b74b6bd9d801f9760e20d6684d7d324b1b80da5765baf2d9b814f12fa5c11f90c82f158cb1986cf624cbd0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
6cd66ec995d3258ac300a35a5f176f66

SHA1
52f78cc95451b27987029d0c3f120c0ff0958d25

SHA256
035a9d8f8736c37fc464112e0e06531e1fe5f273abdefe9646c9c59fe103c257

SHA512
b97da53a78d0ec61fb96f10f3e8d653d47669e73a07ab5bfc031ff0d639a277290c2bf090109d006a9161d20285c6dcbfc999484c9c290140780322ee1ee853f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
4617911c4502c56b7b1a52f60d56a16f

SHA1
9f6950043924e9bd982482208fa5c58c3254bef1

SHA256
ccd52fbb4ec86b87f0bffa5f8a1118f17d3fee8835a83611eeee304c15b5b9bd

SHA512
32e7538e1cd8b5ee42d7b89d5e02fca5a79b0ca8f6328d0ac4bf6c9a1acec7b116d3772e6d7a23b27d84e23d97fe5b3fbf23c3e5b8e1f4a741a83945f5d398f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
c28469b0eb3181817ce5707ed6c52c97

SHA1
4feedbbd6913e9fa181dca90b109496f87bcc3f8

SHA256
117859883fa2a943f3f0c4a3657561ef8a39cc3ad9c69c22113b9d3117ecbcb6

SHA512
5b4f8363523348458d89df6d7da15149d5364edb67e798b960bcd5ce10c1a1e833700b19b8d65dd23ff69e1776ff1d75cc67d7a913622a97ab6d6bd6b723e14a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
ba0c5efae0b7360072d3897d4956e78a

SHA1
40a18feee8c0850c9560647e3f90b8b22a8585d7

SHA256
4d64d9fee37b8f7e2ff1ca637ed14a6f6f73a7138f37a3ea322172b81bf56212

SHA512
e9ce655153f420c166a11ce953bb2348eaa9771c018b130562c653b3c43e7cf9b245bc07d440539ce718f5c19103391afefc0928f2f797761de70578a7b7bb31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
da285db1550d9faa59b547b6a372fb3c

SHA1
2ba15010fac659fd88def00ba5e21ea5a8c548e8

SHA256
891849c1ca89e8183033ad6f353a3d9b03711dcac192e748c6bdbcd7cd29275c

SHA512
4ff426f09acc97330e4ba2e32873e3558ec869edbe44d1ef70d108e493a10014c3d5d1f787d9b27e3d756296c0ba865f5589aebe6f160ac0fe06e198be424ad4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
5ef878b4b1e39bc8c5c87a2379cb34fc

SHA1
452e08ae81bc1d84576bd53ed1e2a12dc86b00ac

SHA256
819aaf13a5b123cb3601a2a127f96d4334a12ed485213cf57f3d672172482c7b

SHA512
ca471a1fa5c006f87465b1f8dd1223143af1f8b64fcc094df78067b674089a6700a55f8af2eb960dd731da73e3dc43f570ddadd9707ba83bbfaa214c487887a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
75dc171d04323ba164403033a8d773d5

SHA1
1ce95ca24dbf8bdb8615d88c2af57f8c49bd8707

SHA256
becb652e2f76d63cd29eaaade30cd6673e2ce50e1a9a04d0e1c9cbb5f68b6ef6

SHA512
3ce28c040080f4c8ee637b52c3e0df77686ad0e37e505134677d86d2925dfab354aeadcc8ada7fc908f92694f26123ff7bc9d44b8f91763960e38e8363f07fec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5ab23fe6f4450d58a4754c41a0e604eb

SHA1
98f2f06f8eaea3a854b368054d23cda982aff3d3

SHA256
f05ac0a795e28fc5872a62ed52a00e811edd6f8ba2891aaac8dc56a114312c42

SHA512
19cec11062f7156d7bf236e9c29fe6aa4318778db57e23d0cdda3b4908487ca61e9aa3096c4f24d9359c740019f4b5c1899854377b49e5edb3691f978af96e3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9392d516a077f7fc416bd8cc4b1a52c5

