60b2b15af0906c7bc3244e32f1dbb1d73cd2bf24bf0ebdfda84e377d5a041f54

Analysis

max time kernel
358s
max time network
356s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
11-01-2025 14:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

search.html
Size

427KB
MD5

e1dd5faf86f4ff8260c429d2848d04e1
SHA1

e856d77225967fab93f71bf5637263125cddb91c
SHA256

60b2b15af0906c7bc3244e32f1dbb1d73cd2bf24bf0ebdfda84e377d5a041f54
SHA512

5852bbd1a927fe47bc1d2ab537d1391ed9ec8f61a862bbc7af2ca98376864b49577580200620aa22d932c5578ca7c1d39a0627c501a3ecc1f4a99bcfba62bae4
SSDEEP

6144:LKDr6ZsLT+Qah1f8KpdHGjwCq5D64lIJRx/Ookq:LKDr6ZAMF8vWu4lIJjkq

Score

8^/10

steam defense_evasion discovery persistence phishing privilege_escalation

Malware Config

Signatures

Boot or Logon Autostart Execution: Active Setup 2 TTPs 2 IoCs

Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

persistence

Active Setup

T1547.014

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components	spchapi.exe
Key created	\REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components	tv_enua.exe

Downloads MZ/PE file
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 2 IoCs

pid	Process
4316	balcon.exe
5840	7z2409-x64.exe

Loads dropped DLL 64 IoCs

pid	Process
3228	KinitoPET.exe
3228	KinitoPET.exe
3228	KinitoPET.exe
3228	KinitoPET.exe
3228	KinitoPET.exe
3228	KinitoPET.exe
3228	KinitoPET.exe
3228	KinitoPET.exe
3228	KinitoPET.exe
3228	KinitoPET.exe
3228	KinitoPET.exe
3228	KinitoPET.exe
3228	KinitoPET.exe
3228	KinitoPET.exe
3228	KinitoPET.exe
3228	KinitoPET.exe
3228	KinitoPET.exe
3228	KinitoPET.exe
3228	KinitoPET.exe
3228	KinitoPET.exe
3228	KinitoPET.exe
3228	KinitoPET.exe
3228	KinitoPET.exe
3228	KinitoPET.exe
3228	KinitoPET.exe
3228	KinitoPET.exe
3228	KinitoPET.exe
3228	KinitoPET.exe
3228	KinitoPET.exe
3228	KinitoPET.exe
3228	KinitoPET.exe
3228	KinitoPET.exe
3228	KinitoPET.exe
3228	KinitoPET.exe
3228	KinitoPET.exe
3228	KinitoPET.exe
3228	KinitoPET.exe
3228	KinitoPET.exe
3228	KinitoPET.exe
3228	KinitoPET.exe
3228	KinitoPET.exe
3228	KinitoPET.exe
3228	KinitoPET.exe
3228	KinitoPET.exe
3228	KinitoPET.exe
3228	KinitoPET.exe
3228	KinitoPET.exe
3228	KinitoPET.exe
3228	KinitoPET.exe
3228	KinitoPET.exe
3228	KinitoPET.exe
3228	KinitoPET.exe
3228	KinitoPET.exe
3228	KinitoPET.exe
3228	KinitoPET.exe
3228	KinitoPET.exe
3228	KinitoPET.exe
3228	KinitoPET.exe
3228	KinitoPET.exe
3228	KinitoPET.exe
3228	KinitoPET.exe
3228	KinitoPET.exe
3228	KinitoPET.exe
3228	KinitoPET.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tv_enua = "RunDll32 advpack.dll,LaunchINFSection C:\\Windows\\INF\\tv_enua.inf, RemoveCabinet"	tv_enua.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
37	drive.google.com
95	drive.google.com

