a6d1246d2054da7e30d2d65a8f975b64fb162a501d5967fca963272927a3b41c

Resubmissions

28/03/2025, 15:05

250328-sggbaaxwhz 8

28/03/2025, 14:57

250328-sbvlqazjv7 6

Analysis

max time kernel
322s
max time network
331s
platform
windows11-21h2_x64
resource
win11-20250313-en
resource tags

arch:x64arch:x86image:win11-20250313-enlocale:en-usos:windows11-21h2-x64system
submitted
28/03/2025, 15:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Slendytubbies 3 Multiplayer.exe
Size

635KB
MD5

1fc40e19613ca683742edebb5678dc94
SHA1

5b68b00678c56facd45ff7d8d50ce083a87508cb
SHA256

a6d1246d2054da7e30d2d65a8f975b64fb162a501d5967fca963272927a3b41c
SHA512

80192027ffcf1d6943ba4759051f9775ea22fc5c941530661762ac4fd8829ef9a584461c6c62ed1d2bcce4e65e28fc8d666d18cd7ec078fd80868be19122a0fc
SSDEEP

6144:l/7oYfSHQPWTUg4LXY7Q64EXN4L/WnqPBfxB42AFnO0NFoN4ddddddN/dmMtDJ5w:p7qTUbXYs64UOPpMOKZW

Score

8^/10

defense_evasion discovery persistence trojan

Malware Config

Signatures

Downloads MZ/PE file 1 IoCs

flow	pid	Process
393	3696	chrome.exe

Executes dropped EXE 25 IoCs

pid	Process
1908	Rockstar-Games-Launcher.exe
3384	vc_redist.x86.exe
2644	vc_redist.x86.exe
832	VC_redist.x86.exe
972	VC_redist.x86.exe
5920	VC_redist.x86.exe
6032	VC_redist.x86.exe
5464	vc_redist.x64.exe
2236	vc_redist.x64.exe
5764	VC_redist.x64.exe
2440	VC_redist.x64.exe
5264	VC_redist.x64.exe
2696	VC_redist.x64.exe
5944	RockstarService.exe
5880	RockstarService.exe
1692	RockstarService.exe
3264	VC_redist.x86.exe
2344	VC_redist.x86.exe
2440	VC_redist.x86.exe
4364	VC_redist.x86.exe
3360	VC_redist.x64.exe
2072	VC_redist.x64.exe
6020	VC_redist.x64.exe
4476	VC_redist.x64.exe
5860	jjsploit.exe

Loads dropped DLL 9 IoCs

pid	Process
2644	vc_redist.x86.exe
396	VC_redist.x86.exe
2236	vc_redist.x64.exe
1780	MsiExec.exe
5984	VC_redist.x64.exe
6032	VC_redist.x86.exe
4364	VC_redist.x86.exe
2696	VC_redist.x64.exe
4476	VC_redist.x64.exe

Adds Run key to start application 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{410c0ee1-00bb-41b6-9772-e12c2828b02f} = "\"C:\\ProgramData\\Package Cache\\{410c0ee1-00bb-41b6-9772-e12c2828b02f}\\VC_redist.x86.exe\" /burn.runonce"	VC_redist.x86.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{8bdfe669-9705-4184-9368-db9ce581e0e7} = "\"C:\\ProgramData\\Package Cache\\{8bdfe669-9705-4184-9368-db9ce581e0e7}\\VC_redist.x64.exe\" /burn.runonce"	VC_redist.x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{410c0ee1-00bb-41b6-9772-e12c2828b02f} = "\"C:\\ProgramData\\Package Cache\\{410c0ee1-00bb-41b6-9772-e12c2828b02f}\\VC_redist.x86.exe\" /burn.runonce"	VC_redist.x86.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{8bdfe669-9705-4184-9368-db9ce581e0e7} = "\"C:\\ProgramData\\Package Cache\\{8bdfe669-9705-4184-9368-db9ce581e0e7}\\VC_redist.x64.exe\" /burn.runonce"	VC_redist.x64.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 1 IoCs

defense_evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	jjsploit.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
204	raw.githubusercontent.com
536	raw.githubusercontent.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\mfc140cht.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfcm140.dll	msiexec.exe
File created	C:\Windows\system32\mfc140chs.dll	msiexec.exe
File created	C:\Windows\system32\mfc140rus.dll	msiexec.exe
File created	C:\Windows\system32\mfcm140.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\vcruntime140.dll	msiexec.exe
File created	C:\Windows\system32\msvcp140_atomic_wait.dll	msiexec.exe
File created	C:\Windows\system32\mfc140esn.dll	msiexec.exe
File created	C:\Windows\system32\mfc140kor.dll	msiexec.exe
File created	C:\Windows\system32\mfc140u.dll	msiexec.exe
File created	C:\Windows\SysWOW64\msvcp140_codecvt_ids.dll	msiexec.exe
File created	C:\Windows\system32\vccorlib140.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140jpn.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140kor.dll	msiexec.exe
File opened for modification	C:\Windows\system32\concrt140.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\msvcp140_codecvt_ids.dll	msiexec.exe
File opened for modification	C:\Windows\system32\msvcp140_atomic_wait.dll	msiexec.exe
File created	C:\Windows\system32\vcamp140.dll	msiexec.exe
File created	C:\Windows\system32\mfc140.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\concrt140.dll	msiexec.exe
File created	C:\Windows\SysWOW64\msvcp140.dll	msiexec.exe
File opened for modification	C:\Windows\system32\vcruntime140.dll	msiexec.exe
File opened for modification	C:\Windows\system32\msvcp140_codecvt_ids.dll	msiexec.exe
File created	C:\Windows\system32\concrt140.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140u.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140ita.dll	msiexec.exe
File created	C:\Windows\system32\mfc140ita.dll	msiexec.exe
File created	C:\Windows\SysWOW64\vcruntime140.dll	msiexec.exe
File created	C:\Windows\SysWOW64\mfc140fra.dll	msiexec.exe
File created	C:\Windows\SysWOW64\mfc140ita.dll	msiexec.exe
File opened for modification	C:\Windows\system32\msvcp140_2.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140chs.dll	msiexec.exe
File created	C:\Windows\system32\mfc140deu.dll	msiexec.exe
File created	C:\Windows\system32\mfc140jpn.dll	msiexec.exe
File created	C:\Windows\system32\mfcm140u.dll	msiexec.exe
File created	C:\Windows\SysWOW64\concrt140.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc140cht.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc140enu.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc140jpn.dll	msiexec.exe
File created	C:\Windows\SysWOW64\mfc140jpn.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140fra.dll	msiexec.exe
File created	C:\Windows\system32\mfc140enu.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\msvcp140_2.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\vcomp140.dll	msiexec.exe
File created	C:\Windows\SysWOW64\msvcp140_atomic_wait.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc140u.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc140deu.dll	msiexec.exe
File created	C:\Windows\SysWOW64\mfc140chs.dll	msiexec.exe
File created	C:\Windows\SysWOW64\mfcm140u.dll	msiexec.exe
File opened for modification	C:\Windows\system32\vccorlib140.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\msvcp140_1.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\vccorlib140.dll	msiexec.exe
File created	C:\Windows\SysWOW64\msvcp140_2.dll	msiexec.exe
File created	C:\Windows\SysWOW64\vcomp140.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfcm140.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc140kor.dll	msiexec.exe
File opened for modification	C:\Windows\system32\msvcp140.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfcm140u.dll	msiexec.exe
File created	C:\Windows\SysWOW64\vccorlib140.dll	msiexec.exe
File created	C:\Windows\SysWOW64\mfcm140.dll	msiexec.exe
File opened for modification	C:\Windows\system32\vcruntime140_1.dll	msiexec.exe
File opened for modification	C:\Windows\system32\vcomp140.dll	msiexec.exe
File created	C:\Windows\system32\msvcp140_codecvt_ids.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140enu.dll	msiexec.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Rockstar Games\Launcher\api-ms-win-core-libraryloader-l1-1-0.dll	Rockstar-Games-Launcher.exe
File created	C:\Program Files\Rockstar Games\Launcher\api-ms-win-crt-private-l1-1-0.dll	Rockstar-Games-Launcher.exe
File created	C:\Program Files\Rockstar Games\Launcher\Redistributables\VCRed\vc_redist.x64.exe	Rockstar-Games-Launcher.exe
File created	C:\Program Files\Rockstar Games\Launcher\ThirdParty\Epic\EOSSDK-Win64-Shipping-1.14.2.dll	Rockstar-Games-Launcher.exe
File created	C:\Program Files\jjsploit\resources\luascripts\general\tptool.lua	msiexec.exe
File created	C:\Program Files\jjsploit\resources\luascripts\general\fly.lua	msiexec.exe
File created	C:\Program Files\jjsploit\resources\luascripts\jailbreak\criminalesp.lua	msiexec.exe
File created	C:\Program Files\Rockstar Games\Launcher\api-ms-win-core-heap-l1-1-0.dll	Rockstar-Games-Launcher.exe
File created	C:\Program Files\Rockstar Games\Launcher\api-ms-win-core-processenvironment-l1-1-0.dll	Rockstar-Games-Launcher.exe
File created	C:\Program Files\Rockstar Games\Launcher\api-ms-win-core-processthreads-l1-1-0.dll	Rockstar-Games-Launcher.exe
File created	C:\Program Files\Rockstar Games\Launcher\api-ms-win-core-rtlsupport-l1-1-0.dll	Rockstar-Games-Launcher.exe
File created	C:\Program Files\Rockstar Games\Launcher\api-ms-win-core-util-l1-1-0.dll	Rockstar-Games-Launcher.exe
File created	C:\Program Files\Rockstar Games\Launcher\api-ms-win-crt-string-l1-1-0.dll	Rockstar-Games-Launcher.exe
File created	C:\Program Files\Rockstar Games\Launcher\RockstarSteamHelper.exe	Rockstar-Games-Launcher.exe
File created	C:\Program Files\jjsploit\resources\luascripts\jailbreak\policeesp.lua	msiexec.exe
File created	C:\Program Files\Rockstar Games\Launcher\api-ms-win-core-file-l1-1-0.dll	Rockstar-Games-Launcher.exe
File created	C:\Program Files\Rockstar Games\Launcher\api-ms-win-crt-utility-l1-1-0.dll	Rockstar-Games-Launcher.exe
File created	C:\Program Files\Rockstar Games\Launcher\LauncherPatcher.exe	Rockstar-Games-Launcher.exe
File created	C:\Program Files\jjsploit\resources\luascripts\jailbreak\walkspeed.lua	msiexec.exe
File created	C:\Program Files\jjsploit\Uninstall jjsploit.lnk	msiexec.exe
File created	C:\Program Files\Rockstar Games\Launcher\api-ms-win-core-string-l1-1-0.dll	Rockstar-Games-Launcher.exe
File created	C:\Program Files\Rockstar Games\Launcher\api-ms-win-crt-environment-l1-1-0.dll	Rockstar-Games-Launcher.exe
File created	C:\Program Files\jjsploit\resources\luascripts\general\god.lua	msiexec.exe
File created	C:\Program Files\Rockstar Games\Launcher\api-ms-win-core-namedpipe-l1-1-0.dll	Rockstar-Games-Launcher.exe
File created	C:\Program Files\Rockstar Games\Launcher\api-ms-win-core-console-l1-1-0.dll	Rockstar-Games-Launcher.exe
File created	C:\Program Files\Rockstar Games\Launcher\api-ms-win-core-localization-l1-2-0.dll	Rockstar-Games-Launcher.exe
File created	C:\Program Files\Rockstar Games\Launcher\api-ms-win-core-timezone-l1-1-0.dll	Rockstar-Games-Launcher.exe
File created	C:\Program Files\Rockstar Games\Launcher\RockstarService.exe	Rockstar-Games-Launcher.exe
File created	C:\Program Files\Rockstar Games\Launcher\api-ms-win-core-file-l2-1-0.dll	Rockstar-Games-Launcher.exe
File created	C:\Program Files\Rockstar Games\Launcher\api-ms-win-crt-heap-l1-1-0.dll	Rockstar-Games-Launcher.exe
File created	C:\Program Files\Rockstar Games\Launcher\api-ms-win-crt-math-l1-1-0.dll	Rockstar-Games-Launcher.exe
File created	C:\Program Files\jjsploit\jjsploit.exe	msiexec.exe
File created	C:\Program Files\Rockstar Games\Launcher\api-ms-win-core-processthreads-l1-1-1.dll	Rockstar-Games-Launcher.exe
File created	C:\Program Files\Rockstar Games\Launcher\api-ms-win-crt-time-l1-1-0.dll	Rockstar-Games-Launcher.exe
File created	C:\Program Files\Rockstar Games\Launcher\offline.pak	Rockstar-Games-Launcher.exe
File created	C:\Program Files\Rockstar Games\Launcher\svc_events.json	RockstarService.exe
File created	C:\Program Files\jjsploit\resources\luascripts\animations\jumpland.lua	msiexec.exe
File created	C:\Program Files\jjsploit\resources\luascripts\animations\energizegui.lua	msiexec.exe
File created	C:\Program Files\jjsploit\resources\luascripts\general\chattroll.lua	msiexec.exe
File created	C:\Program Files\jjsploit\resources\luascripts\animations\dab.lua	msiexec.exe
File created	C:\Program Files\Rockstar Games\Launcher\api-ms-win-crt-multibyte-l1-1-0.dll	Rockstar-Games-Launcher.exe
File created	C:\Program Files\Rockstar Games\Launcher\Launcher.exe	Rockstar-Games-Launcher.exe
File created	C:\Program Files\Rockstar Games\Launcher\Redistributables\VCRed\vc_redist.x86.exe	Rockstar-Games-Launcher.exe
File created	C:\Program Files\Rockstar Games\Launcher\api-ms-win-crt-convert-l1-1-0.dll	Rockstar-Games-Launcher.exe
File created	C:\Program Files\Rockstar Games\Launcher\api-ms-win-core-memory-l1-1-0.dll	Rockstar-Games-Launcher.exe
File created	C:\Program Files\Rockstar Games\Launcher\api-ms-win-core-profile-l1-1-0.dll	Rockstar-Games-Launcher.exe
File created	C:\Program Files\jjsploit\resources\luascripts\jailbreak\removewalls.lua	msiexec.exe
File created	C:\Program Files\jjsploit\resources\luascripts\general\teleportto.lua	msiexec.exe
File opened for modification	C:\Program Files\Rockstar Games\Launcher\svc_events.json	RockstarService.exe
File created	C:\Program Files\Rockstar Games\Launcher\api-ms-win-crt-runtime-l1-1-0.dll	Rockstar-Games-Launcher.exe
File created	C:\Program Files\Rockstar Games\Launcher\api-ms-win-core-debug-l1-1-0.dll	Rockstar-Games-Launcher.exe
File created	C:\Program Files\Rockstar Games\Launcher\api-ms-win-core-errorhandling-l1-1-0.dll	Rockstar-Games-Launcher.exe
File created	C:\Program Files\Rockstar Games\Launcher\api-ms-win-core-synch-l1-1-0.dll	Rockstar-Games-Launcher.exe
File created	C:\Program Files\Rockstar Games\Launcher\ucrtbase.dll	Rockstar-Games-Launcher.exe
File created	C:\Program Files\jjsploit\resources\luascripts\animations\levitate.lua	msiexec.exe
File created	C:\Program Files\Rockstar Games\Launcher\api-ms-win-core-interlocked-l1-1-0.dll	Rockstar-Games-Launcher.exe
File created	C:\Program Files\Rockstar Games\Launcher\api-ms-win-core-synch-l1-2-0.dll	Rockstar-Games-Launcher.exe
File created	C:\Program Files\Rockstar Games\Launcher\ThirdParty\Steam\steam_api64.dll	Rockstar-Games-Launcher.exe
File created	C:\Program Files\jjsploit\resources\luascripts\general\noclip.lua	msiexec.exe
File created	C:\Program Files\Rockstar Games\Launcher\ThirdParty\Epic\EOSSDK-Win64-Shipping.dll	Rockstar-Games-Launcher.exe
File created	C:\Program Files\Rockstar Games\Launcher\api-ms-win-core-file-l1-2-0.dll	Rockstar-Games-Launcher.exe
File created	C:\Program Files\Rockstar Games\Launcher\api-ms-win-crt-process-l1-1-0.dll	Rockstar-Games-Launcher.exe
File created	C:\Program Files\Rockstar Games\Launcher\Launcher.rpf	Rockstar-Games-Launcher.exe
File created	C:\Program Files\jjsploit\resources\luascripts\animations\walkthrough.lua	msiexec.exe