SHA1
9a5f379825ad1da4f4f290c89c741f5732a628d0

SHA256
af54bf8568d61d9542fafb9bb631335cf99053b8818194d693ca80675c62f926

SHA512
91c288821698756feb41555dc79e9be6f1284043c428ab41bfb08c5bfd3805a471fa92f7df871cf584bbef8537e2eac2595f85dc35e3657b7c784ef237eafba9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0996b79ecee8b1bbd087e6af5e3da673

SHA1
d56ef482d01bf7efb74e17ec1bb628ecd68e6fe8

SHA256
fa4ab93f9ab5065fce9320c4f1cf091c211753a7b194cf3fb7bb4ab62ff65356

SHA512
6287593d9be82e3f060702b0852ad0919d26b514022a0fc5fa029518c98b72c9b1bc348a6f9da07760c7e2aa059be504c4df4eded7e26a6569127a6b2b7e2100

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1ddb2e7b785304d3f07220c137c4ce8a

SHA1
c38086ace8f0dcad23d8bc24f5a412d5290083da

SHA256
55b80bbd9d2e33bb73edb53a7a2827d3c4cf567f61432d7d1ffd7252c04c56bd

SHA512
9d1f94cf70668e22b388bc7b7a424772eef4b8f74e703ca595a3d27b302c4b2b3918796b280a965692fead954da0da52840e3cd0884ffbef46fcf9cf6014cc19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2869ba8e97fd9e6bf3a9e007f559d597

SHA1
6bccd0967c2c23155d8ac264b84b5a5bcf3616aa

SHA256
a607bf6187e09169aaaa1413e2943ad60523d60ea743371c8246a8b6c44b8222

SHA512
e3a46584527f3617625b9ad15521468138833bbcea73a5a258aa32e92205be0a1b134e43e3ec0199379c3d8ce016233cdb4f0db3129a8b59e685f47c0332ac36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
79d4d07c05e50dbaf519933b27d4c2c3

SHA1
1118a971d46ddbe315e39f4af62e4beb5c17aceb

SHA256
6c031263aaa991ea74debeeb7ba839a48ca6672aed2f4a6cd727f98d99381275

SHA512
8e53b43ee4dd4e2d16828366402b863aebe0d04e32d341e846e683cacc9f6e345e658603d5309caf8bc2eaaa7679935a2d78e44ec343c26ec36644737b4bba3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c28949796eeb8f4fea64c578dca300be

SHA1
de6bbf6a1b509e5c4c6069eb010a347c77d1ca46

SHA256
2c77f61bc2fdc8e618b1e193cecee7ef70409954e3e906ab7140985cee04810a

SHA512
46d9fcb0a749b057c417662cd2decc55eeaa140101f6c15818c83318310a65af30ce5f45fa9ca2dcf4df62019bce5c4d3bae0f27c1beb71317b8748f517ddb48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4687103f6345c9c88704cc7f05521017

SHA1
b14ffcb510d35d46d186766219fe97daf50f3b72

SHA256
8d87ea14b5477ea6b4552ed4ae837d27c66869724fa4c02345ec6c7df4df120f

SHA512
d321e05e35803503e392917e445fd6f0f870773c538eec69409164bcb9645d9895a0a6c05ab0badc77f8bc3c940c12cb3cdbc22f04363e8a29312c6ecfb04429

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c7117eaf92d50bd9318882b5ac7a7b33

SHA1
68da7cf44199f301b19e78b90ef576c3f7a876f4

SHA256
7f6b756917196f99eb4a9d0846a6c2a95ca8bf066845364233a7c2539d3fe7c8

SHA512
10a8bade5f0c28f799b713633a7b8a90bbd45cf272ee4436e563911fee68dc8e2a9edbaf37dab36a2a3809a008c08e894081913b99d2524fdf7eb33d5cc32a66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4e992d805aeb31f0ca949aca5162ca2e

SHA1
f4afd41fd392eb3601679c407a0ba278255a3093

SHA256
42d44b6d373d092f426a1d8f2134d35228b8add9ca9ff035eda6063d053e7e0f

SHA512
3cf6de2171a3fef364e0944aedd7fe9a085f63b27e8859ac70e922e748dddf38342483ffd03ed8aa3a75dd0202c21f388b662036e2b82d0e7c2d5f95d99c01db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
baef617f5d5350aa547a77c5f5de7d70

