nanocore | b74577a99903aeadc8f89af84b81374e9e1a25562861cf4aff2d8a211cbe68db

Analysis

max time kernel
961s
max time network
1688s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
08/03/2025, 16:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fart-with-extra-reverb.mp3
Size

121KB
MD5

56a2f872e5106165bb09f2952c467114
SHA1

a492b74ceb9f5fc5cf4ff26ec96d063bbcb58230
SHA256

b74577a99903aeadc8f89af84b81374e9e1a25562861cf4aff2d8a211cbe68db
SHA512

5deadc5b63296e9224dd7a72b4220f5b47917fb4a31f97863308f78fa9f7f373aebf07850c81e3632de9c5b040cd9c014851e8a978ef44d1df7ec34f7975955f
SSDEEP

3072:2TfH2lqavCLMpbhmO1FBBU4YJjq4ht+lSCtTaAoUAX4:eH2lq/Qbhm6jYJjq43fCtTaAon4

Score

10^/10

nanocore quasar hh not a rat lolloolool defense_evasion discovery keylogger spyware stealer trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

NOT A RAT LOLLOOLOOL

127.0.0.1:4782

Mutex

e2fa2f23-b5a1-410d-9a72-2c090526a166

Attributes

encryption_key
BAC051964C78782D889217F5027866F57C238E02
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Windows Anti Virus (not fourbeexnine rat0
subdirectory
SubDir

Extracted

Family

quasar

Version

1.4.1

Botnet

127.0.0.1:4782

Mutex

29e82417-3104-4d6c-8d5e-f1161ddaeb44

Attributes

encryption_key
BAC051964C78782D889217F5027866F57C238E02
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Windows Anti Virus (not fourbeexnine rat0
subdirectory
SubDir

Signatures

NanoCore
NanoCore is a remote access tool (RAT) with a variety of capabilities.
keylogger trojan stealer spyware nanocore
Nanocore family
nanocore
Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar
Quasar family
quasar

Quasar payload 4 IoCs

resource	yara_rule
behavioral1/memory/2876-2995-0x0000000001170000-0x00000000012A8000-memory.dmp	family_quasar
behavioral1/memory/2876-2996-0x0000000000570000-0x0000000000586000-memory.dmp	family_quasar
behavioral1/memory/2544-3246-0x00000000009A0000-0x0000000000CC4000-memory.dmp	family_quasar
behavioral1/memory/2196-3287-0x00000000012E0000-0x0000000001604000-memory.dmp	family_quasar

Executes dropped EXE 2 IoCs

pid	Process
1980	NanoCore.exe
2608	robux.exe

Loads dropped DLL 11 IoCs

pid	Process
2020	cmd.exe
1980	NanoCore.exe
1980	NanoCore.exe
1980	NanoCore.exe
1980	NanoCore.exe
1980	NanoCore.exe
1980	NanoCore.exe
1980	NanoCore.exe
1980	NanoCore.exe
1980	NanoCore.exe
1980	NanoCore.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

defense_evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	robux.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 38 IoCs

Web Service

T1102

flow	ioc
69	raw.githubusercontent.com
111	api.gofile.io
364	raw.githubusercontent.com
379	camo.githubusercontent.com
78	raw.githubusercontent.com
238	camo.githubusercontent.com
322	camo.githubusercontent.com
381	camo.githubusercontent.com
407	api.gofile.io
253	raw.githubusercontent.com
350	camo.githubusercontent.com
365	raw.githubusercontent.com
399	api.gofile.io
403	api.gofile.io
240	camo.githubusercontent.com
254	raw.githubusercontent.com
255	raw.githubusercontent.com
342	raw.githubusercontent.com
411	api.gofile.io
415	api.gofile.io
74	raw.githubusercontent.com
343	raw.githubusercontent.com
351	camo.githubusercontent.com
363	raw.githubusercontent.com
413	api.gofile.io
80	raw.githubusercontent.com
114	api.gofile.io
124	api.gofile.io
378	camo.githubusercontent.com
341	raw.githubusercontent.com
352	camo.githubusercontent.com
241	camo.githubusercontent.com
65	raw.githubusercontent.com
83	raw.githubusercontent.com
239	camo.githubusercontent.com
321	camo.githubusercontent.com
323	camo.githubusercontent.com
66	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 11 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NanoCore_Portable.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	timeout.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	robux.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	schtasks.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PING.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mode.com
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NanoCore.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	schtasks.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
1704	cmd.exe
1532	PING.EXE

Delays execution with timeout.exe 1 IoCs

defense_evasion

pid	Process
2424	timeout.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Kills process with taskkill 1 IoCs

defense_evasion

pid	Process
2524	taskkill.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\MRUListEx = 00000000ffffffff	NanoCore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Generic"	NanoCore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "5"	NanoCore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	NanoCore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616193"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\1\0\MRUListEx = 00000000ffffffff	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	NanoCore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	NanoCore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}"	NanoCore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	NanoCore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	NanoCore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0	NanoCore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0\0\0 = 4a00310000000000685a8884102054656d700000360008000400efbe2359ac29685a88842a000000ff010000000002000000000000000000000000000000540065006d007000000014000000	NanoCore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0\0\0	NanoCore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	NanoCore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Generic"	NanoCore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	NanoCore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}"	NanoCore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	NanoCore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\NodeSlot = "6"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\1\0\0\NodeSlot = "10"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	NanoCore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5	NanoCore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	NanoCore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	NanoCore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags	NanoCore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	NanoCore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	NanoCore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	NanoCore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\1\MRUListEx = 00000000ffffffff	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	NanoCore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	NanoCore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202020202	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616209"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	NanoCore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	NanoCore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	NanoCore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	NanoCore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	NanoCore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	NanoCore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
1532	PING.EXE

Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
1512	schtasks.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2080	vlc.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
872	taskmgr.exe
872	taskmgr.exe
872	taskmgr.exe
872	taskmgr.exe
872	taskmgr.exe
872	taskmgr.exe
872	taskmgr.exe
872	taskmgr.exe
872	taskmgr.exe
872	taskmgr.exe
872	taskmgr.exe
872	taskmgr.exe
872	taskmgr.exe
872	taskmgr.exe
872	taskmgr.exe
872	taskmgr.exe
872	taskmgr.exe
872	taskmgr.exe
872	taskmgr.exe
872	taskmgr.exe
872	taskmgr.exe
872	taskmgr.exe
2608	robux.exe
2608	robux.exe
2608	robux.exe
2608	robux.exe
2608	robux.exe
2608	robux.exe
2608	robux.exe
2608	robux.exe
2608	robux.exe
2608	robux.exe
2608	robux.exe
2608	robux.exe
2608	robux.exe
2608	robux.exe
2608	robux.exe
2608	robux.exe
2608	robux.exe
2608	robux.exe
2608	robux.exe
2608	robux.exe
2608	robux.exe
2608	robux.exe
2608	robux.exe
2608	robux.exe
2608	robux.exe
2608	robux.exe
2608	robux.exe
2608	robux.exe
2608	robux.exe
2608	robux.exe
2608	robux.exe
2608	robux.exe
2608	robux.exe
2608	robux.exe
2608	robux.exe
2608	robux.exe
2608	robux.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

pid	Process
2080	vlc.exe
1980	NanoCore.exe
2608	robux.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: 33	2080	vlc.exe
Token: SeIncBasePriorityPrivilege	2080	vlc.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2080	vlc.exe
2080	vlc.exe
2080	vlc.exe
2080	vlc.exe
2080	vlc.exe
2080	vlc.exe
2080	vlc.exe
2080	vlc.exe
2080	vlc.exe
2080	vlc.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2080	vlc.exe
2080	vlc.exe
2080	vlc.exe
2080	vlc.exe
2080	vlc.exe
2080	vlc.exe
2080	vlc.exe
2080	vlc.exe
2080	vlc.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
872	taskmgr.exe
872	taskmgr.exe
872	taskmgr.exe
872	taskmgr.exe
872	taskmgr.exe
872	taskmgr.exe
872	taskmgr.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
2080	vlc.exe
1980	NanoCore.exe
1980	NanoCore.exe
1980	NanoCore.exe
1980	NanoCore.exe
2528	chrome.exe
2528	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2120 wrote to memory of 2316	2120	chrome.exe	32
PID 2120 wrote to memory of 2316	2120	chrome.exe	32
PID 2120 wrote to memory of 2316	2120	chrome.exe	32
PID 2120 wrote to memory of 2840	2120	chrome.exe	34
PID 2120 wrote to memory of 2840	2120	chrome.exe	34
PID 2120 wrote to memory of 2840	2120	chrome.exe	34
PID 2120 wrote to memory of 2840	2120	chrome.exe	34
PID 2120 wrote to memory of 2840	2120	chrome.exe	34
PID 2120 wrote to memory of 2840	2120	chrome.exe	34
PID 2120 wrote to memory of 2840	2120	chrome.exe	34
PID 2120 wrote to memory of 2840	2120	chrome.exe	34
PID 2120 wrote to memory of 2840	2120	chrome.exe	34
PID 2120 wrote to memory of 2840	2120	chrome.exe	34
PID 2120 wrote to memory of 2840	2120	chrome.exe	34
PID 2120 wrote to memory of 2840	2120	chrome.exe	34
PID 2120 wrote to memory of 2840	2120	chrome.exe	34
PID 2120 wrote to memory of 2840	2120	chrome.exe	34
PID 2120 wrote to memory of 2840	2120	chrome.exe	34
PID 2120 wrote to memory of 2840	2120	chrome.exe	34
PID 2120 wrote to memory of 2840	2120	chrome.exe	34
PID 2120 wrote to memory of 2840	2120	chrome.exe	34
PID 2120 wrote to memory of 2840	2120	chrome.exe	34
PID 2120 wrote to memory of 2840	2120	chrome.exe	34
PID 2120 wrote to memory of 2840	2120	chrome.exe	34
PID 2120 wrote to memory of 2840	2120	chrome.exe	34
PID 2120 wrote to memory of 2840	2120	chrome.exe	34
PID 2120 wrote to memory of 2840	2120	chrome.exe	34
PID 2120 wrote to memory of 2840	2120	chrome.exe	34
PID 2120 wrote to memory of 2840	2120	chrome.exe	34
PID 2120 wrote to memory of 2840	2120	chrome.exe	34
PID 2120 wrote to memory of 2840	2120	chrome.exe	34
PID 2120 wrote to memory of 2840	2120	chrome.exe	34
PID 2120 wrote to memory of 2840	2120	chrome.exe	34
PID 2120 wrote to memory of 2840	2120	chrome.exe	34
PID 2120 wrote to memory of 2840	2120	chrome.exe	34
PID 2120 wrote to memory of 2840	2120	chrome.exe	34
PID 2120 wrote to memory of 2840	2120	chrome.exe	34
PID 2120 wrote to memory of 2840	2120	chrome.exe	34
PID 2120 wrote to memory of 2840	2120	chrome.exe	34
PID 2120 wrote to memory of 2840	2120	chrome.exe	34
PID 2120 wrote to memory of 2840	2120	chrome.exe	34
PID 2120 wrote to memory of 2840	2120	chrome.exe	34
PID 2120 wrote to memory of 2144	2120	chrome.exe	35
PID 2120 wrote to memory of 2144	2120	chrome.exe	35
PID 2120 wrote to memory of 2144	2120	chrome.exe	35
PID 2120 wrote to memory of 2132	2120	chrome.exe	36
PID 2120 wrote to memory of 2132	2120	chrome.exe	36
PID 2120 wrote to memory of 2132	2120	chrome.exe	36
PID 2120 wrote to memory of 2132	2120	chrome.exe	36
PID 2120 wrote to memory of 2132	2120	chrome.exe	36
PID 2120 wrote to memory of 2132	2120	chrome.exe	36
PID 2120 wrote to memory of 2132	2120	chrome.exe	36
PID 2120 wrote to memory of 2132	2120	chrome.exe	36
PID 2120 wrote to memory of 2132	2120	chrome.exe	36
PID 2120 wrote to memory of 2132	2120	chrome.exe	36
PID 2120 wrote to memory of 2132	2120	chrome.exe	36
PID 2120 wrote to memory of 2132	2120	chrome.exe	36
PID 2120 wrote to memory of 2132	2120	chrome.exe	36
PID 2120 wrote to memory of 2132	2120	chrome.exe	36
PID 2120 wrote to memory of 2132	2120	chrome.exe	36
PID 2120 wrote to memory of 2132	2120	chrome.exe	36
PID 2120 wrote to memory of 2132	2120	chrome.exe	36
PID 2120 wrote to memory of 2132	2120	chrome.exe	36
PID 2120 wrote to memory of 2132	2120	chrome.exe	36