Drops file in Windows directory 57 IoCs

description	ioc	Process
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\Installer\e5bf396.msi	msiexec.exe
File created	C:\Windows\Installer\e5bf346.msi	msiexec.exe
File created	C:\Windows\SystemTemp\~DF34C38283E03B43E5.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\e5bf397.msi	msiexec.exe
File created	C:\Windows\SystemTemp\~DF41C0C77B6CD5F0E1.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\e5bf36e.msi	msiexec.exe
File created	C:\Windows\SystemTemp\~DFC65910896311FA1C.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\~DF0BC14FAA851D417B.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\~DF8C844D991B20F162.TMP	msiexec.exe
File created	C:\Windows\Installer\e5bf36e.msi	msiexec.exe
File created	C:\Windows\Installer\e5bf399.msi	msiexec.exe
File created	C:\Windows\SystemTemp\~DFA0C1DD95E7FE1F58.TMP	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File created	C:\Windows\Installer\SourceHash{C2C59CAB-8766-4ABD-A8EF-1151A36C41E5}	msiexec.exe
File created	C:\Windows\SystemTemp\~DFBEDDD72C9E4BE6C6.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\SystemTemp\~DFE070697ED6357FE9.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\~DF2A929FEDB8444EF9.TMP	msiexec.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File created	C:\Windows\Installer\SourceHash{56E5B68C-C73A-4497-A58C-793C236EF40B}	msiexec.exe
File created	C:\Windows\SystemTemp\~DF1D856100DA4B999E.TMP	msiexec.exe
File created	C:\Windows\Installer\SourceHash{D5D19E2F-7189-42FE-8103-92CD1FA457C2}	msiexec.exe
File created	C:\Windows\SystemTemp\~DF22FCB84F243C6F16.TMP	msiexec.exe
File created	C:\Windows\Installer\SourceHash{0025DD72-A959-45B5-A0A3-7EFEB15A8050}	msiexec.exe
File created	C:\Windows\SystemTemp\~DFD5B7862D1E003AFD.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF589.tmp	msiexec.exe
File created	C:\Windows\Installer\e5bf36d.msi	msiexec.exe
File created	C:\Windows\Installer\e5bf397.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e5bf346.msi	msiexec.exe
File created	C:\Windows\SystemTemp\~DF9C92FE9F6ABF6FA1.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\~DF85DF33E5C419624F.TMP	msiexec.exe
File created	C:\Windows\Installer\e5bf380.msi	msiexec.exe
File created	C:\Windows\Installer\e5bf381.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF7FC.tmp	msiexec.exe
File created	C:\Windows\SystemTemp\~DF3BDA6AE64E9C07A9.TMP	msiexec.exe
File created	C:\Windows\Installer\{56E5B68C-C73A-4497-A58C-793C236EF40B}\ProductIcon	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF74F.tmp	msiexec.exe
File created	C:\Windows\SystemTemp\~DF9F23AD3F9672B9D5.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\~DFD48C733796041595.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIFFEC.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\e5bf381.msi	msiexec.exe
File created	C:\Windows\SystemTemp\~DFA875C9F3E76BF7E2.TMP	msiexec.exe
File created	C:\Windows\Installer\e5bf357.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI473.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF4DC.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\e5bf358.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIB8.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI30B.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\{56E5B68C-C73A-4497-A58C-793C236EF40B}\ProductIcon	msiexec.exe
File opened for modification	C:\Windows\SystemTemp	msedgewebview2.exe
File opened for modification	C:\Windows\SystemTemp	msedge.exe
File created	C:\Windows\Installer\SourceHash{73F77E4E-5A17-46E5-A5FC-8A061047725F}	msiexec.exe
File created	C:\Windows\Installer\e5bf358.msi	msiexec.exe
File created	C:\Windows\SystemTemp\~DF862E173DE78AFF66.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\~DF99AD601CD09CEB2D.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIBB8.tmp	msiexec.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Rockstar-Games-Launcher.exe:Zone.Identifier	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 27 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VC_redist.x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VC_redist.x86.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VC_redist.x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vc_redist.x86.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VC_redist.x86.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VC_redist.x86.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VC_redist.x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VC_redist.x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VC_redist.x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VC_redist.x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vc_redist.x86.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VC_redist.x86.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VC_redist.x86.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vc_redist.x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VC_redist.x86.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VC_redist.x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VC_redist.x86.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VC_redist.x86.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vc_redist.x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VC_redist.x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VC_redist.x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VC_redist.x86.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VC_redist.x86.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VC_redist.x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VC_redist.x86.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VC_redist.x64.exe

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 000000000400000016c72ef864aebe750000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff00000000270101000008000016c72ef80000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff00000000070001000068090016c72ef8000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d16c72ef8000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00000000000000000000000016c72ef800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe

Modifies data under HKEY_USERS 22 IoCs

description	ioc	Process
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2F	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\30	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2e	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\29	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2c	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedgewebview2.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2C	msiexec.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133876479530013613"	chrome.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\27\52C64B7E	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\29	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2A	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2B	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\28	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\28	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2d	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2D	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2f	msiexec.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_x86,v14\Dependents\{410c0ee1-00bb-41b6-9772-e12c2828b02f}	VC_redist.x86.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E4E77F3771A55E645ACFA860017427F5\AuthorizedLUAApp = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\60DB5E5629367203C8625813703DFCA1	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BAC95C2C6678DBA48AFE11153AC6145E\ProductName = "Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E4E77F3771A55E645ACFA860017427F5\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{73F77E4E-5A17-46E5-A5FC-8A061047725F}v14.36.32532\\packages\\vcRuntimeMinimum_x86\\"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BAC95C2C6678DBA48AFE11153AC6145E\DeploymentFlags = "3"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_amd64,v14\ = "{D5D19E2F-7189-42FE-8103-92CD1FA457C2}"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F2E91D5D9817EF24183029DCF14A752C\Assignment = "1"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F2E91D5D9817EF24183029DCF14A752C\SourceList\Media	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8A567BD6FA501A947AD1F646E53EEC14\SourceList\Net	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_amd64,v14\Version = "14.36.32532"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\27DD5200959A5B540A3AE7EF1BA50805\Language = "1033"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-994669834-3080981395-1291080877-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E4E77F3771A55E645ACFA860017427F5	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\15E8B87C56C0E773581D82F286F95E50	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_x86,v14	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BAC95C2C6678DBA48AFE11153AC6145E\Clients = 3a0000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_amd64,v14\Version = "14.36.32532"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\C86B5E65A37C79445AC897C332E64FB0	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\C86B5E65A37C79445AC897C332E64FB0\MainProgram	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x86,x86,14.36,bundle\ = "{410c0ee1-00bb-41b6-9772-e12c2828b02f}"	VC_redist.x86.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E4E77F3771A55E645ACFA860017427F5\SourceList\Net	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E4E77F3771A55E645ACFA860017427F5\Clients = 3a0000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BAC95C2C6678DBA48AFE11153AC6145E\PackageCode = "66BA6B50A49EFFA418122BDB80C144B2"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BAC95C2C6678DBA48AFE11153AC6145E\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{C2C59CAB-8766-4ABD-A8EF-1151A36C41E5}v14.36.32532\\packages\\vcRuntimeAdditional_x86\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BAC95C2C6678DBA48AFE11153AC6145E\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{C2C59CAB-8766-4ABD-A8EF-1151A36C41E5}v14.36.32532\\packages\\vcRuntimeAdditional_x86\\"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\27DD5200959A5B540A3AE7EF1BA50805\Assignment = "1"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\27DD5200959A5B540A3AE7EF1BA50805\AuthorizedLUAApp = "0"	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5040806F8AF9AAC49928419ED5A1D3CA\SourceList\Net	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\BAC95C2C6678DBA48AFE11153AC6145E\Provider	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\BAC95C2C6678DBA48AFE11153AC6145E\Servicing_Key	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.36,bundle\Dependents	VC_redist.x64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8A567BD6FA501A947AD1F646E53EEC14\SourceList\Media	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\27DD5200959A5B540A3AE7EF1BA50805\PackageCode = "1BE5B2DDE80EDC54D874D240756DB43A"	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\INSTALLER\DEPENDENCIES\VC,REDIST.X64,AMD64,14.30,BUNDLE\DEPENDENTS\{57A73DF6-4BA9-4C1D-BBBB-517289FF6C13}	VC_redist.x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\C86B5E65A37C79445AC897C332E64FB0\External	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BAC95C2C6678DBA48AFE11153AC6145E	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BAC95C2C6678DBA48AFE11153AC6145E\SourceList\Media	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.36,bundle\DisplayName = "Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532"	VC_redist.x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\2294C8C9A96F9A557BCA814D87DFAFEC\C86B5E65A37C79445AC897C332E64FB0	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_x86,v14\Dependents\{410c0ee1-00bb-41b6-9772-e12c2828b02f}	VC_redist.x86.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5040806F8AF9AAC49928419ED5A1D3CA\SourceList\Media	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\679E80FBE29B63345BF612177149674C\SourceList\Media	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\27DD5200959A5B540A3AE7EF1BA50805\SourceList\Net	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C86B5E65A37C79445AC897C332E64FB0	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C86B5E65A37C79445AC897C332E64FB0\ProductIcon = "C:\\Windows\\Installer\\{56E5B68C-C73A-4497-A58C-793C236EF40B}\\ProductIcon"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_amd64,v14\Dependents\{8bdfe669-9705-4184-9368-db9ce581e0e7}	VC_redist.x64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F2E91D5D9817EF24183029DCF14A752C\DeploymentFlags = "3"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\27DD5200959A5B540A3AE7EF1BA50805\SourceList\Media\1 = ";"	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5040806F8AF9AAC49928419ED5A1D3CA	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\E4E77F3771A55E645ACFA860017427F5\VC_Runtime_Minimum	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\E4E77F3771A55E645ACFA860017427F5\Servicing_Key	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\8800A266DCF6DD54E97A86760485EA5D	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F2E91D5D9817EF24183029DCF14A752C\InstanceType = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\09A86F63C932FD435BC8463B1035EC53\F2E91D5D9817EF24183029DCF14A752C	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\INSTALLER\DEPENDENCIES\MICROSOFT.VS.VC_RUNTIMEMINIMUMVSU_AMD64,V14\DEPENDENTS\{57A73DF6-4BA9-4C1D-BBBB-517289FF6C13}	VC_redist.x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\C86B5E65A37C79445AC897C332E64FB0\ShortcutsFeature = "MainProgram"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\F2E91D5D9817EF24183029DCF14A752C\VC_Runtime_Minimum	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F2E91D5D9817EF24183029DCF14A752C	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F2E91D5D9817EF24183029DCF14A752C\SourceList\Net	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\8A567BD6FA501A947AD1F646E53EEC14	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\27DD5200959A5B540A3AE7EF1BA50805\ProductName = "Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C86B5E65A37C79445AC897C332E64FB0\ProductName = "jjsploit"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C86B5E65A37C79445AC897C332E64FB0\PackageCode = "411C96027242A8449A1E42A32DE4A791"	msiexec.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\jjsploit_8.14.1_x64_en-US.msi:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\Rockstar-Games-Launcher.exe:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 38 IoCs

pid	Process
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5864	chrome.exe
5864	chrome.exe
1908	Rockstar-Games-Launcher.exe
1908	Rockstar-Games-Launcher.exe
1908	Rockstar-Games-Launcher.exe
1908	Rockstar-Games-Launcher.exe
1908	Rockstar-Games-Launcher.exe
1908	Rockstar-Games-Launcher.exe
1908	Rockstar-Games-Launcher.exe
1908	Rockstar-Games-Launcher.exe
1908	Rockstar-Games-Launcher.exe
1908	Rockstar-Games-Launcher.exe
1908	Rockstar-Games-Launcher.exe
1908	Rockstar-Games-Launcher.exe
1908	Rockstar-Games-Launcher.exe
1908	Rockstar-Games-Launcher.exe
6076	msiexec.exe
6076	msiexec.exe
6076	msiexec.exe
6076	msiexec.exe
6076	msiexec.exe
6076	msiexec.exe
6076	msiexec.exe
6076	msiexec.exe
6076	msiexec.exe
6076	msiexec.exe
6076	msiexec.exe
6076	msiexec.exe
6076	msiexec.exe
6076	msiexec.exe
6076	msiexec.exe
6076	msiexec.exe
6076	msiexec.exe
6076	msiexec.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 54 IoCs

pid	Process
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
3796	msedgewebview2.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe

Suspicious use of SetWindowsHookEx 17 IoCs

pid	Process
4568	MiniSearchHost.exe
1908	Rockstar-Games-Launcher.exe
3384	vc_redist.x86.exe
2644	vc_redist.x86.exe
832	VC_redist.x86.exe
2128	VC_redist.x86.exe
396	VC_redist.x86.exe
5924	VC_redist.x86.exe
5464	vc_redist.x64.exe
2236	vc_redist.x64.exe
5764	VC_redist.x64.exe
5260	VC_redist.x64.exe
5984	VC_redist.x64.exe
396	VC_redist.x64.exe
5944	RockstarService.exe
5880	RockstarService.exe
1692	RockstarService.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5020 wrote to memory of 3324	5020	chrome.exe	81
PID 5020 wrote to memory of 3324	5020	chrome.exe	81
PID 5020 wrote to memory of 4932	5020	chrome.exe	82
PID 5020 wrote to memory of 4932	5020	chrome.exe	82
PID 5020 wrote to memory of 4932	5020	chrome.exe	82
PID 5020 wrote to memory of 4932	5020	chrome.exe	82
PID 5020 wrote to memory of 4932	5020	chrome.exe	82
PID 5020 wrote to memory of 4932	5020	chrome.exe	82
PID 5020 wrote to memory of 4932	5020	chrome.exe	82
PID 5020 wrote to memory of 4932	5020	chrome.exe	82
PID 5020 wrote to memory of 4932	5020	chrome.exe	82
PID 5020 wrote to memory of 4932	5020	chrome.exe	82
PID 5020 wrote to memory of 4932	5020	chrome.exe	82
PID 5020 wrote to memory of 4932	5020	chrome.exe	82
PID 5020 wrote to memory of 4932	5020	chrome.exe	82
PID 5020 wrote to memory of 4932	5020	chrome.exe	82
PID 5020 wrote to memory of 4932	5020	chrome.exe	82
PID 5020 wrote to memory of 4932	5020	chrome.exe	82
PID 5020 wrote to memory of 4932	5020	chrome.exe	82
PID 5020 wrote to memory of 4932	5020	chrome.exe	82
PID 5020 wrote to memory of 4932	5020	chrome.exe	82
PID 5020 wrote to memory of 4932	5020	chrome.exe	82
PID 5020 wrote to memory of 4932	5020	chrome.exe	82
PID 5020 wrote to memory of 4932	5020	chrome.exe	82
PID 5020 wrote to memory of 4932	5020	chrome.exe	82
PID 5020 wrote to memory of 4932	5020	chrome.exe	82
PID 5020 wrote to memory of 4932	5020	chrome.exe	82
PID 5020 wrote to memory of 4932	5020	chrome.exe	82
PID 5020 wrote to memory of 4932	5020	chrome.exe	82
PID 5020 wrote to memory of 4932	5020	chrome.exe	82
PID 5020 wrote to memory of 4932	5020	chrome.exe	82
PID 5020 wrote to memory of 4932	5020	chrome.exe	82
PID 5020 wrote to memory of 3696	5020	chrome.exe	83
PID 5020 wrote to memory of 3696	5020	chrome.exe	83
PID 5020 wrote to memory of 3012	5020	chrome.exe	85
PID 5020 wrote to memory of 3012	5020	chrome.exe	85
PID 5020 wrote to memory of 3012	5020	chrome.exe	85
PID 5020 wrote to memory of 3012	5020	chrome.exe	85
PID 5020 wrote to memory of 3012	5020	chrome.exe	85
PID 5020 wrote to memory of 3012	5020	chrome.exe	85
PID 5020 wrote to memory of 3012	5020	chrome.exe	85
PID 5020 wrote to memory of 3012	5020	chrome.exe	85
PID 5020 wrote to memory of 3012	5020	chrome.exe	85
PID 5020 wrote to memory of 3012	5020	chrome.exe	85
PID 5020 wrote to memory of 3012	5020	chrome.exe	85
PID 5020 wrote to memory of 3012	5020	chrome.exe	85
PID 5020 wrote to memory of 3012	5020	chrome.exe	85
PID 5020 wrote to memory of 3012	5020	chrome.exe	85
PID 5020 wrote to memory of 3012	5020	chrome.exe	85
PID 5020 wrote to memory of 3012	5020	chrome.exe	85
PID 5020 wrote to memory of 3012	5020	chrome.exe	85
PID 5020 wrote to memory of 3012	5020	chrome.exe	85
PID 5020 wrote to memory of 3012	5020	chrome.exe	85
PID 5020 wrote to memory of 3012	5020	chrome.exe	85
PID 5020 wrote to memory of 3012	5020	chrome.exe	85
PID 5020 wrote to memory of 3012	5020	chrome.exe	85
PID 5020 wrote to memory of 3012	5020	chrome.exe	85
PID 5020 wrote to memory of 3012	5020	chrome.exe	85
PID 5020 wrote to memory of 3012	5020	chrome.exe	85
PID 5020 wrote to memory of 3012	5020	chrome.exe	85
PID 5020 wrote to memory of 3012	5020	chrome.exe	85
PID 5020 wrote to memory of 3012	5020	chrome.exe	85
PID 5020 wrote to memory of 3012	5020	chrome.exe	85
PID 5020 wrote to memory of 3012	5020	chrome.exe	85

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\Slendytubbies 3 Multiplayer.exe
"C:\Users\Admin\AppData\Local\Temp\Slendytubbies 3 Multiplayer.exe"
1⤵
PID:4420