SHA1
96d715051a5c7f04f070fddfe313c94e4330ffc8

SHA256
9dcb315780bea9b1695da31be6a2b89e74c4e702a014d3ee605085e744be3c72

SHA512
86ed23fbd351ac53a32749443eb528ec4aef5a32cbb27f0fc1fd3a9dfbd877f9fde24f0b34ea866b86e94ae12981c2c8eefdc47b62236d3343f0d8efc1d26edf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d19eb89fe15ddb70f31012360ff394cc

SHA1
4b88aa4f1d8a3935ca02fc4d6ac078611b96c35f

SHA256
aadfe920cb5a82b48330b06d27d6586fa5291bf46cb05ffb45da398ddec13f26

SHA512
f4d115a006ce92f15f65c243cba3bad86d18d1128d00df8087679a48469dca9aba83e7531ceb29e5373cd54198e1c5e6adde93648c2808791c62f7c7cbe05da9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
3b955fb28f073b8a2b530bc9b73b5786

SHA1
15c4a00b47f38154fa0f728ac204ade3d9bfb057

SHA256
1244ca02acbdcc5ab935efba8361d7aa8c90dff3a22cc4a897b7c13df6c1391c

SHA512
eaac1951821790f144c4ae658ef00cec993a97925131a0c12017c67e5815ddaad1d9ad2684aa0beb498a9d72805c78d60cc03e016b346af88d04970773f45d36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
601ff76c03ddcc1ad63e9a9793ce3a42

SHA1
31285345114f73efe1c58cab599305e34ea7a9c0

SHA256
7aa471e367886e9675248c8ff98630c1eaa0437df9bcd234e3d95da6c5ca1d36

SHA512
7616a87a39cd2932bfc8b8f4611b747674b7429c54861055fc12b4a062cfc9e0d6c52a1a8a1a469a1632c76257f27d3faa0f75e2782822f9f27014f7e86c613d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c2671798c27e8400718461b2325da021

SHA1
d1b5b883fcacb75feefa083b3dd2e733f817317e

SHA256
aac9a4c34bc9f9c9f0aad716b86ee6e2474083545f5c64c313adce9abe9e58ea

SHA512
035c82f316a1fcaa13923dabf7dffc34d1c4f4d4248bb4c5356da4cdfbbd24c94d170c7390d58c083f68ac47052142248e22ade3be165d08c9672d698df7db1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
490713ba6a34dd32ee86bbef1ad43c55

SHA1
34cc312d9c2ff0100413d9f845f77d5676a3b8c4

SHA256
8210bd3b9d66d47a751bf1ce51a133932a61ec16ca6b24eed6f1c2e8c79e618e

SHA512
7566375614dc5a3c030146b06e5b0e57bc3741b3cc371647f463edc4ef7efff44752941d9c4506ba95ecdd3b4b5501207c41795749ce242390d9ee7b3c79ad50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
20ae7a1747c784ef70ab85b102fba69e

SHA1
94177b99f977a03e59c49bff49d07624fcd86748

SHA256
602c6076e73c1d8d71db597c3f9831ef901b2655909714bc8799cf19790f883b

SHA512
1fd9910e621f794f4f5e6477eb6b1feb2dbe1d969645fe6ad4d00a3ea0697334c39c404f473ba3ce8312f06a5ddac3d59b309ee233ddde944a4e0e55df002b05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
288B

MD5
8b0f5953d74cc1d81bf4297024eb287c

SHA1
e65cbe64990b243f054675c6f1d4756ffebdf1bb

SHA256
aea1ca73b70479f5e120d36955b4d4b0a4a221576293dad4fcb49664879a5292

SHA512
96343c3322867499f2ec1b7b22edfa86d8d238c706ea91c8d5b5781e5b60dfa9460a23b67bd1f6e7d8c81840ad1886712e053757c29676a64b65d681c245d048

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\IndexedDB\indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\ada0f678-10cb-4b37-9b51-b9d7d3a6881f.tmp