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\fart-with-extra-reverb.mp3"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7719758,0x7fef7719768,0x7fef7719778
  2⤵
  PID:2316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1196 --field-trial-handle=1240,i,6978517039787820793,3187514654294702188,131072 /prefetch:2
  2⤵
  PID:2840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1524 --field-trial-handle=1240,i,6978517039787820793,3187514654294702188,131072 /prefetch:8
  2⤵
  PID:2144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1592 --field-trial-handle=1240,i,6978517039787820793,3187514654294702188,131072 /prefetch:8
  2⤵
  PID:2132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2312 --field-trial-handle=1240,i,6978517039787820793,3187514654294702188,131072 /prefetch:1
  2⤵
  PID:1996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2320 --field-trial-handle=1240,i,6978517039787820793,3187514654294702188,131072 /prefetch:1
  2⤵
  PID:2000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1412 --field-trial-handle=1240,i,6978517039787820793,3187514654294702188,131072 /prefetch:2
  2⤵
  PID:1264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3204 --field-trial-handle=1240,i,6978517039787820793,3187514654294702188,131072 /prefetch:1
  2⤵
  PID:1720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3480 --field-trial-handle=1240,i,6978517039787820793,3187514654294702188,131072 /prefetch:8
  2⤵
  PID:1048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3504 --field-trial-handle=1240,i,6978517039787820793,3187514654294702188,131072 /prefetch:8
  2⤵
  PID:872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3516 --field-trial-handle=1240,i,6978517039787820793,3187514654294702188,131072 /prefetch:8
  2⤵
  PID:1736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3444 --field-trial-handle=1240,i,6978517039787820793,3187514654294702188,131072 /prefetch:8
  2⤵
  PID:2740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3804 --field-trial-handle=1240,i,6978517039787820793,3187514654294702188,131072 /prefetch:8
  2⤵
  PID:2556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3588 --field-trial-handle=1240,i,6978517039787820793,3187514654294702188,131072 /prefetch:1
  2⤵
  PID:2172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2556 --field-trial-handle=1240,i,6978517039787820793,3187514654294702188,131072 /prefetch:1
  2⤵
  PID:1128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2564 --field-trial-handle=1240,i,6978517039787820793,3187514654294702188,131072 /prefetch:8
  2⤵
  PID:2448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2776 --field-trial-handle=1240,i,6978517039787820793,3187514654294702188,131072 /prefetch:8
  2⤵
  PID:1236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3728 --field-trial-handle=1240,i,6978517039787820793,3187514654294702188,131072 /prefetch:8
  2⤵
  PID:2744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2828 --field-trial-handle=1240,i,6978517039787820793,3187514654294702188,131072 /prefetch:8
  2⤵
  PID:2844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 --field-trial-handle=1240,i,6978517039787820793,3187514654294702188,131072 /prefetch:8
  2⤵
  PID:2016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=540 --field-trial-handle=1240,i,6978517039787820793,3187514654294702188,131072 /prefetch:8
  2⤵
  PID:1996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=2828 --field-trial-handle=1240,i,6978517039787820793,3187514654294702188,131072 /prefetch:1
  2⤵
  PID:988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4068 --field-trial-handle=1240,i,6978517039787820793,3187514654294702188,131072 /prefetch:8
  2⤵
  PID:2584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4192 --field-trial-handle=1240,i,6978517039787820793,3187514654294702188,131072 /prefetch:8
  2⤵
  PID:1504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4308 --field-trial-handle=1240,i,6978517039787820793,3187514654294702188,131072 /prefetch:8
  2⤵
  PID:992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=3940 --field-trial-handle=1240,i,6978517039787820793,3187514654294702188,131072 /prefetch:1
  2⤵
  PID:1964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=4416 --field-trial-handle=1240,i,6978517039787820793,3187514654294702188,131072 /prefetch:1
  2⤵
  PID:1032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2592 --field-trial-handle=1240,i,6978517039787820793,3187514654294702188,131072 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:2528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=3992 --field-trial-handle=1240,i,6978517039787820793,3187514654294702188,131072 /prefetch:1
  2⤵
  PID:2380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=3408 --field-trial-handle=1240,i,6978517039787820793,3187514654294702188,131072 /prefetch:1
  2⤵
  PID:800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3388 --field-trial-handle=1240,i,6978517039787820793,3187514654294702188,131072 /prefetch:8
  2⤵
  PID:2776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=4088 --field-trial-handle=1240,i,6978517039787820793,3187514654294702188,131072 /prefetch:1
  2⤵
  PID:1656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4216 --field-trial-handle=1240,i,6978517039787820793,3187514654294702188,131072 /prefetch:8
  2⤵
  PID:3000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4064 --field-trial-handle=1240,i,6978517039787820793,3187514654294702188,131072 /prefetch:8
  2⤵
  PID:2248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4440 --field-trial-handle=1240,i,6978517039787820793,3187514654294702188,131072 /prefetch:8
  2⤵
  PID:844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=1200 --field-trial-handle=1240,i,6978517039787820793,3187514654294702188,131072 /prefetch:1
  2⤵
  PID:556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=3420 --field-trial-handle=1240,i,6978517039787820793,3187514654294702188,131072 /prefetch:1
  2⤵
  PID:2756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=3224 --field-trial-handle=1240,i,6978517039787820793,3187514654294702188,131072 /prefetch:1
  2⤵
  PID:848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4488 --field-trial-handle=1240,i,6978517039787820793,3187514654294702188,131072 /prefetch:8
  2⤵
  PID:2728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=4256 --field-trial-handle=1240,i,6978517039787820793,3187514654294702188,131072 /prefetch:1
  2⤵
  PID:2224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=2400 --field-trial-handle=1240,i,6978517039787820793,3187514654294702188,131072 /prefetch:1
  2⤵
  PID:2840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=4572 --field-trial-handle=1240,i,6978517039787820793,3187514654294702188,131072 /prefetch:1
  2⤵
  PID:1720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=4712 --field-trial-handle=1240,i,6978517039787820793,3187514654294702188,131072 /prefetch:1
  2⤵
  PID:1672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=4624 --field-trial-handle=1240,i,6978517039787820793,3187514654294702188,131072 /prefetch:1
  2⤵
  PID:2268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=740 --field-trial-handle=1240,i,6978517039787820793,3187514654294702188,131072 /prefetch:1
  2⤵
  PID:2920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4776 --field-trial-handle=1240,i,6978517039787820793,3187514654294702188,131072 /prefetch:8
  2⤵
  PID:1996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=2716 --field-trial-handle=1240,i,6978517039787820793,3187514654294702188,131072 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2552 --field-trial-handle=1240,i,6978517039787820793,3187514654294702188,131072 /prefetch:8
  2⤵
  PID:2560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4536 --field-trial-handle=1240,i,6978517039787820793,3187514654294702188,131072 /prefetch:8
  2⤵
  PID:2312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2812 --field-trial-handle=1240,i,6978517039787820793,3187514654294702188,131072 /prefetch:8
  2⤵
  PID:2008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=3556 --field-trial-handle=1240,i,6978517039787820793,3187514654294702188,131072 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=2516 --field-trial-handle=1240,i,6978517039787820793,3187514654294702188,131072 /prefetch:1
  2⤵
  PID:2320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=4764 --field-trial-handle=1240,i,6978517039787820793,3187514654294702188,131072 /prefetch:1
  2⤵
  PID:1488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4728 --field-trial-handle=1240,i,6978517039787820793,3187514654294702188,131072 /prefetch:8
  2⤵
  PID:2852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4300 --field-trial-handle=1240,i,6978517039787820793,3187514654294702188,131072 /prefetch:8
  2⤵
  PID:2240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=3708 --field-trial-handle=1240,i,6978517039787820793,3187514654294702188,131072 /prefetch:1
  2⤵
  PID:840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4488 --field-trial-handle=1240,i,6978517039787820793,3187514654294702188,131072 /prefetch:8
  2⤵
  PID:1764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2412 --field-trial-handle=1240,i,6978517039787820793,3187514654294702188,131072 /prefetch:8
  2⤵
  PID:1056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4852 --field-trial-handle=1240,i,6978517039787820793,3187514654294702188,131072 /prefetch:8
  2⤵
  PID:832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=4784 --field-trial-handle=1240,i,6978517039787820793,3187514654294702188,131072 /prefetch:1
  2⤵
  PID:2944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4504 --field-trial-handle=1240,i,6978517039787820793,3187514654294702188,131072 /prefetch:8
  2⤵
  PID:2016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3392 --field-trial-handle=1240,i,6978517039787820793,3187514654294702188,131072 /prefetch:8
  2⤵
  PID:2860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=3580 --field-trial-handle=1240,i,6978517039787820793,3187514654294702188,131072 /prefetch:1
  2⤵
  PID:1056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 --field-trial-handle=1240,i,6978517039787820793,3187514654294702188,131072 /prefetch:8
  2⤵
  PID:2000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=3612 --field-trial-handle=1240,i,6978517039787820793,3187514654294702188,131072 /prefetch:1
  2⤵
  PID:2340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 --field-trial-handle=1240,i,6978517039787820793,3187514654294702188,131072 /prefetch:8
  2⤵
  PID:2344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=4884 --field-trial-handle=1240,i,6978517039787820793,3187514654294702188,131072 /prefetch:1
  2⤵
  PID:640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=4216 --field-trial-handle=1240,i,6978517039787820793,3187514654294702188,131072 /prefetch:1
  2⤵
  PID:2208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4512 --field-trial-handle=1240,i,6978517039787820793,3187514654294702188,131072 /prefetch:8
  2⤵
  PID:2588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4428 --field-trial-handle=1240,i,6978517039787820793,3187514654294702188,131072 /prefetch:8
  2⤵
  PID:2492

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3064

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f4
1⤵
PID:1960

C:\Users\Admin\Downloads\NANOCORE-RAT-master\NANOCORE-RAT-master\NanoCore_Portable.exe
"C:\Users\Admin\Downloads\NANOCORE-RAT-master\NANOCORE-RAT-master\NanoCore_Portable.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2916
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\TempDel.bat" "
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2020
- - C:\Windows\SysWOW64\mode.com
    mode 30,20
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2528
- - C:\Windows\SysWOW64\timeout.exe
    timeout /nobreak 10
    3⤵
    - System Location Discovery: System Language Discovery
    - Delays execution with timeout.exe
    PID:2424
- - C:\Users\Admin\AppData\Local\Temp\NanoCore.exe
    "C:\Users\Admin\AppData\Local\Temp\NanoCore.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    PID:1980