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc7f9edcf8,0x7ffc7f9edd04,0x7ffc7f9edd10
  2⤵
  PID:3324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1684,i,2987545263341995319,4071312843668374584,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=1968 /prefetch:2
  2⤵
  PID:4932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=2220,i,2987545263341995319,4071312843668374584,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=2276 /prefetch:11
  2⤵
  - Downloads MZ/PE file
  PID:3696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2368,i,2987545263341995319,4071312843668374584,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=2380 /prefetch:13
  2⤵
  PID:3012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3252,i,2987545263341995319,4071312843668374584,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:3304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3304,i,2987545263341995319,4071312843668374584,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3500 /prefetch:1
  2⤵
  PID:3928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4220,i,2987545263341995319,4071312843668374584,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4240 /prefetch:9
  2⤵
  PID:1464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4632,i,2987545263341995319,4071312843668374584,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4672 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5320,i,2987545263341995319,4071312843668374584,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5332 /prefetch:14
  2⤵
  PID:4204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5324,i,2987545263341995319,4071312843668374584,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5424 /prefetch:14
  2⤵
  PID:812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5576,i,2987545263341995319,4071312843668374584,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5048 /prefetch:14
  2⤵
  PID:1240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5620,i,2987545263341995319,4071312843668374584,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5540 /prefetch:14
  2⤵
  PID:660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5672,i,2987545263341995319,4071312843668374584,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5516 /prefetch:14
  2⤵
  PID:3280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4492,i,2987545263341995319,4071312843668374584,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5692 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5656,i,2987545263341995319,4071312843668374584,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5872 /prefetch:14
  2⤵
  PID:3888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3360,i,2987545263341995319,4071312843668374584,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3644 /prefetch:1
  2⤵
  PID:2336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4524,i,2987545263341995319,4071312843668374584,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3724 /prefetch:1
  2⤵
  PID:4632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5472,i,2987545263341995319,4071312843668374584,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=6096,i,2987545263341995319,4071312843668374584,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:2552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=6392,i,2987545263341995319,4071312843668374584,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=6324 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6268,i,2987545263341995319,4071312843668374584,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=6436 /prefetch:1
  2⤵
  PID:1240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6036,i,2987545263341995319,4071312843668374584,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=6484 /prefetch:1
  2⤵
  PID:480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6576,i,2987545263341995319,4071312843668374584,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=6572 /prefetch:14
  2⤵
  PID:3300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6580,i,2987545263341995319,4071312843668374584,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=6632 /prefetch:14
  2⤵
  PID:4240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6188,i,2987545263341995319,4071312843668374584,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=6672 /prefetch:14
  2⤵
  PID:4148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=6876,i,2987545263341995319,4071312843668374584,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=6332 /prefetch:1
  2⤵
  PID:2052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=4244,i,2987545263341995319,4071312843668374584,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=6660 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=6852,i,2987545263341995319,4071312843668374584,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4360 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=4300,i,2987545263341995319,4071312843668374584,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4828 /prefetch:1
  2⤵
  PID:2368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=7156,i,2987545263341995319,4071312843668374584,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=7200 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=7312,i,2987545263341995319,4071312843668374584,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4292 /prefetch:1
  2⤵
  PID:864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=4336,i,2987545263341995319,4071312843668374584,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4360 /prefetch:1
  2⤵
  PID:3704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=7496,i,2987545263341995319,4071312843668374584,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=7488 /prefetch:1
  2⤵
  PID:2480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=7636,i,2987545263341995319,4071312843668374584,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=7644 /prefetch:1
  2⤵
  PID:2296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=7844,i,2987545263341995319,4071312843668374584,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=7804 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=6632,i,2987545263341995319,4071312843668374584,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=6556 /prefetch:9
  2⤵
  PID:2352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=7208,i,2987545263341995319,4071312843668374584,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:3284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=3620,i,2987545263341995319,4071312843668374584,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=7660,i,2987545263341995319,4071312843668374584,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=7676 /prefetch:1
  2⤵
  PID:1240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=8008,i,2987545263341995319,4071312843668374584,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=8048 /prefetch:1
  2⤵
  PID:4332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=8164,i,2987545263341995319,4071312843668374584,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=8184 /prefetch:1
  2⤵
  PID:3300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=8380,i,2987545263341995319,4071312843668374584,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=8340 /prefetch:1
  2⤵
  PID:3784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=8484,i,2987545263341995319,4071312843668374584,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=8488 /prefetch:1
  2⤵
  PID:1568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=8464,i,2987545263341995319,4071312843668374584,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=8684 /prefetch:1
  2⤵
  PID:5640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=4284,i,2987545263341995319,4071312843668374584,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=8360 /prefetch:1
  2⤵
  PID:5996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=8456,i,2987545263341995319,4071312843668374584,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=7976 /prefetch:1
  2⤵
  PID:3448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=8688,i,2987545263341995319,4071312843668374584,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=6124 /prefetch:1
  2⤵
  PID:5184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --field-trial-handle=3732,i,2987545263341995319,4071312843668374584,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=8804 /prefetch:1
  2⤵
  PID:5968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --field-trial-handle=5968,i,2987545263341995319,4071312843668374584,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=8032 /prefetch:1
  2⤵
  PID:5960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --field-trial-handle=4684,i,2987545263341995319,4071312843668374584,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=6704 /prefetch:1
  2⤵
  PID:872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --field-trial-handle=8544,i,2987545263341995319,4071312843668374584,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4628 /prefetch:1
  2⤵
  PID:5300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --field-trial-handle=8744,i,2987545263341995319,4071312843668374584,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=8760 /prefetch:1
  2⤵
  PID:2912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6984,i,2987545263341995319,4071312843668374584,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=8776 /prefetch:12
  2⤵
  PID:1048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6124,i,2987545263341995319,4071312843668374584,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=7140 /prefetch:14
  2⤵
  PID:2228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=8552,i,2987545263341995319,4071312843668374584,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5936 /prefetch:14
  2⤵
  PID:4764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=4780,i,2987545263341995319,4071312843668374584,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=6516 /prefetch:10
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --field-trial-handle=4660,i,2987545263341995319,4071312843668374584,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:5228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6540,i,2987545263341995319,4071312843668374584,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=7976 /prefetch:14
  2⤵
  PID:5820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --field-trial-handle=6232,i,2987545263341995319,4071312843668374584,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3720 /prefetch:1
  2⤵
  PID:1040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --field-trial-handle=6256,i,2987545263341995319,4071312843668374584,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=7008 /prefetch:1
  2⤵
  PID:2408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --field-trial-handle=8236,i,2987545263341995319,4071312843668374584,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4276 /prefetch:1
  2⤵
  PID:5472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --field-trial-handle=7512,i,2987545263341995319,4071312843668374584,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=7524 /prefetch:1
  2⤵
  PID:5948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --field-trial-handle=7520,i,2987545263341995319,4071312843668374584,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=7712 /prefetch:1
  2⤵
  PID:5856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --field-trial-handle=7644,i,2987545263341995319,4071312843668374584,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=7688 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6528,i,2987545263341995319,4071312843668374584,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=6648 /prefetch:14
  2⤵
  - NTFS ADS
  PID:2864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=8612,i,2987545263341995319,4071312843668374584,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5652 /prefetch:14
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:5276
- C:\Users\Admin\Downloads\Rockstar-Games-Launcher.exe
  "C:\Users\Admin\Downloads\Rockstar-Games-Launcher.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:1908
- - C:\Program Files\Rockstar Games\Launcher\Redistributables\VCRed\vc_redist.x86.exe
    "C:\Program Files\Rockstar Games\Launcher\Redistributables\VCRed\vc_redist.x86.exe" /install /norestart /quiet
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:3384
  - - C:\Windows\Temp\{94BF2F26-EF35-418F-AE6A-25E3F394A5D2}\.cr\vc_redist.x86.exe
      "C:\Windows\Temp\{94BF2F26-EF35-418F-AE6A-25E3F394A5D2}\.cr\vc_redist.x86.exe" -burn.clean.room="C:\Program Files\Rockstar Games\Launcher\Redistributables\VCRed\vc_redist.x86.exe" -burn.filehandle.attached=764 -burn.filehandle.self=572 /install /norestart /quiet
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2644
    - - C:\Windows\Temp\{4492B016-CBBC-40EF-AB02-A80B598C44F7}\.be\VC_redist.x86.exe
        
        "C:\Windows\Temp\{4492B016-CBBC-40EF-AB02-A80B598C44F7}\.be\VC_redist.x86.exe" -q -burn.elevated BurnPipe.{E94BF0BC-4EA0-4089-8684-1AF5C8D8B98A} {136B96B9-1F4C-499E-848D-D2933499E2B5} 2644
        5⤵
        Executes dropped EXE
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        
        PID:832
      - C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe
        
        "C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={410c0ee1-00bb-41b6-9772-e12c2828b02f} -burn.filehandle.self=888 -burn.embedded BurnPipe.{B4FF5B3B-4B64-4119-B6AF-3D7057532609} {87D2EF51-A12B-4B6E-AA37-4749D0F1EBE7} 832
        6⤵
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2128
        
        C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe
        
        "C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe" -burn.clean.room="C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe" -burn.filehandle.attached=576 -burn.filehandle.self=592 -uninstall -quiet -burn.related.upgrade -burn.ancestors={410c0ee1-00bb-41b6-9772-e12c2828b02f} -burn.filehandle.self=888 -burn.embedded BurnPipe.{B4FF5B3B-4B64-4119-B6AF-3D7057532609} {87D2EF51-A12B-4B6E-AA37-4749D0F1EBE7} 832
        7⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:396
        
        C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe
        
        "C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe" -q -burn.elevated BurnPipe.{339070F5-C751-4AAB-B586-6D031420FEBD} {099A1221-D165-44C4-9C3A-9FEBE1950CE8} 396
        8⤵
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:5924
- - C:\Program Files\Rockstar Games\Launcher\Redistributables\VCRed\vc_redist.x64.exe
    "C:\Program Files\Rockstar Games\Launcher\Redistributables\VCRed\vc_redist.x64.exe" /install /norestart /quiet
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:5464
  - - C:\Windows\Temp\{899EE5DF-A0B5-4FC4-890A-48B665A8F07D}\.cr\vc_redist.x64.exe
      "C:\Windows\Temp\{899EE5DF-A0B5-4FC4-890A-48B665A8F07D}\.cr\vc_redist.x64.exe" -burn.clean.room="C:\Program Files\Rockstar Games\Launcher\Redistributables\VCRed\vc_redist.x64.exe" -burn.filehandle.attached=592 -burn.filehandle.self=600 /install /norestart /quiet
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2236
    - - C:\Windows\Temp\{55A27EE5-6F21-43D9-824A-444B6C7E29A2}\.be\VC_redist.x64.exe
        
        "C:\Windows\Temp\{55A27EE5-6F21-43D9-824A-444B6C7E29A2}\.be\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{9131322E-11F5-4B9F-A720-2A36D0343F75} {1FEA464C-A8DA-42B2-AFA9-E81A5F92E392} 2236
        5⤵
        Executes dropped EXE
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        
        PID:5764
      - C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
        
        "C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={8bdfe669-9705-4184-9368-db9ce581e0e7} -burn.filehandle.self=1004 -burn.embedded BurnPipe.{BA7D9A5C-5346-4B06-8855-D1950748665F} {74471883-4D2F-43C8-99E1-176A19408B6F} 5764
        6⤵
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:5260
        
        C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
        
        "C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.filehandle.attached=572 -burn.filehandle.self=588 -uninstall -quiet -burn.related.upgrade -burn.ancestors={8bdfe669-9705-4184-9368-db9ce581e0e7} -burn.filehandle.self=1004 -burn.embedded BurnPipe.{BA7D9A5C-5346-4B06-8855-D1950748665F} {74471883-4D2F-43C8-99E1-176A19408B6F} 5764
        7⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:5984
        
        C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
        
        "C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{6A6D7B76-DA28-4F61-8A3C-381AD362D3E2} {F4BA9876-F0C2-4AFE-A79A-E14260039073} 5984
        8⤵
        System Location Discovery: System Language Discovery
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        
        PID:396
- - C:\Program Files\Rockstar Games\Launcher\RockstarService.exe
    "C:\Program Files\Rockstar Games\Launcher\RockstarService.exe" stop
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - Suspicious use of SetWindowsHookEx
    PID:5944
- - C:\Program Files\Rockstar Games\Launcher\RockstarService.exe
    "C:\Program Files\Rockstar Games\Launcher\RockstarService.exe" uninstall
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5880
- - C:\Program Files\Rockstar Games\Launcher\RockstarService.exe
    "C:\Program Files\Rockstar Games\Launcher\RockstarService.exe" install
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - Suspicious use of SetWindowsHookEx
    PID:1692
- C:\Windows\System32\msiexec.exe
  "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\jjsploit_8.14.1_x64_en-US.msi"
  2⤵
  - Enumerates connected drives
  PID:3892
- - C:\Program Files\jjsploit\jjsploit.exe
    "C:\Program Files\jjsploit\jjsploit.exe"
    3⤵
    - Executes dropped EXE
    - Checks whether UAC is enabled
    PID:5860
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=jjsploit.exe --webview-exe-version=8.14.1 --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --autoplay-policy=no-user-gesture-required --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --enable-features=RemoveRedirectionBitmap --lang=en-US --mojo-named-platform-channel-pipe=5860.2020.8864937398224596508
      4⤵
      Drops file in Windows directory
      Enumerates system info in registry
      Modifies data under HKEY_USERS
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      PID:3796
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=132.0.6834.160 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=132.0.2957.140 --initial-client-data=0x160,0x164,0x168,0x13c,0x170,0x7ffc68cfb078,0x7ffc68cfb084,0x7ffc68cfb090
        5⤵
        
        PID:3304
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=gpu-process --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=jjsploit.exe --webview-exe-version=8.14.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=1696,i,13123293978090984603,8396681617938355496,262144 --enable-features=RemoveRedirectionBitmap --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=1692 /prefetch:2
        5⤵
        
        PID:4508
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=jjsploit.exe --webview-exe-version=8.14.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=2008,i,13123293978090984603,8396681617938355496,262144 --enable-features=RemoveRedirectionBitmap --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=2012 /prefetch:11
        5⤵
        
        PID:1160
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=jjsploit.exe --webview-exe-version=8.14.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=2272,i,13123293978090984603,8396681617938355496,262144 --enable-features=RemoveRedirectionBitmap --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=2284 /prefetch:13
        5⤵
        
        PID:4396
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=jjsploit.exe --webview-exe-version=8.14.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --autoplay-policy=no-user-gesture-required --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --always-read-main-dll --field-trial-handle=3512,i,13123293978090984603,8396681617938355496,262144 --enable-features=RemoveRedirectionBitmap --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=3584 /prefetch:1
        5⤵
        
        PID:1504
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mboost.me/a/P?altId=eIuJh6mKbIenSOeR
      4⤵
      Drops file in Windows directory
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      PID:1824
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2e4,0x2e8,0x2ec,0x2e0,0x2f8,0x7ffc64f6f208,0x7ffc64f6f214,0x7ffc64f6f220
        5⤵
        
        PID:2236
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1880,i,10734490992020446728,9172440292037289769,262144 --variations-seed-version --mojo-platform-channel-handle=2248 /prefetch:11
        5⤵
        
        PID:5172
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2208,i,10734490992020446728,9172440292037289769,262144 --variations-seed-version --mojo-platform-channel-handle=2204 /prefetch:2
        5⤵
        
        PID:1364
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2392,i,10734490992020446728,9172440292037289769,262144 --variations-seed-version --mojo-platform-channel-handle=2520 /prefetch:13
        5⤵
        
        PID:132
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3420,i,10734490992020446728,9172440292037289769,262144 --variations-seed-version --mojo-platform-channel-handle=3440 /prefetch:1
        5⤵
        
        PID:4228
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3428,i,10734490992020446728,9172440292037289769,262144 --variations-seed-version --mojo-platform-channel-handle=3472 /prefetch:1
        5⤵
        
        PID:1640
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=3992,i,10734490992020446728,9172440292037289769,262144 --variations-seed-version --mojo-platform-channel-handle=4160 /prefetch:1
        5⤵
        
        PID:6192
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=4124,i,10734490992020446728,9172440292037289769,262144 --variations-seed-version --mojo-platform-channel-handle=4708 /prefetch:1
        5⤵
        
        PID:6216
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --always-read-main-dll --field-trial-handle=4228,i,10734490992020446728,9172440292037289769,262144 --variations-seed-version --mojo-platform-channel-handle=4776 /prefetch:9
        5⤵
        
        PID:6224
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4088,i,10734490992020446728,9172440292037289769,262144 --variations-seed-version --mojo-platform-channel-handle=4164 /prefetch:9
        5⤵
        
        PID:6232
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4100,i,10734490992020446728,9172440292037289769,262144 --variations-seed-version --mojo-platform-channel-handle=5356 /prefetch:14
        5⤵
        
        PID:6624
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5492,i,10734490992020446728,9172440292037289769,262144 --variations-seed-version --mojo-platform-channel-handle=4216 /prefetch:14
        5⤵
        
        PID:6740
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --always-read-main-dll --field-trial-handle=5436,i,10734490992020446728,9172440292037289769,262144 --variations-seed-version --mojo-platform-channel-handle=5452 /prefetch:1
        5⤵
        
        PID:6972
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --always-read-main-dll --field-trial-handle=5404,i,10734490992020446728,9172440292037289769,262144 --variations-seed-version --mojo-platform-channel-handle=3440 /prefetch:1
        5⤵
        
        PID:7072
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5128,i,10734490992020446728,9172440292037289769,262144 --variations-seed-version --mojo-platform-channel-handle=5580 /prefetch:14
        5⤵
        
        PID:6480
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4152,i,10734490992020446728,9172440292037289769,262144 --variations-seed-version --mojo-platform-channel-handle=5620 /prefetch:14
        5⤵
        
        PID:6492
    - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6336,i,10734490992020446728,9172440292037289769,262144 --variations-seed-version --mojo-platform-channel-handle=6360 /prefetch:14
        5⤵
        