Filesize
11KB

MD5
a5a619d7259a89a001bd45a2fc2d562e

SHA1
4980064ba6c4741e133baaf5c12272ad8daa5c22

SHA256
c7d4899cea9f1d89e7f8605ebfdfd3588078ef62ecf1eac139d11de26a485258

SHA512
4fdc8204a3f094e84bab37093bc802477f4bc9d82d99999b91708a7851ae8aec7dec8cae805fdab8d013e9ef62ac845c96f1fc647faa30cc7702d49c58106e96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
252e476c7ee6a61061fcfb038c5a0ae0

SHA1
a7ab72adf73142ab963299164840338819cbd6e2

SHA256
e4000a6f52084388aaea5bb2a37062b2b64509640ecf9d1c19f64d3ac83c6664

SHA512
75309c997de6c5a1f967f0853cd286e817bdced0de25e67110cea41580eb6820e02322ee19cb93a9710ff0045ed882a8232c89b25d252ce5085a7b21990f4029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
230KB

MD5
465457a3ceedcfe7806de4345b98783f

SHA1
d946ddd08163f8e79d6afb857f159f40750dd5ef

SHA256
f52414e74b519d6d4cfd5f35e03e54b430f77af1cdac674c8354ad950f1c2b25

SHA512
5d60d41ef45fb25e53a5f9e74f0a3b4976344b58d08faf0a01f6788f9c40aefc71a32dbf8e5b2215a3a0417c6a104e6c99bc29f9dd4493d0e32071b32a7b199c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
230KB

MD5
408b97cdf2df83294d04ea00fab77860

SHA1
9c703d0edf1f62b4c35331f5a4cc32317e75c340

SHA256
93634ce6ceb452c7590a18a3d6318ac76c32703abcaac19232a67b4f06cda38b

SHA512
a08060fbd557efac10b80253e06d048d4b666e03277210f372a7ce1b1c896aba3d462241fb1b7da9d77fc11181dfd2e1dc79146668c36ac90f3c6aaf6b882ed4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
230KB

MD5
33c878948d3038f0629b2c894af6a0f9

SHA1
2b7a198c3965dd3079fcd04a6a1e823c23ec21a3

SHA256
180e546be0ffced8b1676f5197b602089f91b6c3a0a16f1c7d4e3d9d14eb0b5a

SHA512
af76bac125954a5d59777dce0d0ed47e6e847339eb2b32f22c31319457466fcec9f3d0fee674e9683ae3650b142e9906dfc2158d65b88a1b650c6febc5bbcba6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
0aa20b9dd2c9fa8c4678d176c3802979

SHA1
cefd6c0ba8fa89d5bebaf7a24228b78976559ded

SHA256
c324443803fa2a51b11c6cb86bafb074af2d33253f0c22024fb986aefed28113

SHA512
caeded68ed2e9f5ffec0429d1252a05edd3779fab60e603c33766cf25f1947b628e5501e8c34d8c6a5777b666510142aade3119e051758cbf428e99c7a77ea38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\JaffaCakes118_4a214f6d4b7e901a5971625216309d97.exe.log

Filesize
1KB

MD5
dfddc2cbf331fe89c360dfae4d652d56

SHA1
e73d133806adfa9bb9cda22c81b9f8db7beba435

SHA256
bace22fd135c6f0f3fbc3db6527483bf22516f8dbd12f7270cd64693667d1385

SHA512
08e1836725a7130b39855860b3a0b6d24a47d606fa1e5e5de97dba1750ddaf6d1d14fb8160750c7a3a9f7378ba64938d53334e497b1740cce2e0a2e71d537470

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
96329c73cc49cd960e2485210d01c4d2

SHA1
a496b98ad2f2bbf26687b5b7794a26aa4470148e

SHA256
4c159cab6c9ef5ff39e6141b0ccb5b8c6251a3d637520609dfbdd852fa94d466

SHA512
e98736a879cad24c693d6c5939654b2fd25bf9d348f738668624214f22d541a9b781c967201ab2d43cbac9207946824a0299d482485f4b63c48d5d2a839e5baf

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4164_299430589\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4164_299430589\d54547dd-fc8b-4efb-adda-e80e6227f1a7.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp2759.tmp.dat