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SendNotifyMessage
PID:872

C:\Users\Admin\Downloads\robux.exe
"C:\Users\Admin\Downloads\robux.exe"
1⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
PID:2608
- C:\Windows\SysWOW64\schtasks.exe
  "schtasks.exe" /delete /f /tn "DHCP Manager"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1164
- C:\Windows\SysWOW64\schtasks.exe
  "schtasks.exe" /delete /f /tn "DHCP Manager Task"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2468
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C taskkill /f /im "robux.exe" & ping -n 1 -w 3000 1.1.1.1 & type nul > "C:\Users\Admin\Downloads\robux.exe" & del /f /q "C:\Users\Admin\Downloads\robux.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:1704
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im "robux.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    PID:2524
- - C:\Windows\SysWOW64\PING.EXE
    ping -n 1 -w 3000 1.1.1.1
    3⤵
    - System Location Discovery: System Language Discovery
    - System Network Configuration Discovery: Internet Connection Discovery
    - Runs ping.exe
    PID:1532

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
1⤵
PID:800

C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe
"C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe"
1⤵
PID:2876
- C:\Windows\explorer.exe
  "C:\Windows\explorer.exe" /select, "C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\quasar.p12"
  2⤵
  PID:1164

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
PID:2880

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
1⤵
PID:1720

C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Client-built.exe
"C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Client-built.exe"
1⤵
PID:2544
- C:\Windows\system32\schtasks.exe
  "schtasks" /create /tn "Windows Anti Virus (not fourbeexnine rat0" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
  2⤵
  - Scheduled Task/Job: Scheduled Task
  PID:1512

C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\robu.exe
"C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\robu.exe"
1⤵
PID:2196

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x5a0
1⤵
PID:2952

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
1⤵
PID:2344

C:\Users\Admin\Downloads\GANGSTER.exe
"C:\Users\Admin\Downloads\GANGSTER.exe"
1⤵
PID:2920
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://flash.gprime.net/media/flash/youareapirate.swf
  2⤵
  PID:2340
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2340 CREDAT:275457 /prefetch:2
    3⤵
    PID:2000

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:2240

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
71KB

MD5
83142242e97b8953c386f988aa694e4a

SHA1
833ed12fc15b356136dcdd27c61a50f59c5c7d50

SHA256
d72761e1a334a754ce8250e3af7ea4bf25301040929fd88cf9e50b4a9197d755

SHA512
bb6da177bd16d163f377d9b4c63f6d535804137887684c113cc2f643ceab4f34338c06b5a29213c23d375e95d22ef417eac928822dfb3688ce9e2de9d5242d10

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7c08b9c9fed1c2f298fa395758841f47

SHA1
c08f615133c9edba9dab26c828b0e8fde863e1e3

SHA256
ed7b2748aae23fe5ebdd5899c8881e11e4c1789ffd8e251be908fbbc33412138

SHA512
abf4ea1bdf3416e2aa391d55936ec908c7c560de43762383cc8dff4e57898461791f3bd0404c8f936aebeadb19d333873054c11dca69ba38ce3dce6b79641928

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
966f3b7c286da0581114e98c9b3c6994

SHA1
e4ea3789c68ef3b8ab8bd6341bb9780627b8c598

SHA256
7aec802101c37324806d7433de25ba08d0348cd01d2cf18be92550d40bbbdb61

SHA512
34a8029d9a2224c43836564570443cdb6c0541998ce7c10f676d758698f0dc54140163277c452d2bc42b35592e6d0d46e2e13bbd971a4abead5d74816c506c23

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1730ffc97c8052d5044e6767e4a6ef34

SHA1
2d3dda857a5afb2ba1855a307bbf6a6f7f4cced4

SHA256
68105619ff97eb989dad2e4b54b8943bed44c5b385ee66b6f55ff55213ee8472

SHA512
172d1141a4de80406a917de2a8779dc8c57115f636693428bd167a0892bbb9cdc7671eabc44fe5fffbddbcbc44ca4163235bcdeb6c962d429014b068deaaf70b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
84fd973715c1ddd45bf9dccc0b7b2334

SHA1
a7c8273eeaa09c7606e31ef23e99f22d3770d139

SHA256
7374dd16d70af1a5e607708e5dd6bd46d8acf48fb45701339fa54109402a0e43

SHA512
46045cd640f1b6cd059f8b8d2ab9dec749491cbbcd948f5bf9b26846988d96c62e15ced84059009854af58ef86eb59298ec04eef5d8a2b337e41eefc149091a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f3c9036f7b944a9118fd171f6356b04a

SHA1
a168fab30cf00bc6145ca680c889ac7d6cae6f0d

SHA256
19e8a7c312dd2e2ce2eb5390d283b2d9e1df07bc5368a5c340ebcaaa1de58049

SHA512
c13617729f2f1cc9eee90acd9522d9d904bcc638104db959a8c9f4e51d362d226b131c230e21f846b0a8252e192ea02c77b718792cea10e4fbf849debca7dc7d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4141971394cca044077e67639fe28c44

SHA1
04a364a8facb664df672e947cec66f959e00313c

SHA256
df86aad969a239685e8a4c59bbdecf146491c40bde257be12f84d35c440ceb61

SHA512
4a7290bd241f520c085ca330a4555fc11c43a3d451975f6f940d3d52a3741aeebf705b28bf2f1493faa18475f073ce24c79bf0c4435b71e702893f3de9826b8a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c0b3f55f799d385996edb9a7f913b5b6

SHA1
f4616efd09b7123ea28a4b1b571144c2b07d2924

SHA256
6ad3f3d3616a8790f2cf9a3b5a9872e0993c5e2f2cb6d91a4e2cf1e1b6c5e6c4

SHA512
9133428866649892927c2d528c680801905b6a06a07695f252f7a48eeb061c7ca27ebba8ec6fc890a8d8fbb59f02b7d85833ec4570ce99747ae03ab90bd0ddda

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0c63c4ff43b05755a94ad08ce1b01477

SHA1
f85f579acee3a786fac5f270268a72d092af68f3

SHA256
98c20c814e4b420d4260e3555cd8727392cae0f17246ec982d99316a0b536ebd

SHA512
7f835b174217561fd0b68492a563207e52e61ad6e3da0f5f02965e25db8e60391bdbab5df0e918851f65e91d80d7b0c62fa107bcb9cf19b8026274ca82133929

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eaffb652a22f2857258149304be8de4f

SHA1
373f9fb771c57f52f6c312ea1f12d620460f1eb2

SHA256
54357451564f1539f0a16545b647fa2e5248e82718934f1420ba3099d60331c6

SHA512
334486623b3ed68fa7fc3ed752b6fb52ce8f411ca34ee7b17d782a3725898a8466f08a611897dc67858ee16fee8e4d713f535f8a5ba42b215d77067cbd8e1b78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\12c79d4c-8369-4fca-9a46-d7e112d23ea4.tmp

Filesize
355KB

MD5
13c6e2e6cbe9a9d07c4a9edbb3f0e098

SHA1
465808110d6d1a41e3eb62754da0835d64c7c986

SHA256
6906a88d478ec564629a73d7deb207bc84725421868cd22b0a47bb8c6c7d4046

SHA512
642971347d937b77798c42cc4b59056e4665b4e5dc40f03be94c0f4a5bb30115331d95f1c1bf64beb77ea86b0cc83bdca37a9f54fc16e74b4b4b69b448756d98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\1a69ad94-8822-44f6-bbc3-526dbe64ad42.tmp

Filesize
7KB

MD5
560c86a9e932d2b4174e4157251dd74b

SHA1
6e4a6b1f0011efee361faaa28f527d7bda0e8fb5

SHA256
cffa8ea5efd1901ec18976df9f3d1782196c68c06be58edcd3dfe6351987a430

SHA512
b9bc60f58a48da1150e5292eb6cd6ce2ab67081002384dae2b18b99605be91fb32e04e687badffd60acb8925e860b36eccf3f19a21aba482a3996b8acb3b3fdc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\8b923205-0b07-4087-8f5b-d9394f92a219.tmp

Filesize
6KB

MD5
320878ac658e9db2bf28cb8bf8a500c6

SHA1
11962dd6b6e0662685a8fd5b4a5390e8cb77f83c

SHA256
4548dfa2f49f32c3b0e18b35b2adae1417b132280690a09b87ffe9b84a0492aa

SHA512
1b6da4af689f681b3303ae5f8c8329027df4336443adaa68b61ccbf48087f62a374fb5a6fbaad26d78ba7df4bcf324428ff6c606ade0a0b831da7e0970127e0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

Filesize
62KB

MD5
9ecd937e59f04291b27f9a13bcecebea

SHA1
bf80a4445a01d7a429910f6800b94b2de5739072

SHA256
3093793a6f48bbdb0346098aeae29056719507430374f26de550bb1d033e5ce7

SHA512
016ec055e22bc995a9a7670864aaccdd4600016d8f2c56e06e459630f7cf1b9f338f2e7987f07be440ed50081163a703ef61db71625bdd09f5bd437f95d00eb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

Filesize
38KB

MD5
0dc52d5156e0e3423a20671f85112a3a

SHA1
de63219e966279d23d5d9ebfb2e3c0f612a814a0

SHA256
55d8d47f45278ed4e61568932abc7dbbf8111bfd5f815a5ff0b90120c238551f

SHA512
de91420efb3a68512d862d59b478da2cca7e5ef10d8f79c960f682fcad5ea91146bb609cc15f2349affdd6f6a7369f24e8c4bee7b35f41f31eee53dd3bbf6fb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
24KB

MD5
87c2b09a983584b04a63f3ff44064d64

SHA1
8796d5ef1ad1196309ef582cecef3ab95db27043

SHA256
d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0

SHA512
df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
71KB

MD5
2d5b452e2c8c483d5a93f7764f3c27e3

SHA1
bf8cf58de6e58871a5eaa9bab052a1750a9cef61

SHA256
0d4caa8036947c4d1e0a21c46bf6de7913237d581c6a9e53ced77fb377de0046

SHA512
8750a7ce771731d1870b9d569a9f3df0faa67eb707d4f64171db069198b11b3254dd2bc50db061560ace5988603102cb0d5350118cce58f8e03a8f95acc1d4aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
18KB

MD5
8bd66dfc42a1353c5e996cd88dc1501f

SHA1
dc779a25ab37913f3198eb6f8c4d89e2a05635a6

SHA256
ef8772f5b2cf54057e1cfb7cb2e61f09cbd20db5ee307133caf517831a5df839

SHA512
203a46b2d09da788614b86480d81769011c7d42e833fa33a19e99c86a987a3bd8755b89906b9fd0497a80a5cf27f1c5e795a66fe3d1c4a921667ec745ccf22f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028

Filesize
416KB

MD5
7cbfdde8fb2e0e77722201294a6080f4

SHA1
a6c6ba954e424b59dfa24c493487404630ba31e9

SHA256
8ad089184028c16814a8326b067118d9513ffe2d73e2fda8b6249460001b7498

SHA512
c180ff771144ca151267155ac807867f9ab4969676746cf3accafc43bfba65a16ce54c0f79d032266c9d9cfd14594a8546547df5ce59b6aa9279e99441f69a39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029

Filesize
78KB

MD5
b53fd19b0503aac0dc4862ea79a3631e

SHA1
0be49e4562c5f2f41e02ddd60a1f0262a0292b26

SHA256
491367e10aae3c105c4ee2fb546d22856155703985ad005a4b6c0b0d2289bd04

SHA512
b92efff8fd5ba178ac0143b61f0a42986084de783cb5e7500356f9ff1620cf9959b39fa3d111c57bb2a0a93e89cef095ac19e33303e2c1ec152517a509b3463b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a

Filesize
79KB

MD5
d82a110eb5f042c640b4e32a3aaff1e8

SHA1
a0e1db850a6fda67b93477a54699a7e91d5adbca

SHA256
7a52e821909e8be3b29db6c1cb601da3b3215e3359b03d17549b924e2b38b51b

SHA512
f41193975f7580548738c8a0f8c525ffb9f032ceec19c1dae2348130fb216ee723cf014920718f31df13727b4da8ac6e02bf192703f4eb28bbe9b3f0bd928455