        PID:6804
    - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6336,i,10734490992020446728,9172440292037289769,262144 --variations-seed-version --mojo-platform-channel-handle=6360 /prefetch:14
        5⤵
        
        PID:6836

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:3440

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2044

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4568

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D0 0x00000000000004D8
1⤵
PID:2368

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:2296

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
PID:2564

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:6076
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding BE84EDF2BAFABEB87DFE1881EBDC912A C
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:1780

C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
1⤵
PID:1404

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\ProgramData\Package Cache\{410c0ee1-00bb-41b6-9772-e12c2828b02f}\VC_redist.x86.exe" /burn.runonce
1⤵
PID:2396
- C:\ProgramData\Package Cache\{410c0ee1-00bb-41b6-9772-e12c2828b02f}\VC_redist.x86.exe
  "C:\ProgramData\Package Cache\{410c0ee1-00bb-41b6-9772-e12c2828b02f}\VC_redist.x86.exe" /burn.runonce
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:972
- - C:\ProgramData\Package Cache\{410c0ee1-00bb-41b6-9772-e12c2828b02f}\VC_redist.x86.exe
    "C:\ProgramData\Package Cache\{410c0ee1-00bb-41b6-9772-e12c2828b02f}\VC_redist.x86.exe" /quiet /norestart /burn.log.append "C:\Users\Admin\AppData\Local\Temp\dd_vcredist_x86_20250328151022.log" /install
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:5920
  - - C:\ProgramData\Package Cache\{410c0ee1-00bb-41b6-9772-e12c2828b02f}\VC_redist.x86.exe
      "C:\ProgramData\Package Cache\{410c0ee1-00bb-41b6-9772-e12c2828b02f}\VC_redist.x86.exe" -burn.clean.room="C:\ProgramData\Package Cache\{410c0ee1-00bb-41b6-9772-e12c2828b02f}\VC_redist.x86.exe" -burn.filehandle.attached=544 -burn.filehandle.self=560 /quiet /norestart /burn.log.append "C:\Users\Admin\AppData\Local\Temp\dd_vcredist_x86_20250328151022.log" /install
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:6032
    - - C:\ProgramData\Package Cache\{410c0ee1-00bb-41b6-9772-e12c2828b02f}\VC_redist.x86.exe
        
        "C:\ProgramData\Package Cache\{410c0ee1-00bb-41b6-9772-e12c2828b02f}\VC_redist.x86.exe" -q -burn.elevated BurnPipe.{104F58A8-E030-4FA3-B081-273A06A7C51B} {12AE9B1D-0F26-4472-8582-EDA6E07484FD} 6032
        5⤵
        Executes dropped EXE
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:3264

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe" /burn.runonce
1⤵
PID:4752
- C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe
  "C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe" /burn.runonce
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2440
- - C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe
    "C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe" /quiet /norestart /burn.log.append "C:\Users\Admin\AppData\Local\Temp\dd_vcredist_amd64_20250328151035.log" /install
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:5264
  - - C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe
      "C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe" -burn.filehandle.attached=544 -burn.filehandle.self=560 /quiet /norestart /burn.log.append "C:\Users\Admin\AppData\Local\Temp\dd_vcredist_amd64_20250328151035.log" /install
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:2696
    - - C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe
        
        "C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{4629A2DF-3BC6-43E1-9E92-7DA963F360E4} {5CFC1BB1-933F-42AC-89BA-F70B635961B8} 2696
        5⤵
        Executes dropped EXE
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:3360

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\ProgramData\Package Cache\{410c0ee1-00bb-41b6-9772-e12c2828b02f}\VC_redist.x86.exe" /burn.runonce
1⤵
PID:5972
- C:\ProgramData\Package Cache\{410c0ee1-00bb-41b6-9772-e12c2828b02f}\VC_redist.x86.exe
  "C:\ProgramData\Package Cache\{410c0ee1-00bb-41b6-9772-e12c2828b02f}\VC_redist.x86.exe" /burn.runonce
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2344
- - C:\ProgramData\Package Cache\{410c0ee1-00bb-41b6-9772-e12c2828b02f}\VC_redist.x86.exe
    "C:\ProgramData\Package Cache\{410c0ee1-00bb-41b6-9772-e12c2828b02f}\VC_redist.x86.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:2440
  - - C:\ProgramData\Package Cache\{410c0ee1-00bb-41b6-9772-e12c2828b02f}\VC_redist.x86.exe
      "C:\ProgramData\Package Cache\{410c0ee1-00bb-41b6-9772-e12c2828b02f}\VC_redist.x86.exe" -burn.clean.room="C:\ProgramData\Package Cache\{410c0ee1-00bb-41b6-9772-e12c2828b02f}\VC_redist.x86.exe" -burn.filehandle.attached=552 -burn.filehandle.self=560
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:4364

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe" /burn.runonce
1⤵
PID:1012
- C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe
  "C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe" /burn.runonce
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2072
- - C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe
    "C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:6020
  - - C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe
      "C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe" -burn.filehandle.attached=552 -burn.filehandle.self=560
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:4476

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:1656

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e5bf34b.rbs

Filesize
16KB

MD5
fbde3a5a9e69417e91e7462133f6e6c6

SHA1
b246b5ab43c2bd65e7dd21a2fede04072379e3b1

SHA256
bd27514c48982dc5f5375844c2994b0ad46b6c1b6ebed6630e5c145f86bec13f

SHA512
bea25ce560c4a64206fb533c82826ebb0f3ed035b7fa6b0d1b3fca5ae85a2c25681dde570eb3791f0db3db32c107bd099d9e067ab736be6a8cf23c85cf2f1f29

Download Submit
C:\Config.Msi\e5bf350.rbs

Filesize
18KB

MD5
a6dab9ec44a21379375838361e8baa60

SHA1
12d46f2a74d7ee3b42a5ef2a718ae6bb1b7d4a08

SHA256
da95c76cfe9640fce58f83898ed0f346368dc41b6cb2bccddd815656f6368a31

SHA512
620a349d534a139175e53ae5a7016bebf25ace9340a76e1ef0f1032667b19691cf10f2a70371c56876105cd5e1dfc8e834323d828ca31ca2a07a6dde775560aa

Download Submit
C:\Config.Msi\e5bf35d.rbs

Filesize
20KB

MD5
2cdd9b6efa49955035df51577f117122

SHA1
eb3e60e5dc65f3dc03d3abaee76000b56565a094

SHA256
8d52269b7806fc8bea35f6b5117ff8fb975e006c55d1d7e051666bf790074e13

SHA512
e52a7c45574e70a14fa035f3cf0374917ceb6a7a337f3fb4c8f55cc8f296048e8d60185602f3d11c4fa0a2633593da7e8ec561dd6e2747613d079e54f6327550

Download Submit
C:\Config.Msi\e5bf36c.rbs

Filesize
19KB

MD5
a2ba31e9c51c888db17d28fb9f450369

SHA1
85a8f7a9505bd809333751f78fab0025abe8e57a

SHA256
d5a75cb61610216bc4bc02517e7dbe650daa4fb5d9176f18fe76bbe064498115

SHA512
4985c559f305201efbf141b4da2e095fd2b07904b2ccd53d21d72e55410057a1195d9a0659ad9864e7242813a87b05191e2dbda910cfec26f1d77e2e97c24d0d

Download Submit
C:\Config.Msi\e5bf373.rbs

Filesize
19KB

MD5
df9f03e56cb256752513731d8a084d0b

SHA1
d9948c0ed1d965c05f6d7d1793fbb791c7b44fed

SHA256
bafb7ae50850811b9c82d58766c80335099af8202a025b11351c140ecfc66ece

SHA512
c00492917979f1e71818b4a1b4a4723566bdad189ba370fea0fd6b6c8435408da1f6aeaabacb53e513a417ceebe15e48385a6da8c7be3532e38e0d5c3f785b97

Download Submit
C:\Config.Msi\e5bf37f.rbs

Filesize
19KB

MD5
ecbc6ceafc6c1e241cba174b5513e750

SHA1
f90eadda5b52c15e3e977ccf65c44bdc5c242c5d

SHA256
8a9b6c2a9873acace781250e6379a970249695668c84804dd04681892c6614b7

SHA512
c29e7ab0cba18c4861c666d2f520bb326b41d91649633deda59cbcfd295750da7b74a8e33d83bd5d7a730f327d21d6d008bdcf64183d2c06614f38fd36d2cdc4

Download Submit
C:\Config.Msi\e5bf386.rbs

Filesize
21KB

MD5
8081054c7d467269c93171fd6c724d75

SHA1
4d8ef461d33416414c20f08240647f7c8f9fd18e

SHA256
2cdcad6ddad1ed05d3c27463c6e7a4ee5db622056bf93621346bb9d483435d92

SHA512
05b48c0c9fb5ed53246ddac3d7ed3a888937bb7e5845a83712255ebec33079d70874e864ed0f4e2945b1760d22932a5cc6fd263db5b8fdfa3b161c8dc56d1e6b

Download Submit
C:\Config.Msi\e5bf395.rbs

Filesize
21KB

MD5
3f16a4f103b04e3854cb9de754777a6e

SHA1
b8cd60051499df9c920e8e481f78712b0f5ff209

SHA256
af3f9b3cce1ad72f3ade66eb5ea20047d89e89ba228ba422c17b4a7a64bbfd8e

SHA512
0b678116ede51f3b25775d7bd3f0e51e50ec85d844fe957ea846224c7d9294d100b3424c7701fdfd0f8f406e2850ee083ad604deba99bcbf1cc3ff71740aa78d

Download Submit
C:\Config.Msi\e5bf398.rbs

Filesize
21KB

MD5
40e91fa9365a768c6639727a761cb10e

SHA1
29151b88c22802f0b5d5eac2fb170780cea8a54e

SHA256
70aced6fb2d2d47569f7ea3e0468732f845fedddb28a60b3bd32a0d2659e2ac4

SHA512
074d413c15c3b2233d45a12aab5ff91320831f13798ee698c5414d7c7f17119e093d1ded2698a7632a2d4d06e950fb451ea157caf02ecbb279d7ece018589bc2

Download Submit
C:\Program Files\Rockstar Games\Launcher\Redistributables\VCRed\vc_redist.x64.exe

Filesize
24.2MB

MD5
077f0abdc2a3881d5c6c774af821f787

SHA1
c483f66c48ba83e99c764d957729789317b09c6b

SHA256
917c37d816488545b70affd77d6e486e4dd27e2ece63f6bbaaf486b178b2b888

SHA512
70a888d5891efd2a48d33c22f35e9178bd113032162dc5a170e7c56f2d592e3c59a08904b9f1b54450c80f8863bda746e431b396e4c1624b91ff15dd701bd939

Download Submit
C:\Program Files\Rockstar Games\Launcher\Redistributables\VCRed\vc_redist.x86.exe

Filesize
13.2MB

MD5
ae427c1329c3b211a6d09f8d9506eb74

SHA1
c9b5b7969e499a4fd9e580ef4187322778e1936a

SHA256
5365a927487945ecb040e143ea770adbb296074ece4021b1d14213bde538c490

SHA512
ec70786704ead0494fab8f7a9f46554feaca45c79b831c5963ecc20243fa0f31053b6e0ceb450f86c16e67e739c4be53ad202c2397c8541365b7252904169b41

Download Submit
C:\Program Files\Rockstar Games\Launcher\RockstarService.exe

Filesize
7.2MB

MD5
4f3c2c7fb88bfb97b3a88f9a425f0361

SHA1
8ed4ecd3ab67bd32cfe944ae5deb7c6fed81beec

SHA256
72e030b72a052321f5e76de854cf49b144f497b70e318e3aeef037c2123325f6

SHA512
ca30399cee365ef8e2ed5c0a139bb263112a39895a70f3875fc676f505f74cb72d3ab5d2b1827b29725bb648b84ca07616433bf7c1defb95db7385aee096b0f1

Download Submit
C:\Program Files\jjsploit\jjsploit.exe

Filesize
16.8MB

MD5
4e81994d1ab52842b0bbae730c8a7aca

SHA1
53be8c7cc58352a95bef7dffdb87ca597abbe54a

SHA256
6fe6bcd64e65d2f4751cf5fc99eb62e68671cfb2aba31995b93c7429ed2fe04b

SHA512
f541f046370ea46b1c82898339e8ea57d4aff5b7d14c28473211d4212a3ddc0fc2e62ac875f3dfae3f5d33cdaaf7db6c77a56d99ad9390ad48065fd41110028c

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jjsploit\jjsploit.lnk

Filesize
1KB

MD5
57e45712ca9714d17c598304ddeded0b

SHA1
5b3ff8451afa1b1f341966f364775425a2cdd731

SHA256
0cdaf0453c4b3c4d3f05793c7bc8aa77def90f325626a2634e22aa8b5df3effd

SHA512
a0cf6754a6df255c7ffc06844a7bce2b69477d2db6c2aed0fc12bfb2ab0318d092d22efde26195fca471fe66714e7ba4a935303f845354c762e9fc69c32ed4c7

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jjsploit\jjsploit.lnk~RFe5c0d46.TMP

Filesize
1KB

MD5
4a866b42f5dd94777097ae481ef07d5d

SHA1
ae3ab2e24f431c4be455ea81133401080f50f60c

SHA256
ccebb418290bd948cf927293433954ab9bd7ed52c81384f2f37751cb4e84a13d

SHA512
36153eeffd3e3c5ff70004c812f58ee1650ad211d294e9d48f0052510aa796a25084882582d212820fd8990e3458eed22e2aed5d322bed8b3096b05e8478ec11

Download Submit
C:\ProgramData\Rockstar Games\Launcher\installer_log.txt

Filesize
922B

MD5
043865118fc5788a21b254369df0f8fd

SHA1
150b217cac2860a49e4f8fa29218a376c34c5474

SHA256
40dfddfeb6e1f542e75d6efef660d363747959ff5e633e1ac7da0fe8adf575fe

SHA512
e6119cc706684aa161f6eddf3a05c599500b3c599427db30f84c5ca272b244b89cfefbbe84f1940c48f3760f302b897a5e0dc064e7c36742f7a0b8dc898edf79

Download Submit
C:\ProgramData\Rockstar Games\Launcher\installer_log.txt

Filesize
9KB

MD5
6e14680b7a7fa1e694ddcdc76edb66a9

SHA1
d1a9ec12a102d48eb7bf06eba56f4708eb907fd0

SHA256
425be5c89a6991a8a7c09331c4e7095c666c1c38dd9185999c517e0f1f3846fc

SHA512
9b076361035f5601521e45a6083d596e8a1960680ddd682fa0835ca4efb874667726022af84ab2bdcd3c3cb84f5865ecece3f9770f1c193260ada841c2c5c7f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\0fd353d4-21e0-458c-9e92-4e96e8bb4ae2.tmp

Filesize
14KB

MD5
646790f96cb87c9e9f9e44a506472e2e

SHA1
42cda4247b8c86b1b5c3feaaa9ed9f17eab825d5

SHA256
be0dcf8bac56057fbec4e087560930bd21ff4ec5264efe20148293a9a5e2edae

SHA512
1b91626b0822216afc6a32cbe0c36a525d8ea8a006fcd8e067ffafccec5f71c90f9d90eb331da977fbe7c392f2c5a011629e79cb4b2e3e9127fd9d6ba1e9d3c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
009635ef769271a9bdfe597ca1047572

SHA1
20d2e03ee54360db230c29ffca305c355d8224fb

SHA256
2948461ea56d83de103b050b4761907dd916f98c6f41ef0ecf942d90c89d1de7

SHA512
2ed0cd8a928cfc2d2f1bca009c21699113fac25e5ba4461adacbff635ab3765dc30768ac923df2af4ab91a4a9c3c7b7ae132f074a72d86c50d4a132c5d6ef5b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000052

Filesize
22KB

MD5
280d0dffcf08dedc8ce52f25270bf1e8

SHA1
e9566fd9372120a6fb9760a131f8919934954f35

SHA256
ed51e026d37d510820ca0b811d1f774fa8eb13ce09775c5a891853ca072fb58f

SHA512
1dd8a347348a3d211bd8f03c30d7dfcf160d62ade9c354dd9649ef4591c874bd466d864ac0aad454a0b0e01f1149c1c5a95aa365affbd7d81f79558c7ddc39b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000057

Filesize
28KB

MD5
564a80f06c5058cd19537375a47d2da5

SHA1
db5220e6e520a2011362bfe82a1be6fdb413cb48

SHA256
230a4ea452bc7ba039775d964e2de8a643a9fce5d9f74c25649a55031151d8ca

SHA512
fd617efe1dd3b9425648ea8ca5c7769c8e81e3f78caee6805b0671ed7681824dd135e90191a1195d5ccb8610b9056a07018483098ba473a507ecd100739d1c32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000059

Filesize
20KB

MD5
4b24739c5ce349f1148058c3fddc0237

SHA1
2adabee4da418cfe0263b2f6177eae8377f353d5

SHA256
1690d4123a016bde38123230c6dea716d9f6f8d9bd6d78d4bc02204a5765f4f2

SHA512
4fdabe9a33d0b1f2a1d1cdea42ddca9198158b7f2c2b333908ee30e2787ffcde58fee5bdea456702e3fb5209daf3e19028a14c6eadb0ca94668a7ed1e866d255

