f304e8d349cd81cb5d7dfe4954d04a0ae13376104ba52b24d7d662cd13ed8918

Analysis

max time kernel
422s
max time network
414s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
01/04/2025, 04:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

indexsubtitle.txt
Size

40B
MD5

9999e2a05c15cc97d4867567225ffd37
SHA1

aa0ba425bf0d559c38788ba284488a6c0c0fd831
SHA256

f304e8d349cd81cb5d7dfe4954d04a0ae13376104ba52b24d7d662cd13ed8918
SHA512

13dae52713df1de587fd776e793866f5c5d0b43fe467f96e53f887f77d7bdf7ec0d5f40c76bbbe6c8c05bc2723471940e272a71e2143d4d66e31a7fd7c26bad8

Score

6^/10

steam discovery phishing

Malware Config

Signatures

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Videos\Captures\desktop.ini	svchost.exe

Network Service Discovery 1 TTPs 1 IoCs

Attempt to gather information on host's network.

discovery

Network Service Discovery

T1046

pid	Process
4020	GameBarPresenceWriter.exe

Detected potential entity reuse from brand STEAM. 1 IoCs

phishing steam

flow	pid	Process
176	4464	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Doukutsu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Doukutsu.exe

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133879548657555517"	chrome.exe

Modifies registry class 7 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3920955164-3782810283-1225622749-1000\{9A6DA281-E68F-43D4-A227-5D832DDF9BA2}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\DisplayName = "Chrome Sandbox"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Moniker = "cr.sb.odm3E4D1A088C1F6D498C84F3C86DE73CE49F82A104"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Children	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3920955164-3782810283-1225622749-1000\{0C094C62-68AA-40BD-93AD-E269A7083458}	svchost.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
3684	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
4220	chrome.exe
4220	chrome.exe
4696	Doukutsu.exe
4696	Doukutsu.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
4696	Doukutsu.exe
1208	OpenWith.exe
2744	Doukutsu.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 388 wrote to memory of 5972	388	chrome.exe	116
PID 388 wrote to memory of 5972	388	chrome.exe	116
PID 388 wrote to memory of 4444	388	chrome.exe	117
PID 388 wrote to memory of 4444	388	chrome.exe	117
PID 388 wrote to memory of 4444	388	chrome.exe	117
PID 388 wrote to memory of 4444	388	chrome.exe	117
PID 388 wrote to memory of 4444	388	chrome.exe	117
PID 388 wrote to memory of 4444	388	chrome.exe	117
PID 388 wrote to memory of 4444	388	chrome.exe	117
PID 388 wrote to memory of 4444	388	chrome.exe	117
PID 388 wrote to memory of 4444	388	chrome.exe	117
PID 388 wrote to memory of 4444	388	chrome.exe	117
PID 388 wrote to memory of 4444	388	chrome.exe	117
PID 388 wrote to memory of 4444	388	chrome.exe	117
PID 388 wrote to memory of 4444	388	chrome.exe	117
PID 388 wrote to memory of 4444	388	chrome.exe	117
PID 388 wrote to memory of 4444	388	chrome.exe	117
PID 388 wrote to memory of 4444	388	chrome.exe	117
PID 388 wrote to memory of 4444	388	chrome.exe	117
PID 388 wrote to memory of 4444	388	chrome.exe	117
PID 388 wrote to memory of 4444	388	chrome.exe	117
PID 388 wrote to memory of 4444	388	chrome.exe	117
PID 388 wrote to memory of 4444	388	chrome.exe	117
PID 388 wrote to memory of 4444	388	chrome.exe	117
PID 388 wrote to memory of 4444	388	chrome.exe	117
PID 388 wrote to memory of 4444	388	chrome.exe	117
PID 388 wrote to memory of 4444	388	chrome.exe	117
PID 388 wrote to memory of 4444	388	chrome.exe	117
PID 388 wrote to memory of 4444	388	chrome.exe	117
PID 388 wrote to memory of 4444	388	chrome.exe	117
PID 388 wrote to memory of 4444	388	chrome.exe	117
PID 388 wrote to memory of 4444	388	chrome.exe	117
PID 388 wrote to memory of 4464	388	chrome.exe	118
PID 388 wrote to memory of 4464	388	chrome.exe	118
PID 388 wrote to memory of 2044	388	chrome.exe	119
PID 388 wrote to memory of 2044	388	chrome.exe	119
PID 388 wrote to memory of 2044	388	chrome.exe	119
PID 388 wrote to memory of 2044	388	chrome.exe	119
PID 388 wrote to memory of 2044	388	chrome.exe	119
PID 388 wrote to memory of 2044	388	chrome.exe	119
PID 388 wrote to memory of 2044	388	chrome.exe	119
PID 388 wrote to memory of 2044	388	chrome.exe	119
PID 388 wrote to memory of 2044	388	chrome.exe	119
PID 388 wrote to memory of 2044	388	chrome.exe	119
PID 388 wrote to memory of 2044	388	chrome.exe	119
PID 388 wrote to memory of 2044	388	chrome.exe	119
PID 388 wrote to memory of 2044	388	chrome.exe	119
PID 388 wrote to memory of 2044	388	chrome.exe	119
PID 388 wrote to memory of 2044	388	chrome.exe	119
PID 388 wrote to memory of 2044	388	chrome.exe	119
PID 388 wrote to memory of 2044	388	chrome.exe	119
PID 388 wrote to memory of 2044	388	chrome.exe	119
PID 388 wrote to memory of 2044	388	chrome.exe	119
PID 388 wrote to memory of 2044	388	chrome.exe	119
PID 388 wrote to memory of 2044	388	chrome.exe	119
PID 388 wrote to memory of 2044	388	chrome.exe	119
PID 388 wrote to memory of 2044	388	chrome.exe	119
PID 388 wrote to memory of 2044	388	chrome.exe	119
PID 388 wrote to memory of 2044	388	chrome.exe	119
PID 388 wrote to memory of 2044	388	chrome.exe	119
PID 388 wrote to memory of 2044	388	chrome.exe	119
PID 388 wrote to memory of 2044	388	chrome.exe	119
PID 388 wrote to memory of 2044	388	chrome.exe	119
PID 388 wrote to memory of 2044	388	chrome.exe	119