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002c

Filesize
91KB

MD5
956aa7c9b41ccb5180f55debedcf4133

SHA1
ab76817bebab0e9784b7d24258be1c2d0185266e

SHA256
986ee20d9ef390c2fc32dfcfecc84792dcfb4a915fd43bc784632764276bd240

SHA512
6ec7a7d7dbecc466ce4f7defc428362004b6ce03bf6ea16f7719e15918db8662a7857a8a3338087df6e68596bb84020cc4fc80597ddae4d2d46b545bc5448f94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002d

Filesize
21KB

MD5
dfe5168b4d455548861913d3ac57c93f

SHA1
0aa15fdc194cb0caa48fb30fcc29f8f9bd4c7156

SHA256
2edb0c23c2da6e3b0d00c4f7fa50f9801ae8444b12f85da036defd5d9be9c1ce

SHA512
5988c77637207effcd45277c7a5e04a817e498780f6bc0c3f38d3bae9ee2a2b490a6c08ec6584cfde8bba34fdd793a05ecb7bf000b940a6acb4d53d4f1b382e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
6180b95bbe29081c66d21796f1fd435d

SHA1
15e06960d1c733bf46ff3eb1ecf02dfb5f58161f

SHA256
319ff334e4cfe04421304b1923b5a696921751951b96a980e745a0e6b209dfe8

SHA512
09e9a944f2647facf78de541308938060c7faf171d57f24803e6d82a471dcdf4e7cce754aaa6b7c4efa8cc21bb5d52b9b096cee3cc533ac30e0d63d7c8d4b1b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
cafa46dad5d6d6d2b3eb76331773dc00

SHA1
d6d1d6c38a1fa15a30dfd6045ecac6bd8cd637be

SHA256
7c161658d4f579f14a1ef0311ced7105a3f3926550ae0794cc7853066cf97e3e

SHA512
b61a186430d8f4b2e9acd32cb64bbda3d98d771b977213bf797a8093b53fefe994ffc423e1ab2687483510c26ffbee2edc76758eb2dd439a93b750c0fc1971d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
891b26c94f47feb97b41d56218ffdb82

SHA1
8801fee7fee6dd6bdab4ea0705b27b4754897760

SHA256
91c1b72b586490424b55445a15ecc0ca404287cde237e1291375cf72cbb97d8e

SHA512
7d024d61cecf481826b040aa8777fef212ee2802325cd1775da67549f8eb66a02acc205424c3bbfec3e1e005876a5ec285adac0b22d1d365cc7b9b66b8070b67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
9ad020b5c52e44c2bb236dc4662a956c

SHA1
114ace6d854eb21eba69e87f45ebdbcda6a5a213

SHA256
8a850dad0a749b361b29d8abae4ad010e23e197f351415f5dbc157effa9eccc9

SHA512
4ff98d6c9373fc7cb4a328ee019930cb6f5f3bf69bc30162650a3366d27d621d800b5bf966114285a9369d620e01fef9e75c79b694668b6f68fc513a849b410f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
fa9bbf4ecbb88027aa2c5791ac99ef25

SHA1
95ab90d490d6d09e886e852018beda371328bfc9

SHA256
6e4863a4f0c182dd9b8cbc6db4621e7a3eed85183bb08fc8295ef8829f807675

SHA512
48d41fdb737715cf04c6c0c19359461b2c6e2028a5112dba3e43e811a9abff01d64b6f5775af61c711adff1df0e074bf1d83a6c5c63747d15c78b29e93b54d86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
63b78ec077ceaca4d3ad8deca0dd4f5e

SHA1
3a7be81db4655684c8e6c6128f1bed16261ffcaa

SHA256
320cd0b9d057015d49a8044c8b5ffa75dd958c7738a090a6bc3015bacb8af1d7

SHA512
c0cf42ac8fd896bfaea6595c6ab053f66099ae986c01505ca28cc3dd257a1489b6716a2a848e61f48c18775555499b9cc58c032b9071b3563d939638bced5ca7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
a17d9c30222231b6117e2ca7ec4d75ae

SHA1
3a19669b8ee70cd4a97ca442524eda3b5f7363f5

SHA256
d48b532354a35a9f73ab1071ce91d37c4fc6ccc38ce33d0843a70246b512ac6f

SHA512
ed26420c439426f3bb187833bb5f3cc40130c3fab4e9b2686c222b9ae4d85a814a5c77c1027d76b1e82cfb58fcf934976215bebd9690565084d487677fabab54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\6c9f57f3-443f-4445-9c42-a0cc6f1a6562.tmp

Filesize
10KB

MD5
49e0ea4bef9b071a76169f26b733d9c3

SHA1
83d1b02c650af4c43144916ec9735f74a0062711

SHA256
54a002539dbb0d312b7c8a54d0e7e730cc1aa9afd6d614e52ae6df8589b31d7d

SHA512
e39e9dbf64c96ec2e3f0620fc2bec62a33caca4fba85d564d967fb7e3c2f5a0503d3fb49bd0b1252e18359083315e41ff6e4c42dbaff7aaf04561f646995d50c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
debb883f2c92a69ef7b7e960199def9c

SHA1
45b833f12505ddd5951981b0593b57eeb720e0f7

SHA256
3316dae93bc4b5f24f29606525895ad534956cd13b0b9f645ff7d841433c6e8c

SHA512
6f1a6c8efd00fdff07328a9db8105d766c3eca902d73e581e92ea2191c6788b072d94bfc196f15067af8ce4eadbaed2d2c48efd214db731e2bf168cc5c26e58e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
de30b6d71b205eaafc3f3a11e87841eb

SHA1
78a84d9bb66a47dd47147a27b81706413c963392

SHA256
65dd9b90a9eaa3f507fa9cbd7045aa9fa14b86bbe4c14b322990bc2096ff661b

SHA512
337e879d15d11ef62ed07830e3ec4e43a4f89e50aa846666377ba6e24d30173ea79efd6c2d95f9a8f40d1b60639b39eba9877b5e0cf440f137c6211d74bea575

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
0b6535b56cf17ca8f8827c6ebb35ce35

SHA1
e49473dcab33e9b3ce431b833c8f37bd920a2448

SHA256
df05d7d39f9c525fa90dad2ab62dabb9b47257341dfc8e71c2d41f233f51c69c

SHA512
f0d118415d3934fc6d297f07f5ef3ee211967684c3fdcd5934494bac3ff3b7353d33199678bfc56e88d9e2c5fce5d8f2cdbcba5ea8b5841bb6ad72ce90d51d69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
b362952a53a4a1c0488c64a04062b762

SHA1
dc31f16efeccf3ee719dbef40f7fe9af39aba97b

SHA256
086450d127dedbf6be7fee1a034ed068e23ec9fce19c33bf0f07667c38839374

SHA512
e814160585fc90e56439275c13ec3b8ed16e06a6880acf4f560698235d01963c6a5c970430cba6153f83504ed9a3d241d9e997d8f58b5332e7176d897ef7e982

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
7beea8d748f2e0ab28f40ad20ec2a39f

SHA1
c32bb5e85bdac6b22c499b4eebc8e8e13a244bbc

SHA256
6ca619af892008ff139190a0f62f1e3f6732c704b99b18b8c8bb723ff3f42c5e

SHA512
29239b996b3e22373ddda3f67d95434945c7c97c055fafb2382c30c4a2bf293bdb324fb6cbb88349e4d370cac4720d9a6714083e22ccd34661244dea88e0eca1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
71db6103e54f707512ca10c062eae08a

SHA1
bbd620badfb08192d1bc2a7d989fd481f3543d1b

SHA256
63d4d8cdf58abcc0f16d0916ebfbac4c894ece73eddef88be3acb8d6540d705d

SHA512
d40ccb8ea39cfd67c3cdf823fb3fd0ff17e10e2c9a995e8c26eb5694cc4c330bcd769b244dc7465a797b8b24dbb6fc56527017db11f24528c1e2ef3520737f9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4f9f0904e17707c1e827547ca1510ee3

SHA1
12eac8583a163dd1b7087666d9b8a20a77e88bf1

SHA256
3ab47bdaed9586378b95fda46b1168192484bf26b5c8e2b894282fdcbcee00e0

SHA512
b1e1ec4ff7160d7eb3b7ed4b89ec8b9e1e5d92c009c301c02c265219557328272ca3256fd66b9743c05c8d14e915aef49112131b41d6e4ecd9472a65df1bd2b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
42ace990f9e6157896927e6a8b04a54f

SHA1
77772facc4b07ed897f010d007a81fe3b032a463

SHA256
19fe074480d0ad02ead49ae672b9e382ae33cb6567bea119e5d1043f7e9bb39d

SHA512
cc75eeeb5bf5143a300f9ccc1a32591b422b72a63132558441832433fb2dd6e367a4ae50b18c722fbe74d5b428daa941f1721568491ef3718be4346d1749ce38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
1d9581cecb0cb4744bc3082e836ce59a

SHA1
979f433d39623dd370c2cabbbb27fdb222e1ba34

SHA256
21df977333df778ae3071ae9543d9601bf8b733b31ea5031a92e5fdfada1bb99

SHA512
691cd053794664b056b2075f33fcd4b5e94fce3d4a830b9d7f3b5a197bb35e783113d113e2fb588b7872479e5636ec08c9e58bb19b6129e2d36a73dac44e2703

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
0cd6b6ba88a6bf12ff64c97e503a1721

SHA1
8171450a661edf825c5d022d6578747adb169ce1

SHA256
4dc1a2b345e24bc0531d83d83ad7b3d3ac9a61ab89f2e8fe14012dcadc9599c7

SHA512
50d42f6f62a938c3ba26ce8223d0195e13adf998866836844dc47ebc41cd7d7292789ec4f6c11a8ff274014309d0a7a0a5d0432529acc0846f86a2dccd253db0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
b3d7151b3fc3d9ac7ca67c046b8db591

SHA1
cb6895197693e6b8e9ae5dc4ce97da6fe60862c9

SHA256
4da74a70285e3d2496c4ce6e05d9c75f053b62c49cc02e3a93b9a59ec97fad21

SHA512
31e1c4d7ce00ebc2b8cad53decd5f0866482e28cbbd087a0b99c70084b85b0237a46142bdfe0573acdaa919c3371c875d71f4c19dbfe8bf0d717f219f2564e8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9c0e36d099c07987daeca64f95862b25

SHA1
fc3e7cf6c07a1e3d7401b94c0e1197255ae2af2b

SHA256
c0fc0847dde4b50f5a5c91d00951bf6acb78f95bbd916de646369fac56e4a2b5

SHA512
6b187f838ddac568b2db7b537e422172431a3b078912289a1e000bf5d7114e49122f482b51b050ffd7455508d3b5543ceb89616dac6d45b6b95689c8d0a0e173

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
be90b0c9d6313143225fa01e7d63aced

SHA1
0d6241de2d8df2fd1b7e62af5ac3084ccab4fb02

SHA256
a088e7a2e28a0c92cd21417e4cef5886699618e272899584121fb231d937272e

SHA512
10b0ac8090978f07ce319b8b71bbe182c4fab1dd24b77fb98a13e86c9ce68a2a2328a30bd5d3c0220b62ae075bf6ce8370ef8a0946fdf7691a514570b2586ab9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
853B

MD5
f5cf1fd1506b7d7d7e7cfae57f8952fe

SHA1
f5a5211d0fbdb9522f6c5d475219ad4c2decaf7b

SHA256
b78b379e7bbc48c92bf11baae062d3f69cd87226e9a1d5b91bc9f1612825e90c

SHA512
4370946e61745da8ad7d3f0d473d6313c098b74316eec5843f216f370fea652b386816b51331cefbfe1f15f7a52ead75b757093c48e76dc8123d7e6bc745fbee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
2f12c9e4bad7038f516726e67078709b