Detected potential entity reuse from brand STEAM.
phishing steam

Drops file in System32 directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\SET2CC3.tmp	tv_enua.exe
File created	C:\Windows\SysWOW64\SET2CC3.tmp	tv_enua.exe
File opened for modification	C:\Windows\SysWOW64\msvcp50.dll	tv_enua.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\7-Zip\Lang\az.txt	7z2409-x64.exe
File created	C:\Program Files\7-Zip\7-zip.dll.tmp	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\7-zip.chm	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\descript.ion	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\7-zip32.dll	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\7z.dll	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\el.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ro.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fur.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\is.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pt-br.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fy.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sw.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tr.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\va.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\zh-cn.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\bn.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ka.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kab.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mn.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mng2.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ps.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ext.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fi.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lt.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\gl.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ku-ckb.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\License.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\readme.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fr.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hr.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ku.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ky.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ms.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tg.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\br.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fa.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\gu.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mng.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ru.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\7-zip.dll	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lij.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sr-spc.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\zh-tw.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pt.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\si.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\yo.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hu.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\es.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pa-in.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sa.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sl.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mk.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ug.txt	7z2409-x64.exe
File created	C:\Program Files\7-Zip\7-zip.dll	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\History.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\af.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nl.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\bg.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\eu.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nb.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\7z.sfx	7z2409-x64.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\speech\SETF7A.tmp	spchapi.exe
File created	C:\Windows\speech\SETFAF.tmp	spchapi.exe
File opened for modification	C:\Windows\lhsp\tv\SET2C70.tmp	tv_enua.exe
File opened for modification	C:\Windows\speech\vcmd.exe	spchapi.exe
File opened for modification	C:\Windows\speech\spchtel.dll	spchapi.exe
File opened for modification	C:\Windows\speech\SETF55.tmp	spchapi.exe
File opened for modification	C:\Windows\speech\SETF7C.tmp	spchapi.exe
File opened for modification	C:\Windows\INF\SETFB0.tmp	spchapi.exe
File opened for modification	C:\Windows\speech\speech.dll	spchapi.exe
File opened for modification	C:\Windows\speech\XTel.Dll	spchapi.exe
File opened for modification	C:\Windows\INF\tv_enua.inf	tv_enua.exe
File created	C:\Windows\speech\SETF55.tmp	spchapi.exe
File opened for modification	C:\Windows\speech\vcauto.tlb	spchapi.exe
File opened for modification	C:\Windows\lhsp\tv\tv_enua.dll	tv_enua.exe
File opened for modification	C:\Windows\fonts\andmoipa.ttf	tv_enua.exe
File created	C:\Windows\speech\~TMP4352~.TMP	spchapi.exe
File created	C:\Windows\speech\SETF69.tmp	spchapi.exe
File created	C:\Windows\INF\SETFB0.tmp	spchapi.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File created	C:\Windows\lhsp\help\SET2C82.tmp	tv_enua.exe
File opened for modification	C:\Windows\INF\SET2C84.tmp	tv_enua.exe
File created	C:\Windows\speech\SETF7C.tmp	spchapi.exe
File opened for modification	C:\Windows\speech\speech.hlp	spchapi.exe
File created	C:\Windows\speech\SETF7A.tmp	spchapi.exe
File opened for modification	C:\Windows\speech\Vdict.dll	spchapi.exe
File created	C:\Windows\speech\SETFAE.tmp	spchapi.exe
File created	C:\Windows\INF\SET2C84.tmp	tv_enua.exe
File opened for modification	C:\Windows\speech\SETF58.tmp	spchapi.exe
File opened for modification	C:\Windows\speech\Xlisten.dll	spchapi.exe
File created	C:\Windows\speech\SETF7B.tmp	spchapi.exe
File opened for modification	C:\Windows\speech\Xvoice.dll	spchapi.exe
File created	C:\Windows\speech\SETF24.tmp	spchapi.exe
File created	C:\Windows\speech\SETF57.tmp	spchapi.exe
File opened for modification	C:\Windows\speech\vtxtauto.tlb	spchapi.exe
File created	C:\Windows\speech\SETF8E.tmp	spchapi.exe
File opened for modification	C:\Windows\speech\VText.dll	spchapi.exe
File created	C:\Windows\speech\SETF56.tmp	spchapi.exe
File opened for modification	C:\Windows\lhsp\help\SET2C82.tmp	tv_enua.exe
File opened for modification	C:\Windows\lhsp\help\tv_enua.hlp	tv_enua.exe
File opened for modification	C:\Windows\lhsp\tv\tvenuax.dll	tv_enua.exe
File opened for modification	C:\Windows\speech\SETF8E.tmp	spchapi.exe
File opened for modification	C:\Windows\INF\spchapi.inf	spchapi.exe
File created	C:\Windows\lhsp\tv\SET2C81.tmp	tv_enua.exe
File opened for modification	C:\Windows\speech\SETF44.tmp	spchapi.exe
File created	C:\Windows\speech\SETF6A.tmp	spchapi.exe
File opened for modification	C:\Windows\speech\SETF7D.tmp	spchapi.exe
File opened for modification	C:\Windows\speech\SETF69.tmp	spchapi.exe
File opened for modification	C:\Windows\speech\SETF7B.tmp	spchapi.exe
File created	C:\Windows\lhsp\tv\SET2C70.tmp	tv_enua.exe
File created	C:\Windows\speech\SETF44.tmp	spchapi.exe
File opened for modification	C:\Windows\speech\SETF56.tmp	spchapi.exe
File created	C:\Windows\speech\SETF58.tmp	spchapi.exe
File opened for modification	C:\Windows\speech\SETFAE.tmp	spchapi.exe
File opened for modification	C:\Windows\speech\SETFAF.tmp	spchapi.exe
File opened for modification	C:\Windows\speech\WrapSAPI.dll	spchapi.exe
File opened for modification	C:\Windows\fonts\SET2C83.tmp	tv_enua.exe
File created	C:\Windows\fonts\SET2C83.tmp	tv_enua.exe
File opened for modification	C:\Windows\speech\SETF24.tmp	spchapi.exe
File opened for modification	C:\Windows\speech\vcmshl.dll	spchapi.exe
File opened for modification	C:\Windows\speech\SETF6A.tmp	spchapi.exe
File opened for modification	C:\Windows\speech\speech.cnt	spchapi.exe
File opened for modification	C:\Windows\speech\Xcommand.dll	spchapi.exe
File created	C:\Windows\speech\SETF7D.tmp	spchapi.exe
File opened for modification	C:\Windows\lhsp\tv\SET2C81.tmp	tv_enua.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\7z2409-x64.exe:Zone.Identifier	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 15 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tv_enua.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spchapi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	grpconv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	balcon.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	grpconv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z2409-x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133810781593817900"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{53961A08-459B-11d1-BE77-006008317CE8}\ = "Spelling Control"	spchapi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4E3D9D1F-0C63-11D1-8BFB-0060081841DE}\MiscStatus\	spchapi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EEE78591-FE22-11D0-8BEF-0060081841DE}\TypeLib\ = "{EEE78583-FE22-11D0-8BEF-0060081841DE}"	spchapi.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{70618F72-D1ED-11d0-8FAC-08002BE4E62A}\InprocServer32	spchapi.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{61935832-FC85-11d0-8FAE-08002BE4E62A}\InprocServer32	spchapi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FFF5DF80-5544-11b9-C000-5611722E1D15}\ = "IVCmdAttributesA"	spchapi.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{090CD9A7-DA1A-11CD-B3CA-00AA0047BA4F}	spchapi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{88AD7DC0-67D5-11cf-9B8B-08005AFC3A41}\ProxyStubClsid32\ = "{C63A2B30-5543-11b9-C000-5611722E1D15}"	spchapi.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{492FE490-51E7-11b9-C000-FED6CBA3B1A9}	spchapi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{090CD9AF-DA1A-11CD-B3CA-00AA0047BA4F}\InprocServer32\	spchapi.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B8F2846E-CE36-11D0-AC83-00C04FD97575}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C63A2B30-5543-11b9-C000-5611722E1D15}\InprocServer32\ = "C:\\Windows\\speech\\vcmshl.dll"	spchapi.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EFD0E6BA-DB5F-11d0-8FAC-08002BE4E62A}	spchapi.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B3613DA0-E26E-11d0-8FAC-08002BE4E62A}	spchapi.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E1B7A180-E093-11cd-A166-00AA004CD65C}\ProxyStubClsid32	spchapi.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6B837B20-4A47-101B-931A-00AA0047BA4F}	spchapi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B9F11A90-90E3-11d0-8D77-00A0C9034A7E}\InprocServer32\ = "C:\\Windows\\speech\\Speech.dll"	spchapi.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{53961A01-459B-11d1-BE77-006008317CE8}	spchapi.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{4E3D9D11-0C63-11D1-8BFB-0060081841DE}\1.0\0\win32	spchapi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EEE78591-FE22-11D0-8BEF-0060081841DE}\ProgId\ = "DirectSS.DirectSS.1"	spchapi.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2398E32F-5C6E-11D1-8C65-0060081841DE}\Programmable	spchapi.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{090CD9A4-DA1A-11CD-B3CA-00AA0047BA4F}\ProxyStubClsid32	spchapi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E97F05C0-81B3-11ce-B763-00AA004CD65C}\ = "IEnumSRShareW"	spchapi.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8763AFD1-7ADE-11d1-BEA7-006008317CE8}	spchapi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{53961A02-459B-11d1-BE77-006008317CE8}\InprocServer32\ = "C:\\Windows\\speech\\spchtel.dll"	spchapi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{53961A07-459B-11d1-BE77-006008317CE8}\InprocServer32\ThreadingModel = "Apartment"	spchapi.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9B445330-E39F-11d1-BED7-006008317CE8}	spchapi.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EEE78591-FE22-11D0-8BEF-0060081841DE}\Insertable	spchapi.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{80B25CC0-5540-11b9-C000-5611722E1D15}\ProxyStubClsid32	spchapi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{2398E321-5C6E-11D1-8C65-0060081841DE}\	spchapi.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{53961A05-459B-11d1-BE77-006008317CE8}\InprocServer32	spchapi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{53961A06-459B-11d1-BE77-006008317CE8}\InprocServer32\ = "C:\\Windows\\speech\\spchtel.dll"	spchapi.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{53961A08-459B-11d1-BE77-006008317CE8}\InprocServer32	spchapi.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{582C2191-4016-11D1-8C55-0060081841DE}\InprocServer32	spchapi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{582C2191-4016-11D1-8C55-0060081841DE}\MiscStatus\1\ = "131473"	spchapi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D24FE500-C743-11cd-80E5-00AA003E4B50}\InprocServer32\ThreadingModel = "Apartment"	spchapi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{090CD9A3-DA1A-11CD-B3CA-00AA0047BA4F}\ = "ISRGramDictationW"	spchapi.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{238004E3-F0C4-11d1-BED9-006008317CE8}\ProxyStubClsid32	spchapi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{53961A05-459B-11d1-BE77-006008317CE8}\ = "Date Control"	spchapi.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EE39B8A0-6053-101B-9926-00AA003CFC2C}\ProxyStubClsid32	spchapi.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D2C840E0-E092-11cd-A166-00AA004CD65C}\ProxyStubClsid32	spchapi.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9B445330-E39F-11d1-BED7-006008317CE8}\ProxyStubClsid32	spchapi.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{60462311-3373-11D1-8C43-0060081841DE}\1.0\0	spchapi.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{090CD9A9-DA1A-11CD-B3CA-00AA0047BA4F}\ProxyStubClsid32	spchapi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{05EB6C6D-DBAB-11CD-B3CA-00AA0047BA4F}\ = "ITTSEnumA"	spchapi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{53961A05-459B-11d1-BE77-006008317CE8}\InprocServer32\ThreadingModel = "Apartment"	spchapi.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{582C2191-4016-11D1-8C55-0060081841DE}	spchapi.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{090CD9AE-DA1A-11CD-B3CA-00AA0047BA4F}\InprocServer32	spchapi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E8F6FA20-E095-11cd-A166-00AA004CD65C}\ = "IVMsgDialogsA"	spchapi.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2F26B9C0-DB31-11CD-B3CA-00AA0047BA4F}\ProxyStubClsid32	spchapi.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{582C2183-4016-11D1-8C55-0060081841DE}	spchapi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B9F11A90-90E3-11d0-8D77-00A0C9034A7E}\InprocServer32\ThreadingModel = "Apartment"	spchapi.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{92655FB1-ADF9-11d1-BEB9-006008317CE8}	spchapi.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{88AD7DC0-67D5-11cf-9B8B-08005AFC3A41}	spchapi.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EEE78583-FE22-11D0-8BEF-0060081841DE}\1.0	spchapi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66523042-35FE-11D1-8C4D-0060081841DE}\InprocServer32\ThreadingModel = "Apartment"	spchapi.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CB96B400-C743-11cd-80E5-00AA003E4B50}\InprocServer32	spchapi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B9F11A96-90E3-11d0-8D77-00A0C9034A7E}\InprocServer32\ThreadingModel = "Apartment"	spchapi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{090CD9AC-DA1A-11CD-B3CA-00AA0047BA4F}\ProxyStubClsid32\ = "{B9BD3860-44DB-101B-90A8-00AA003E4B50}"	spchapi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8763AFD2-7ADE-11d1-BEA7-006008317CE8}\ProxyStubClsid32\ = "{C63A2B30-5543-11b9-C000-5611722E1D15}"	spchapi.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{FC9E7401-6058-11D1-8C66-0060081841DE}	spchapi.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FD7C2320-3D6D-11b9-C000-FED6CBA3B1A9}\ProxyStubClsid32	spchapi.exe

NTFS ADS 3 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\KinitoPET.v1.1.0.7z:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\KinitoPET.zip:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\7z2409-x64.exe:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2896	chrome.exe
2896	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe
4128	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5636	OpenWith.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
676	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe

Suspicious use of SendNotifyMessage 14 IoCs

pid	Process
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
4316	balcon.exe
4316	balcon.exe