Filesize
114KB

MD5
0608aa3fd66f56dad64efd80f9d1c548

SHA1
06690edd381b3a43e640208ade6e59207cd35973

SHA256
7b86e9b424ccbf59863b7c2763a4c08cb7895e4355ea28369b69542d91911e64

SHA512
4695b157ab92af757b40a412dd10823ea0ea043b1fb5e70a798b1d11feb406d23e84fd56eb7aa415c46b9c327c1559bd015420657ded7727583db07e426ee997

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp276C.tmp.dat

Filesize
112KB

MD5
87210e9e528a4ddb09c6b671937c79c6

SHA1
3c75314714619f5b55e25769e0985d497f0062f2

SHA256
eeb23424586eb7bc62b51b19f1719c6571b71b167f4d63f25984b7f5c5436db1

SHA512
f8cb8098dc8d478854cddddeac3396bc7b602c4d0449491ecacea7b9106672f36b55b377c724dc6881bee407c6b6c5c3352495ed4b852dd578aa3643a43e37c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp35F1.tmp.dat

Filesize
40KB

MD5
a182561a527f929489bf4b8f74f65cd7

SHA1
8cd6866594759711ea1836e86a5b7ca64ee8911f

SHA256
42aad7886965428a941508b776a666a4450eb658cb90e80fae1e7457fc71f914

SHA512
9bc3bf5a82f6f057e873adebd5b7a4c64adef966537ab9c565fe7c4bb3582e2e485ff993d5ab8a6002363231958fabd0933b48811371b8c155eaa74592b66558

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp35F5.tmp.dat

Filesize
46KB

MD5
14ccc9293153deacbb9a20ee8f6ff1b7

SHA1
46b4d7b004ff4f1f40ad9f107fe7c7e3abc9a9f3

SHA256
3195ce0f7aa2eae2b21c447f264e2bd4e1dc5208353ac72d964a750de9a83511

SHA512
916f2178be05dc329461d2739271972238b22052b5935883da31e6c98d2697bd2435c9f6a2d1fcafb4811a1d867c761055532669aac2ea1a3a78c346cdeba765

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp35F6.tmp.dat

Filesize
20KB

MD5
22be08f683bcc01d7a9799bbd2c10041

SHA1
2efb6041cf3d6e67970135e592569c76fc4c41de

SHA256
451c2c0cf3b7cb412a05347c6e75ed8680f0d2e5f2ab0f64cc2436db9309a457

SHA512
0eef192b3d5abe5d2435acf54b42c729c3979e4ad0b73d36666521458043ee7df1e10386bef266d7df9c31db94fb2833152bb2798936cb2082715318ef05d936

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp3606.tmp.tmpdb

Filesize
5.0MB

MD5
3bfd05cd736f0b88ce277dd33c6edab3

SHA1
b9230e73e6154ebae91b2a5c1f35646f16daf9d1

SHA256
361f73bbcbb8cc941dceec9135f73c9b5002c0f7360ed07305daed49cdd6531c

SHA512
787e867c3d985f0c7913d389977d675b999feff27ba31046510126f82e93980893b77993c037f41a414e1aab61839a1a32f5849d7e21f89a58720599f924052a

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp3617.tmp.tmpdb

Filesize
96KB

MD5
40f3eb83cc9d4cdb0ad82bd5ff2fb824

SHA1
d6582ba879235049134fa9a351ca8f0f785d8835

SHA256
cdd772b00ae53d4050150552b67028b7344bb1d345bceb495151cc969c27a0a0

SHA512
cdd4dbf0b1ba73464cd7c5008dc05458862e5f608e336b53638a14965becd4781cdea595fd6bd18d0bf402dccffd719da292a6ce67d359527b4691dc6d6d4cc2

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp6FF7.tmp.dat

Filesize
114KB

MD5
6d9c74c2c5a4674683ea1fe041a046a5

SHA1
03ecc7c55846017454e5b3c578c4452471ebc263

SHA256
9d5693d4a70a23679f2f0d5844303d6ed30dc44932ca1994a1ac1d6dc80d6b3c

SHA512
6fdd0e9b790d905d9c3acd6753562ae227d5ed4d94365af2138c95cccac46abf70df25acd49a46085fdd644139f1e279bd8fc7b6960aded857d8c0d317f004a7