SHA1
fd6fb01402f831917825e07f06428e807ed58f71

SHA256
d884241ed827b0fbe62e6a3a6ce8de18dbc33c93f4c1eedc44464308000052e6

SHA512
e8b94738b6960eed1f2e673dfdff9cb113a2411fcf2e13c12f3b00adda36ab5ec9bd2b7a7cfce4ad89c477c057a8c59098904d5eba50d9e4f4d2a54e42ecb7a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7259d628beca0969ee89252cdd619114

SHA1
1a768805f2d123961d1a93d3a64126ec8c5a19f1

SHA256
f7064758ec0d0359d22e19451d3e655825a464c920c86c0e56f3dc3c7df7f6c1

SHA512
a3ec1626656e3a44402cc48d6783a85b52290b34e3c1cbfdad09194c51342803ff162437e9692a10b5d3d77b758a88d0301d2fceb56654249f1c9ccb8e12535e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
d315d21596835584905ae5cd00780638

SHA1
557c72ab3e481e182976bf370cbe9c551170a403

SHA256
90c3579eaf28946f16f7ecd786655878c8c754fa4ded15391d32cd6779f5cb74

SHA512
ece437826271bcb2baa18a9704fd0b1ac8fe0fad0c584b30c7b5890efb24993daf06d4aa822a84758cb39a2f8f8a163bf95b60c563b24030aeb902a1a12332fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1009B

MD5
b65509262d538624476839a19c08c337

SHA1
347f41977b652b8c11d97f3dfe8b133d2436bff1

SHA256
9847f157ae3220ad67d474fac4d9012417890ac32d1f08c4b4a9649268590b74

SHA512
83e121a32e9cada3eb84bc74bd87b5014400b5beabdae397b6e3bd65ef68b68014eb583c1ccf3512a85207f9a63aac3c3b327a1f07c443fc36c7be039c3b5115

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
853B

MD5
a93a7ccf6e4c11666df89f2606709c00

SHA1
2f9f30feb622a122933fcfe7116e34348826753f

SHA256
726b4e0660eb5f912f9518d29248d80d1b502ed90c5e72465f20eaca66db9b2a

SHA512
744cfc129d9f7dce8290ce3d6f0921f42631c4adbce5b0f42eb5c0e76219b84728f71fab9d1bf7e1c201a12824aac9f1397669d0a44409e4fa88329913be182e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
b049cd103dc8bf088029447e7c1c24b7

SHA1
c9fa6a5370d59dede0d569ed0726f9f09b8f090c

SHA256
6820546f664bbe420b827eb8174c1c21381b5505ae5846beb01a7d3b956e8c61

SHA512
727d99c4721f5d0e86bc244d0b44e3c907d60e147c1bce0818f1feb1fbf210e9e7afabe9b2baf76adaad1445b546ca70ac7a791ad55e5553e2730b12d62fa316

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity~RFf7eafee.TMP

Filesize
1KB

MD5
912afb8d778123b0e5bbdf64e6e9186b

SHA1
d48f50382ca2b710bdaa62e35e79385dc29d676c

SHA256
e65a65b0bd8cf9e72ebaf22d6991dc249bb12d4603f22128834fffd9592e36d1

SHA512
b2f0d392dbe99ca24206fd81af2a3241ec35529f35a4fd44c7976970b179987810405708dbf963904bde1a5111faa16c98ccd3cb73fe6f585e1d475ba168d4c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity~RFf84034b.TMP

Filesize
1KB

MD5
212511484bb508ea917079845e0e470a

SHA1
2e25ea12ae910e2133af2b6f369025976e50dbc4

SHA256
af27353f9f1eee1eda36c59511c7f46a16a4c528b3ad64f660fd8a98f0230b17

SHA512
cbf00b86e24e6c8ae2647fa4166bc3f6f46ca6fb050c1fc158dd93dfa28dcb66556219744c898ffc4e6fbbbb28cd33f7f061535d747f07e8cdb84fc9805c947d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity~RFf84a7a5.TMP

Filesize
2KB

MD5
be107ebf7d13a93d0fba66bfad14975b

SHA1
5fe0008f6c0978521754f1228bfdc0f281ac1d86

SHA256
70f2fa504ffac994e26deee1bba752cf89e57dab74f46edd1d38a2017bfc58f7

SHA512
acc03fdd8ff8cc330e3377df124cf08f89bbccf7e2510c0028c437ce29e1aba13f06fb974fd41974edac31e4b34d512121c5deb840f42e2211933fb64ab8bc50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f3557fdff6c339f3af9acf7ab812be11

SHA1
f2a8b6d5a8acce67e8e4f8d1c164e7326af4439f

SHA256
e4393de0a576330a5b1f5341fc2f35225a17950ffbb1bf7916cd9cee85fd96a4

SHA512
a7614fe97b338c3be7b135be7bc6fdebe31f84b06106c135160b925c654311588bad89dce040e9f77c7152c87eaaa0a920e727b37f50cea2d1a8aa9be126819a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
17a9de311ba6afe61dd30dd224c279ef

SHA1
2e90f795414669bfbf34772d0cce740e35844b1c

SHA256
401c4423696187d430eba092c4944236f01daf02e3cb66fbe3c98b057037e7a1

SHA512
bdf5a82bbb90f8cc48951fcad34c4dfbf67ca7f262e391b82b6529655b3bd54ecbf0b0a7d5ae7ee3e1a5503984af815788621d0a3af8cc713eb92530157eed27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
7be8d48c85942f9ccc3c6057fc79cd41

SHA1
d8d7711ef738b1f0acedbb83a2f4c1d1eb45f0eb

SHA256
d239606847987e8c909c9d3cdb0f5f07935ece7604a775986d552e5173379337

SHA512
bf010aa79d03c3c17b19f8fd9025063e42f155d7b50d07c4800611abbf3651bac51218289cc6befe84d7629cc8ba5ab55bd5e3e83e0917d5188a9dfb3c0d4fb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0bd0da91cad9a940cc398a0f3dcfb593

SHA1
b1048d3fd2f978c5e445eed2b62964f09ea0e45f

SHA256
9bfe1d72bc33e62d76a0f373b00a25cd10e4249c7d1e3fec27ef3a6584fc10e5

SHA512
a9231ab4171c2362b44ef4fdb68ea70793e5f731a40d1c32cc54ecf5cbe443acdb3e0b323d31be068a8f7feee45e9554d444925fb0214ea97b54c63e83b05c52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
e9d9af0a207147bccb5361bf19f28a84

SHA1
9898c1c20db4a052ca1f75d6cff5a0d428e66875

SHA256
c88ae9067c4eb94030be98c851811569c239446a50322d90ee979ca0e9d40d0d

SHA512
d9ea55541ab9b65dfad0953dd626d72f0ca7530aab2727b08bf8ada272c24dfa7c0517bcbc9f0b29e284b1fffeddcc55eefdd2c439f36d782f3c310ac5adcdf5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
2dabdace8139f70bbd8998f0faac32f4

SHA1
ec58a1989380f2037469fedc7809cf9c1aa71b0f

SHA256
926b21e095b9ed90dadfb6b598d9ee7e46106aed418826a2b7b0d1c17213c75d

SHA512
08e849cf23d73f326af9794c9c5e1b8690ec6dec77be954574151e7948e90cbf36f3165ef1087d1a9e925605a8166e82d428ea2259657c4cc3a48db71c8bf2d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
20ab0f26bea0dce3addf4e7ddf5685ed

SHA1
0379ec8279551aeea4f1aff4ad2b977a7c094892

SHA256
95bc36dbe5bb2eef5c4f0b16df14889c4a99090811a2df2f6e47a9850d1edea8

SHA512
a43e9e55aa834b6a77c705ebed37e44cbd40b2552058dd24633a5ad2c668cbcf3c538726f8438f5934d39b503d46bdc301befdcf4abb68cacf49d34293c421b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
4ab22cc29b12bb24ff709e0902f5aedb

SHA1
870805d2ec5186300767248b73e752c32cec09ca

SHA256
e9157da0e192ff660879ca961199617b88708d89332b2d2c51498bcab146c4ee

SHA512
34e83b6f68a87951d85d714381dadd492ac2a06e5afc330697c3d5f1860eee7d2372d660261ecb87f9e58fa6523e8f52da16e97f0685d91ebf5a400c89de5d47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
89b57eabb2b71f4b874ce60eebfb309a

SHA1
8bed2bfb07cfa21654cdf296b23e9ba6d9ab6705

SHA256
56004b5028f018e23b05d0e3bdb3ae75cb005de672f8f782b1a0c5f6d9521963

SHA512
642c4e210eb1e5a531d7fe36e3bf6ba673d664073ac866f5ad7ba951f5d149a7ddce5d862b7e6a210c12bbbb0e32925eb84060403250c39141f73cd392f1f521

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ef4908cf285c2a8610b0640a5eb3df9b

SHA1
7037ef5077f8f3a7f09bb851e7a09c1aa4361249

SHA256
b42ea96c1c81b5274c79801dd516aaf86b095845bc30145f16542bf7303dab12

SHA512
7abde2db5654bdffc777d4497beb633d89c9289526732bf501469523e5fc9a2f727a299847a10c7682ee10c24ecdafef2ddd54c10b2e268aaf9217d5e1aaf61c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RFf839934.TMP

Filesize
7KB

MD5
00a133e08424fc9748df2e92bdcb8b01

SHA1
5532c15793a6257ecc0100d552769a45a97451dd

SHA256
7afdc9e448c6a99c23c9f6bdcbf6da26eb5fb8e8a91b5b71db60815f27cef57a

SHA512
8e9347cd99223817dd18e2b9e3c7902d9ab7a67448e2df2528573089c11465290e137b83ab4bd9073bb24528e1ab9495fe1a62de36cbb50ffc4540b46c12b3e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Search Logos\dark_logo

Filesize
22KB

MD5
4fd80c2166f74c27536dff44a5afbb4a

SHA1
79aff88bca799f80029ebfefcf288f813d09596d

SHA256
d275cac37d2fe17984b9d60b17916fea2ca9fd4109a1bdbde479db51bb40957a

SHA512
33c1084e2567ce0afeed22b7f3ee9d2605839f15bd4b2f7f76aab7d6afa1f3e08a2c958f9b15d66cd15f118619258f51a3b270f86cc4f6c07a24538ddf69c636

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Search Logos\logo

Filesize
51KB

MD5
b1d1be5484ba3962f1f20ea1902f115e

SHA1
9fbe7afe4b833274d5ded941581a3f9a701c5d26

SHA256
7b8c934ff50cbf84f3775b6b4065fd41e6c332a78854afe9c2e87e3c55dea2f1

SHA512
b881226e4bc5a3572323c192351a4e3ee2085cacd89e0861cb238e37673044d02ceabee02830b300a5449cdcae19dee379943a9c4a33217d67d5dc9091e704d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e0cc25a804fc36c4acd37b039fecb0634a23aaa7\b310d0d6-c30a-4b75-beb3-0ec018dcf774\index-dir\the-real-index

Filesize
2KB

MD5
dcaa5eb936e4032e94e4c986841c96e7

SHA1
a9cb090a813b846975337386a61882cd9fab904e

SHA256
ce1ad6ee006b577b20ae60a17ba8c260c433b29ef653b1ce51466bd7c6c0478e

SHA512
2e8a3adcb9d28dd72a21d8573dc9ac707da3ea568c8b9280648ce3d7ca2543c980c44ee6a1b1af58e67e1879fe264e6413a64075f4c536a78ee6265901edaeba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e0cc25a804fc36c4acd37b039fecb0634a23aaa7\index.txt

Filesize
151B

MD5
dc72238959c19a2d0a27ada57c7a6e05

SHA1
2cfe8cea8a99a357ae084779dc21f616d860d767

SHA256
c41915eaa160ad4f5868137bbbae77c5c92897fe4341faf7279bf5b56f3c30cf

SHA512
9d1ae7c20c68d59a733f345c0b59334dd4b8e7bf7838e9122e8f357f8e0311242215a2d3044210befc8d984384dd0e082a42908dbec9c01a08e4b8420f2fb87b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT~RFf83e734.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\ae438e00-479f-456a-ac6c-db3f0a1c1221.tmp