Suspicious use of SetWindowsHookEx 20 IoCs

pid	Process
5840	7z2409-x64.exe
5636	OpenWith.exe
5636	OpenWith.exe
5636	OpenWith.exe
5636	OpenWith.exe
5636	OpenWith.exe
5636	OpenWith.exe
5636	OpenWith.exe
5636	OpenWith.exe
5636	OpenWith.exe
5636	OpenWith.exe
5636	OpenWith.exe
5636	OpenWith.exe
5636	OpenWith.exe
5636	OpenWith.exe
5636	OpenWith.exe
4324	AcroRd32.exe
4324	AcroRd32.exe
4324	AcroRd32.exe
4324	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2896 wrote to memory of 1900	2896	chrome.exe	77
PID 2896 wrote to memory of 1900	2896	chrome.exe	77
PID 2896 wrote to memory of 4048	2896	chrome.exe	78
PID 2896 wrote to memory of 4048	2896	chrome.exe	78
PID 2896 wrote to memory of 4048	2896	chrome.exe	78
PID 2896 wrote to memory of 4048	2896	chrome.exe	78
PID 2896 wrote to memory of 4048	2896	chrome.exe	78
PID 2896 wrote to memory of 4048	2896	chrome.exe	78
PID 2896 wrote to memory of 4048	2896	chrome.exe	78
PID 2896 wrote to memory of 4048	2896	chrome.exe	78
PID 2896 wrote to memory of 4048	2896	chrome.exe	78
PID 2896 wrote to memory of 4048	2896	chrome.exe	78
PID 2896 wrote to memory of 4048	2896	chrome.exe	78
PID 2896 wrote to memory of 4048	2896	chrome.exe	78
PID 2896 wrote to memory of 4048	2896	chrome.exe	78
PID 2896 wrote to memory of 4048	2896	chrome.exe	78
PID 2896 wrote to memory of 4048	2896	chrome.exe	78
PID 2896 wrote to memory of 4048	2896	chrome.exe	78
PID 2896 wrote to memory of 4048	2896	chrome.exe	78
PID 2896 wrote to memory of 4048	2896	chrome.exe	78
PID 2896 wrote to memory of 4048	2896	chrome.exe	78
PID 2896 wrote to memory of 4048	2896	chrome.exe	78
PID 2896 wrote to memory of 4048	2896	chrome.exe	78
PID 2896 wrote to memory of 4048	2896	chrome.exe	78
PID 2896 wrote to memory of 4048	2896	chrome.exe	78
PID 2896 wrote to memory of 4048	2896	chrome.exe	78
PID 2896 wrote to memory of 4048	2896	chrome.exe	78
PID 2896 wrote to memory of 4048	2896	chrome.exe	78
PID 2896 wrote to memory of 4048	2896	chrome.exe	78
PID 2896 wrote to memory of 4048	2896	chrome.exe	78
PID 2896 wrote to memory of 4048	2896	chrome.exe	78
PID 2896 wrote to memory of 4048	2896	chrome.exe	78
PID 2896 wrote to memory of 1380	2896	chrome.exe	79
PID 2896 wrote to memory of 1380	2896	chrome.exe	79
PID 2896 wrote to memory of 4536	2896	chrome.exe	80
PID 2896 wrote to memory of 4536	2896	chrome.exe	80
PID 2896 wrote to memory of 4536	2896	chrome.exe	80
PID 2896 wrote to memory of 4536	2896	chrome.exe	80
PID 2896 wrote to memory of 4536	2896	chrome.exe	80
PID 2896 wrote to memory of 4536	2896	chrome.exe	80
PID 2896 wrote to memory of 4536	2896	chrome.exe	80
PID 2896 wrote to memory of 4536	2896	chrome.exe	80
PID 2896 wrote to memory of 4536	2896	chrome.exe	80
PID 2896 wrote to memory of 4536	2896	chrome.exe	80
PID 2896 wrote to memory of 4536	2896	chrome.exe	80
PID 2896 wrote to memory of 4536	2896	chrome.exe	80
PID 2896 wrote to memory of 4536	2896	chrome.exe	80
PID 2896 wrote to memory of 4536	2896	chrome.exe	80
PID 2896 wrote to memory of 4536	2896	chrome.exe	80
PID 2896 wrote to memory of 4536	2896	chrome.exe	80
PID 2896 wrote to memory of 4536	2896	chrome.exe	80
PID 2896 wrote to memory of 4536	2896	chrome.exe	80
PID 2896 wrote to memory of 4536	2896	chrome.exe	80
PID 2896 wrote to memory of 4536	2896	chrome.exe	80
PID 2896 wrote to memory of 4536	2896	chrome.exe	80
PID 2896 wrote to memory of 4536	2896	chrome.exe	80
PID 2896 wrote to memory of 4536	2896	chrome.exe	80
PID 2896 wrote to memory of 4536	2896	chrome.exe	80
PID 2896 wrote to memory of 4536	2896	chrome.exe	80
PID 2896 wrote to memory of 4536	2896	chrome.exe	80
PID 2896 wrote to memory of 4536	2896	chrome.exe	80
PID 2896 wrote to memory of 4536	2896	chrome.exe	80
PID 2896 wrote to memory of 4536	2896	chrome.exe	80
PID 2896 wrote to memory of 4536	2896	chrome.exe	80

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\search.html
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff82fa6cc40,0x7ff82fa6cc4c,0x7ff82fa6cc58
  2⤵
  PID:1900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1696,i,17745726246308715069,9499769382242070626,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1792 /prefetch:2
  2⤵
  PID:4048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1820,i,17745726246308715069,9499769382242070626,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2132 /prefetch:3
  2⤵
  PID:1380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2184,i,17745726246308715069,9499769382242070626,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2160 /prefetch:8
  2⤵
  PID:4536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3088,i,17745726246308715069,9499769382242070626,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3104 /prefetch:1
  2⤵
  PID:996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3092,i,17745726246308715069,9499769382242070626,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4284,i,17745726246308715069,9499769382242070626,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3684 /prefetch:1
  2⤵
  PID:1308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4440,i,17745726246308715069,9499769382242070626,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4712 /prefetch:8
  2⤵
  PID:4528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4908,i,17745726246308715069,9499769382242070626,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3488 /prefetch:1
  2⤵
  PID:3732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=212,i,17745726246308715069,9499769382242070626,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:2432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5260,i,17745726246308715069,9499769382242070626,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4432 /prefetch:1
  2⤵
  PID:4380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5348,i,17745726246308715069,9499769382242070626,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5652 /prefetch:1
  2⤵
  PID:2692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5792,i,17745726246308715069,9499769382242070626,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4724,i,17745726246308715069,9499769382242070626,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4704 /prefetch:1
  2⤵
  PID:4100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5432,i,17745726246308715069,9499769382242070626,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4572,i,17745726246308715069,9499769382242070626,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:3912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5924,i,17745726246308715069,9499769382242070626,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:4808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4276,i,17745726246308715069,9499769382242070626,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:4116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5984,i,17745726246308715069,9499769382242070626,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:1048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=6140,i,17745726246308715069,9499769382242070626,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6152 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6448,i,17745726246308715069,9499769382242070626,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6460 /prefetch:1
  2⤵
  PID:4376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6408,i,17745726246308715069,9499769382242070626,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6592 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6392,i,17745726246308715069,9499769382242070626,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6672 /prefetch:1
  2⤵
  PID:3640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6516,i,17745726246308715069,9499769382242070626,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6492 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4536,i,17745726246308715069,9499769382242070626,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5844 /prefetch:8
  2⤵
  - NTFS ADS
  PID:420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=6404,i,17745726246308715069,9499769382242070626,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6848 /prefetch:1
  2⤵
  PID:3332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5856,i,17745726246308715069,9499769382242070626,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6528 /prefetch:8
  2⤵
  - NTFS ADS
  PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5564,i,17745726246308715069,9499769382242070626,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6544 /prefetch:8
  2⤵
  PID:4980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5932,i,17745726246308715069,9499769382242070626,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4568 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3692,i,17745726246308715069,9499769382242070626,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6420 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4128

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1552

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4120

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4116

C:\Users\Admin\Downloads\KinitoPET\KinitoPET.exe
"C:\Users\Admin\Downloads\KinitoPET\KinitoPET.exe"
1⤵
PID:244
- C:\Users\Admin\Downloads\KinitoPET\KinitoPET.exe
  "C:\Users\Admin\Downloads\KinitoPET\KinitoPET.exe"
  2⤵
  - Loads dropped DLL
  PID:3228
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:3884
- - C:\Users\Admin\AppData\Local\Temp\_MEI2442\GameAssets\Programs\balcon.exe
    C:\Users\Admin\AppData\Local\Temp\_MEI2442\GameAssets\Programs\balcon.exe -n Eddie -t "Let me show you this cool image I have generated for you!" -p 45
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SendNotifyMessage
    PID:4316

C:\Users\Admin\Downloads\KinitoPET\spchapi.exe
"C:\Users\Admin\Downloads\KinitoPET\spchapi.exe"
1⤵
- Boot or Logon Autostart Execution: Active Setup
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:1952
- C:\Windows\SysWOW64\grpconv.exe
  grpconv.exe -o
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4784

C:\Users\Admin\Downloads\KinitoPET\tv_enua.exe
"C:\Users\Admin\Downloads\KinitoPET\tv_enua.exe"
1⤵
- Boot or Logon Autostart Execution: Active Setup
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:2520
- C:\Windows\SysWOW64\regsvr32.exe
  regsvr32 /s C:\Windows\lhsp\tv\tv_enua.dll
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3068
- C:\Windows\SysWOW64\regsvr32.exe
  regsvr32 /s C:\Windows\lhsp\tv\tvenuax.dll
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  PID:4324
- C:\Windows\SysWOW64\grpconv.exe
  grpconv.exe -o
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4316

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:1076

C:\Users\Admin\Downloads\7z2409-x64.exe
"C:\Users\Admin\Downloads\7z2409-x64.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5840

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5636
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_KinitoPET.v1.1.0.zip\KinitoPET.v1.1.0.7z"
  2⤵
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:4324
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2676
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=B81F1707554AD7AD17FD345CFAEEE4F0 --mojo-platform-channel-handle=1768 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:6200
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=CE1D9AEAF938557B9450EB7A4507E663 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=CE1D9AEAF938557B9450EB7A4507E663 --renderer-client-id=2 --mojo-platform-channel-handle=1776 --allow-no-sandbox-job /prefetch:1
      4⤵
      System Location Discovery: System Language Discovery
      PID:6216
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=6220AF9E005D25999B62BC27E4013226 --mojo-platform-channel-handle=2336 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:6396
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=3C44EA3D84309700E39D936C44D89C5D --mojo-platform-channel-handle=1956 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:3228
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=667E4B1FA87369211D1E8B243732A4D3 --mojo-platform-channel-handle=2384 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:6564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
3010d71bd8046fe844eddc79c2fb3a82