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\indexsubtitle.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:3684

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7fff46c4dcf8,0x7fff46c4dd04,0x7fff46c4dd10
  2⤵
  PID:5972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2032,i,16500459665774129300,14422104120273641276,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=1976 /prefetch:2
  2⤵
  PID:4444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=2292,i,16500459665774129300,14422104120273641276,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  - Detected potential entity reuse from brand STEAM.
  PID:4464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2436,i,16500459665774129300,14422104120273641276,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2616 /prefetch:8
  2⤵
  PID:2044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3244,i,16500459665774129300,14422104120273641276,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:5176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3284,i,16500459665774129300,14422104120273641276,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4440,i,16500459665774129300,14422104120273641276,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4504 /prefetch:2
  2⤵
  PID:4536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4656,i,16500459665774129300,14422104120273641276,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:4192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5400,i,16500459665774129300,14422104120273641276,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5420 /prefetch:8
  2⤵
  PID:2668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5512,i,16500459665774129300,14422104120273641276,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5396 /prefetch:8
  2⤵
  PID:2260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5436,i,16500459665774129300,14422104120273641276,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5780 /prefetch:8
  2⤵
  PID:4124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5504,i,16500459665774129300,14422104120273641276,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5444 /prefetch:8
  2⤵
  PID:2576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5860,i,16500459665774129300,14422104120273641276,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5432 /prefetch:8
  2⤵
  PID:1140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5848,i,16500459665774129300,14422104120273641276,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5876 /prefetch:8
  2⤵
  PID:2176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5536,i,16500459665774129300,14422104120273641276,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:2776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3616,i,16500459665774129300,14422104120273641276,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3636 /prefetch:1
  2⤵
  PID:3324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3568,i,16500459665774129300,14422104120273641276,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3640 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3296,i,16500459665774129300,14422104120273641276,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5612 /prefetch:8
  2⤵
  - Modifies registry class
  PID:4688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5856,i,16500459665774129300,14422104120273641276,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5592 /prefetch:8
  2⤵
  PID:2972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6076,i,16500459665774129300,14422104120273641276,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:1448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=240,i,16500459665774129300,14422104120273641276,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3300 /prefetch:8
  2⤵
  PID:2924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4012,i,16500459665774129300,14422104120273641276,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3536 /prefetch:8
  2⤵
  PID:5460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3560,i,16500459665774129300,14422104120273641276,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6112 /prefetch:8
  2⤵
  PID:5524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5832,i,16500459665774129300,14422104120273641276,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6272 /prefetch:1
  2⤵
  PID:5796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=4516,i,16500459665774129300,14422104120273641276,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4500 /prefetch:1
  2⤵
  PID:4020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=5788,i,16500459665774129300,14422104120273641276,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6300 /prefetch:2
  2⤵
  PID:3600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=3628,i,16500459665774129300,14422104120273641276,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:1548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=3304,i,16500459665774129300,14422104120273641276,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6200 /prefetch:1
  2⤵
  PID:3864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=6152,i,16500459665774129300,14422104120273641276,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4604 /prefetch:1
  2⤵
  PID:2924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=5720,i,16500459665774129300,14422104120273641276,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3268 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=2700,i,16500459665774129300,14422104120273641276,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4664 /prefetch:8
  2⤵
  PID:1300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5448,i,16500459665774129300,14422104120273641276,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6584 /prefetch:8
  2⤵
  PID:5880