Download Submit
C:\Users\Admin\AppData\Roaming\44\Browsers\Firefox\Bookmarks.txt

Filesize
105B

MD5
2e9d094dda5cdc3ce6519f75943a4ff4

SHA1
5d989b4ac8b699781681fe75ed9ef98191a5096c

SHA256
c84c98bbf5e0ef9c8d0708b5d60c5bb656b7d6be5135d7f7a8d25557e08cf142

SHA512
d1f7eed00959e902bdb2125b91721460d3ff99f3bdfc1f2a343d4f58e8d4e5e5a06c0c6cdc0379211c94510f7c00d7a8b34fa7d0ca0c3d54cbbe878f1e9812b7

Download Submit
C:\Users\Admin\AppData\Roaming\44\Browsers\Firefox\Bookmarks.txt

Filesize
210B

MD5
1267f4be35fbe5510886cf08ddee9fdd

SHA1
04e714a1c8a9d76e860c7cbbe7ebf62c71dea6b9

SHA256
ab038447adbfd1faf46f0d3bf6dc387621dc8435ab552696ec8d9bbe7a6a9ab3

SHA512
6f1bc0ad9eb850f37cddc2422e738f0cbbfe8a7a7e064c0c989cafbf0f7d5ae5bdfced4b3f93952688de3bfa338ff5a8c7258aff8397cdaccb36b23b5d16686b

Download Submit
C:\Users\Admin\AppData\Roaming\44\Information.txt

Filesize
680B

MD5
93537b00cfa776a328bfa17592d07f53

SHA1
bd3f617c551be1bbd56e3b6e3ca401ca10133aac

SHA256
c960f06cc227dd4393dd823f997c52753b5391b264e0c36e661bf6f3fb5d12d1

SHA512
fd55759e5f6da5789b1aad01daa93aee9bb29a1e5b622cbfd3d1de52404f87c09e74b8926460a0657cb593991b20326ccb0c505cb6eacdbf1d98c37540848525

Download Submit
C:\Users\Admin\AppData\Roaming\44\Process.txt

Filesize
1KB

MD5
57ace37cd582c7bb3cb5c9ee383166fa

SHA1
0bb6b967b9306a0ab9dd052c973a0ae2ff5bb98a

SHA256
a4f878712b8b4acbcc10e9bbcfd856406479dfdedc191f39f827f3f32b6c644e

SHA512
52dfe4c00aeec68d0607d5098b36892f00c1509d236ee17d7680d5fee79497cbe2b8331e0e8b8e3d80b502ac2a9e502a52f672cc48e068eca810cde153109b06

Download Submit
C:\Users\Admin\AppData\Roaming\44\Process.txt

Filesize
2KB

MD5
c844ae050644a5f7d0cfba640c7bb0ad

SHA1
c58d8f90bbc4206af18577a61ebed085a63ee0e0

SHA256
d1b5557f8c31a4f8aee7b1779bc6ce1aacc071c3d0f4d2ebb126ee39d2546d5a

SHA512
f12533d74f0609e1f5ff4f3b9d38c34f5b1fc2199a21052332e4bfeba0a13421d9345dbb5e732dc865f498f4fcb3a30a68d2a52d2d58178a5d0baa806a603e91

Download Submit
C:\Users\Admin\AppData\Roaming\44\Process.txt

Filesize
3KB

MD5
7ebf290e91192b954779e88d3c09437d

SHA1
cc8924b889024e94ef9370a2af00306bd13e3b41

SHA256
6b88a42a47b38d8e8f03e3fbbcd0c8a1804c011e095d4b4633123925346dd146

SHA512
1f241e45c1dbc20cabc2b30e15a599cf8932249f1995e0aaec73ac995dcf7bf1b766209c92a8473621372ded34b82be270cbdaaac8381b943abe7fc87a350450