Filesize
9KB

MD5
cf2fdc528a4fbf44b0e79cc047329c10

SHA1
6937ae405d3d8b6752d14487ff0bb55176b2d811

SHA256
ef3bafd6e75a6667d69e6090088996a533f2013126722db7cf4fa8efbb2ad1f6

SHA512
cc160f081cd6817df72f17a3a406d56bbcf0d4ab19e23d91629180cea1ebc0fc3d1c7cd594c18feec28b29ddbfb212ff5da451d099d1167980d235bd05dd193d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
353KB

MD5
ce56815cecbc08cdc8866da008d52769

SHA1
f6d9acc98bec835810764cd52253f92422a67523

SHA256
4579e98debea35b3bb8b340a5cecf77c282f64eab3272b6096f017f30df65e1a

SHA512
34cafbafdb28da0694286d054326d8d131a4fee480b270f723f0da708e849dd833b872d9ec5de2e16098551f7efea6f1c93c73f7c9dc183b4d57875715c6f196

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
353KB

MD5
af993fae1e86f768a63aac9afff4caf3

SHA1
bab9c07c619f8a97da4f6781871d4055db1cf33a

SHA256
def09b345cbb1c30697684066ea0570959fdb3a667eea7f03fc7fe35a4122a94

SHA512
9638ad5670a7223e4983f70547d342b7cd0d9b72505e8e4fe5025af90e4908eb1718b02433f747b55557160b1e5033f0d855a36c3430e1fc6703a459dc57d7c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
170KB

MD5
5893c37f543681ef6b53eea7cab101f8

SHA1
37f652b7fc06c9a52a79fab0e737a4db33cab00a

SHA256
000019b49affaf679607aa9c327884b1ea5a4759caaf8a471ac428468fedd55a

SHA512
c8490034a77a49956153d3f8324d02d68fee19c49fa16cb88c96d255de41d7baa981c1ca01e5af5105ffef3ac25252c5f69c3f0132a096eb431fa19da06932b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
353KB

MD5
ffab34461432519181ad3b0f3bcb9358

SHA1
d30ce91342297453a2aa63c9f465131ac41956dd

SHA256
8f92818a6c344392c863ac701d4ef03d6f7fd1621b762275e412729f09ad99a7

SHA512
1168c0efa14064142b9da624a80740f29d301637848782335907b8f35201ef9877832f87ef8f1604cd1ac0f9345d4c9e57b3e199ed85208a808526f95cdc6abb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
353KB

MD5
1717842c0cbca95deeaae99cf3dbaf6a

SHA1
c33120c7ad3d4c6cefdabb948d77a9ee42864370

SHA256
778543b9e29b546891f98b53a671ff8789db4e13b349f0d6675cefc5f04661c2

SHA512
78003ebde39d8f9da30e8cdcb39b51f23a0537adfef81b1778672e5fc079169e658b09f41605c3821b9d6bb9f057f9d609ddbda106008b4fa3f72dd2d359c535

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
371KB

MD5
4c8e24861fc44b82548ed02eeb7f7b22

SHA1
02641eca23f31a3966f75178339f4dc58746b025

SHA256
e1d0babce0aaab89fafa803005181138195f7a8e87d6a7e8730566a23a1e74d3

SHA512
01157e0601e39b3ee8b7734f22f39b01f47adf7e412ff3d48ec7b4daa1f766f7648115f1fb14d2fd6c260ae8ef7d3b403352cf0ed6880a057c132649acbe23bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
353KB

MD5
d813e46d82a1926a44c1cc497fc15411

SHA1
b499ff24be988718ae8d58dc13235ce88f182632

SHA256
60555272eaf1613c30c8c348c726b846f376151128ec837dd0b6159c69b7aa8a

SHA512
1d62bba80f18b3456becb330564cfb561b3b51ab5c1b8ff2a451f4e1850960e584b1b1bead1cd79d00aebfefeda62b3643c25d156de8ef473255d9b44f5f18b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
353KB

MD5
274354d0b0f575ed792c16950a8fa2c8

SHA1
f8394c99b3b976369c0e79c8d5b53fe4ec5e87a5

SHA256
c4e8166e8440319f9bc3e1325331d33952b8065ed1ff3a6f3393e9187c12b09d

SHA512
1f31a0e9ebbb2475912eb3194fe9d2547bf35654485abeb0cb67a9d20a28fe6489187c94bc86460880e1470ea390f92d7a49ea2376fa59ab4820865b26c734ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
81KB

MD5
9784c8f7aa5320acbb2cf5674ac395ec

SHA1
2aa26e9515857e6b9d8e6387d593e273eee197a0

SHA256
f813dcc1c8f71d6548475408e4d7fb012411fe354666eba1a6db072eab4438a5

SHA512
a6a35874325bdda6e9f3154c7698d0e7950fcb4c10ef16b4970a11c23f1636629212f4ff58703ac2d0a71246863f706ef16d703f7bcad274acc543bcdfb92dd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
84KB

MD5
fd93fc2272dc504585a890f8f1637d7a

SHA1
2bdad8054e5a1bca635ed1493c8b49bddc78f04b

SHA256
6455860ebd63b1f7dc479530f3bac93acc0ed75e731c07053c1991209ab616c2

SHA512
3421e7fc4f25f3dca63edf68091f1ee61dfc3f29caa190a22ab53cedf5ac6f2b79233bb30fbe10161699f94bc7fea13750c770317adc1ae1e1e5159842c8be4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
83KB

MD5
f31dd2328a057f024a79b8aece4da6bb

SHA1
ddfc93f2be27a55518295fc1c3a9dc2afa5c143c

SHA256
b2189ac33873959e4660a00e5eac20a59bc15e7e1fc60d8c8adea93960579b2e

SHA512
b1cde3d259c6c066049d3560a2d014c5ff6d3f0a0a751b587afeee836c193a47c875025bacd98cfeee48a75257b26c9d3d3299b980898e06c7eac9069c276348

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
74KB

MD5
1d6c096cd81b0a28a6da6011c7672fb3

SHA1
5ac1d99aeeaf6973e38a46ee9b8db84b13c91a8c

SHA256
e3a11ea4adb5bc75c65a68ce411ed2016beb9cd08dde1c54eaa803c042e8dba8

SHA512
bac613a076ee5c7c8c8978e8d6970936d31cbdb6e7681565af984dc6491d2223af95e1e1e1c232e94a6d43c8255534051769637b0b2ed74434b3533f333ad641

Download Submit
C:\Users\Admin\AppData\Local\Temp\ClientPlugin.dll

Filesize
19KB

MD5
bdc8945f1d799c845408522e372d1dbd

SHA1
874b7c3c97cc5b13b9dd172fec5a54bc1f258005

SHA256
61e9d5c0727665e9ef3f328141397be47c65ed11ab621c644b5bbf1d67138403

SHA512
4fa0ed4ef66e4c442f5fc628e8bfc8a4f84cb213210643996d9387027edb619c054f6104ac889ae77cece09f0304f95d5f20e14d66847e2d382ef51eecec0962

Download Submit
C:\Users\Admin\AppData\Local\Temp\Databases\main.sqlite

Filesize
15KB

MD5
ea522fc387e8e1c1c65e946c9118e2c7

SHA1
0d3fe3c0f59b651f4b9210ec4d7324e7686b5a21

SHA256
ae429dbfca9416cfc6832aed1190fa7b9eb90127328136a249de024349fd3b3b

SHA512
52161556c3d3a1e12fe8de217aab806ac8e8e47135d57f057c257d16576ec08b13bc37aeb7f7234042d89d6deb594a635e0764675f4e04f7abb94836fac1d921

Download Submit
C:\Users\Admin\AppData\Local\Temp\Plugins\AIO.ncp

Filesize
17KB

MD5
60c274ccb344da9e3d77449f6068d253

SHA1
ab25eddf3ddb61ef52104a01e5c9b8a23451c764

SHA256
0a59aaee013c57f3b6190d683160d88ca1c5868565cbf5acbb7b17d3e925c602

SHA512
9600d852b56557f31a5a18a6aa2cb76cf4fabf36ae32bbeccf82677f64737542234e2fb06ac8d917f9839120320b7db212d76e8dea24445f13096d86a474b9c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Plugins\CorePlugin.ncp

Filesize
119KB

MD5
7914e7302f72d330aa5f6c5c8c26df43

SHA1
8c411f3fe5297a78cb018539b44df87c0a51606a

SHA256
f66985518b1e56a04f512d110f5b79f21ed91cbcbf6bd3e17eba3dcdfb85f9b5

SHA512
8959843f282162ff0c59d890d04012c4f62dc36058aa7095d708a97a34313082cd4ca5ea5df5623cd2d6b8b91c527297168cab08ec59c1ec48fafac5983ad012

Download Submit
C:\Users\Admin\AppData\Local\Temp\Plugins\DucPlugin.ncp

Filesize
73KB

MD5
5eca68a8368e0e144b7016e30b85515c

SHA1
0ba48b49974156e5746958aeeb1c2a26c916b3be

SHA256
e2ce89b3e68b003cb27e2c5652ccba073c8938bef194e51830539b2464a3f676

SHA512
ea1d1363fb072a5c646ce070184855588124be42392dc492ce86c88fe93eae78e23f5de4f2df75fb5b0e8d67bf08ff192dd163ed3c62a1ccfb0b8436ae1df644

Download Submit
C:\Users\Admin\AppData\Local\Temp\Plugins\ManagementPlugin.ncp

Filesize
300KB

MD5
b612c2c9a6d361a5db14c04ba126119c

SHA1
d2b29e235b0f45242088b78313438bdfd51209dc

SHA256
b86fe4e126a9748a383a34d615b9598c715f2380c0aad957495c66923902026c

SHA512
194d4688935235f3ca686868c9ff53c7945d4e076d4a51fdcbc254bfa1461494766480794c65715bce314256c7cc5268bd6547c937984d3010f54f5a3db4ba9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Plugins\MiscTools.ncp

Filesize
66KB

MD5
78e3006fc6468eb7dfc7761072b84ac6

SHA1
e46cae768d2754f48a29b7e424a9bddf0d67bcd8

SHA256
3a3a3b105eefb45e3b70cc1592e484df02df7020d5154e8c2e5d7d439e295e46

SHA512
0daa1cc9ddae70f442ee5eed784523dc1378b9d095edfaec1df95e02f00d09b461d60ee180f716f7ba755543ef7b0c87d791a454cf254dde0033b8615b2841e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Plugins\MultiCore.ncp

Filesize
236KB

MD5
becb82e1e914e906be158e3f9dd658ac

SHA1
725d3d658680ca8dcb610d998db4b28733b5ee52

SHA256
5494adf651fc64e3aa6c08e38165d8dbfec52056cdf4fadae90b76b0e6816a33

SHA512
1d67e7d5686ea225262501afb572bec23e35bbd33c660a57e84b9cad7adfadbe457b128af0059ac705d53c6b65798f5525fe4ed3c16537b0c085414cdca74174

Download Submit
C:\Users\Admin\AppData\Local\Temp\Plugins\NanoBlack.ncp

Filesize
107KB

MD5
794ab16c092ebf2b1d812d6cce158537

SHA1
6dd9edd26b50265d5af4642f9d1f1f8703a44805

SHA256
7919b7998d6b359d7cb700018dc2d69ff6ffb45bd01c9c190b98fb4c9ff4beab

SHA512
e639bb0f7d309344c45ddff3d7f91212b3c6a9db6970d06db35f6bac228b389ed8c32dbda75ae23ad1359bb60f678b0b891caa3ed07245aaad21dcb3ea4a5347