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:4020

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3744

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3876

C:\Users\Admin\Downloads\cavestoryen\CaveStory\Doukutsu.exe
"C:\Users\Admin\Downloads\cavestoryen\CaveStory\Doukutsu.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4696

C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
1⤵
- Network Service Discovery
PID:4020

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:1208

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Drops desktop.ini file(s)
- Checks processor information in registry
- Modifies registry class
PID:4208

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x248 0x4bc
1⤵
PID:2340

C:\Users\Admin\Downloads\cavestoryen\CaveStory\Doukutsu.exe
"C:\Users\Admin\Downloads\cavestoryen\CaveStory\Doukutsu.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Network Service Discovery

T1046

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
03c289468866cb7ac3f4bbc1af1dcfb6

SHA1
c273db6a76142fdd7488cf2ce8bbacc32c81de35

SHA256
16866f61ee1e715dbe171447be34be9845f92ef4a581b42deb989bbbf22b1904

SHA512
54825c8720b4253607850b5d328fd9ca58891a01b6832318ecf02a30cd2ae7142a730c469805bc50e155c8d00bcee22354a5e56245fb81a1a784b5474948d698

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
2KB

MD5
86c5806c723f5d162a7ed6229fef4470

SHA1
63f53eae542109aea0005dbefcc0d152a0715fd0

SHA256
e304dd5a4d4a13211a60b0a9313b8b3ae34219279a43bf6cf798189b7bb223cf

SHA512
78a6b35df4b9e20b58cb16c6ebc44948d64a3a55d2ceff36488bb1e79ed529380fc2ac24075215db12f8cd0f295dfcda5db911fc7fd18780657c28c3b25232e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
1dd4a4125bd2a5b1bcc12e64617f0961

SHA1
fa490ea42878a40789f20ad833009c85a23d61cf

SHA256
4f9ff52cb62f5715fc0c52605ef86abaca2f31990cb6affb7f6925975c8f47ea

SHA512
ef87c5cf9e5e704c8a86b4e1453c4b9c496b17124a97eca602fa41549b02358bcab17ea31a3bb94ee4f651775a2c36d019cb4cccc11ac8b6b4607b629f64d07a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
840B

MD5
46b56c1fc8f25a5e07fbce0947748f30

SHA1
bc560446c047590f1f2301adb767e2608e13ad1a

SHA256
80c28deddf15a226c970e0de068677be2ec94529d816435ee2101cf2e198d77b

SHA512
4e05f9c7fb686bbffc7a2af6d025925e3b4b82de986f3366195224e77764ee1c21f1061b87317f5b11fef2c83ff0d35654aea2856c6117b00d1c64869e51e697

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.90.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
75d3e3219fa4eaf7f2c6d358ac20d11a

SHA1
2402353fca0ec9afb79b36b09898ab32cd45e034

SHA256
0bde8fc3b7913e64160d3dad338028cc3622b54d1f68de59c926a98ee1ce45f0

SHA512
507ba1e0ee7959c642758b9a4c272026dd8b069dfb2c61879a6e4c19723469bbebde41296c9fbdf1783938b4d9b6d73585d21191a3df03a08bf99a18ff5c5a8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
fddd9d4982d5b3b36449d111cf61b13b

SHA1
f1262fe3d1e4e0d6ae167729edd5fb56669d8ef9

SHA256
fd1c8133cf3d91509560782022647d398d92c68d62039876f739dac8b29905de

SHA512
89a96142460da1e3e73c19c7cbb60c5d68128801896fee5ca7af88fc4b949cfdd4500af725f2e9aa852751c2c4467ebb8c71763510fb2dc1c3f02df583653ea0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
bae71cdc6d8d3f38eecbbc60ba987379

SHA1
1f80bab44ca2ce3d60e87726a128fb18d8302051

SHA256
7f1b5935e57b516b95ed57de17142c88d2945b53b30c6ef75c069186f5ab4cdc

SHA512
5dcc774488eaccfbe0bf2291458d58e354618688b9e14d6b54f9f57ab8d38838000088250e8306f89ee7b709c23fbbfbe8a4805a4a41633a5dbc91c389a7115d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
516eb5524222a7b8ca7f07834fc82585