SHA1
a6b0ebae9e5f94e3c1504951df3e546dade276e4

SHA256
fe44109996162db22fe24539b924bb86efdce42ca562fc3d8f49868b7ff34cd4

SHA512
28e5cab65795891530047f1d3e1c1834ed65a08614e62a136beb7208af44876b2d3b0ac812353f820e6985d061776cbfb8e833d6435b87ced2777a9b71063b85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002e

Filesize
17KB

MD5
a75c0771ad920b3126e8c7fa5259c627

SHA1
066aac8689e0c8d6885b58272671c189e56c2542

SHA256
a92973e47e5b9ce381fcb05f91a8ce8c3e331c7ec766dc58602f4958c9a34f60

SHA512
9f371cd9538ecf948cc1b414ea66a38a9771ea4382b4824ea840c22303220514e8e0201cbf2ff2b863423d79795ff9720c156e3106044616c4c54ce21e7192c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000066

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
65c8484eaffcf1c5e9bd64913c350b9e

SHA1
5ccdcd5c9739b6bb58d9d52e8ed164d84424b4d2

SHA256
69d10fb1cf20d900930627838238c562758714f99a3193a76f6e3fa860a8aa29

SHA512
4440164278c700b5db138525a453715c54051e8627a731627c14c745db160db66d4383889a46708a834cf1ac77858e60464da0ee82cb7230a0d53bcf2c8a04e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
9a33b10b61d7080fd7182e74e49da642

SHA1
e5914a5887618ff2e69bfe53655faf3c4c812b3c

SHA256
572ff38489cf73108d5d162a9487fe23c3ac468931324b80e93d7042d7f9de66

SHA512
2cab1ace6553163381f939d68b4f447d664795aaec86df696cf9b55326e6549e7836610825249fb1b5acd5d0e828b9d66e789a8bddbe0c5fa9c6ffb24e660888

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
40434c4bd4231a6d7313bf0c69d81a53

SHA1
7bdd2dd95b9d7810a9edb15c5e096092716a2560

SHA256
3c6b9740158aab85cf020e87c2256eccdd43bcbb9af2ffed1097bd15951450c9

SHA512
d6e61f2dc7971efcafcc7b2f6993c6f8740aa67aef4ed30f61a86840b6f04b261dc9e7dcd9657aa81cfc489746e46f30c0dd469d58f715f56b81aeff20fdf4b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
17KB

MD5
f3d3fb2b8e7b4c415288e8468700ef08

SHA1
a72cdb7ac5e8f95fa6504ad1bac3fbebee3d766b

SHA256
d4fddf0bb2681959180744d278e900713ddee979829a86feda59c1c50257d474

SHA512
e9029e75b48a3115e6f37191b8799498d2fe4706a118aa24426281207bc3b9e3520115b9f67e09f0cb7a7294bf7537f10c7bbbd243b8ce2cda73435ad4e32c58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b17133343008b41f28a07e815f3c861f

SHA1
8e786cfd504ccd0abf81966aace4d3ed5a06a467

SHA256
469ddfcdee12c230d3289d0c8297c9c8d86e15e79a06e384cfd810dbe014ff3c

SHA512
09f2f4ad4b9ff96e1d04ad6b4f0c597d1e1299a41b0f70b0c1df7e44e647a5000a087325b4f83c5fa70973646aa7733bcaa14ba1faa5c6ba6a36d21fdbc5a10e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6d8d45e3b9f166528e1c982c732f0a80

SHA1
afc045d5407cc4e1cc010348cb7e398566aa238c

SHA256
51652fe80e597c87d7b18d0e0471c63e463838037dab8055c748cb488d5baae7

SHA512
be4750850e9181a46969ac8423da0c5556b8fb4238aa43f99edeead8e8621437f10198f7144fd88ad09f099c47d018956cc9919ba6ed76358d09ccf50ef755b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
63cca4888af9b8963639d3e3eb6423c2

SHA1
0bd39a117a1cde00723306d93184bcf6a9e895e2

SHA256
2d67333d27ab416ebfec5a3bbda07c90ff7adf15a73ff04676740068bce8140a

SHA512
3346af40ca67ec80abe839d6c1d06d5bf8d80bb470c942a47c5b572b46997b1d3345361b2622b2de0e6a9570638fae863437d0d271d078544d606a2e0080eaf5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
afc81ce9daffd714fef2654b9d111a55

SHA1
c6b3e13d4b5afa51c5b277d082a21d56bbc2bf2b

SHA256
fdaf872c75e2e8c1de41a12e53bd53d8ebb0ece66264665b3ae47132ce67af18

SHA512
058ada4d9eb01b535d73a36e21f7778b0faaef103dd83013e71fc8c3d0f67bb3102d712264831722580e06df95ddad07c1508b081a9c81c2b1c9ad887794d8e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
84b03d32e284c3008593ecc08a025de6

SHA1
28019842844c0b1fe7a0aeea6b39b67a4f530cca

SHA256
14ce890ae63146f1085c545e39eaf9250424d606258aebd056e2e8110c67e118

SHA512
818da85648432ba4775812c6e6a1eb1de921bf53aa1d989265249e9b03657de467c6725d0616aec42a4de059dfdab103214e2c036b7774162d090bf9d5be7f7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
17e5b2ee94943ad64de65bab82cc2aee

SHA1
764526459641fe6c88dd5327e9c3f03013ef08c8

SHA256
7bf0c83b3352a077e5bf82721e5169a17080ee9a88918da11f444134067a89af

SHA512
597f9b404e5f59348502bf0f7b7a483aecc6dd5d2c3ea33a5eb02a63e8908371adb00f2736debc87ccccdebce108a1e85345cef1adce5fc471bfe89442db1435

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7add7063b8f7d97c7d8d13d609fbd006

SHA1
847f7fe17df40443b9270fab35df27bc9113cc08

SHA256
6f03c72bf43f281ba3e360e8a72b3bc733293e26148a4ba7465ebb326aec0028

SHA512
c1335733e7d011dc05ab148dcbc935a66f851ece7722250c1da63563201994f001a34c94ccac0d44e109708deb39fa78c40d24c45f9bc8dfe7a5daf55c6b89c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ffa3885921b597ea8da95149723c8e74

SHA1
80cb78656620b2df499af042c279c5a06b20ee21

SHA256
7f5809d3ba09ccf3163752ae37de6851515410e1c8f78d8c95f1654cd125f283

SHA512
ed2b5cfa305ca8930473f352ad914f5dc7c7744a5fd2658744e85fd74699ca82c4a6e5268871a27292c6f8cd28a4f0cc40c5844f0a9b1ebdb4cb92a8a46d036c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b06a8673458cd5ce77e42fdfc30180cc

SHA1
8207dd987082ac00866177cd85cb161b42a0a28c

SHA256
f2731f366861f02f2c719fc66c523cc88257e8ca3df12bd2302f8061b42d28e3

SHA512
633372c132b27b0e084f0ef1217bd83b121d281e11be0836609dc29c69f06b6ff14deb99ff417d2b20b59bdab9cb400b19eb6c91985d0f38a371880397b17c93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
9fbaebf733d649c84353b2c27d9a3ea5

SHA1
dfd0e24b63de59fb10ba3f40d01e710b3183c4c2

SHA256
2baff9a1e1a2eb179f02cc0c0d8608bc12618016b7a9fc75e8742bc8568cfa5a

SHA512
77674b57e7b1eb7e8795e1b5304ecff6752f3f86c584241702d9bb1152337c1b98b0bcae72ee3a4b9c79cecebf536d3f07336be82c2e7e67f9dc183984a911df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
88608523d5ea59e043c97b60633c5d73

SHA1
e38dc18765bd346612bb33b6a2fddd1d99f472da

SHA256
65ee41845e971346e37bf49b53c106f149a67f295ff3c8c2012b1345704e8858

SHA512
129cf56d1135c63191c4cd835d79b177c7a65c0530fb936e48c2d2232c0191020007379279468db388fe21a6470c265ed0c9525326420640dfedd26cc6686c73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
7926bda79d35d6f6cf0f89931defc7a1

SHA1
d7e97800b1e592fc53e9d9ce860b1b7cd25e5ac6

SHA256
45c21c933141f2b6b87db5d9868566209818fc3b34edfb0388918518841231b5

SHA512
96e6bd80a13f2e490f087f04c59ac7233bc6b8bffad13a20201c6379ef6bfd95e9e0bba780f1a566353accb95c36e28c9ab52e2aa79ecabee39a0cb60a15bfba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
0bcd4a550a648e03723927f00fc7bbbb

SHA1
735751d868b884d2b75f6a7a412f3e1806ea9d20

SHA256
94b027aaa092788ee76ed4e8e2a9fb235bb071c629dc12c31b852c0ca030edb1

SHA512
d95741c3f8070ff02db3715a158d16540d09f2c451d5c3b5cd153a8c2a81caa9c5d3c9c987da3236940de861b56bfa26b559f53170eeb2b2c4ac952c77a28fc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c4d7da9d5ff7843fa5505385e7deef3e

SHA1
f7a465573f6ef7cb3153ce0b92b0e502e661ab69

SHA256
45a35869bc57cb15fe655fbe9a0fd77e696f2cf74587fba30da13b8504fa13a7

SHA512
9d98f51c29472cffc0209468a709d91737e9a23ff9d69fa7d1946b68eefcf7cf2515242feb225664ef5080a1baddc0f9c62d6ff0d53f10dcbe509436530bd1ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2b68f113a3dea784b5db4e609c38d971