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005a

Filesize
28KB

MD5
d941188b9b59bef71f6e45581bf1e79a

SHA1
6e94b7ae29d6e57f671589dc705db04d54212521

SHA256
dc07053ec83b93bc1b877fea01a9117493077e7107bfde0441b53e523d34443e

SHA512
e74cfddad66b90aeaa2c0ba905ce05c30f7dc23eb18c69edc13cfe083f1d12db336acceff22715650a5959718bc723790b0dde4deda698d74850bc25c1426de0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005b

Filesize
54KB

MD5
4b7ecd257f0e110a4ad582d7d38f4d23

SHA1
2a5bb98230d640c8e18608d9b03771ee9f57a9d9

SHA256
95877c4adbf174b9122e8786e74e4c80a484c4da396fd74d65f5ac8ce626c7a7

SHA512
89423a889e17981c802e58fc81f389296063e3a15983c4e165c34675729ac857a54be0dbc5c9bdf0eb917c0103f6c0502eae8363ca0e9f3ecd898f34f412550b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000069

Filesize
158KB

MD5
83266658f29f5cb762001d5d9f6985a7

SHA1
9ff52157193e1e798944e6a3172d938183f5e550

SHA256
60072b4eb6fc5f1f1214a34fcd55b3cbd1d05eddf778f85611f9b352c4c6452d

SHA512
60b2a8749bb597b71c6cb7113c4ea6c430ab90c6f6a5f78a36ab5fbd2676fbc173ade236be939e862569c786fbdc8e0aa984f1ae4263e91de2ba681cc8ce5d66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006d

Filesize
67KB

MD5
60a30ef624fad5be472ee5d1acd1b2ab

SHA1
5dbb87bbc2e8a6143308e7928536ae778610794a

SHA256
d0ec8a13c2eb6a38d628cd7adaed308116164ceee003f816889b4db1735bfccf

SHA512
315e3ea4d4c6ccf6c14fc509933b01cb77c964b608cb95ce2ee8c331011adaf618e41cf4b8c499c4f6c9e137b88a34caaa7aaa44a69fdabed84df550e178d60a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000075

Filesize
39KB

MD5
9a01b69183a9604ab3a439e388b30501

SHA1
8ed1d59003d0dbe6360481017b44665153665fbe

SHA256
20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2

SHA512
0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00007b

Filesize
35KB

MD5
7c702451150c376ff54a34249bceb819

SHA1
3ab4dc2f57c0fd141456c1cbe24f112adf3710e2

SHA256
77d21084014dcb10980c296e583371786b3886f5814d8357127f36f8c6045583

SHA512
9f1a79e93775dc5bd4aa9749387d5fa8ef55037ccda425039fe68a5634bb682656a9ed4b6940e15226f370e0111878ecd6ec357d55c4720f97a97e58ece78d59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000089

Filesize
51KB

MD5
5f83f12a5b3180468ce64458aa86c3e4

SHA1
20cfa48de17422a1a0c5c4c58aac9d1444a89b71

SHA256
51ef2a0485a70d0b38d725a58ba83b70ae36016e4370750589f209e66aa32423

SHA512
e0a47040494d81a594b2043e167e256c861f7ec5d701f29717fd3275326169a550ed08a70278e80d8daed9e7dc8756a3b7fd3bf57f5716d8e7d5ff9d396dfcd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00008a

Filesize
646KB

MD5
16ba39de97a7242f8ef0e22c914f439a

SHA1
976e1dc1c285b899f96dd2e773f2f12badab8220

SHA256
3adcc0efe60b27d0094e0b0669185bc28b93e9542b31ef5fa3425d9972c9777b

SHA512
39ffe0c69a5ae452df9d2392fcbdf0e280652d19c41cbb635a69de61134426069a0df79b706722436bf9b01dcc54164c691553131362dbd2924eb53772dde929

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00008b

Filesize
34KB

MD5
3d080648de0523643da0ae8463ba5769

SHA1
5013c7dd096b2ed1be120f28c4c3523a07d2569b

SHA256
a2476cfc404a7b3a4c05f01adab2174f43c911c535984b19a9f2bdd194261675

SHA512
150b98009d3a114bb8a6c5403b1ca8d27dd6931769e90fdcdd9ac5fe7ea4752bb1df00df5b3f62742fca4edda6fa531ce2e7a8be7fc082aeba8182c9a23acde4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00008c

Filesize
34KB

MD5
25698a23280e505bcff47e65959eb3ca

SHA1
22257d1eb70f22e244ad182bdd16f7e041417eeb

SHA256
1d72bf90933f686542b301610174f450716c165ecfd48e21f966d0b1b6758e0f

SHA512
0254b0f7b109e13d5c9f5025fc4640a03e17e25e16cd98cefc232672b85802c55a067806c54a31870a6cd5a92b7ba830306a8b8f14ed6662931d036b325f4c08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000bd

Filesize
21KB

MD5
779ea2ea11c1cc3fb2ef48954c3ecee0

SHA1
f1db8393735b7e7d641c746b303b6596cdae701d

SHA256
7b108ec13d6202ca0951d2118ef833e5c6f2d5c1343607e1c310a8cf9fc58324

SHA512
60114c26365f43bb609f25563b47ec676d93fd2b6b42c01a30e8ebcf1af318b2a4347ee6337443029c73aea3b2db7a9d247126c65376d7fec98bfcad3fc4677d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
4KB

MD5
b0d8c63ae2223316139dd9e820d9ec88

SHA1
52b9726409d93397a86cc50790db646e8423c0ef

SHA256
b9e9843e96393321544fe89f45c2822033473e38555d2af0688182e0423515f5

SHA512
fa1ade9453635efe194afc17cfaa2d17516d95d13c06ee3bd1dded746be9f0391a7f71bbff298c8fbf5cdd15ddc11e49d3760eeda5d2fb8774eddefb6ce50a9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
f4e103a44347b06ae30ea6ad6d9249f4

SHA1
5c1e583b4c0636bcb90db0eff9af1e8fdf5e7f9a

SHA256
ba47c3af2af16af05593f28c0081c047d70c4c83705a79b92665f9795bb967fe

SHA512
379fdf9cb05c149eefb9af597a3ab0312b1842dc7c73017c1c1e721c58b7fc39bbe82dc25001ee6fc3794125d4c39e8f9aac44d5a663ba1bc20a13c4d676dc73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
21969a4682e54a4d27a4bb0a9de07196

SHA1
00a246f500ca237bc437a17b17694b6e802716b9

SHA256
b64c2684c8ceb7ea6bfb17f63acd1333f18bc8a3ba8ed24be9277e8fce3a8b90

SHA512
3a0fc28af8949559c4d59ab3a9b2c38c0cb87f2863097bdc0e9929daee9e7770a8f65607f1d5fefb416c5676feef475324ff417d37bf33771ec0c8846143d86b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
4a73e2f06dfddab74aa83cf7b6c73490

SHA1
2df3e5f391e58c5a963eb8e84ca9b7ce44f116ae

SHA256
14adc8ef73d8280e5cfede36e96914eb56e4c9dd101633a2130a19664033e25d

SHA512
5fdec7150be7095676159f621b1433d4937ccc964a0688942d8de57abf3a821e3302b3ec0b41a0895a141ce88ed47d7e50d4bfe12d2b191b6d4f718074b15cee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.90.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000014.ldb

Filesize
16KB

MD5
9f9eebd21a78e4eb2433e2bef6c2777f

SHA1
ebfdb5a25e272361022a6ce5a25d06e2982b4563

SHA256
6f53a38d8c86acc62b1fbfd00f433978dd370245d393f65c09107db7581ab9c0

SHA512
ab80d9842f85334a6d68035d0d6277d7dce4f5ccd0399ab4efc1b965def555317a949ad0124f22eead69e205249ca101b451028125b0cfb77a76399b20ac9d4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000015.log

Filesize
120KB

MD5
40c1e9db715095bbe640d0a0a8d8e927

SHA1
ad9482ae76cdf10623c62ccd2f45f431a85c50a5

SHA256
6555f6d509dbca9f3ff6732836317d1475f31a4d57ec6c9a77b3cfdc132390cc

SHA512
b65596391692c65587deb0d783bbbf190e099470d10608175a979c1c85f5d10ef49132cfc1ead6d0694d0af458947d1a03c569e9888632ff947103698153d3b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000017.ldb

Filesize
12KB

MD5
81e194e7092c7c9b660e56057cd76799

SHA1
8695012677a26d57eabf8ccd82d5b4d1d48fb9e2

SHA256
7221451b7c576759dc0a77a3148f3cb55dd1f8b862edd5cc0fad6d4db569d290

SHA512
38028cec6c07cdd0e780c3e23b90513be4d00ac5e88dacdf8c7ec0a4b731df3b34e32d784a48cb97017d4e65f2e2fc00a92d0d3a57f5b5ea0f0eea4621378916

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG

Filesize
5KB

MD5
d1b869245e75ad159ac82e2769b9b8d8

SHA1
a551f154af31656765771040bd07eb4207e224c4

SHA256
502ea9263e7e9c594e79c7fc7bfc54bd53a1a96c899d8940ded9a15b985ec749

SHA512
a2f3fbd280540e29a825e66df992720a1b7bb3587ae5e5129c9333a592f8b0dd1353c1d464e38984b7e259a5d899b5640ca84a8819767a1b501060b8672209ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
1KB

MD5
bfb7ab6760205aa814adf05ff5dff475

SHA1
1a24bfe48a6dd7ebce7e7777ee36f409aea75ac9

SHA256
7dc23d53f9b869cff75d5b480e654e3fef893033f115c3ef28e8bb50bd9c533e

SHA512
9b9573b40ee9678fb0f797878cbe646f90c24627367c2f1bbd32a15c2a504a3353c285aa22b696ca8cc6f197dc6004521d2f882aa49c8612293eed7956f8d239

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
40KB

MD5
7a108402a468a1232b6a9545429c73e2

SHA1
8c8bd022dc89cf7638618729f8d9518b225d9974

SHA256
c721a49a547f64770d27bf8a782a67fcd3f8f05c6741d9ea7f582266bdc32088

SHA512
b1f0035b744473cd301d0b90164a9bc8928f83de0887c8a1877e2f623045a922a76055ddb7e9914f65ddbbfb9cf8c0339ac18398ad368a9eda1500bf39e9ea77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c8468ecfa776a2857d5d2dd7b525c270

SHA1
331fb557b1c49d4cf3b60ab4aca7b7130114ba27

SHA256
9de53eb746a7f1dedd3e6d74f02f9d2b8700b349067d0450c70e9f3e7fe56c9a

SHA512
89e42f4e42f606d4acd1a08f2d2021a7cbab7e289eb35ae29345308b645d5d3e9da4c6d01f75f11fd5c55f43fb67acdd5a10a5e193ca74e679dfda6dc256ab44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
bfebb3256c3a48cd3c0acbb8c923c2e1

SHA1
d0a62c5c78f7c6eba139166100cb0c4beaba5982

SHA256
24049dd304653640a4ad6e1fe8e4806f3ec31c2ad6b2ad803701efc0adb7575a

SHA512
cfac50e6ab5ad90b76088f3f8ce73cfc0a8154d0ae85d8053970ba9d48e019a8fe9f339e69c549563085dde19a39577248290c190fe2546340fa27b8ba5f2bfc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
a4a75db2cc91ec78c4f7c3346968c32a

SHA1
5f50407b8e87dbe39ccec71084faffd702dd85a5

SHA256
b87d76ba3fc41411c52fc94e34e859cf6def7be20fc858e6457146fc848f2b47

SHA512
e4493c1cf3a5bdffab26e5bb28b959a32c5a4043594edf8fdf5f5ed269f9dcae26adeb6d5c7942b9189573567c2ad3b51a8b0225c9fc6bd547bae7f6886c9cfd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
6531e8c0aa511295530aa41a21daa6f2

SHA1
4417fe180bf65a6a27f2f354c85b08d84a087115

SHA256
49c15fc81063b0e51f3ce64ed4778ae998699faeaa9038a2876850931ab1c144

SHA512
c3747646654d8a759fceedded951e04745513c6fd66a4b0cee1f6a5202399b911e82fb6e686bb5ac20003d0b6e5a0eccbce3223de82a52591fe3b1f7c02f6600

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
2b41705efc7505f2719d741477fbc2ca

SHA1
0629945292ae17eeaeaab188385ec822ec5212ca

SHA256
99ab1036f53c0c08e4b3e2f471823779c8e13374ec71b08c35bf764a3e1172a8

SHA512
366975611ce5d7e59a2466cbaa357d68690268b8b35820e14253935423303c48f397ac4041534648b329591afc354f0daf7af347ecb38fbddd7a7807e59e6f15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
07e0a81bcbcdf6771a696036a8ede80e

SHA1
3b1336ce2fd7af385994d5194e4c530d72c6ece6

SHA256
6059f32eb929beea853cd0ef53bfcbabea31bb3476d0d12891a7aefe556e2351

SHA512
8ac4fdc6e33f6034655c5d417916aeb0b57049a660f798b10c16ff2e0341668ec9ac044ead6179d3e0c9c38ea9f38aac92304bde0237de35ff5d0e35ab87fed4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
5c9e6afc94de71df6fa11ae47f0a184e

SHA1
ca2ad3bd28199c447c2c65f9cbe43b12f31a484a

SHA256
1f108fc3f00e401bcf5d0a62feb319da08c4254df2cfa481fda8eb4624c9abc1

SHA512
db525913f170c5df488cc5e9dc610e0a675613ba0f0420fd33fb598ed88644944d03718189c7f8a3c5077972ad07eb61510042a5c11b5e0435edf8fb705de2d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
01e20ee6ceb5cb1db5a0976bb0f7c439

SHA1
62c7ded4fa77e9380a26d38569f68b4e813d6e81

SHA256
f6c8f32c024bfdd89f53ca10d739580d06701a7756e7b2152ea1a026a90b6b5d

SHA512
54dc9851deeed570acae0e8bc98953e7b53b56e74aefe7a8ac020b030d03336d291c4a877ee292ed7361996b452f374f0b7881d54b86fc6033166e812993065b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
223b1994f34046cac9bc4c8f62c46d29

SHA1
407852abb2a2b1263ab13d9cd81752635a8ac20e

SHA256
a6c1ab59195a1dd1f248e97025d937ba000f3cd2660c6748ca5b9fddaa0f48a0

SHA512
d233ad2cb1d0dcd43aae5e82a5f8e9dc336983cf79b3c2e0a13065830a931174e01f8a61392a863c7fad7dfd4e57f11d311f66fde14c77d4d5cbf314f39157b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
6281382be5adc35b5a1f936da87f6551

SHA1
0585afe81eab3a6aca12d5e77b4701ec03f592c1

SHA256
320c797558756e219898543a963bde253f324fc73ee1a663c69907fa55b91a19

SHA512
6bb014fac6587425514b8a304b0018701073a6b6b47a38bd7230eec8c86f1c28505501f0bc234769f7ac35e89e4214a11718c0fb73fec39df1ec2b5bc7294498

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
a16910b95d85161d3fd6a278d9c87ac2

SHA1
cb2182e344e1cc6da39f1b2b42e549902d397d10

SHA256
f5350d0db8a40020df3b43129b30638a9e5961861370125a5d8473ce28e82a5e

SHA512
68e7e1d8716ded6f18a4b64db05a9ca79cbf605794e8a79033ad1f0c95f76ca5d1310fe36abef6a18cd72e6ae181625eb60a774f51951833006ac7f4fde0e99f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
16e22a3b054885c730c322ff5b6f991b

SHA1
ab1ae2ab2f3f3812a74b468d7eb8207789966a10

SHA256
623984dec8acb0933d52cbe7145442e2d8531a694cfd0c2d03889b1df88bbc59

SHA512
72ae58631217c81c6ea24534930efe9e692db226b0165a7a432b2d668a99388f9e6cef346eb66d068aa052f32b079b1612b014f74fb866b8ce2b621619c18585

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
61b6ce18104d2c453d60c3d756a31568

SHA1
ddfe773e8d4f64f8a8f1799e039444530865c6a8

SHA256
6f8148dbcecba046ae5031b751347989b27a440db5648fdd04d4b25703f3f9a7

SHA512
53c3d1c0cafc5caf23af24985120966c762910bcd01d5e602942c19f3fbd21037da1519d206a3a911c32326c72f7bd334eaafd56d940b9c60e44cc66788bb47f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
be2d315fa7fcaa9bce7abc3f143a61f0

SHA1
ea479a11f144e646eedb258b4ad04eb40547e005

SHA256
a897780fc44f0084a8e06b9a42fc9ccb78fc28f42743221a3272154e0d61c195

SHA512
baf4c4ab78b85a66f845b7afc290e61f78183218b6a5f2969f39d9b5d54a3951b177b896c3e436e9271d725aa0611dc6ba1a5bd1264d906ea905be82252b9d99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
18KB

MD5
862927617c5471ae1ba66966487bde5e

SHA1
745dc13a85f5d9cf7b4e212513944078ab163997

SHA256
43d4b954816a2d855576724030afa2937ad0ef83fc34ace0cede4e373913cac6

SHA512
28ee162bb8c987c77e4ed47c22fd6891c71d623ee11d157fdc5fe1edaa1165401132386a60cdc06eb908a2cc082ba5a3722689dbe7a08a4aa95413792e0c773a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
868ac7c7321b33b446d3eeb8a7be203e

SHA1
00411ee6df61328f7cc606d9f98bc0686e10b584

SHA256
193f6bd144f4eae421664fe85e4197aacd59767ce60c7f3fe694a66fa631eb5c

SHA512
7105ff266ba05b80e40c11b71d26386328ba01dd276ac4a5ab06b6f34e5ae1feafb184b6c70bb1dbfbce0facde76f9811a5477468f23cf15416b293964cb54c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\8d6fa0c1-62d5-4ffb-bfc7-87a0bfb155a2\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\dcc73037-b836-4f66-881d-a3637084647f\index-dir\the-real-index

Filesize
2KB

MD5
080152f86094283c7395ee3f30c393c5

SHA1
a7ec31b2dd35fdc819aef035c285d5fce60a956d

SHA256
d532bb54d0aa69cbb669f099c39dc18a543607fe3f087bbe187f8aad07508710

SHA512
7fd7fe9dda6a9542d0abb4ad124d2889716ba4930877b9c44b0082e05c4a03ae57363e532698d2e6bbfbd84ab7e4eb738ed3f596d8113425003f2d4a5371c4dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\dcc73037-b836-4f66-881d-a3637084647f\index-dir\the-real-index

Filesize
3KB

MD5
6ea0d6d4b43701d2fa912480517cf5b8

SHA1
ab7fea017d5c31c55faa149ce671b8995ccbe4a3

SHA256
ae4450ea629e34495176460c6ad5745c3c3e8c40bfda75418ef36645f6e63938

SHA512
963db41f4736dea5d99a2d95b80a0228056ee2a5b84b2e7a2330960f038b9c15614d02bdcbccd551aea19163047045030016e8ba2d2dbbb608ec9f5b67446467

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\dcc73037-b836-4f66-881d-a3637084647f\index-dir\the-real-index

Filesize
3KB

MD5
77e9af0bace23746358dc3100273949b

SHA1
cb7e1bff4852e09fc5105b7965e3c2849db31071

SHA256
de763f32094b93c31fb7dc383ee317ac62f9e32e288ff0494ecbb725034a5323

SHA512
eda78289b393b20746e8a3aa4baf5d0e9930309ccf2a43b634eb88b6f3d3253dbf94d7d384efaba3838dd034037cf8359ee64316408ddc615146791829b74d5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\dcc73037-b836-4f66-881d-a3637084647f\index-dir\the-real-index~RFe58e5d7.TMP

Filesize
48B

MD5
ce3a518e96f118f5dc894a830a921b7f

SHA1
e7e2782ce36d2e3c421f4924d2f0d2b2a2027fd6

SHA256
142a872d16ee8567941e09cf853aece5732420e103359396bb77aa382cd92686

SHA512
75ae5a752ed9a0a174c4597a4b57e77dcdfe8b59829b86d61a118db1cae14b078bfd8b2d05d42d1984350c5798b3545488c5cbc03c8ac72785315dac7cb2ac59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f01a0884-fe32-4a60-88fa-99aa30ce4244\969e0e2b7fa72813_0

Filesize
2KB

MD5
4d6f9b01a5608a13c6dbf8560033fba5

SHA1
0f79d16133495773b40fc7209c081ca4b7a1f310

SHA256
01e618a865e2ccaf1f0bb90f7dc646001c63fa43e829d98b43acf5fb8c5da818

SHA512
00df10309a31065b91a83facacb199cdcfb1ffa44201265ba43b6fa15e0090e1072bd429f75b002bbfd56b4bbf4073c21f9b863b7bc7284599e235fe3b05be06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f01a0884-fe32-4a60-88fa-99aa30ce4244\index-dir\the-real-index

Filesize
576B

MD5
45796ad5c3d99446b1724abe8e1a0eae

SHA1
d33e0f7d9a4840ef149d79fda3bdfec3ab8f8c39

SHA256
76747874aa85f8c2e9ad5d6eba5ba9116ef52cf961d98da975b0207925a45ef3

SHA512
fed836f691ee0677535e9c71fe0750c1c1920e9b04adfc24af32eb0cebe21b65adececb0af1ef252a085b75ee922882ffd2e6d9b86cec0ebba30a8f5cf60cc7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f01a0884-fe32-4a60-88fa-99aa30ce4244\index-dir\the-real-index~RFe593eb5.TMP

Filesize
48B

MD5
6aec5c8bbae767a9c87c5553111419ab

SHA1
627f0db3014deeff75d21fdf429db259874481e5

SHA256
f5efe534281db4c7c37bc3dd6b084d255758df39345daf3ad16642d875d82a8d

SHA512
4ac9e7a5bd64e50b8f4b89418c1602c50f7808308ec7e577ce05575fa5a265f9985f1e4aac44e40f1dfee09190d6bc7d70562a5872176db2a87d128e11595af6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
262B

MD5
1cd1a488ecb5bb6198cb1615ddf0c65a

SHA1
ee476d8de480004697b1657ae0cf8e391550b6bb

SHA256
eff472050d4002ca79438e32e482b0ce6a3748364fcb09c543ece1e01bd1f597

SHA512
aff536313867724fbf7f5b161814b9c9959fd852b4280729dd672d3331dc5ce578c4ea47ddc9101a7764f291c6e31500ad5cc73aff671646d266f86814a9b22d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
d1d8a24360dd7d55611ebb56c43ec82d

SHA1
db44057226363ab7aba30eb5875586e7c74c9b43

SHA256
99d4f343b5063f8e201851f4606f42d99c75482aa1dc8e8ba87b500b3827cf4e

SHA512
2c04019900c706d5790f4f282c4906d2ae7bc22da41a282d9f9a34aa23ac6a926ff54ac61771e2998bc8d29bed9a4ca7e9043f1c4e013d0f8294fd8c6698b57b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
66be28a57de30ad3117974025a60a9ab

SHA1
9c199644b4ce95dafb3ce719dbf31fb4c95fa502

SHA256
73a5d2c99339a425eb0984189d8912b85a885ff658fa7def0faef34099a76a15

SHA512
5c3e88f2ed447663f971e1001f8d23415d6de21ee38250982267dfe22744d5cdfe0d7eaa20fb7bf08ebe9e77f80d2f1f8d6a8467d6a613cf7fe8af6a80a80886

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
269B

MD5
3b48e0d3d170023c38af9abe5fa55fd3

SHA1
41e7f6d6efc7b3cc4cf6a1f6642cf3828b622c1b

SHA256
a4c9857b9df3193a56aa94466d426aad61ebcf69f527741b650068bb56ea3786

SHA512
148cf9fcab923fb59550bee11f0f042a40d24680261f04e4200decd0c11617a27be93c937fc8ec66e42dda76ff1c6b6b48d6f151a3d22481aa472404cb903e3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
262B

MD5
fd5f730bde6f02af50341b2c7521cd2d

SHA1
eed1f36b2b2dc79d5144759ca0ee91e3db3fc2d6

SHA256
d25a92417358593cc033523d6c516916ddaa0a745d50d463b55291371d0a9d32

SHA512
18477f50c200eb2aebb6990be55176e1d069a2ada128ed58e944a745df12ddddc819d4647e266692539a47e3352b6ac87f111384bd36e560fef85450b75b01c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
178B

MD5
74e8f206de1d0d2d0acc1cd499ae023c

SHA1
a8978ff2fbfdc221e3390bb5590ab5be71e1d0df

SHA256
0cc593a883627b61d79bbd30a6384fb25b688abe4ac5d0ea2d06f200f925723f

SHA512
7854f7ea266098cb7478364b2e085d1330905c4ce727c65f68f69feddbb66f69ff78247443364f7e68b52eac1c9f642d8dff1b56033abe7d5dcffe23525bf75e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
187B

MD5
483025e87cf752b4a706f872fa73d1c5

SHA1
02bfd864f9f6a18739cb34928c3649d706dc2738

SHA256
c5b6af70d51e81d99bee644f6c3689104a1bc68f3008d43adb36c1044327b669

SHA512
44fda8f6e60e02ec2a9c38b86681c39886c42065c6b926ac606ed649881b8034bc6a5f96a492de45e12cd99f650709738827d56f78a27ce91cede1935416de95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
220b4beb27a6fed32f6b24d3feac2f92

SHA1
9e1ca16ff3e87f9342676c52183ee4c8babc5de3

SHA256
bad80a05cf29385373bf81a12c0dc6b675e94eee437350ad9c82d756985141f6

SHA512
a678d1391363dd30891e604b8acfae41f5ba26b3b889c4e95115d5b17cb0add0b314e2eb742b1f9009cc58deb98310cf07bee67edd6c2ac53bbde718e5fe0986

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58d9d1.TMP

Filesize
119B

MD5
fa53021b6050b7b2ad3f7fb19a7509d9

SHA1
eb45b1fdbe642cc3a237362d25cfc15ceeeb2402

SHA256
2ec42658184c1568cd3446a334a304b5040842f4f10158076b57b9d44284a24c

SHA512
98f3919edbfe41da8f2ad03cb924ce7448431d07b59814be393ed218429b7872289e9557b2f29d8af5fbbd5f8c7eca4c6a32dd23b7b60b290716d30012cef7f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
144B

MD5
aa0b5020374eb94d1e6f4e166bf4dc36

SHA1
da10ce86d6485352ebb493e0e2306bdfb16ca6bd

SHA256
a8d7314b39209483f1ae26449889d8cf8f104f09160e27eaff7412d38d21c9cf

SHA512
787cadde88cc11c248660ecb6f60881cd80f584b46703f8f6d4ef801b0ab66a0e937766d35d834298bacafb2ee06c70471019aa215866a6638028c4ee2ddad5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
60a81213f14b8c2b0b88826f67f8ec1b

SHA1
5b52fe23f37062034470c0da8d5699e815acb8bb

SHA256
d37bf6565321948b0a12106c02ee94522656b2e2c33f33c48027c3d8818d42a8

SHA512
0f63f10ec16f479dc0d7bf238ee8c500483e97336ede650b87956a2cabc744da8fa122e43fcdb4670a6ab444741363276c74a69bea307b16cc3cbb7fad6bea0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
168B

MD5
35ce88a164f57e246d230dd5537d7fbc

SHA1
772231790fd02e297e63ede8fed81cee8fae22a5

SHA256
7c66c692306fed0ade941434b114de87f2a56b12f2f28d01e12181c46768fa68

SHA512
b14ffea4f554e451aed5668e33c6603ba4361c36329390fdfe9243cdbc0a5d4a719570127d633ed45370104200ec64c2585ae8d6057d02f68b7f506e544801bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
eec2b01be62a941f7676c424e61c3b0a

SHA1
2166b9b9be56d180c44044ae3cc94bca58863bdb

SHA256
85410e908de66090afdf07ccca17f7fc69a4e0e3e3cff23f90aa172950f48d7f

SHA512
0568a6fa7003531e722d3192513b43513c8e62a9cef76535091fc44da4586c85dc927e4892c2c6d754e972793cf52b57e43b1b772e7ff9c87facd834f9f139db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5823bf.TMP

Filesize
48B

MD5
56527e43ff7535c84cc0288a403d2f94

SHA1
82a37b6d77b3919de6f7245d1cfa32b09333cf92

SHA256
2b9e8b5e61679bab06071816d56dca3e97e2ca725c388e60fdf6d2456b5e34fc

SHA512
3a701fc8f65647ed2efba409471ffcefce45b24756e24a297ad5dc48a7859b0c7351820c5ce0ddebcd98d8e90628808ade61d61623489b7071cd3c9613ee679e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary\cache\index-dir\temp-index

Filesize
96B

MD5
942b63fabaf92bf42c98623e70a71163

SHA1
fe645a45de33c4d58bcfce219ab93ff1dee944da

SHA256
0c49e0e3ecfa3b21e7f8aee38e8dc63359bb5948e9451979511473cbd7bf3c74

SHA512
fab9aa343e6b1ac45b64ee47eda589d8751b836622b7353a33da41bf87a645cfb1a6e3e867b1b08686d9ae29a781e0a173c757c3173b98967b2e112bb08c8f65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary\cache\index-dir\the-real-index

Filesize
72B

MD5
c08ce3e11eefddbec5c53ff1ecfca9ce

SHA1
9e9512e87333ccb3685511fd064386c4cf59b523

SHA256
02bb949bac5d8287576b7a16ecf6ca503bc836ee2113635b80e79de61c8780d3

SHA512
910b37246b2691d8ec4d35f0362382eaadad49009c450441cad6caa030c226d617b4617269eed8bf59d3bf3aef7e357ec669d0806b376e3f0892259be402d7b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir5020_1725267072\Shortcuts Menu Icons\Monochrome\0\512.png

Filesize
2KB

MD5
206fd9669027c437a36fbf7d73657db7

SHA1
8dee68de4deac72e86bbb28b8e5a915df3b5f3a5

SHA256
0d17a989f42bc129aca8e755871a7025acb6292ce06ca2437e95bedbc328fa18

SHA512
2c89878ec8466edf1f214d918aefc6a9b3de46d06ffacff4fdb85566560e94068601b1e4377d9d2eabefdc1c7f09eb46b00cf4545e377cc84a69edf8e57e48b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir5020_1725267072\Shortcuts Menu Icons\Monochrome\1\512.png

Filesize
10KB

MD5
529a0ad2f85dff6370e98e206ecb6ef9

SHA1
7a4ff97f02962afeca94f1815168f41ba54b0691

SHA256
31db550eb9c0d9afd316dc85cdfd832510e2c48e7d37d4a610c175667a4599c6

SHA512
d00e2d741a0a6321c92a4aab632f8f3bafd33c0e2875f37868e195ed5e7200a647b4c83358edcef5fc7acbc5c57f70410903f39eac76e23e88a342ac5c9c21cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\3\CacheStorage\index.txt

Filesize
76B

MD5
46cb7641be727eb4f17aff2342ae9017

SHA1
683a8d93c63cfa0ccbf444a20b42ae06e2c4b54d

SHA256
944fff1dd6764143550534f747243ef7d84fdac0642c94135ab40f584520f63e

SHA512
dc1b5f363e90abff5c1663a82764296922c842820d2819805e87da6da1081f1b5f2d8debc83ac34a26ce289b7b22588b022433686b19b039074ae184968b9fda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\3\CacheStorage\index.txt~RFe583e5c.TMP

Filesize
140B

MD5
e4abf364b0816ac44516e3a3e58ff976

SHA1
1df02b0a2841336868a19b618bda28204043b1d5

SHA256
afd7f7b81748efad38344c956403959659eab6c76ffa13c5a754d8b7235c9d41

SHA512
0fc57592feb847c7b1c6b2594f821a4e76b15b0a48cd57a2b81ead66491744ce6579373a677c04b9f357b1ffcf066df129327e21bc3eaa6de5372b8b36a85b7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\3\IndexedDB\indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\f_00002b

Filesize
21KB

MD5
a09a3645e814d46a4118a391518b7b8c

SHA1
370adc8dfcbb8bce03ddc93cc75f092fc5ea8278

SHA256
38d5f0ea3194b48fd6f9c0a7c07f5de854cff70e2b90f6b8d1051e039eb7292b

SHA512
15a0688f2b8d40570ee44df7fb1c1ed414cdb2b80085067f166e5c3ea11ed279872339943ffca5a6c2ab0d8c61b86681d00b94d2569abb5c2ea3de0cf7a1a958

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
3b33f561f8b0a948d303ed249ee71bf7

SHA1
3db5312d0971ac35742fd51828d9861bdf218c4d

SHA256
563b7eaa655ae50e072edd8572014059f41385172568114f57dcba42077375c5

SHA512
8f489491146f8f8405c6c5ae8bcee98ed2ed9ce362a30b443773a22ce58bc5ddf82a1551ad39194369f0b5fe37c7f82c24d3514de47b69875b535b1ede058c50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
7767badf77b3da2425893aadd290a1e8

SHA1
cf192262949f7d7357f42ac859e28b2435114564

SHA256
d908c4722ec4b8a955d7b94d4c371dc166b17e91d4bbc567dca0621aa7fb8e32

SHA512
67dc10a14c2a9c18da284152918c4e40d077bbaec796e35afb4662427f2a4acc53ad0e8545799bf70c8fa504a6eb06f46b5b1b196d871a95f8c48284bc8b70e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
5896763533d9e5418a4ac10eeeb2cf29

SHA1
e8d5a75cee4e2fafbb4f6a66f2ba9e7cfa976a4d

SHA256
a45e6d31dc538005eebe2b2240b68fbfa6ba8eddefb478dbe9a645dec3cbc48e

SHA512
55763d85a9bd85ee5ad0453d72a5210ef4077ec56aa3d6ad69eb83ad66e9f1cc21f97d3f982189fc8f92a310c8705bb7b75d012fdff08144a0dcdb8cf8376bf3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
54ef4ace5bff54747439ad2df29c5604

SHA1
26a84ad3cdfebdebe4862e766b38033d43dbacb7

SHA256
fcee00aeaf14d148445de558f2f6be6a6290556f8f752b80b11411c4bf4d0f1c

SHA512
cff5b2839ad2c75b51968e38a4dbdfdc417fc58c1e09233f5b35fd2e4da1af220f55d83eb8b1569d4a45b693e321a7633653b2fbe86d8fb6a9d61fb7423cafec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
156KB

MD5
581fdf151003ebcae0477155c6d1a6f6

SHA1
f20737af6cf7c88b6e12a7abba45a5ee5a2aee67

SHA256
4324a20f5e9db7db6ea65d02f9cdb585c2541521365eb2b09419e03287810792

SHA512
4461c6b07063f1e0ceef2f91bcc11407c24213b30d8c2c1b420b00da3adc099e7e8ef974b9203970a230242d04b109a54299a0023b0f72760686febc422d0e5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
8165d331a65e980c7f75dba657342854