SHA1
14b8ebf89e0e257d9fb042db7af76480378837e0

SHA256
dccbc6dc408245c7fd64fdfad44d09e597213e807af7f4bd5a75f18b9d9f470d

SHA512
0494446ad607356dbb8afb438f60db16139535f1cd21949d067887a1233eedaaa258d87cc77a81a77be51624d4606e7653167946e60dcec634621a438858c9ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
9e2ea307d6f6a8f94ca7b95025c73894

SHA1
d2a5c136615a0cfcd29145130a47cc72f2a18d28

SHA256
1244cc5b0ebd2457d4975fe43ccc53569cc78693366a489c699c461ef3c10b79

SHA512
7a0e174ee9bb807d2680473c2668986fe55c60d4c3e290de26791971e6270c88738200a1b5e2e90c384386a5fcb17f0d28bc1417fcadd9cd83c48550dbb1a007

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
68a993daebc9b1096a319a04ed003947

SHA1
9c8b8bc0b59d01bcff37dd5f8f0cbbcb0240e74f

SHA256
ddb2945277c36a3ed502c90d4f0ae7e973cfd4d32452487f42b3e9e720c495de

SHA512
97dace99653dfddfe0d89085a6357ce843bf1179fc67a830c9c311d65ca54da30e5dcaf18be2a8b17b628a07a734b022046902055e0235c2c8d19dbb6a29f6d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
ab87784cc241bf629562774d4db3ea58

SHA1
e631adb7449e21b93939850836131b962a134139

SHA256
8ebd46739c9bb801b17d74616c3f1582b22716355f9314bc8b264cd4688051e5

SHA512
2b64fc39221199f939469c1788ac6d01ba64cab064d21b134bb9cf1223b5319bbeded76ae86ff8bec5e0049c76795bff3575249fa99cd01292a86e01788f3132

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
ea36457de1337f8c85d8091c6f25d2d8

SHA1
e31a56cf56903c8931543d83f1f6a3b7617d0c5c

SHA256
166a5c379223db49b1ae46a9096be4ffd1437636658cbc5ec3355d69077527fd

SHA512
5ebcdf5b60265a01d6828da80045da5f6669f702e33f05f7033cd4aebd58bfb745991a17bd023daf9444d793b87fdea3e3bf6107da162e941027a855cafa4a83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
992b3ebe1af42542ac7585b06de5b55d

SHA1
e29bf6591a24b93805c1179f95efea499c937efb

SHA256
fe4bbc51af0d83641c827c7ec88d02e361ef43e7732a6a42bd918658ebfd2bae

SHA512
afe2613d21e0ac904ec9ad97c8289c5cca474c713ab463e280138422ac22d1bef4337adf90b450d6b5b19064a4889f32ddb24ede3be3ffa73e04a6666c0032b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
9ecb5819d4c9937fd50dbf1ae4774542

SHA1
7cfc2127733c9facc75cb593ccf28d496e8c0e20

SHA256
d58ef24a89d31c55e33887dd2237c9cfbc2162e2be3bcc1a97dff9cf32baa1ea

SHA512
8d9f2e4a9dc283d995b655267ffa4cacd01f6aa8761b94c559f55d30e498966939573adc63b57c23e2783035a4f6389df0251ea456d3331b43bcf3fdbaecba5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
18KB

MD5
afe049e0c4a10124008d80ff6c0c9a21

SHA1
84d5084559b376085fb0c7861acf87c45b249bcb

SHA256
ede56f688ffa01a24d03d8883ed2f23849352414a2a89d9c1c6a223616410af0

SHA512
fc91710902bff27e6fca7fba01e3d4afc815252162bcae653c169f7534d1d0614b7a3edbefbbb93abfffd75d607a9362f396dad083146e5800462c8bc823b958

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
c3f2b3f0de08e14dda9fda64a87f17d1

SHA1
ed8225291e8531532926823a4390bb61edb9694f

SHA256
d6d379cd71dd3d7c0a5569569a7c93699ce4c05964526da0ade5b1b911140125

SHA512
78575742a9ea40ca78c2ea76dfb0dbc9dea3bab2d558b172499dbf2ff885cf9651e28fc520246b8399a230601f0820ac00cfdcd847ce2b8c40d3ac9f192e0067

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
a8333a1a0282d2d9940db17def785de9

SHA1
5cf824707843f77d22504341b5041ed2fbf53ef3

SHA256
8915c0be2a282e7d0200c123965d624b4035c4d0115139a2c042522988463c29

SHA512
187384334f78e4ddc30403b9efc4c591ba3f5732993de411fce27f7b348304079013b05705b74018750528f4a9743fb3a88553c30e2e194c34c7f91d23058b43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
35eacd9f8ba3945d84fb566401f969b9