SHA1
074e2c4a89c2e3a008bbdbb83b7e9bd2eb8ca8e0

SHA256
95b222cbee2569eb6ccfbbff034f515828a52b2af51696f6503a7fdd9ba44b36

SHA512
984df3774a688e71fd93575f1743dcf0fd88947c84da279bf2660780f8eb2d866824762d166a7c7d69eccbaf186713c946387225f41536a4826391d04280d888

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
8172c2027903e0b3317954f49799717f

SHA1
ccc74c1b7e449c7f588a2c33a9d62557a4a04a56

SHA256
2a0d83375636ebff89df7d97a61a093c2309b4e94ecad608795d4b4283cce2f0

SHA512
b425ead5804af5060291abdbff4058839933e409d1a4844cd750da482d3f4a24eaf191b31afdf0ed6f8f1f9fcafe2444cabef0d5f1faaef421d162a2ea6da78b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
385e8efebc456860c9eed1ede9ba7d1c

SHA1
9347612968f42bebc4a0869ca18e7b3aa1e9029b

SHA256
2128d29e8ce91227b3dcbefe86015de63aaae0ff6a086ce847a5392368ee61d3

SHA512
cd0eb88e5224462339f684d6378c38f5ea06fe1ca0a6347166efd5be96bc17d005bb0484f67b9683f62edd885c313b7fc4e8e6e9a5a6dcc134f0582e875aa226

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
521a2905e6cb505e02cfad18852eeac3

SHA1
2bd255137a4cc311f107403da4f0568fb9a8212a

SHA256
9934ce06ebb28507cc5bf55f52e063a0a2be00125a9b49bda03aa62298be887b

SHA512
a41e14ecbc53fe84c0e2ecd33aa891669f85867604b8bd79bacd60490aa36d8132e2e5e1cc23c91bb7df8b92dad2ab0b76328e1e37a69de15b97845691fb369d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
6e75f5d069180cd253ded9deacdb70f9

SHA1
5d584cedcace4599608745b37d7520e0e96193d9

SHA256
9b512f0d842cafa98e1f607d382aef37706922fb3f9058036494c650e9bc980a

SHA512
81760b17d5807d89d123f46225f616a975afe693f3d1ced406eed71af1d04c034a871351b2bacd00fb765954d508511ff526b7dea2e4bb09f303a241be5cf4e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
8a403b384f41976e391042524ae2a1d6

SHA1
caffe923a6dcbd2758fe1e27c7d0a34bcf5d3865

SHA256
0d445d9f2909ab080b81ddae0a51e0e1f5b239ddd8b9f5a551911715070d275c

SHA512
a4209aac76b10c965766761b6e1d4ed14e51eabb4781c759411fb86b47d9370de59fd0d6497073f16c0eb8a7e7ad59223101df55a3427c7ff005bfdcf6ce5ae1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
dd9ff8bf228ead301741bdd0b8b7abbb

SHA1
5388848e5ea738323fdf354118327cd9fd083c84

SHA256
3f8cd389aeb39a6761ca9818f485f9bf7b458b90b3f958acbe6469c7ef45a3c4

SHA512
c40840bfa759d9146f0cd03feec1195514cfcb5a01dda2b611bcaa4e0b414acd082816e0cd55038f8d714bcbd2ff6a883170ba36d9ec37e59e3bd50cfa755dd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
705f8528ea5bd4fc4a7b03969edc9323

SHA1
e902d45499fbaadfe9c5741313990a3e8c9a9601

SHA256
8e1aed6d484899d40696e0a592ca6bc191e25db98bd2d1f6be50ffacf440934c

SHA512
8429dcb5b8f5e06aaf0f94381edcac554fd1e09b3f12cf01e69f68c8f99bc3445e1fa5aeb448340c3a5a69cd6afd52bb5e04373e752bc9d1ea3440e2ed29010e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
f6a9b55f279797b8c84c273854a97f1a

SHA1
38d6258a2f7486d6365a1b5b1629eda457eb761e

SHA256
69c8c3f3ff5c6e8b4465ba1bbf1d43d154005afc0f99ed10f0e69d62d20af306

SHA512
2e901fbdda97c4972f6052001c9af6ccb3da7eca95dd40f80beccf343103d2a51fd76b1f35f426dfc34d8fc6fc9b9dacff25251584cc6a2feaf5192f9936faa8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ae01b7d7bcba1d52555259fab2253187

SHA1
a2607cc9505948cbe0a455998c2569c60a4ee7d4

SHA256
6eeb02a4c85fc9bff592a865c1a1cd4b955da98872b3b9c6f2ad95b442a2f2aa

SHA512
a9a082984d967ca224292ed7011f7acd0bc7fc13fd333bec2154bd4b1809955418f1ac34149758d3d307d709942a7479592e687a17421a1b2ea6c017c01c8c65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0f5ecb2c10d27bda0c5916359b5521a9

SHA1
aa453756f53f7316e1c973d156ecc69919c599ce

SHA256
9eb541892af43f2f8df71606b8969be410fdf591ec9cf769dbe8f1d8004a1035

SHA512
5f67c7134701a57d54fd25d16e831d49245c3f9f474c12c514f598b03a9ee1ae3527e96a6f63f16c62c4dbbed8991cef3d5ca4447258cc38491450e9d342f1c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1379afd42dec185131b9a05f28bad11b

SHA1
29e541ebae2857cf982c41fcdaae4844f5398274

SHA256
e3c8fbd950c8c6bd907802c1848f534cb2872664ea5d0edc41feb4ab288213e9

SHA512
811215c276b43aeb788e6c49837cf3ce98143854d26a754a246c83869362adda5758fac2696917130051f09f6736084d9c714f7b31e646495d67c7e378db4baa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
38d3d76145174a10313f8e08f916b554

SHA1
3810dd6e9fc012e720497b24bd0578f60dd9a6a6

SHA256
220c6aa333dd0f30911fb0d7de9e6e3cb3f97157b44a0f32fe8f78aafbf60144

SHA512
e1b92e1abb13442399b4fc31dececf69e2ff81d66f111402b7dff14967343642088fb9645e3a41260fc5930e32ccf2b832de424d5f12643f6899f570564e63c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
089add02735d3c81071b865d8db3c128

SHA1
9c26037831a0feea20fc8c218ab03ea378e38180

SHA256
d83e0e376b5ab2808c6c45354455840d1c929cef01019986a2db5aff4b8bbb0b

SHA512
1d32584470cd774a278a393fadf86633d1c4207fbcf48f478e59698bfdbd6f324e2e6b3c13cd5a6d75235839d3e6d454298c1e62e0ed936e3efd8d3ac7fa80c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9075c79a85d3cdfb7c157fcf00c5715f

SHA1
38e643794a8bbd05b1063867b88afe9f54623e1d

SHA256
e03427b5fcf725206a5eb757a705a6b41d1589ccad1b2f67b8dc6f262107cea5

SHA512
2653c597d3c4b78a6219cb8df815e0101e91dd1147d2c39972bbfd5f17fabb439d294087b6c10316f15e6272b14b7eb720399301ccca12620dfd68822ddf02bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
54837658688c6cea54f06530ce2db887

SHA1
b4d34b71105e894fbb0b994c131e13eb27f8d5aa

SHA256
207c1217e94a3493b6f62ad12f4d8ea96b9a9379446b09f10ad2458874147ce1

SHA512
5ab0997e7427e85ffdbe3d2e2e1bb0f72211ee6393fe2050c68233a5ce6c18fd80e5f7b9b3b0fd96f436b7c3d735242f91f771dd3b0b77d3bfb600991ea5cc5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b083db7ba382ad984ddae05c17c88cc0

SHA1
354aa8c6db8d55a624a710f02c415507d7f672e8

SHA256
e9b2f8efd501a463947d78e66d175ebf7a6a97c2e87d23e9e56707d1246e808b

SHA512
8c521070ecf9d156d6dc38a33eb231e17df6769b7966f72516431a5880df56f3c4becffca2a60515d8f95ee60c77f292b9fa3497d8d2d0a45b984d0b983747de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
25285e8cb679d27752b99845652ff6a7

SHA1
592268f41616376a19cfe984a57ee4f1176d085c

SHA256
06d719e5903f8de7f6440f721aca25f1f82cda9ddc9f21a857792f195f4aa13d

SHA512
8119d86d2628323c30e602a0e4e3b3069017fe2740a68adaad0c45beabd6abea27c39e94a7e5681c59bcd65baf63249255239004f915fbfdefeb4c5e7d9159a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
66290488b0b0aa507d582d879562690e

SHA1
5ef27abc9b389a40b82a2554ca0f26b5883758ef

SHA256
b5ca087ecdc6f33dcc00914dbcd8ec6e6b7cb32bb6ea9505a9b7854d28bbe4ec

SHA512
c1c95653230c50b19d67452b58d2acfc910e368867d9aad527c932c8e2acb951803cdc2777cc431de6f255b00a476a9eb619c823680a49e1f73e73e9a247e2cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
2380bcb4c0188499a7fadcaa9843a909

SHA1
2bfc78d06069abdaa18a8489d5b9798c1f6bdbdb

SHA256
804816f80fc2c92029581266a6d9066b7967c6d3148ce5a81b7bd177a0d437df

SHA512
03b884eab992337837cb0277ef331f2dd4926ff59a8cb62fc2177fcd50487d8a4daa4617129799f8b37b3b27020c7f7387ca5d31bf57f3af13b23e3d62396ee7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
ccdb7221bf6251119dae8cc5cb105268