Download Submit
C:\Users\Admin\AppData\Local\Temp\Plugins\NanoBrowser.ncp

Filesize
102KB

MD5
8b13fdc96af0a84c152f5a601dcc6b06

SHA1
1250db70fda8a2c32f37bbdc5638074c6dc171a7

SHA256
997c41b05150480bcfae9abb3132fc807f6c6b511b810b554fdb5aedf89f5db0

SHA512
536d4e1b9e7c95ebac762d0a438106a5409c69e990940d3411709364783f957015d4a5dc0651b33591e37dcda8549e689a87b853e32f3ad065391a2d8190a552

Download Submit
C:\Users\Admin\AppData\Local\Temp\Plugins\NanoCoreSwiss.ncp

Filesize
49KB

MD5
fcb5afd01e75aca8ed9fbd35a46e54f3

SHA1
94b69f8612d31fc0698089d5e08aea1cafea52e7

SHA256
bf0386f6e9b4a35fefe5fe917e2be7c64867efe24521f18e4567f8af5f6dd5e5

SHA512
b587dd23eaea6de486c30864908f8603451c459153cd21b86a5e43bb9c2cca7cbc015daf620808fad76a4d56bbc4e57e127059c8e73be6c85bf958781c1343fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Plugins\NanoNana.ncp

Filesize
157KB

MD5
c5d40b767bd6b97f88ccce13956d0ad8

SHA1
ef7f7fdd9d5ea0b55ffbb17c171ee6a46b347100

SHA256
a3c39444ac74bb91f14f3f2ae6918d9b1d368268e137aca310450fefbc8983aa

SHA512
3fcb5a6afdc7de59bac645d8b4dc6368b0405a51985ff86c95fc8cd579bd59bc423cab940dc0ab3de9a0cd0d9e04dad82e380ef18030330d72b2e72936a95ee1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Plugins\NanoProtectPlugin.ncp

Filesize
179KB

MD5
e51af633e5f5f4a817a54773fb90d337

SHA1
0cb8a7965f9f042954b1f318ea1026b76e12f8e0

SHA256
b37602dbb924bb94df0d9745d13fcace8a6642397fb738fbe02a88f667f3ab66

SHA512
6454305121597073d4ea2b8f57a4bb4a4fe7fafbd05336c91265534faea5a5cdec7504c1329ea0c8cb344a4f32d59c60af5348dfd89375876ae95ee2c15f0c14

Download Submit
C:\Users\Admin\AppData\Local\Temp\Plugins\NanoStress.ncp

Filesize
117KB

MD5
ba6f59df971d6db7a8951edbd5d6691b

SHA1
ed766de1fb4ab0889b3fbc8127f1393eb3cddc15

SHA256
6b33a572e019266749a3e04966e2c57822e247c5197f6f9bd6a4bb8792633581

SHA512
bbd50d7cb2b2799055b8864da3d3d6037bbac41312ce8582c4627611ef856ae38ecff67dc4223e236d1b555bf02a7c0c7284a76ab90007621a2f2997b6bc5dd2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Plugins\NetworkPlugin.ncp

Filesize
319KB

MD5
70e5b02349742a550fbfcfb5bb78c906

SHA1
2319b68398af74fe08b6a3a7d6943cf700240a4e

SHA256
160030b8444b6fa86775a11d1be35df6a75252070fc5661055884d3f8b07296d

SHA512
bbb5d2fd6eff637da303a4ab2fdb02f781619ffe25c5795c5b9e514214227717771a98ce6c3becc87b29c15303ac4373ee3847060ad5755a2455362e6e26932b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Plugins\SecurityPlugin.ncp

Filesize
74KB

MD5
44bd68199bb393d0eeb7ae83b56d9b9f

SHA1
c6cfa069a17ace16c651a11945bd54f4ca6193d1

SHA256
25b1b0836838740d394cd35eaefc660e9eabeb611a701a451eb1119f6427fc12

SHA512
a02b82e40f66dc925de3324c03e8a0a497bfdb6ed44549001efbf86f2e5381aaf9259978908cce9ecc7798f083d3691f007b207ea301a9dc73f2430662146bb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Plugins\SurveillanceExPlugin.ncp

Filesize
423KB

MD5
195fbe66986564288c3285935fe87b27

SHA1
2fe84fbbf109b3e4c7c63b414689021ba847b568

SHA256
a2ce9ed783b26d01d58e07b9c97bcfecace9ced72960cf3ecf471fbd008afbae

SHA512
552161e555d07fdf7062a4c0d3738819b13ad4c9a5c54f09db48dccf6faf49b014eb043037500abdac7af0210ed118c5232d8d54be367d8a4caccfae7904332e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Plugins\SurveillancePlugin.ncp

Filesize
352KB

MD5
ed3edf12bac989d1dd6edf7146feb805

SHA1
776a667bf2341b43e199c3601856ac223b86d221

SHA256
3301f9fd4700458a18589956fd2bb6e5101b15c14f52d5e079ae1c3a008da040

SHA512
e6873a5d1caada8954907bdb3120aa2c60a4137fb9d04abdbb74ade58f35ada1ff87a447cf6a35f5798dbd0e1e0ed813d62e34d98de8d6402b6432746aa80413

Download Submit
C:\Users\Admin\AppData\Local\Temp\Plugins\ToolsPlugin.ncp

Filesize
130KB

MD5
699eb468e7d6bee9c429923b5b477545

SHA1
80bc420c3e441c9b9c3813ac05ea9e168cca1e3a

SHA256
d753bc28d842e44ffbf6cf99314febe5ed7759b25a74ca34a47fdd153bf2a6ab

SHA512
5d82a98e918ea3eb024dbb7552e5cdecc317b49635a5789029e7a0035d2f0cb2a3c47ef53e603217afd17d6f59fc78a918e2e5f70266119c619e41b3b647aac9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Plugins\VisibleMode1.1.ncp

Filesize
49KB

MD5
37c2ef6e5214600396ee87c4168a5664

SHA1
69b6e1f612f5a3435fab05074cffd3ebd1c232fa

SHA256
4a8d45e13a38c502a3109d2ea17a81905fb9eabbf643ae611b62f62ef11f09b2

SHA512
667ad370f48470d60dbd437b0601eb05de421ab59b281adcf9c6f54b9c6fd272d3aa34c35e7e6df889771dc5fbdfa9bc683a4bf156727827595edf6eb2fe8cab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Resources\ListIcons\flag_aq.png

Filesize
351B

MD5
b841c2ebdca6bb23c15c98da4aa671d7

SHA1
42f562132fe6e9a5029247a2b9666395dd5ad9b0

SHA256
b668f1a313e57c97a5abd0212631ea6211aace15b10f1ca82484f23f7d6924b5

SHA512
e093c2c454e8ceb318df0629f5f7e8494213e69caef640dd4554f3c250029e8a06b4c5add9c13e457f901c3d328738b66db524a8404617e486fd8c564dd04c90

Download Submit
C:\Users\Admin\AppData\Local\Temp\Resources\ListIcons\flag_cx.png

Filesize
626B

MD5
fbf02dad6f60392ce777d006d5762248

SHA1
f9d95e6e5e25b83953e4f898bf99636d85511709

SHA256
45203a04468ff78fb3434f46799ca630172e04f97c566f8e143539a80c48bfc5

SHA512
9f5b7b5399cb7c8b41cda202eac5a344524f135fd2e32a5f312917c7684ee13a94976984154355297bb31fd06435efe91456e189bb5f1c9d6010dfad01415b4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Resources\ListIcons\flag_gp.png

Filesize
546B

MD5
5ac0d15234533136bf6ec230686a4aa5

SHA1
2f208a8baf30d13aa23382d3821cc73c4aa466f0

SHA256
5cceb033c0262b5905f88d5905777471e9f1b0b0d9cb857f2361e88ada73610d

SHA512
d6215183f13e36a268b849056fe1479ebd36eab4b6f175cbdd3a4ecd4ba4df7734189a2f9e9d69ee344ca63baf2c9ef10f62663cc721e9c9c59775d5e84e2268

Download Submit
C:\Users\Admin\AppData\Local\Temp\Resources\ListIcons\flag_sj.png

Filesize
562B

MD5
4f82c2e83eab05d2bd9baaeff6c81a96

SHA1
e1cd3981d14653bf5df976ece649120134e88546

SHA256
15493361692068154ac1b1baf8878c179b353996dcda4d63e0322ea37f998f9b

SHA512
b69030fffb689094952eb472b272e1d18b40d0f11e3bba647c9b01226ccf072d276cc31ce3a1ffcbc84c5de82bedfe7fc2466fb060ff50e528f7c258179e626d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Resources\TabIcons\builder.png

Filesize
303B

MD5
d2d498dc06990b948ef42c479c4c1f94

SHA1
eb380e6d156f5cc2ab28baa5add2ba8acda088b3

SHA256
ce8e344d1975972fa3f1b54383ab01cf522217e83b4e01f5c5b8563641bf6550

SHA512
fd9f99b7489507d8208432847085507e5d1823f1eed5d3c7e644c59bc5e5b36d8705d4add01a0c291240029458b25d72894fc05efede8b795bb6872e1e5f9ef9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Resources\TabIcons\clients.png

Filesize
462B

MD5
0331dbac2291c05d567461b58654d350

SHA1
1f89cdf7199983e788fd1f22b873ab9b0500952d

SHA256
8d1339e002540de132326aeb1d17c66a9a60b0af7e3daca9bc40df17e9c96542

SHA512
2d12a85226a21670c49038e4347b39227b8d8bca07b8eb66f2adae0ccf1135270f5ba5f16a40bf526477c70c00c1ca572bfb973306e6eb8dd057600de38da161

Download Submit
C:\Users\Admin\AppData\Local\Temp\Resources\TabIcons\home.png

Filesize
343B

MD5
0a482ce7f891fe7a64118bbb34a34b9c

SHA1
2aba3c06942273aebc5e616602620e4b2526ebe7

SHA256
76d3e6c51702b37227b73a4f84771e44d7c1a8551b4c1fdd90e341f03a805346

SHA512
0e900eff9109ac2f32137d9d18993a29ed6065299ef96554f2288128fe07d1e8db1a0dac29b39b0eb05bb8a9bdca5f083da8e25dec3c880ef155401fd649107b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Resources\TabIcons\network.png

Filesize
230B

MD5
48780574121d519661c2e0bc51b25b68

SHA1
89d8d5e42fbae3d95c8036c1738656b8e6343091

SHA256
28f4c682d85fb4ef531a71b7fed8f0d7ef548f1126da378aaf60349219a681d6

SHA512
7f0d9b6e18b812350b9d57439069ebb9140365830ea6fa247527f793cc58271ed7743c514d7488f026064b6d44afaf93717192bcff3ea8a3b501f2bf7718ff30

Download Submit
C:\Users\Admin\AppData\Local\Temp\Resources\TabIcons\system.png

Filesize
273B

MD5
9993c66f33d16d11e701abbabf5a5db8

SHA1
415a0069f21dc5fcbb7bdaa7f17a679eb18e6b1e

SHA256
24c4edf86254f9e2359508909ba52dd683e1f6af0d8c1a52f875c472fc73bd40

SHA512
7a3f0546f4fb12e72fd774f5c4446e8bcc2a26c762aad91675c3bc10931c1c0ac2c40d66a25afd0a376ab665427164367c1cf398c22811eedf88c90ce51a23e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\System.Data.SQLite.dll

Filesize
256KB

MD5
dd3d6f00b1aba3f1d9338d9727ab5f17

SHA1
faf9364a7ab15f27c93a6e6f97fa025030c9dad7

SHA256
f0d4beab24e94e61f219df451d90dbba3d0f48539f9b6a448f91e0c94b4e80c4

SHA512
0794d850a133a98affe627e3023114b229b982e507d366895ece6a1ef99b42d708554c64b52f0f2ed63673e1c5aeea7e794085d45f0797159e21ba4efdf23cd7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3D94.tmp