Download Submit
C:\Users\Admin\AppData\Roaming\44\Process.txt

Filesize
5KB

MD5
a57dac56f03a7dd3182058d70f01914a

SHA1
060a04a20430e9b12b3b2a526760aa4244e73840

SHA256
2e894c2050717cc7328bee5f7d3405e8fd36845bdaf5a38426bee5f42efe6643

SHA512
9a0b15eb8b504cd62570639d2e19ee6cdee3c2fac90d393cca1bcb9a50144d40a510668d80a9aeb27905f698cd927180abd9e3ba176bb625786ebc289f1b83aa

Download Submit
C:\Users\Admin\AppData\Roaming\44\Process.txt

Filesize
1KB

MD5
ef81260d89b9f5f3cfd66c07e27377a7

SHA1
28be7418a4b322bfbeedfd0f76c3536eb5505bca

SHA256
24b674f5d5cd4e53bd0d1cac0191d8d0d3101189e886ba6846769cea36c83997

SHA512
e2e07d75f554beabcfd28a0041b5dca6fd3c8f24fef7bc698186d28b574362c1edbc1d15ef6c4537497575d19d6b3b966e0407b8aace3c31c94dba1f3207b3e0

Download Submit
C:\Users\Admin\AppData\Roaming\44\Process.txt

Filesize
2KB

MD5
a6a403d1d5ca999e974d7a1fbcaed1ba

SHA1
8a81a1a120f22424ad771a525e67b010b075932e

SHA256
3ff9a453f620150f55a21127c5d56d2aa378655126bf9c847cd8a12a4eda4b92

SHA512
3f6b38c5e45340db0796fd3ede4cf791b68bb8f651343ec7ad5039869aecc4b323dff539ec4655d1a0e73a499ea2adcfc70b9f0f090b12db242fd2e252920796

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 331777.crdownload

Filesize
2.2MB

MD5
54daad58cce5003bee58b28a4f465f49

SHA1
162b08b0b11827cc024e6b2eed5887ec86339baa

SHA256
28042dd4a92a0033b8f1d419b9e989c5b8e32d1d2d881f5c8251d58ce35b9063

SHA512
8330de722c8800ff64c6b9ea16a4ff7416915cd883e128650c47e5cb446dd3aaa2a9ba5c4ecda781d243be7fb437b054bbcf942ea714479e6cc3cef932390829

Download Submit
memory/1128-3315-0x0000000000400000-0x00000000004D4000-memory.dmp

Filesize
848KB

Download
memory/2220-3107-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2220-3316-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4324-115-0x00007FF828ED0000-0x00007FF829992000-memory.dmp

Filesize
10.8MB

Download
memory/4324-1-0x0000000000CB0000-0x0000000000D4E000-memory.dmp

Filesize
632KB

Download
memory/4324-2-0x000000001B8A0000-0x000000001B98A000-memory.dmp

Filesize
936KB

Download
memory/4324-0-0x00007FF828ED3000-0x00007FF828ED5000-memory.dmp

Filesize
8KB

Download
memory/4324-3-0x00000000016C0000-0x00000000016C6000-memory.dmp

Filesize
24KB

Download
memory/4324-34-0x00007FF828ED0000-0x00007FF829992000-memory.dmp

Filesize
10.8MB

Download
memory/4440-117-0x0000018576B00000-0x0000018576B01000-memory.dmp

Filesize
4KB

Download
memory/4440-128-0x0000018576B00000-0x0000018576B01000-memory.dmp

Filesize
4KB

Download
memory/4440-124-0x0000018576B00000-0x0000018576B01000-memory.dmp

Filesize
4KB

Download
memory/4440-118-0x0000018576B00000-0x0000018576B01000-memory.dmp

Filesize
4KB

Download
memory/4440-122-0x0000018576B00000-0x0000018576B01000-memory.dmp

Filesize
4KB

Download
memory/4440-125-0x0000018576B00000-0x0000018576B01000-memory.dmp

Filesize
4KB

Download
memory/4440-116-0x0000018576B00000-0x0000018576B01000-memory.dmp

Filesize
4KB

Download
memory/4440-123-0x0000018576B00000-0x0000018576B01000-memory.dmp

Filesize
4KB

Download
memory/4440-126-0x0000018576B00000-0x0000018576B01000-memory.dmp

Filesize
4KB

Download
memory/4440-127-0x0000018576B00000-0x0000018576B01000-memory.dmp

Filesize
4KB

Download