SHA1
48c28e4b9213ecfe7df5a010bc2a3ab76d464a76

SHA256
f8b076c8eadb99aa77248dc94e12131a771d28b01a7c7bfcc8ec5bb4a927e86e

SHA512
3c57e0f7c3b9f2c8b18a6e8cca41e975f7ca15d0e214aaf5787bbff3479f620d6e7d3416673eb616bff3551c58b72be4b49006384ae652d09a7b166bfa7a71ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
a90094da417c076fca15c75bc95fd74b

SHA1
3dfcc67e1179c780fed74bde6b47782e8e2e566f

SHA256
a24d0529685a3b1d60bf4a84477051fd66b8956f7f853684233abd8ec827ab34

SHA512
10e41776c979805c9f7d88ab0f8a093472d341bf2a0b65f1c15e0fa655e400fa446d01b2f4b43dc9274e8619f14f57da175801b07263d776e6480f88ac9eafda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
96a45fc6c288aa8cd28a474c9079a537

SHA1
7c2ff7371d61bd71bcc434e020552e1761d6e34e

SHA256
c9ef1e55cb5270a5015104f54b446f69a5397f4a3cc02ef4b4d91ea65436b14d

SHA512
d924fbe64f963f179e73d0bab14daaf48e21ea44e0bce6b6fcab2a26f33e821ba86c009abea2885c66cc011f4eaea8766a16060df84bdda06561d4c69276d09c

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ADVPACK.DLL

Filesize
73KB

MD5
81e5c8596a7e4e98117f5c5143293020

SHA1
45b7fe0989e2df1b4dfd227f8f3b73b6b7df9081

SHA256
7d126ed85df9705ec4f38bd52a73b621cf64dd87a3e8f9429a569f3f82f74004

SHA512
05b1e9eef13f7c140eb21f6dcb705ee3aaafabe94857aa86252afa4844de231815078a72e63d43725f6074aa5fefe765feb93a6b9cd510ee067291526bb95ec6

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MSVCRT.DLL

Filesize
260KB

MD5
63da4613383ec70e047b4cd5c48f0b05

SHA1
578dd3ee844678c24c0831b6cc61a7dfae410bdc

SHA256
d4287ab5e4988dfe99bd54243d50dbe8744094f11fe5f9809a1a6fb9728c2124

SHA512
0fe7226cba7984f22367d03dafe568e8c0e44956a831fda93d4bd8ad9cbc9ee87dc03e4a56696c0bb0e5f8ec27a304c06cdb56c52d87263362359523f0a220a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcirt.dll

Filesize
76KB

MD5
e7cd26405293ee866fefdd715fc8b5e5

SHA1
6326412d0ea86add8355c76f09dfc5e7942f9c11

SHA256
647f7534aaaedffa93534e4cb9b24bfcf91524828ff0364d88973be58139e255

SHA512
1114c5f275ecebd5be330aa53ba24d2e7d38fc20bb3bdfa1b872288783ea87a7464d2ab032b542989dee6263499e4e93ca378f9a7d2260aebccbba7fe7f53999

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcp50.dll

Filesize
552KB

MD5
497fd4a8f5c4fcdaaac1f761a92a366a

SHA1
81617006e93f8a171b2c47581c1d67fac463dc93

SHA256
91cd76f9fa3b25008decb12c005c194bdf66c8d6526a954de7051bec9aae462a

SHA512
73d11a309d8f1a6624520a0bf56d539cb07adee6d46f2049a86919f5ce3556dc031437f797e3296311fe780a8a11a1a37b4a404de337d009e9ed961f75664a25

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\SPCHAPI.INF

Filesize
57KB

MD5
b00f1393bf87560945b6b38425998a79

SHA1
2fe00a212f952f7e4a53d53880ac90ef8d8c32e5

SHA256
9e7e55b61d3619729829b263e0af2320223c7eda74eadb2644c63d728405c86b

SHA512
854222c8d68ac0d556fe0fb4e1bbcdccde963bf1fe82c1689dd86439a519d8afb5c9db7bca4939fbde011dd4c84c09610b779adc64a18f0caaa57783ce29c7ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\SPCHTEL.DLL

Filesize
243KB

MD5
c546b50be180b4f7810fd78c7fe8433f

SHA1
d7b071eaff8d0498724c1e779731db51e41c900c

SHA256
ea6b0454ac40794ce46a6fd8fd244179cfe76293b18cdb52f02b372dc0f64d1d

SHA512
34ef3830a489510b42dbe0b084d3e688f7558ad2f806e344b760d5e25744763792ca52a664c312a47417cf629a74ddec302f47eed813e76316ae2e5aaaf6612d

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\SPEECH.CNT

Filesize
207B

MD5
4653630ff6f8405f6d26000802e638ac

SHA1
3e6978815d5e0465c7ec557a2da4c253fe89427d

SHA256
51d0efea836528cb137914a6dd77f049cf0457245fdfd608c3936605adb11c57

SHA512
961db65e440dd831f2b490d4c80f306047e65cc0ef6f1c921a732b89a11b289b84e8556d4711ab9af0821cb01f4cb84f8ceccd51865448f93a28f5a02678805d

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\SPEECH.DLL

Filesize
549KB

MD5
898fc91bf6424f629e933273b6e46ffd

SHA1
2c777a8cb7f6e9a469f6d6486c98e70414949acd

SHA256
171d545ca7d10188875fcf103b664be2195996bbed2bd4dacfa8cfe827f1a441

SHA512
de7815a04cbddcff2c2ebef4c6d441936314924f6bdce3b3fb4a8bd4b62b761c7dbb3b99a12deb45b23b186f42a431d67b43fb9950f3d447ee9f721bf6cf6ffc

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\SPEECH.HLP

Filesize
13KB

MD5
a7db03e26dd567b3ec5804d5064c738c

SHA1
37abaf849e1cbc0eacd545c19e7ad81d947c113a

SHA256
56dbafcfa4a628fcd20e49bf169115bafe596104f8dd51d2aac8d7cabb452c3a

SHA512
d7f033695ac098a07f6d7cd00f0bee86bd581d3ab9b8f4b5073337fcb1277b5a49a99ea7d65819587ce2d807e0652c7ea0d98524f1cc934be64776c25d2daee5

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VCAUTO.TLB

Filesize
7KB

MD5
695b08aa62b0dd9031fafcc1bb2a16d6

SHA1
1b151114b4f1fff8b3ddac92f4e8b3de2cc02ff3

SHA256
0e74c1dcbcb38daeb9d505b94f74b32ad8d37e8a26ef4022d46999eb3727720d

SHA512
f0a816783fe19a740c50cef76f5747ba19f86fbb41ee95d53c234f0bdb1e28e7d9badf55fef6e7e8e1b9d1d656ef5c4f5d59baa418fe6968e42a083963b3f128

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VCMD.EXE

Filesize
372KB

MD5
367351856db877b6c659dc42dbc89df0

SHA1
6725fba6e42487929f75c59fddf44c8d090a50e5

SHA256
6b2c21142bbb3050101606f05956a60dbe04f971bd8034d918731f8e9450cd35

SHA512
2c5ea481d64203751fa059bbf54e17a826df8a89d73d923dc4c5a68a0c25687cc3d74e511cd740eb801c6210c18a51bf268d3dfb9648a83eed137bd384640634

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VCMSHL.DLL

Filesize
152KB

MD5
2f8c18e8e067f6b84bf8c6c482862a70

SHA1
1c350c5a4674115cb8ba5620ec61fbebcd8fe974

SHA256
437ae2139661f2fb5fd97b34ee751521db477ee8c3454c920c5480020aaf94f8

SHA512
1a5a4d6064cfa35106c865661249d1023ab777b1c216c34dc0e86df435338cf1f8d8589fb567d34956e71a607db4aa8ce43039f42d5fa3ddd0c68506064588e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VDICT.DLL

Filesize
175KB

MD5
6dc843c473b68ea93202a32b6445c765

SHA1
3616292d1b84b9273471af195927d422d7fb9394

SHA256
08b35a07bf0dd5b231f7b25aa48476a7f78c9fca7a76c047103025d1a95952fd

SHA512
77623c61303b1f5fafb5d5af3e1d409af37ed3bd8c8c8bdf83206f2b5ba248553758696cf16835299f2267265689ce0fcb8564cf6823074257ce6964ac0bd517

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VTEXT.DLL

Filesize
169KB

MD5
c0a7306a302dd35145a37286dcfe6e04

SHA1
beba434997c5f60e988bd98928c13273996cb516

SHA256
b7a0114e8bd9875e98fa6c98215d3b4582e0d1eae9b799b912145e88095ee815

SHA512
ada43188cbf3d877ed055fc4a7395482a7a0adff6268880685b450f2f79c081aa8499f4770cd70c70c146002ac7fd516421202e275a71568872b879d0696d80a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VTXTAUTO.TLB

Filesize
6KB

MD5
283c7d582752fc0c025421fca7b7e1d0

SHA1
ee6149b8023ec61b18b098ec3e37648c610c51a3

SHA256
544b33cf240a425cccc910269c68b99b411b2374571ab8af51a490f9cc277f77

SHA512
844a6689000afc5fa724e1e1fbd4e4efc6ba6f67a4c5d2ef88c0c963feb5f9cbc62779affc11c318bef4b049a77d6818b0b2f8fd0c85cd14e6ae7414885b482f