Filesize
183KB

MD5
109cab5505f5e065b63d01361467a83b

SHA1
4ed78955b9272a9ed689b51bf2bf4a86a25e53fc

SHA256
ea6b7f51e85835c09259d9475a7d246c3e764ad67c449673f9dc97172c351673

SHA512
753a6da5d6889dd52f40208e37f2b8c185805ef81148682b269fff5aa84a46d710fe0ebfe05bce625da2e801e1c26745998a41266fa36bf47bc088a224d730cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\TempDel.bat

Filesize
204B

MD5
3b2fb2a8ccaaa86a5fbcab338e641ff1

SHA1
bfd7df0e383c404d6c5cd58687954426a43acd7f

SHA256
34cba91daa5d60239496f52d4da9c526a0ed7680adf8f4fc491b2ddb32d48208

SHA512
cf00ac00845f1ac0cde6a18507c8b629c95a4391170dc1297e596406e0aa5802090b3631aa2bc3dc8632fe6c85c3d33557f9235cb43a833cbb4d8f3d84bc4443

Download Submit
C:\Users\Admin\AppData\Local\Temp\builder.log

Filesize
22KB

MD5
0061a98407086fb3106b61fe5d0fbb27

SHA1
c5882467e947fa1cab30dd45fe337b23bce1712a

SHA256
054dbc3e14992bea750e1f366c16f6b0c861bc9db2617be91cbf7306fd25219a

SHA512
b4e0f10067b2a5b7865b404c63be1c93cbda482ed3d20e618ede411fe7f9bc177792d0ab0bb7c13730809f9630ba5160f485a38590096ba8cb8104ab189f2c9d

Download Submit
C:\Users\Admin\AppData\Local\Temp\client.bin

Filesize
130KB

MD5
906a949e34472f99ba683eff21907231

SHA1
7c5a57af209597fa6c6bce7d1a8016b936d3b0b6

SHA256
9d3ea5af7dc261bf93c76f55d702a315aa22fb241e4207dc86cd834c262245c8

SHA512
29fd20ae7f1b8bac831c0bb85da4325a62e10961989e14299f5f50776c8f7e669cc1527bf2c3868bd7230e73ac110ba8b1f0491ac0f2923d79d7a2871c7c961d

Download Submit
C:\Users\Admin\AppData\Local\Temp\plugins.bin

Filesize
240B

MD5
5e709fc806e8ba3385487699004f6d29

SHA1
2f32547ed5b9db3b33969fb4858945610aaeedb2

SHA256
9ecbf989dedf1403db953fb4e5955c9f63415cbe1f6492c3246bac405a4d036f

SHA512
a6706c9f76d837a7e0ab12e3c1c6d94fedde9dc52d4fecd02befd8850752155e2bf801cdf0488a98e49c50c4f0595a3fc4916950badba9bb83a5b7a35d3ffaab

Download Submit
C:\Users\Admin\AppData\Local\Temp\server.log

Filesize
103KB

MD5
ac6285562e5e3e4e98feb7fe8df884a4

SHA1
4b7fc4ea7c39b95efa7d4e1d68b9b3994c38683b

SHA256
51d9e422386e5e64eadc212bff06b33c2a163bfe355ce98d756ce00afd76ae2a

SHA512
6db244bf0e1948626e64b2b8636b9bf71fa4b2bbe5e7c4877a444da00bcc7964efa9f01f6e4c90963961a3a8bdb3bb8ff7d28660596e6f468b53313ab5e3453b

Download Submit
C:\Users\Admin\AppData\Local\Temp\settings.bin

Filesize
280B

MD5
daa76574a834b950a015d191e410c400

SHA1
c93dae186bb23e7fc052b6cbc4626c58bc0f60a5

SHA256
c4c2bb97d9abf6e224897855a0f6699d8f886ca816811ea5bfeb8e71d72b7d4f

SHA512
9cd119d3f55a172036fd625738c3ebcd45b534255da36c208b594605eca32a58470ea4d0493026d160e062806d015cd878c44521e2450247eb5a8ae203a8fe6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\x86\SQLite.Interop.dll

Filesize
792KB

MD5
9b19dcee960dc215e64b1d82348707a9

SHA1
9c1e0f76673eb385787120e17404df179316ca2b

SHA256
3515f704b0012c01fc8be5b717905c0587b29255fc9eb7ad3f2b66a130691d38

SHA512
cc1304ab171feb2ac6df941f4b35aab8ce7b503f96b5539b366b39268cce8b21ea2fdbce16eff809a9a121a60a65ebbd0f59f75360800f541b9e5f93e729a55d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1846800975-3917212583-2893086201-1000\7df27dcda04242c52b548c6310e5dfa3_f9da27c9-c625-43c3-9b3a-b1344b01e128

Filesize
3KB

MD5
38061d6e5567fbc1748398ec8e9bc8fd

SHA1
d2b30ffff121b8c874e6ff2c8616090c34dab01a

SHA256
426317c63867557ebd83e9d5bc95d19a29aa4e9068430ce68f41dc36cda3fb3f

SHA512
d9aadd156e43152e00bbfd8a23d7c82be30a9eec5820b44410e8bf93dd0e2482de4ec70714482620bb21f4d742bf71bc595b1ce509e42c1534d799f4c3bc1c1e

Download Submit
C:\Users\Admin\Downloads\NANOCORE-RAT-master.zip

Filesize
6.2MB

MD5
91ed4f9a5b7d642f0a3c278b8a71c19d

SHA1
72ce48187dbef2588283d6eb8b758e5f7d7be264

SHA256
c3eb885cd4e260140af85eaff756fc79262bd4cff6b8e4cb489531f51bc3fb61

SHA512
67a746305115f91bb2c068ff59eeb9d38a911ef2f2e2d6709d5ad39b4b52bdc59f5d9e42300c096904899f7bab083f58de86279cbdb39951f93643ac24d5f602

Download Submit
C:\Users\Admin\Downloads\Quasar.v1.4.1.zip

Filesize
3.3MB

MD5
13aa4bf4f5ed1ac503c69470b1ede5c1

SHA1
c0b7dadff8ac37f6d9fd00ae7f375e12812bfc00

SHA256
4cdeb2eae1cec1ab07077142313c524e9cf360cdec63497538c4405c2d8ded62

SHA512
767b03e4e0c2a97cb0282b523bcad734f0c6d226cd1e856f6861e6ae83401d0d30946ad219c8c5de3c90028a0141d3dc0111c85e0a0952156cf09e189709fa7d

Download Submit
C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Profiles\Default.xml

Filesize
1KB

MD5
6fb5648d8b981d460f21e23c10c6189f

SHA1
f1875eda7207d9fa76ae45454012e6368edf5a2d

SHA256
4c1d06c4621cdff56d0ee7efa9ff43f69668458920044f66d6a473845e66718a

SHA512
8bb9803b94e034be844a3ace58363ab991fa0860eaabdab96ea7a3b6590a239e7bbe71e475d66c325ac665f1b619fde618d9d2332f27621f6eb8316bad39648d

Download Submit
C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\quasar.p12

Filesize
4KB

MD5
a06202b798d2f33c5140ccfaa402587b

SHA1
decb1ca3cce05c7d5e7343ead65fde59f7ef0760

SHA256
833a712a1c1aed91bc2a7749676d9a37e399f4c54e5d1cf3e7054b1cf6d8cf9a

SHA512
1ce75e1fb3e844f9b74fb9f3222f21e7cf18559ce7b3c3d42e97db2359278bd2ac62c09ef3df13aef4426c5b0b48b675c48c9d1704d7d44c41d493dc6b027607

Download Submit
C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\settings.xml

Filesize
373B

MD5
b6af1da05c1a00991f04f8b898cea532

SHA1
24c48b062d8d864eefd32f2d84a36e1a7282e911

SHA256
f2ef0d8f29904a65ce6dbe29baf9379fb4659afb6930a5af5d9fb88f73b73f41

SHA512
2ab2de469911c3fee5b9bbfdbb373e5eb15023bf25b9e1835ebbf5890c66cfd7a06d7d5911e2fb630afadf9b30489e589634cefe52ca4c4156ae24b24c00c8aa

Download Submit
C:\Users\Admin\Downloads\robux.exe

Filesize
130KB

MD5
21bcdc9f4b391f36334f10d1cab015ba

SHA1
869b11101dc4936ed884305d60192d116966dcd4

SHA256
da92b9731b3b04b558f168f39056e3ca798224d0baff413ca0d8a98c15dffdaa

SHA512
c9efe985640a59f405f06aabbafaf9dce088201dbe19d3b815175dc55f2bb737dd891ae04c8ca586e8fb7f9e7e1f81cff32aa918a9bce732f5999fef93022260

Download Submit
\Users\Admin\AppData\Local\Temp\NanoCore.exe

Filesize
1.4MB

MD5
1728acc244115cbafd3b810277d2e321

SHA1
be64732f46c8a26a5bbf9d7f69c7f031b2c5180b

SHA256
ec359f50ca15395f273899c0ff7c0cd87ab5c2e23fdcfc6c72fedc0097161d4b

SHA512
8c59fdd29181f28e5698de78adf63934632e644a87088400f1b7ab1653622e4bc3a4145094601211a2db4bcbd04ea5f1ac44129907fbb727fe24a1f3652c7034

Download Submit
\Users\Admin\AppData\Local\Temp\ServerPlugin.dll

Filesize
28KB

MD5
952c62ec830c63380beb72ad923d35dc

SHA1
6700baa1fb1877129e79402dfe237f0b84221b69

SHA256
2e5fbfb7932b117a2f6093dc346cdee4a5702e39739d9c40d27bfd1580f6f0d7

SHA512
5dc19d7d6ab7670ded766f357e481328c8df4a96ac3c2a00194a5ccea8c34bca0e34cfea3d9d17934db384d302446be2fec9853438371561d70580665bffe121

Download Submit
memory/872-1461-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/872-1460-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/872-1459-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/872-1458-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1980-1469-0x000000000AE10000-0x000000000AE12000-memory.dmp

Filesize
8KB

Download
memory/2080-15-0x000007FEF4C30000-0x000007FEF5CE0000-memory.dmp

Filesize
16.7MB

Download
memory/2080-14-0x000007FEF5EF0000-0x000007FEF61A6000-memory.dmp

Filesize
2.7MB

Download
memory/2080-12-0x000000013F1D0000-0x000000013F2C8000-memory.dmp

Filesize
992KB

Download
memory/2080-13-0x000007FEF7740000-0x000007FEF7774000-memory.dmp

Filesize
208KB

Download
memory/2196-3287-0x00000000012E0000-0x0000000001604000-memory.dmp

Filesize
3.1MB

Download
memory/2544-3246-0x00000000009A0000-0x0000000000CC4000-memory.dmp

Filesize
3.1MB

Download
memory/2876-3038-0x000000001D390000-0x000000001D3AA000-memory.dmp

Filesize
104KB

Download
memory/2876-3037-0x000000001FED0000-0x000000001FF2E000-memory.dmp

Filesize
376KB

Download
memory/2876-3026-0x000000001D180000-0x000000001D1CC000-memory.dmp

Filesize
304KB

Download
memory/2876-3025-0x000000001C830000-0x000000001C848000-memory.dmp

Filesize
96KB

Download
memory/2876-3002-0x000000001D5B0000-0x000000001D8DE000-memory.dmp

Filesize
3.2MB

Download
memory/2876-2996-0x0000000000570000-0x0000000000586000-memory.dmp

Filesize
88KB

Download
memory/2876-2995-0x0000000001170000-0x00000000012A8000-memory.dmp

Filesize
1.2MB

Download
memory/2880-3027-0x0000000003A10000-0x0000000003A20000-memory.dmp

Filesize
64KB

Download