SHA1
44967c0388744de38b07e07e3a9cb174854eb7bf

SHA256
08d7b1fa1c3cdacb73cb9b34bb51a0516bfeac2f10ec54f2f27469d1c97820a9

SHA512
ee23180ed03c5042d6e6343ac2181a6d9ffbbb775e1031222e46b4a61eca4f1caf2dab50269271a07b284e270195595c91ce8c43d4cef77c8873845216546e54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
02cf1313b32a8ab2f031cee39bee8fc3

SHA1
861cc0ab9ff881460dd6433e37075b822aac9355

SHA256
7e7fd13903a8d57f314d9e7dab6fa28975050b63f045eb315e96cccaa17d1e61

SHA512
f5464c94391bfb590f6755c2ae6896dd459a2a93d778601caebf272438c2ff127ec5de81dcf8efeec65a56609558477afc7be1c4993977a18fde7b915f7a8700

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
80446c379e3f0ef4e36cc5085a7297c1

SHA1
97daa0dc77be12d07410e9c4068a551ca9116cb8

SHA256
0922a3da574ad88e82fcc3e838b9ded7099ffebffc129d1f71fa424267c39289

SHA512
96ce87427271f01f7192061cd0c3401a5dd2d693aa1d0ef45420b51e24b4ab599a0031342965780f7d18ba53f017c84d00b4c04135d14e799cdaedd8ebe9e65d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\804c9880-be3a-415d-8763-460d095f4b39.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000071

Filesize
32KB

MD5
6ef5d27d3fdcb15ad81464600d379d20

SHA1
92abe3adb566be7ed76c9331e0a1e8d586e02404

SHA256
bb29f9dddabda5d8f17c5af17eed51b1ee044a3c49b696047ec4c02a7347d222

SHA512
cad46a90424397a6fb463f6cad6b7c9c30d1056d6a5afbc5b2264d4d5afac0ff729082196b8ba01ba31f578bb5d55f68feb3a9ae6281d2113b18674686ae3023

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
023bffec64550c87bf6e1459080dc540

SHA1
a9ad72999a8fd881ec5791568bf69e04725d1eb4

SHA256
93e7b790ed499b8c5900e5517622f59c61bc390ba203b11eaf6963bb58eec264

SHA512
3de9e911435634a68035fe93ac61ec6f171dfba6e5a099a354af2ad0b73d7a9b8af31a1aed2053d4e498cf841361da7aa3bf7c347cd4a24ae98060b663d09fe5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5c83fd.TMP

Filesize
3KB

MD5
9876b136ee54379fdfa879802d9da250

SHA1
151090cfa00caebbfaf9481c250b23e2965f0b3f

SHA256
e4695c19a58ecfe3c1bd5971910404732def9274752d0cb9e41120fea315a816

SHA512
030db6b24fcf5f2ab4aed75e0702fb2b6776684311b0d169cfc96177cf286e0ec1ade0426429f84a5bb2b5638b47c3009e82a2f86c08f8fdf0da4ef8855ba141

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
69KB

MD5
164a788f50529fc93a6077e50675c617

SHA1
c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48

SHA256
b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17

SHA512
ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
663bc6e166ea889152f88143cb59a50a

SHA1
792f1dff0c6dffcfdc8eca41ca0d95ba321324ca

SHA256
e25214bca4cf0d32be7e080ddedb71c16e48aaf68ad043eeecfc11f919d6dcbb

SHA512
afdaed061c9adc971dbc47ea4f0bad4a4614e36d71d6f3bd610057a32e73b624298f1640516eec1229b9925cfacab79b18d938e7b68b596b6bb655d7d6995cc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
2a1c612cb6622b5fab08c3eae94bdf9c

SHA1
a44a4ad97b7ad3f3232343ae6f6b6aee41dfbda7

SHA256
d7bd3a3488b43f9be8deb80567a6284fecc8f7db0a6d335a15a627ca05f2ca47

SHA512
03acb43dcc89d8305adc9bdd795e60aaafc539ed3cd16b4360d2614e68fbe0eab30cacc489ca6e2fa9552051574da4c5c591a5bcc1d69de0b7ccd7923f0dbfa8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
28KB

MD5
822cedc73228a9848f5cab0588147ae1

SHA1
5e23f47137bd60970ff7a69619d55cd96a5bd89b

SHA256
7b235c6e1b95faf3e315ed2fd42f7cde5d9f028a33ddcecc5ef4840f6b61b69e

SHA512
3e1af5d7ea4a6d8121386d484f29239280c462964373cee0c9339f54267456c16b180d5e4a6d0114f98535786c0340c77599c867986276fe98e830c49014ea5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
16KB

MD5
4e7842029f500090064b42e5efc8aec4

SHA1
bbed072705db785d52445b7dea8c268eabcc48c5

SHA256
7c9d71f6a15c450e07a723acbad4aaddd0b2624807323409c3a5c22b601f8762

SHA512
49244e9a55e52c9c91c87d8979279dbe39355b290e1c59dcebea7073617ea13b56b6003baa6ff59868f379a656074a5fb53ca9f43b7f85e18f914ef48f8fc66b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
6KB

MD5
b95db52b8654a9276a393f720b13cedc

SHA1
549b6d9f3f45842ef436cbfcb545fa781b8961a4

SHA256
82f19e638fa3f68e2f62a34f88769b7960e9e7274692ff9a701468fbdc3bc430

SHA512
8520428921b8e77a52fb1e7c311782c9cc988d8eee73534210fcee045f9168d6efec22923840614e6cec0b85615abec6f39e444e402dacad6e1e46ce312f3661

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
7KB

MD5
cddd575b1e99ba7f0ee46d524a14eeee

SHA1
f3c8a2342740060f905fd2caf9da6d847d925982

SHA256
fec16fddf19e9881ea0f4d7f42f1ce4ce9478e94e9651232b7d2db337d5e732a

SHA512
a67efe12ebccba7a18e609301eb0d2066b6883bd3ec74ca203ec083813f24c846389d01269973ac808d06f5f11d962d140477c2340d014c9f3f0b9e59c33d729

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
22KB

MD5
88ae3e5ae5d8f07d6f2da60942cc50dc

SHA1
cdb4aed3ec05fbd6aa3221c92f27d286b519b267

SHA256
b009fccb5d7af1a8668dee153e52901b28ec85fca99bd8d5795de73c4f72e968

SHA512
10f5e8482886e9be888db5190d87ce9070183ece74d8f61fa4b8e1714d9d12d6d152c108f1ca78cb121aeb2d3344be4b3c05089b83a0c149d2d0b7d2529664e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5020_1706357282\ea71f60f-3e01-4568-bd11-5e1703528dc5.tmp

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
ac2e5c752ecbd63c9ac579dcb98572e9

SHA1
b6e68ec10d2875031d11c0cccf9d54c943685a30

SHA256
24d5e3f64bb789b73bb53f8d72d08542e2f0cb06c8ebcd3bef7b607675a98ff4

SHA512
368fc795d669ba6245862f88210037229bac18aa4fa33769e2586eb37fe728950bf99173c2c1b0f9777cd2b2c5019790a14869d9486b6d7dd198673cf1a365a9

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\DawnGraphiteCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\DawnWebGPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\DawnWebGPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\DawnWebGPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\TransportSecurity

Filesize
1024B

MD5
4dd6074799fed698962a81a31c028666

SHA1
f3a82c4c58a6be5ab628fb8d7ef9886af15f4c32

SHA256
310668ed43b46f06fa07aa45ba5ad818c239a2d00ba528ac74a9449af9b46640

SHA512
9d6c2feac01868c0a7abde6cfaa477599f709c41a0bd277f3afa03eee92f5da8f2f727368f65b0f88267b55ab4c9a5542a19d03dbe8ff12e3ed5c19281e17a34

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\TransportSecurity~RFe5c9821.TMP

Filesize
1024B

MD5
d06f6bfcfcd1f6fd8bb7317ac7fd39ec

SHA1
3fcd2a6df16713208cc462883da98ec8ce6a1ad3

SHA256
342807b9c5e096a84d7d5fad01ef6b5cbda81fcd132c81fe9bb11ef8a778f135

SHA512
7d22955722c09b955be183107cffd2950baecf3ff44af00d5cc62519c8cb3f7d9388cc3fc8c496642eaeca451d73675856d329d2c04e3508fffbc0c8f0af69b2

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Site Characteristics Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State

Filesize
1KB

MD5
1dfbe5971be251741e5d9624307e60ce

SHA1
cf32186b94599740c2dbcf62524db8289a9317f8

SHA256
b8df5600f35693e9138b4583a456d9ac9a2ca053cdf3a5946f4ded41ceee5934

SHA512
96701ab2cba24e2f0ee5554c01c86e37e0a380f0575398ec62ced9e9f8fb862ed914e88ee90075c0847c01ed47088d1d025c94ae6d111f82d33b062b7e8c9b09

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State

Filesize
16KB

MD5
11243640065a34a0613d73e57c2e44a3

SHA1
57edce295e9419a0e1f1a32a2a13b5171b2cdbdd

SHA256
10bae3bb5b4a2bbd49941f8e0a27ad588736a534349b8c0e0f22cc09d7af90fe

SHA512
f14db81cf9f43b95e98105f0039bad0c22e95bed563e35aba1f3ad456c20bfd68af8891d7cc39f92b3f0fce31d97607ca3aa6585180afa45d0a82713555018fd

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State

Filesize
3KB

MD5
dd81320a023e032742fc66ee88e26d4a

SHA1
41d7fec6a2f9b8e8680ab5c1a861d0d19a28384a

SHA256
093c39990a6d73105260b747edc1ccfeaf5f5c4e3856e0fbb76b8eb31f0f2830

SHA512
fb3434173c7c4a966aa98a25dfcbbf16b3d31f1fd96c87663de917e18425cee557d6009382e67240fa66b22414ed589d3e7fa668fff51674faa5f83752d403b1

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State

Filesize
2KB

MD5
4111d64c5e2c86746971ef0e7d635c35

SHA1
fcd83563bf09836f36ffe41929cd31e06d22acd0

SHA256
f09944c532610da38bc4d21a06dec3f2526e8fae49ff784f0c8795e189d97511

SHA512
3ffef7d298627086355411a889becb32d0a2aedc8d9113888eb120c694106992c589e81b2dfb2fc2188c14cf7511ca8b1f11189f935a6b81df78bed01d09b65a

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State~RFe5c42cd.TMP

Filesize
1KB

MD5
15f13c25fdd4fbf43b04d64dd2001a80

SHA1
c1eaef035f3ec46d27fea30c296ac49fc47f3ae3

SHA256
f0cfa335b76d01b52811fef5f3275ba8a74b5ef09c4bdf338142f7ea065b3ed7

SHA512
479562534f7a257680d46f1215e3d9e458f20da8cf4b5a7a3fcf6aaf85bb4d0b1cee97e37437b4f4f1d062a811ba88dbfdb02ac83214804e90c84134c024dd7a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Windows\Installer\e5bf346.msi

Filesize
180KB

MD5
7c87329a66d4c22f03acea4e817971f9

SHA1
12a2134fa09fd7df026ffc20bfe58a7d30d6ae73

SHA256
c78bc45113d0270c2154930761c3b74db714987a16c0fbe5e7a05fa3a853d0c8

SHA512
73f11aa3f9b3dbfba157a0d47dc61ff2a22509b61339882a9c2cee53ee335b18820700d7a413b81b426e71c83443f0d99bea8b3638b8b87ee9a42f01f404f955

Download Submit
C:\Windows\Installer\e5bf397.msi

Filesize
6.2MB

MD5
900a51240149c0317a1a71738f6cecbd

SHA1
a207e7cac1d2062a5951cee7a4589ba52785e75b

SHA256
c70f0597c3f2fc5be12b58f9e8c297b09de1f477158b9de398f2068269f9056e

SHA512
b4db879d590d112a47bd0a7febd2af1c15ff8767daab1d64c202dc081bebce77840badec78f871da182154610cb068a4a52a9dbaac6fd4912580ab55623d6826

Download Submit
C:\Windows\Temp\{06763CF7-C378-4B96-8910-53F87B8F00A6}\.ba\1028\license.rtf

Filesize
17KB

MD5
2b063d92663595dfe4781ae687a03d86

SHA1
0fb582e756dbc751ea380593ac4da27ddb4ebb06

SHA256
44c76290f7a2e45940e8338912feb49bcf4e071cfa85d2d34762857743acbc8d

SHA512
94c8fda6173c7f5740f206190edcd1f1f1c309596b710d400e23cd363a619d707a5d4576d4fe63ab7cb68947f009efd29a1fbe04743a294698bf2ae17e92c214

Download Submit
C:\Windows\Temp\{06763CF7-C378-4B96-8910-53F87B8F00A6}\.ba\1028\thm.wxl

Filesize
2KB

MD5
472abbedcbad24dba5b5f5e8d02c340f

SHA1
974f62b5c2e149c3879dd16e5a9dbb9406c3db85

SHA256
8e2e660dfb66cb453e17f1b6991799678b1c8b350a55f9ebe2ba0028018a15ad

SHA512
676e29378aaed25de6008d213efa10d1f5aad107833e218d71f697e728b7b5b57de42e7a910f121948d7b1b47ab4f7ae63f71196c747e8ae2b4827f754fc2699

Download Submit
C:\Windows\Temp\{06763CF7-C378-4B96-8910-53F87B8F00A6}\.ba\1029\license.rtf

Filesize
12KB

MD5
e7dc9ca9474a13fa4529d91bcd2ab8cc

SHA1
511f5de8a99c09ec3766c5e2494a79eacca261c8

SHA256
503c433dcde2f3a9e7d388a5ff2b0612e7d8f90f5188d5b2b60228db33044fde

SHA512
77108e53cd58e42f847d8ef23a07723c4849dc41dbe1c3ef939b9170e75f525bec9d210d6c1fbfeb330ece2e77b8a8e2808730d9e6f72f5b3fe626d58b6068c6

Download Submit
C:\Windows\Temp\{06763CF7-C378-4B96-8910-53F87B8F00A6}\.ba\1029\thm.wxl

Filesize
3KB

MD5
16343005d29ec431891b02f048c7f581

SHA1
85a14c40c482d9351271f6119d272d19407c3ce9

SHA256
07fb3ec174f25dfbe532d9d739234d9dfda8e9d34f01fe660c5b4d56989fa779

SHA512
ff1ae9c21dcfb018dd4ec82a6d43362cb8c591e21f45dd1c25955d83d328b57c8d454bbe33fbc73a70dadf1dfb3ae27502c9b3a8a3ff2da97085ca0d9a68ab03

Download Submit
C:\Windows\Temp\{06763CF7-C378-4B96-8910-53F87B8F00A6}\.ba\1031\license.rtf

Filesize
12KB

MD5
2ddca2866d76c850f68acdfdb696d6de

SHA1
c5076f10b0f0654cde2c990deeb2772f3cc4844b

SHA256
28f63bad9c2960395106011761993049546607f8a850d344d6a54042176bf03f

SHA512
e3a3693b92873e0b42007616ff6916304edc5c4f2eee3e9276f87e86dd94c2bf6e1cf4e895cdf9a1aa0cac0b381b8840eee1f491123e901dee75638b8bc5ce1b

Download Submit
C:\Windows\Temp\{06763CF7-C378-4B96-8910-53F87B8F00A6}\.ba\1031\thm.wxl

Filesize
3KB

MD5
561f3f32db2453647d1992d4d932e872

SHA1
109548642fb7c5cc0159beddbcf7752b12b264c0

SHA256
8e0dca6e085744bfcbff46f7dcbcfa6fbd722dfa52013ee8ceeaf682d7509581

SHA512
cef8c80bef8f88208e0751305df519c3d2f1c84351a71098dc73392ec06cb61a4aca35182a0822cf6934e8ee42196e2bcfe810cc859965a9f6f393858a1242df

Download Submit
C:\Windows\Temp\{06763CF7-C378-4B96-8910-53F87B8F00A6}\.ba\1036\license.rtf

Filesize
12KB

MD5
a6e352e5804313ccde3e4d5dddde122d

SHA1
834e3aaa07dc675589a9e5fcd23ce5586c2739e8

SHA256
5c13a65870d770d1642a4259eecb436257ca39016a0500f747be9c79be0c7009

SHA512
6578ac6467f61930bc1b20e404441725c63790c65aec1ace297429ead15f50e68d5fe9cc1451ac86ae23dc1a7fe967650166293010d687785fb81fb4492b87c4

Download Submit
C:\Windows\Temp\{06763CF7-C378-4B96-8910-53F87B8F00A6}\.ba\1036\thm.wxl

Filesize
3KB

MD5
7b46ae8698459830a0f9116bc27de7df

SHA1
d9bb14d483b88996a591392ae03e245cae19c6c3

SHA256
704ddf2e60c1f292be95c7c79ee48fe8ba8534ceb7ccf9a9ea68b1ad788ae9d4

SHA512
fc536dfadbcd81b42f611ac996059a6264e36ecf72a4aee7d1e37b87aefed290cc5251c09b68ed0c8719f655b163ad0782acd8ce6332ed4ab4046c12d8e6dbf6

Download Submit
C:\Windows\Temp\{06763CF7-C378-4B96-8910-53F87B8F00A6}\.ba\1040\license.rtf

Filesize
11KB

MD5
bc58ad6abb16b982aebadc121b37e706

SHA1
25e3e4127a643db5db2a0b62b02de871359fae42

SHA256
70ecf23c03b66a2b18e173332586afa8f00f91e02a80628f4f9cb2521e27f6ac

SHA512
8340452cb5e196cb1d5da6dbb3fa8872e519d7903a05331055370b4850d912674f0b6af3d6e4f94248fe8135eb378eb36969821d711fe1624a04af13bbe55d70

Download Submit
C:\Windows\Temp\{06763CF7-C378-4B96-8910-53F87B8F00A6}\.ba\1040\thm.wxl

Filesize
3KB

MD5
d90bc60fa15299925986a52861b8e5d5

SHA1
fadfca9ab91b1ab4bd7f76132f712357bd6db760

SHA256
0c57f40cc2091554307aa8a7c35dd38e4596e9513e9efae00ac30498ef4e9bc2

SHA512
11764d0e9f286b5aa7b1a9601170833e462a93a1e569a032fcba9879174305582bd42794d4131b83fbcfbf1cf868a8d5382b11a4bd21f0f7d9b2e87e3c708c3f

Download Submit
C:\Windows\Temp\{06763CF7-C378-4B96-8910-53F87B8F00A6}\.ba\1041\license.rtf

Filesize
29KB

MD5
47c315c54b6f2078875119fa7a718499

SHA1
f650ddb5df2af2ee7555c410d034b37b9dfd055b

SHA256
c3061a334bfd5f02b7085f8f454d5d3d97d477af14bab497bf31a7887bc90c5b

SHA512
a0e4b0fcccfdd93baf133c2080403e8719e4a6984237f751bd883c0d3c52d818efd00f8ba7726a2f645f66286305599403470f14d39eedc526dde59228a5f261

Download Submit
C:\Windows\Temp\{06763CF7-C378-4B96-8910-53F87B8F00A6}\.ba\1041\thm.wxl

Filesize
3KB

MD5
dc81ed54fd28fc6db6f139c8da1bded6

SHA1
9c719c32844f78aae523adb8ee42a54d019c2b05

SHA256
6b9bbf90d75cfa7d943f036c01602945fe2fa786c6173e22acb7afe18375c7ea

SHA512
fd759c42c7740ee9b42ea910d66b0fa3f813600fd29d074bb592e5e12f5ec09db6b529680e54f7943821cefe84ce155a151b89a355d99c25a920bf8f254aa008

Download Submit
C:\Windows\Temp\{06763CF7-C378-4B96-8910-53F87B8F00A6}\.ba\1042\license.rtf

Filesize
27KB

MD5
641d926354f001034cf3f2f3b0ff33dc

SHA1
5505107fff6cf279769a82510276f61ea18637ae

SHA256
3d4e9c165cbeab829d608106f0e96450f839ffa8adbd755f0b51867e89da2ae0

SHA512
b0339664434b096abc26d600f7657919ef3689b4e0fdfd4edd8e479859a51ef51be8f05fa43e25567ffd6c1c2bcc6ef0d7a857b6d666d264c7783bad3a383d0e

Download Submit
C:\Windows\Temp\{06763CF7-C378-4B96-8910-53F87B8F00A6}\.ba\1042\thm.wxl

Filesize
3KB

MD5
b3399648c2f30930487f20b50378cec1

SHA1
ca7bdab3bfef89f6fa3c4aaf39a165d14069fc3d

SHA256
ad7608b87a7135f408abf54a897a0f0920080f76013314b00d301d6264ae90b2

SHA512
c5b0ecf11f6dadf2e68bc3aa29cc8b24c0158dae61fe488042d1105341773166c9ebabe43b2af691ad4d4b458bf4a4bf9689c5722c536439ca3cdc84c0825965

Download Submit
C:\Windows\Temp\{06763CF7-C378-4B96-8910-53F87B8F00A6}\.ba\1045\license.rtf

Filesize
13KB

MD5
f140fd8ca2c63a861d04310257c1b1db

SHA1
7bf7ef763a1f80ecaca692908f8f0790a88c3ca1

SHA256
6f94a99072061012c5626a6dd069809ec841d6e3102b48394d522a0c2e3aa2b5

SHA512
a0bd65af13cc11e41e5021df0399e5d21b340ef6c9bbe9b1b56a1766f609ceb031f550a7a0439264b10d67a76a6403e41aba49b3c9e347caedfe9af0c5be1ee6

Download Submit
C:\Windows\Temp\{06763CF7-C378-4B96-8910-53F87B8F00A6}\.ba\1045\thm.wxl

Filesize
3KB

MD5
15172eaf5c2c2e2b008de04a250a62a1

SHA1
ed60f870c473ee87df39d1584880d964796e6888

SHA256
440b309fcdf61ffc03b269fe3815c60cb52c6ae3fc6acad14eac04d057b6d6ea

SHA512
48aa89cf4a0b64ff4dcb82e372a01dff423c12111d35a4d27b6d8dd793ffde130e0037ab5e4477818a0939f61f7db25295e4271b8b03f209d8f498169b1f9bae

Download Submit
C:\Windows\Temp\{06763CF7-C378-4B96-8910-53F87B8F00A6}\.ba\1046\license.rtf

Filesize
10KB

MD5
9a8d2acf07f3c01e5cbc461ab932d85b

SHA1
8781a298dcc14c18c6f6db58b64f50b2fc6e338e

SHA256
27891eec899be859e3b4d3b29247fc6b535d7e836def0329111c48741ec6e701

SHA512
a60262a0c18e3bef7c6d52f242153ebe891f676ed639f2dacfebbac86e70eebf58aa95a7fe1a16e15a553c1bd3ecaccd8677eb9d2761cb79cb9a342c9b4252e2

Download Submit
C:\Windows\Temp\{06763CF7-C378-4B96-8910-53F87B8F00A6}\.ba\1046\thm.wxl

Filesize
3KB

MD5
be27b98e086d2b8068b16dbf43e18d50

SHA1
6faf34a36c8d9de55650d0466563852552927603

SHA256
f52b54a0e0d0e8f12cba9823d88e9fd6822b669074dd1dc69dad6553f7cb8913

SHA512
3b7c773ef72d40a8b123fdb8fc11c4f354a3b152cf6d247f02e494b0770c28483392c76f3c222e3719cf500fe98f535014192acddd2ed9ef971718ea3ec0a73e

Download Submit
C:\Windows\Temp\{06763CF7-C378-4B96-8910-53F87B8F00A6}\.ba\1049\license.rtf

Filesize
31KB

MD5
62229be4447c349df353c5d56372d64b

SHA1
989799ed24913a0e6ae2546ee2a9a8d556e1cb3b

SHA256
1bb3fb55b8a13fa3bafffe72f5b1ed8b57a63bd4d8654bb6dc5b9011ce803b44

SHA512
fa366328c3fd4f683fdb1c5a64f5d554de79620331086e8b4ccc2bfc2595b1fded02cec8aa982fcd8b13cc175d222af2d7e2cd1a33b52f36afd692b533fdbf13

Download Submit
C:\Windows\Temp\{06763CF7-C378-4B96-8910-53F87B8F00A6}\.ba\1049\thm.wxl

Filesize
4KB

MD5
17c652452e5ee930a7f1e5e312c17324

SHA1
59f3308b87143d8ea0ea319a1f1a1f5da5759dd3

SHA256
7333bc8e52548821d82b53dbd7d7c4aa1703c85155480cb83cefd78380c95661

SHA512
53fd207b96d6bcf0a442e2d90b92e26cbb3ecc6ed71b753a416730e8067e831e9eb32981a9e9368c4cca16afbcb2051483fdcfc474ea8f0d652fca934634fbe8

Download Submit
C:\Windows\Temp\{06763CF7-C378-4B96-8910-53F87B8F00A6}\.ba\1055\license.rtf

Filesize
13KB

MD5
9625f3a496dbf5e3e0d2f33d417edbbf

SHA1
119376730428812a31b70d58c873866d5307a775

SHA256
f80926604e503697247353f56856b31de0b3fc1319f1c94068363952549cc9b1

SHA512
db91a14fc27e3a62324e024dd44e3b5548af7e1c021201c3d851bd2f32537885aacfc64adae619bac31b60229d1d5fc653f5301cd7187c69bd0acecce817d6a3

Download Submit
C:\Windows\Temp\{06763CF7-C378-4B96-8910-53F87B8F00A6}\.ba\1055\thm.wxl

Filesize
3KB

MD5
defbea001dc4eb66553630ac7ce47cca

SHA1
90ced64ec7c861f03484b5d5616fdbcda8f64788

SHA256
e5abe3cb3bf84207dac4e6f5bba1e693341d01aea076dd2d91eaa21c6a6cb925

SHA512
b3b7a22d0cdada21a977f1dceaf2d73212a4cddbd298532b1ac97575f36113d45e8d71c60a6d8f8cc2e9dbf18ee1000167cfbf0b2e7ed6f05462d77e0bca0e90

Download Submit
C:\Windows\Temp\{06763CF7-C378-4B96-8910-53F87B8F00A6}\.ba\2052\license.rtf

Filesize
17KB

MD5
d083c7e300928a0c5aea5ecbd1653836

SHA1
08f4f1f9f7dfa593be3977515635967ce7a99e7a

SHA256
a808b4933ce3b3e0893504dbef43ebf90b8b567f94bd6481b6315ed9141e1b11

SHA512
8cb3ffad879baba36137b7a21b62d9d6c530693f5e16fbb975f3e7c20f1db5a686f3a6ee406d69b018aa494e4cd185f71b369a378ae3289b8080105157e63fd0

Download Submit
C:\Windows\Temp\{06763CF7-C378-4B96-8910-53F87B8F00A6}\.ba\2052\thm.wxl

Filesize
2KB

MD5
3d1e15deeace801322e222969a574f17

SHA1
58074c83775e1a884fed6679acf9ac78abb8a169

SHA256
2ac8b7c19a5189662de36a0581c90dbad96df259ec00a28f609b644c3f39f9ca

SHA512
10797919845c57c5831234e866d730ebd13255e5bf8ba8087d53f1d0fc5d72dc6d5f6945dbebee69acc6a2e20378750c4b78083ae0390632743c184532358e10

Download Submit
C:\Windows\Temp\{06763CF7-C378-4B96-8910-53F87B8F00A6}\.ba\3082\license.rtf

Filesize
10KB

MD5
873a413d23f830d3e87dab3b94153e08

SHA1
24cfc24f22cef89818718a86f55f27606eb42668

SHA256
abc11bb2b04dff6afe2d4d4f40d95a7d62e5af352928af90daa3dade58dd59bd

SHA512
dc1eccb5cc4d3047401e2bc31f5eb3e21c7881c02744a2e63c10d3c911d1158dcfac023988e873c33dc381c989304fe1d3cb27ed99d7801285c4c378553cd821

Download Submit
C:\Windows\Temp\{06763CF7-C378-4B96-8910-53F87B8F00A6}\.ba\3082\thm.wxl

Filesize
3KB

MD5
47f9f8d342c9c22d0c9636bc7362fa8f

SHA1
3922d1589e284ce76ab39800e2b064f71123c1c5

SHA256
9cbb2b312c100b309a1b1495e84e2228b937612885f7a642fbbd67969b632c3a

SHA512
e458df875e9b0622aebe3c1449868aa6a2826a1f851db71165a872b2897cf870ccf85046944ff51ffc13bb15e54e9d9424ec36caf5a2f38ce8b7d6dc0e9b2363

Download Submit
C:\Windows\Temp\{1D5FE2FB-D4BF-4A03-896D-6ABD22850A86}\.ba\license.rtf

Filesize
9KB

MD5
04b33f0a9081c10e85d0e495a1294f83

SHA1
1efe2fb2d014a731b752672745f9ffecdd716412

SHA256
8099dc3cf9502c335da829e5c755948a12e3e6de490eb492a99deb673d883d8b

SHA512
d1dbed00df921169dd61501e2a3e95e6d7807348b188be9dd8fc63423501e4d848ece19ac466c3cacfccc6084e0eb2f457dc957990f6f511df10fd426e432685

Download Submit
C:\Windows\Temp\{1D5FE2FB-D4BF-4A03-896D-6ABD22850A86}\.ba\thm.wxl

Filesize
2KB

MD5
fbfcbc4dacc566a3c426f43ce10907b6

SHA1
63c45f9a771161740e100faf710f30eed017d723

SHA256
70400f181d00e1769774ff36bcd8b1ab5fbc431418067d31b876d18cc04ef4ce

SHA512
063fb6685ee8d2fa57863a74d66a83c819fe848ba3072b6e7d1b4fe397a9b24a1037183bb2fda776033c0936be83888a6456aae947e240521e2ab75d984ee35e

Download Submit
C:\Windows\Temp\{1D5FE2FB-D4BF-4A03-896D-6ABD22850A86}\.ba\thm.xml

Filesize
8KB

MD5
f62729c6d2540015e072514226c121c7

SHA1
c1e189d693f41ac2eafcc363f7890fc0fea6979c

SHA256
f13bae0ec08c91b4a315bb2d86ee48fade597e7a5440dce6f751f98a3a4d6916

SHA512
cbbfbfa7e013a2b85b78d71d32fdf65323534816978e7544ca6cea5286a0f6e8e7e5ffc4c538200211f11b94373d5658732d5d8aa1d01f9ccfdbf20f154f1471

Download Submit
C:\Windows\Temp\{4492B016-CBBC-40EF-AB02-A80B598C44F7}\.ba\logo.png

Filesize
1KB

MD5
d6bd210f227442b3362493d046cea233

SHA1
ff286ac8370fc655aea0ef35e9cf0bfcb6d698de

SHA256
335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef

SHA512
464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

Download Submit
C:\Windows\Temp\{4492B016-CBBC-40EF-AB02-A80B598C44F7}\.be\VC_redist.x86.exe

Filesize
634KB

MD5
415e8d504ea08ee2d8515fe87b820910

SHA1
e90f591c730bd39b8343ca3689b2c0ee85aaea5f

SHA256
e0e642106c94fd585782b75d1f942872d2bf99d870bed4216e5001e4ba3374c0

SHA512
e51f185c0e9d3eb4950a4c615285c6610a4977a696ed9f3297a551835097b2122566122231437002c82e2c5cf72a7a8f67362bff16b24c0abe05fe35dddbf6a1

Download Submit
C:\Windows\Temp\{55A27EE5-6F21-43D9-824A-444B6C7E29A2}\.be\VC_redist.x64.exe

Filesize
635KB

MD5
35e545dac78234e4040a99cbb53000ac

SHA1
ae674cc167601bd94e12d7ae190156e2c8913dc5

SHA256
9a6c005e1a71e11617f87ede695af32baac8a2056f11031941df18b23c4eeba6

SHA512
bd984c20f59674d1c54ca19785f54f937f89661014573c5966e5f196f776ae38f1fc9a7f3b68c5bc9bf0784adc5c381f8083f2aecdef620965aeda9ecba504f3

Download Submit
C:\Windows\Temp\{91A748C4-48B7-4F2A-AA55-B7930D620380}\.ba\BootstrapperApplicationData.xml

Filesize
12KB

MD5
f5c6b7b970f46bf854f1810a271c44cf

SHA1
6cdfe4cdea37902b26888fc13373907ae84b954f

SHA256
08bf18d9ebe2675c9c5432c4403a66a9c2952a94dbbe1076b7d3b323687a776b

SHA512
7175aba8aa0eb6a0459b945a7f96c2fbf8c6bbeb811fb02ac34978a9dae4d3c10c9ec65c986ff9e14ce484eb002420b41933c0d641c85cbe79e2f026448de4ae

Download Submit
C:\Windows\Temp\{CEEDD7D0-19D6-4D1B-9617-2A6529EFEF34}\.ba\wixstdba.dll

Filesize
191KB

MD5
eab9caf4277829abdf6223ec1efa0edd

SHA1
74862ecf349a9bedd32699f2a7a4e00b4727543d

SHA256
a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041

SHA512
45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2

Download Submit
C:\Windows\Temp\{EFCA19E6-136A-4ED2-BEC7-26163385BD0E}\.ba\BootstrapperApplicationData.xml

Filesize
14KB

MD5
bf582d7dde516b304f9c065d5c7c14d0

SHA1
c7469c443bde7f981afeb2b8915d6552d74df578

SHA256
e3becb81ef61964e7d969653b6dac7c9873a46e58bae4400aeb7656a04eaf5be

SHA512
f9b7a054ff0f8c31da1efa5695b70fdcdf69e7eae34854f08242fdb8ad30d7efa5e3d118370fb7c91fe7c8d115c7aa77a98eeda6ea2e2a3baa665be018a946cf

Download Submit
memory/396-3293-0x0000000000930000-0x00000000009A7000-memory.dmp

Filesize
476KB

Download
memory/396-3011-0x00000000005C0000-0x0000000000637000-memory.dmp

Filesize
476KB

Download
memory/1504-3894-0x00007FFC8E5C0000-0x00007FFC8E5C1000-memory.dmp

Filesize
4KB

Download
memory/2128-3012-0x00000000005C0000-0x0000000000637000-memory.dmp

Filesize
476KB

Download
memory/4508-3780-0x00007FFC8E5C0000-0x00007FFC8E5C1000-memory.dmp

Filesize
4KB

Download
memory/5260-3331-0x0000000000930000-0x00000000009A7000-memory.dmp

Filesize
476KB

Download
memory/5924-2974-0x00000000005C0000-0x0000000000637000-memory.dmp

Filesize
476KB

Download
memory/5984-3330-0x0000000000930000-0x00000000009A7000-memory.dmp

Filesize
476KB

Download