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF16.DLL

Filesize
2KB

MD5
7210d5407a2d2f52e851604666403024

SHA1
242fde2a7c6a3eff245f06813a2e1bdcaa9f16d9

SHA256
337d2fb5252fc532b7bf67476b5979d158ca2ac589e49c6810e2e1afebe296af

SHA512
1755a26fa018429aea00ebcc786bb41b0d6c4d26d56cd3b88d886b0c0773d863094797334e72d770635ed29b98d4c8c7f0ec717a23a22adef705a1ccf46b3f68

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF32.DLL

Filesize
4KB

MD5
4be7661c89897eaa9b28dae290c3922f

SHA1
4c9d25195093fea7c139167f0c5a40e13f3000f2

SHA256
e5e9f7c8dbd47134815e155ed1c7b261805eda6fddea6fa4ea78e0e4fb4f7fb5

SHA512
2035b0d35a5b72f5ea5d5d0d959e8c36fc7ac37def40fa8653c45a49434cbe5e1c73aaf144cbfbefc5f832e362b63d00fc3157ca8a1627c3c1494c13a308fc7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\WRAPSAPI.DLL

Filesize
52KB

MD5
8ccb0967e7371d64933fca913065789f

SHA1
63173da8984611aca496a253dba336af23aeb558

SHA256
8e0a80b885a73c8b62e87ab7f2a4b06a556b4db37a1fba9b37db2629f4c36a49

SHA512
9064f27f70b7a4e48dd9fac1954060fbdb5d5b35355f7be5c8a1221cc931ef20df7e4543b28e4416f86ed0c56b6a2a204d78db4c70e298bd29db5ccab2349d3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\XCOMMAND.DLL

Filesize
125KB

MD5
198c46362e9e7742f7efafd936624bed

SHA1
87b628c2a14a1c5897fd0281a682e9bdcb32bfcc

SHA256
0bd009b376f9ee2c2cea181adc0014c6c9ba91a4eaf7a3b98441a1696d302e89

SHA512
8c747cb697294df0daf092c8f139ffd18c92a098b1b709359739644029b5523d6b5d9ac80d11e1a4fe885ad13fe8a810222d6d609997b722ae0908421f9168a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\XLISTEN.DLL

Filesize
204KB

MD5
ce7367a398dd2d0f77041316906114fb

SHA1
128bbde9b589b94f88ae9799043b3c05fdc73990

SHA256
287fec5f90f973a5aa4100bdbca1c9cbb0e242f908d218b975b9623ea25f9393

SHA512
a5151b5ff83ed72288e76e9f7637ea83746e61a2d9b13476cec6ddbb072c36b4c5929c40dd0c39a600338a9d8c4a5bebad304b0d29d9f4050a67ec2e894b8519

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\XTEL.DLL

Filesize
199KB

MD5
69c2b85b9db59f7ad8d04e6dbfbde511

SHA1
4547a87c80b3ff9e2a148f7c0822c2495240aa5c

SHA256
c32846fab920f5da84005aa169ff259c54a3b9504faabc52f2f53d240ed2418e

SHA512
e677a28a20b4b481d87cd2007dfc3d6f8b88dcd0cdf25df988a43b8480458a37c145ecb8a9ff48ae41586fb571230e79208ba7baf74dd27b78d93412fbe1ea11

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\XVOICE.DLL

Filesize
191KB

MD5
06201e3ce75755e5eb4138a0a3e1925b

SHA1
05296f4e2774b9c3270365bf19304bf28e13fd51

SHA256
2bb50939fa7068791eea58c1fe6b112bcf5bb423ca55b9698411957a6f82d1b8

SHA512
0bdd01a7f42a3b6de0ca094d55d79437897e2f329751735097d2b7c4ed07792ba81c07544ec9a1f8c89a9472b57b3067dc204bd773721ab8398637949ae74d77

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\andmoipa.ttf

Filesize
29KB

MD5
c3e8aeabd1b692a9a6c5246f8dcaa7c9

SHA1
4567ea5044a3cef9cb803210a70866d83535ed31

SHA256
38ae07eeb7909bda291d302848b8fe5f11849cf0d597f0e5b300bfed465aed4e

SHA512
f74218681bd9d526b68876331b22080f30507898b6a6ebdf173490ca84b696f06f4c97f894cb6052e926b1eee4b28264db1ead28f3bc9f627b4569c1ddcd2d3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.dll

Filesize
1.2MB

MD5
ed98e67fa8cc190aad0757cd620e6b77

SHA1
0317b10cdb8ac080ba2919e2c04058f1b6f2f94d

SHA256
e0beb19c3536561f603474e3d5e3c3dff341745d317bc4d1463e2abf182bb18d

SHA512
ec9c3a71ca9324644d4a2d458e9ba86f90deb9137d0a35793e0932c2aa297877ed7f1ab75729fda96690914e047f1336f100b6809cbc7a33baa1391ed588d7f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.hlp

Filesize
11KB

MD5
80d09149ca264c93e7d810aac6411d1d

SHA1
96e8ddc1d257097991f9cc9aaf38c77add3d6118

SHA256
382d745e10944b507a8d9c69ae2e4affd4acf045729a19ac143fa8d9613ccb42

SHA512
8813303cd6559e2cc726921838293377e84f9b5902603dac69d93e217ff3153b82b241d51d15808641b5c4fb99613b83912e9deda9d787b4c8ccfbd6afa56bc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.inf

Filesize
2KB

MD5
0a250bb34cfa851e3dd1804251c93f25

SHA1
c10e47a593c37dbb7226f65ad490ff65d9c73a34

SHA256
85189df1c141ef5d86c93b1142e65bf03db126d12d24e18b93dd4cc9f3e438ae

SHA512
8e056f4aa718221afab91c4307ff87db611faa51149310d990db296f979842d57c0653cb23d53fea54a69c99c4e5087a2eb37daa794ba62e6f08a8da41255795

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tvenuax.dll

Filesize
40KB

MD5
1587bf2e99abeeae856f33bf98d3512e

SHA1
aa0f2a25fa5fc9edb4124e9aa906a52eb787bea9

SHA256
c9106198ecbd3a9cab8c2feff07f16d6bb1adfa19550148fc96076f0f28a37b0

SHA512
43161c65f2838aa0e8a9be5f3f73d4a6c78ad8605a6503aae16147a73f63fe985b17c17aedc3a4d0010d5216e04800d749b2625182acc84b905c344f0409765a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2442\SDL2.dll

Filesize
2.4MB

MD5
0293f98e4ae63f376f293c95f197b9ce

SHA1
6e6ae66a791001399d7dde625de50799decfbe9c

SHA256
2e4e823b46e95a29ad4ce4e7134417b0cd60145fefe606920ef6dc0ebcfb0021

SHA512
0f5f7537e414fbf04e54e744bd2c0d587c920e93ac8dcca58a15fbe041e53383b66bd7b2c1cd75f3584cab435e9ddb38354cfd7d4676dcf515642de601f3ed46

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2442\SDL2_image.dll

Filesize
122KB

MD5
b8d249a5e394b4e6a954c557af1b80e6

SHA1
b03bb9d09447114a018110bfb91d56ef8d5ec3bb

SHA256
1e364af75fee0c83506fbdfd4d5b0e386c4e9c6a33ddbddac61ddb131e360194

SHA512
2f2e248c3963711f1a9f5d8baea5b8527d1df1748cd7e33bf898a380ae748f7a65629438711ff9a5343e64762ec0b5dc478cdf19fbf7111dac9d11a8427e0007

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2442\SDL2_mixer.dll

Filesize
285KB

MD5
201aa86dc9349396b83eed4c15abe764

SHA1
1a239c479e275aa7be93c5372b2d35e98d8d8cec

SHA256
2a0fc5e9f72c2eaec3240cb82b7594a58ccda609485981f256b94d0a4dd8d6f8

SHA512
bb2cd185d1d936ceca3cc20372c98a1b1542288ad5523ff8b823fb5e842205656ec2f615f076929c69987c7468245a452238b509d37109c9bec26be5f638f3b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2442\SDL2_ttf.dll

Filesize
1.5MB

MD5
f187dfdccc102436e27704dc572a2c16

SHA1
be4d499e66b8c4eb92480e4f520ccd8eaaa39b04

SHA256
fcdfabdfce868eb33f7514025ff59c1bb6c418f1bcd6ace2300a9cd4053e1d63

SHA512
75002d96153dfd2bfdd6291f842fb553695ef3997012dae0b9a537c95c3f3a83b844a8d1162faefcddf9e1807f3db23b1a10c2789c95dd5f6fad2286bae91afb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2442\VCRUNTIME140.dll

Filesize
93KB

MD5
4a365ffdbde27954e768358f4a4ce82e

SHA1
a1b31102eee1d2a4ed1290da2038b7b9f6a104a3

SHA256
6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c

SHA512
54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2442\_bz2.pyd

Filesize
85KB

MD5
a49c5f406456b79254eb65d015b81088

SHA1
cfc2a2a89c63df52947af3610e4d9b8999399c91

SHA256
ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced

SHA512
bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2442\_ctypes.pyd

Filesize
124KB

MD5
291a0a9b63bae00a4222a6df71a22023

SHA1
7a6a2aad634ec30e8edb2d2d8d0895c708d84551

SHA256
820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324

SHA512
d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2442\_lzma.pyd

Filesize
159KB

MD5
cf9fd17b1706f3044a8f74f6d398d5f1

SHA1
c5cd0debbde042445b9722a676ff36a0ac3959ad

SHA256
9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4

SHA512
5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2442\base_library.zip

Filesize
824KB

MD5
71f009bde4035ae76bc579ff05cc96ae

SHA1
901c8fa78f681096149f4240f71f86f11612f22d

SHA256
6eecb9ecbc244eca6bc33e6eb6969a3fafc23fcd4c7eca55ebce50c0a34a3c8e

SHA512
7c5b7325a8d8656e6ca9573f886bc2b0386db742d4230344b3d66b076e6aecd356ed757f8ee67761be6d3d994d8919bfa02c5600aebb25e2621a1c795325b710

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2442\freetype.dll

Filesize
639KB

MD5
236f879a5dd26dc7c118d43396444b1c

SHA1
5ed3e4e084471cf8600fb5e8c54e11a254914278

SHA256
1c487392d6d06970ba3c7b52705881f1fb069f607243499276c2f0c033c7df6f

SHA512
cc9326bf1ae8bf574a4715158eba889d7f0d5e3818e6f57395740a4b593567204d6eef95b6e99d2717128c3bffa34a8031c213ff3f2a05741e1eaf3ca07f2254

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2442\libcrypto-1_1.dll

Filesize
3.2MB

MD5
89511df61678befa2f62f5025c8c8448

SHA1
df3961f833b4964f70fcf1c002d9fd7309f53ef8

SHA256
296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf

SHA512
9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2442\libffi-7.dll

Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2442\libjpeg-9.dll

Filesize
238KB

MD5
c540308d4a8e6289c40753fdd3e1c960

SHA1
1b84170212ca51970f794c967465ca7e84000d0e

SHA256
3a224af540c96574800f5e9acf64b2cdfb9060e727919ec14fbd187a9b5bfe69

SHA512
1dadc6b92de9af998f83faf216d2ab6483b2dea7cdea3387ac846e924adbf624f36f8093daf5cee6010fea7f3556a5e2fcac494dbc87b5a55ce564c9cd76f92b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2442\libmodplug-1.dll

Filesize
259KB

MD5
ead020db018b03e63a64ebff14c77909

SHA1
89bb59ae2b3b8ec56416440642076ae7b977080e

SHA256
0c1a9032812ec4c20003a997423e67b71ecb5e59d62cdc18a5bf591176a9010e

SHA512
c4742d657e5598c606ceff29c0abb19c588ba7976a7c4bff1df80a3109fe7df25e7d0dace962ec3962a94d2715a4848f2acc997a0552bf8d893ff6e7a78857e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2442\libogg-0.dll

Filesize
25KB

MD5
307ef797fc1af567101afba8f6ce6a8c

SHA1
0023f520f874a0c3eb3dc1fe8df73e71bde5f228

SHA256
57abc4f6a9accdd08bf9a2b022a66640cc626a5bd4dac6c7c4f06a5df61ee1fe

SHA512
5b0b6049844c6fef0cd2b6b1267130bb6e4c17b26afc898cfc17499ef05e79096cd705007a74578f11a218786119be37289290c5c47541090d7b9dea2908688e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2442\libopenblas.NOIJJG62EMASZI6NYURL6JBKM4EVBGM7.gfortran-win_amd64.dll

Filesize
31.4MB

MD5
22aea244de0c07a00db8601e4423e856

SHA1
f29f2d514992ec68cbe2f0949aa8abdf858c5935

SHA256
045f3c07eb95cd9d58043aa167d5d904c3bd6f478736379518b1392fb7c472e5

SHA512
54768b83b401af32dbbc90a73daac7aa4b749721e5c6ca56a8ea0834b129d2069b97fb9075bed0289c31cd73331c7d4928c26c67b76fd0850f5b0b98b411b2a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2442\libopus-0.dll

Filesize
359KB

MD5
e1adac219ec78b7b2ac9999d8c2e1c94

SHA1
6910ec9351bee5c355587e42bbb2d75a65ffc0cf

SHA256
771cae79410f7fcc4f993a105a18c4ed9e8cbddd6f807a42228d95f575808806

SHA512
da1912243491227168e23fb92def056b229f9f1d8c35ae122e1a0474b0be84ceb7167b138f2ee5fffd812b80c6aca719250aca6b25931585e224e27384f4cc67

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2442\libopusfile-0.dll

Filesize
45KB

MD5
245498839af5a75cd034190fe805d478

SHA1
d164c38fd9690b8649afaef7c048f4aabb51dba8

SHA256
ccaaca81810bd2d1cab4692b4253a639f8d5516996db0e24d881efd3efdcc6a4

SHA512
4181dea590cbc7a9e06729b79201aa29e8349408cb922de8d4cda555fc099b3e10fee4f5a9ddf1a22eaec8f5ede12f9d6e37ed7ad0486beb12b7330cca51a79e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2442\libpng16-16.dll

Filesize
206KB

MD5
3a26cd3f92436747d2285dcef1fae67f

SHA1
e3d1403be06beb32fc8dc7e8a58c31e18b586a70

SHA256
e688b4a4d18f4b6ccc99c6ca4980f51218cb825610775192d9b60b2f05eff2d5

SHA512
73d651f063246723807d837811ead30e3faca8cb0581603f264c28fea1b2bdb6d874a73c1288c7770e95463786d6945b065d4ca1cf553e08220aea4e78a6f37f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2442\libssl-1_1.dll

Filesize
674KB

MD5
50bcfb04328fec1a22c31c0e39286470

SHA1
3a1b78faf34125c7b8d684419fa715c367db3daa

SHA256
fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9

SHA512
370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2442\libtiff-5.dll

Filesize
422KB

MD5
7d40a697ca6f21a8f09468b9fce565ad

SHA1
dc3b7f7fc0d9056af370e06f1451a65e77ff07f7

SHA256
ebfe97ac5ef26b94945af3db5ffd110a4b8e92dc02559bf81ccb33f0d5ebce95

SHA512
5a195e3123f7f17d92b7eca46b9afa1ea600623ad6929ac29197447bb4d474a068fd5f61fca6731a60514125d3b0b2cafe1ff6be3a0161251a366355b660d61a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2442\libwebp-7.dll

Filesize
437KB

MD5
2c5aca898ff88eb2c9028bbeefebbd1e

SHA1
7a0048674ef614bebe6cc83b1228d670372076c9

SHA256
9a53563b6058f70f2725029b7dd2fe96f869c20e8090031cd303e994dfe07b50

SHA512
46fe8b151e3a13ab506c4fc8a9f3f0f47b21f64f37097a4f1f573b547443ed23e7b2f489807c1623fbc41015f7da11665d88690d8cd0ddd61aa53789586c5a13

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2442\portmidi.dll

Filesize
41KB

MD5
df538704b8cd0b40096f009fd5d1b767

SHA1
d2399fbb69d237d43624e987445694ec7e0b8615

SHA256
c9f8d9043ac1570b10f104f2d00aec791f56261c84ee40773be73d0a3822e013

SHA512
408de3e99bc1bfb5b10e58ae621c0f9276530913ff26256135fe44ce78016de274cbe4c3e967457eb71870aad34dfeb362058afcebfa2d9e64f05604ab1517d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2442\pyexpat.pyd

Filesize
187KB

MD5
2ae23047648257afa90d0ca96811979f

SHA1
0833cf7ccae477faa4656c74d593d0f59844cadd

SHA256
5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95

SHA512
13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2442\python38.dll

Filesize
4.0MB

MD5
26ba25d468a778d37f1a24f4514d9814

SHA1
b64fe169690557656ede3ae50d3c5a197fea6013

SHA256
2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128

SHA512
80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2442\select.pyd

Filesize
27KB

MD5
e21cff76db11c1066fd96af86332b640

SHA1
e78ef7075c479b1d218132d89bf4bec13d54c06a

SHA256
fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28

SHA512
e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2442\tcl86t.dll

Filesize
1.6MB

MD5
c0b23815701dbae2a359cb8adb9ae730

SHA1
5be6736b645ed12e97b9462b77e5a43482673d90

SHA256
f650d6bc321bcda3fc3ac3dec3ac4e473fb0b7b68b6c948581bcfc54653e6768

SHA512
ed60384e95be8ea5930994db8527168f78573f8a277f8d21c089f0018cd3b9906da764ed6fcc1bd4efad009557645e206fbb4e5baef9ab4b2e3c8bb5c3b5d725

Download Submit
C:\Users\Admin\Downloads\7z2409-x64.exe:Zone.Identifier

Filesize
582B

MD5
0396ccd4d63f06110810fba9ccd87936

SHA1
6323894702a8ba7d4a3c4b51cf650e68d337d7dd

SHA256
6c86c8b3e5fcda803331949267a12b3411c3fe3c7ce542826b0b937f6014179c

SHA512
265e58c89e8edc6915b1be9a5cd6a44b956a6aadb416187f4b9eadcaf350d00d87dd52b6fb09831e2569382e19761f2d2ee38f7add27f4600cc3204f38565d2f

Download Submit
C:\Users\Admin\Downloads\KinitoPET.v1.1.0.7z:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/3228-1905-0x0000000000290000-0x0000000001EE5000-memory.dmp

Filesize
28.3MB

Download
memory/3228-1904-0x00007FF819DC0000-0x00007FF81A02C000-memory.dmp

Filesize
2.4MB

Download
memory/3228-1889-0x0000000000290000-0x0000000001EE5000-memory.dmp

Filesize
28.3MB

Download
memory/3228-2551-0x0000000000290000-0x0000000001EE5000-memory.dmp

Filesize
28.3MB

Download
memory/3228-2550-0x00007FF819DC0000-0x00007FF81A02C000-memory.dmp

Filesize
2.4MB

Download
memory/4316-1903-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download