SHA1
94a1563f31a294d41c03372aaf3e002b38706325

SHA256
a54854f1cc1366fb993395a5339542b286b4c8cb2fd91fdae6ee4e5e4b01dc0a

SHA512
7f452392ea20e75c5e0d4d277c23c77d83bfde7d20c5ddacc4c999e488b7d43a3a51bffacd7754effbe3d476ab858ad53ab36d53948105808ab481281a87d25a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5907d6.TMP

Filesize
48B

MD5
eded32a4613fc35e219a26c545b2e078

SHA1
df62947d0471bef9226b17c2bffa936a797cd95b

SHA256
d65b5408e3a861ed16ed30719136b91b92585b5cd760c67e89ce20bb9d3e3076

SHA512
4619a3060a144a6402d4ad4b233ee3b53dcfaeed266345ad348c2fe73d0f640c2564f7f46d816ec63e1104f3b84e4b324e705fc85c499dace50b3ef2340328e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
83B

MD5
bc3abb4da1da54403790c44894fb6301

SHA1
428935517d43e2be62fd90d434fe39196e33e41b

SHA256
84af7141a403307831a0d03005fca525dc5a201121625e63311bb7aca1ab6751

SHA512
50650379ecc6f01a1c8f6b0d93049e60c26da59501ebc03fa802ed3364fe168743b3be6b634583e156a599947826cb0f54094e47789ea04a063252e597a62a61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe58e5b8.TMP

Filesize
147B

MD5
1309824632195da82d5f910914641779

SHA1
b2553aaf3fdfdb101785173a53c42478e97ccd8c

SHA256
cab3203797c1876e8abddc642016952c3c721b5b5d4ae9f89c65868762babfdd

SHA512
54b0282d51bbd8fdbb8c46e0e3788b3e49d8dcb8e0dc86eacb7cb524341151296f04f1a737d9e43e8fbe376b616924d660a4ad48a4e36e0d99abe767710af543

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
cfd721c77113b6dc3053f803e8ef2fff

SHA1
1528fde410b10de4e4c7c345c06159cdf5a3a191

SHA256
42e9adbfbcd880cf8bd65c09c9f663ee62dbefa3509d34e220024b6d2b22d870

SHA512
093cf6f6b5dbd16eac9aee360c97a3cb666028fb9a1962c46fda82a3b6dd257b76c692978919b1da408d6c74ff4f736739b13fecf234e49d4d302ef855e070f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
9338f760aaf3ef65d30a82f91b14498b

SHA1
73388b86ee4efb3b0ef83bf92706796202533920

SHA256
659df7ef4ec00091de76cf399189a705a5c828738b97657b04134f48c00233aa

SHA512
1058d5e698ee37a4b735ecec73ea26c18e12b19047f70654ddee277922c7b02b258aa69ff6b1be9c0b3a8e5f6261937a25f05307cb859186c06695f3544e50d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
5aba857429999f374d263ab28bc2c3a2

SHA1
e04b9cece372987c496aebd72054bd03919952ce

SHA256
3f61fe5a98af1a9e584cc1d71d2fb301dc35d2a3c456a438d0ec34d7414a9540

SHA512
f90e048c7850add7a33052177ebf166e3257fd09cb4ec7a4c4aa751eb5b56eff81b1b773ad752e156bea8ae34d2e24623c1b7a5d7604f5c947316a0c7d85694a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
156KB

MD5
f4944eddcfec1be9524e383b10f56aaa

SHA1
c6f72c9ec8e4c6c13fc7c1a831fc22556f66946c

SHA256
c23e85933825f8cc670809b8d48ccee8180a01a979470391b25c1a1142e36d93

SHA512
4faef9c40f24ea870ecb2fdb952d9f1d524a31600362e32e9f02162076c5a63033e35cee7bd009c2a632b7dd35146b35f6e3b22334553314366a596a0b4d164e

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir388_553910336\aa92b867-ada1-458b-87d3-f0459fd986fc.tmp

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\Downloads\cavestoryen.zip

Filesize
1.1MB

MD5
5aad47f1cb72185d6e7f4c8c392f6b6e

SHA1
aa9aca14e95914acc9799b651b5f5bd21847edb1

SHA256
aa87fa30bee9b4980640c7e104791354e0f1f6411ee0d45a70af70046aa0685f

SHA512
9c7c2c6c8114974df14b1dce379b86da48caf299716e1de3d743e47c3ac6a8c13c4a0ada85778e69f11c2428f991dcbfcb0020212279f9c1787260102988cbc3

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini

Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit