sectoprat | 039a96ae63d12777c79f84242b1b6687c557ff5aa063f8de414ab9d5c9ff9d04

Resubmissions

07/04/2025, 12:25

250407-pl3tas1qx3 10

07/04/2025, 12:22

250407-pjyfssyxfy 10

Analysis

max time kernel
419s
max time network
421s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
07/04/2025, 12:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

msi (2).msi
Size

21.2MB
MD5

1d670753e89d61c11933975a5909676a
SHA1

42f0862ddb4ce57c6eb9a56e4c8f9422d6a3fb65
SHA256

039a96ae63d12777c79f84242b1b6687c557ff5aa063f8de414ab9d5c9ff9d04
SHA512

352270c93ab1430839b09fddc962f2c46e5791bfa9fece31bacbb9453ca6f1d9fb03eeb4566774cb1c37d00cc5f185f70d506f50720b024e6526070d0856883e
SSDEEP

393216:D+SX8B1Ph7xmLySZGqM/RrIKo9MGRJ7S4Ul0:D+NPh7xMo/RQRr

Score

10^/10

sectoprat bootkit discovery persistence rat trojan

Malware Config

Signatures

SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
trojan rat sectoprat

SectopRAT payload 1 IoCs

resource	yara_rule
behavioral1/memory/3648-316-0x0000000001300000-0x00000000013CC000-memory.dmp	family_sectoprat

Sectoprat family
sectoprat

Downloads MZ/PE file 3 IoCs

flow	pid	Process
464	3444	chrome.exe
822	3444	chrome.exe
992	3444	chrome.exe

Enumerates connected drives 3 TTPs 64 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Y:	DiskInfo64.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\O:	DiskInfo64.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\I:	DiskInfo64.exe
File opened (read-only)	\??\T:	DiskInfo64.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\U:	DiskInfo64.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\M:	DiskInfo64.exe
File opened (read-only)	\??\W:	DiskInfo64.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\S:	DiskInfo64.exe
File opened (read-only)	\??\L:	DiskInfo64.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\V:	DiskInfo64.exe
File opened (read-only)	\??\J:	DiskInfo64.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\H:	DiskInfo64.exe
File opened (read-only)	\??\N:	DiskInfo64.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\B:	DiskInfo64.exe
File opened (read-only)	\??\P:	DiskInfo64.exe
File opened (read-only)	\??\X:	DiskInfo64.exe
File opened (read-only)	\??\Z:	DiskInfo64.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\K:	DiskInfo64.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\R:	DiskInfo64.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\E:	DiskInfo64.exe
File opened (read-only)	\??\Q:	DiskInfo64.exe
File opened (read-only)	\??\M:	msiexec.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	DiskInfo64.exe

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 940 set thread context of 5088	940	QQPlayerShareFile.exe	108
PID 5088 set thread context of 3648	5088	cmd.exe	121

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\CrystalDiskMark8\CdmResource\Themes\LegendOfOrange\is-5R2ER.tmp	CrystalDiskMark8_0_6.tmp
File opened for modification	C:\Program Files\CrystalDiskInfo\CdiResource\AlertMail.exe	CrystalDiskInfo9_6_3.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\Default\is-SMTE8.tmp	CrystalDiskInfo9_6_3.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\FlatSquare\is-2JQT6.tmp	CrystalDiskInfo9_6_3.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\FlatSquare\is-E4DB6.tmp	CrystalDiskInfo9_6_3.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\Dark\is-AML44.tmp	CrystalDiskInfo9_6_3.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\Dark\is-F7SVV.tmp	CrystalDiskInfo9_6_3.tmp
File created	C:\Program Files\CrystalDiskMark8\CdmResource\language\is-RRAJ4.tmp	CrystalDiskMark8_0_6.tmp
File created	C:\Program Files\CrystalDiskMark8\CdmResource\Themes\Default\is-LONA6.tmp	CrystalDiskMark8_0_6.tmp
File created	C:\Program Files\CrystalDiskMark8\CdmResource\Themes\LegendOfGreen\is-OOBKN.tmp	CrystalDiskMark8_0_6.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\Simplicity\is-IDCRJ.tmp	CrystalDiskInfo9_6_3.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\FlatSquare\is-O60V3.tmp	CrystalDiskInfo9_6_3.tmp
File opened for modification	C:\Program Files\CrystalDiskInfo\Smart\WDC WDS100T2B0A232138804165\03.csv	DiskInfo64.exe
File created	C:\Program Files\CrystalDiskInfo\CdiResource\dialog\flot\is-60ULA.tmp	CrystalDiskInfo9_6_3.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\Default\is-8C5CP.tmp	CrystalDiskInfo9_6_3.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\Default\is-8JUEL.tmp	CrystalDiskInfo9_6_3.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\Default\is-2L301.tmp	CrystalDiskInfo9_6_3.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\Simplicity\is-I5KTO.tmp	CrystalDiskInfo9_6_3.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\Simplicity\is-6O9V5.tmp	CrystalDiskInfo9_6_3.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\FlatSquare\is-6IHIR.tmp	CrystalDiskInfo9_6_3.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\Dark\is-F4J1U.tmp	CrystalDiskInfo9_6_3.tmp
File created	C:\Program Files\CrystalDiskMark8\CdmResource\Themes\Flower\is-NRDS8.tmp	CrystalDiskMark8_0_6.tmp
File created	C:\Program Files\CrystalDiskMark8\CdmResource\Themes\Flower\is-B5MEM.tmp	CrystalDiskMark8_0_6.tmp
File created	C:\Program Files\CrystalDiskMark8\CdmResource\Themes\LegendOfOrange\is-IS7BQ.tmp	CrystalDiskMark8_0_6.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\Default\is-7MLFM.tmp	CrystalDiskInfo9_6_3.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\Default\is-SE24G.tmp	CrystalDiskInfo9_6_3.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\FlatSquare\is-2ANAK.tmp	CrystalDiskInfo9_6_3.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\Dark\is-9N8DL.tmp	CrystalDiskInfo9_6_3.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\Dark\is-396NR.tmp	CrystalDiskInfo9_6_3.tmp
File created	C:\Program Files\CrystalDiskMark8\CdmResource\language\is-QG23H.tmp	CrystalDiskMark8_0_6.tmp
File created	C:\Program Files\CrystalDiskMark8\CdmResource\Themes\Default\is-C3L5C.tmp	CrystalDiskMark8_0_6.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\Simplicity\is-STAGP.tmp	CrystalDiskInfo9_6_3.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\Simplicity\is-QSOP0.tmp	CrystalDiskInfo9_6_3.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\FlatSquare\is-BG743.tmp	CrystalDiskInfo9_6_3.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\FlatSquare\is-5LVFN.tmp	CrystalDiskInfo9_6_3.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\FlatSquare\is-PQRB3.tmp	CrystalDiskInfo9_6_3.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\Dark\is-QVBKV.tmp	CrystalDiskInfo9_6_3.tmp
File created	C:\Program Files\CrystalDiskMark8\CdmResource\Themes\LegendOfOrange\is-8BDL0.tmp	CrystalDiskMark8_0_6.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\dialog\image\is-UKAEF.tmp	CrystalDiskInfo9_6_3.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\Default\is-MV64S.tmp	CrystalDiskInfo9_6_3.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\Simplicity\is-TLR5M.tmp	CrystalDiskInfo9_6_3.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\Simplicity\is-K1FSP.tmp	CrystalDiskInfo9_6_3.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\Simplicity\is-3KT7J.tmp	CrystalDiskInfo9_6_3.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\FlatSquare\is-JPTL8.tmp	CrystalDiskInfo9_6_3.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\FlatSquare\is-D5E2T.tmp	CrystalDiskInfo9_6_3.tmp
File created	C:\Program Files\CrystalDiskMark8\CdmResource\language\is-E40V2.tmp	CrystalDiskMark8_0_6.tmp
File created	C:\Program Files\CrystalDiskMark8\CdmResource\Themes\Digital8\is-MAG2T.tmp	CrystalDiskMark8_0_6.tmp
File created	C:\Program Files\CrystalDiskMark8\CdmResource\Themes\LegendOfGreen\is-00RQ1.tmp	CrystalDiskMark8_0_6.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\language\is-Q4OTH.tmp	CrystalDiskInfo9_6_3.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\Default\is-KAPA7.tmp	CrystalDiskInfo9_6_3.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\Default\is-NI8NO.tmp	CrystalDiskInfo9_6_3.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\Default\is-Q9J09.tmp	CrystalDiskInfo9_6_3.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\FlatSquare\is-LJNAJ.tmp	CrystalDiskInfo9_6_3.tmp
File created	C:\Program Files\CrystalDiskMark8\CdmResource\Themes\Flower\is-N4KM4.tmp	CrystalDiskMark8_0_6.tmp
File created	C:\Program Files\CrystalDiskMark8\CdmResource\Themes\Green\is-B3VBP.tmp	CrystalDiskMark8_0_6.tmp
File created	C:\Program Files\CrystalDiskMark8\CdmResource\Themes\LegendOfGreen\is-NBB2T.tmp	CrystalDiskMark8_0_6.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\language\is-OED2R.tmp	CrystalDiskInfo9_6_3.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\Default\is-N3RP7.tmp	CrystalDiskInfo9_6_3.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\Default\is-AN9OJ.tmp	CrystalDiskInfo9_6_3.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\FlatSquare\is-DV4T8.tmp	CrystalDiskInfo9_6_3.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\FlatSquare\is-M8DNP.tmp	CrystalDiskInfo9_6_3.tmp
File created	C:\Program Files\CrystalDiskMark8\CdmResource\Themes\Dark\is-9RD53.tmp	CrystalDiskMark8_0_6.tmp
File created	C:\Program Files\CrystalDiskMark8\CdmResource\Themes\Flower\is-JFK3C.tmp	CrystalDiskMark8_0_6.tmp
File created	C:\Program Files\CrystalDiskMark8\CdmResource\Themes\LegendOfGreen\is-BOUB9.tmp	CrystalDiskMark8_0_6.tmp

Executes dropped EXE 22 IoCs

pid	Process
3168	ISBEW64.exe
1488	ISBEW64.exe
812	ISBEW64.exe
4720	ISBEW64.exe
2976	ISBEW64.exe
4736	ISBEW64.exe
2620	ISBEW64.exe
540	ISBEW64.exe
1812	ISBEW64.exe
4356	ISBEW64.exe
412	QQPlayerShareFile.exe
940	QQPlayerShareFile.exe
1996	CrystalDiskMark8_0_6.exe
3872	CrystalDiskMark8_0_6.tmp
5528	DiskMark64.exe
6204	diskspd64.exe
6560	diskspd64.exe
6188	diskspd64.exe
6096	diskspd64.exe
668	CrystalDiskInfo9_6_3.exe
372	CrystalDiskInfo9_6_3.tmp
5696	DiskInfo64.exe

Loads dropped DLL 64 IoCs

pid	Process
3156	MsiExec.exe
3156	MsiExec.exe
3156	MsiExec.exe
3156	MsiExec.exe
3156	MsiExec.exe
412	QQPlayerShareFile.exe
412	QQPlayerShareFile.exe
412	QQPlayerShareFile.exe
412	QQPlayerShareFile.exe
412	QQPlayerShareFile.exe
412	QQPlayerShareFile.exe
412	QQPlayerShareFile.exe
412	QQPlayerShareFile.exe
412	QQPlayerShareFile.exe
412	QQPlayerShareFile.exe
412	QQPlayerShareFile.exe
412	QQPlayerShareFile.exe
412	QQPlayerShareFile.exe
412	QQPlayerShareFile.exe
412	QQPlayerShareFile.exe
412	QQPlayerShareFile.exe
412	QQPlayerShareFile.exe
412	QQPlayerShareFile.exe
412	QQPlayerShareFile.exe
412	QQPlayerShareFile.exe
412	QQPlayerShareFile.exe
412	QQPlayerShareFile.exe
412	QQPlayerShareFile.exe
412	QQPlayerShareFile.exe
412	QQPlayerShareFile.exe
412	QQPlayerShareFile.exe
412	QQPlayerShareFile.exe
412	QQPlayerShareFile.exe
412	QQPlayerShareFile.exe
412	QQPlayerShareFile.exe
940	QQPlayerShareFile.exe
940	QQPlayerShareFile.exe
940	QQPlayerShareFile.exe
940	QQPlayerShareFile.exe
940	QQPlayerShareFile.exe
940	QQPlayerShareFile.exe
940	QQPlayerShareFile.exe
940	QQPlayerShareFile.exe
940	QQPlayerShareFile.exe
940	QQPlayerShareFile.exe
940	QQPlayerShareFile.exe
940	QQPlayerShareFile.exe
940	QQPlayerShareFile.exe
940	QQPlayerShareFile.exe
940	QQPlayerShareFile.exe
940	QQPlayerShareFile.exe
940	QQPlayerShareFile.exe
940	QQPlayerShareFile.exe
940	QQPlayerShareFile.exe
940	QQPlayerShareFile.exe
940	QQPlayerShareFile.exe
940	QQPlayerShareFile.exe
940	QQPlayerShareFile.exe
940	QQPlayerShareFile.exe
940	QQPlayerShareFile.exe
940	QQPlayerShareFile.exe
940	QQPlayerShareFile.exe
940	QQPlayerShareFile.exe
940	QQPlayerShareFile.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	QQPlayerShareFile.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	QQPlayerShareFile.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CrystalDiskMark8_0_6.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CrystalDiskInfo9_6_3.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CrystalDiskInfo9_6_3.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSBuild.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CrystalDiskMark8_0_6.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe

Checks SCSI registry key(s) 3 TTPs 9 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs	msinfo32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	msinfo32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	msinfo32.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\ECFirmwareMajorRelease	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	msinfo32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133885026280271294"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000_Classes\Local Settings	taskmgr.exe

Suspicious behavior: EnumeratesProcesses 63 IoCs

pid	Process
412	QQPlayerShareFile.exe
940	QQPlayerShareFile.exe
1000	taskmgr.exe
1000	taskmgr.exe
940	QQPlayerShareFile.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
5088	cmd.exe
5088	cmd.exe
5088	cmd.exe
5088	cmd.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
816	chrome.exe
816	chrome.exe
3872	CrystalDiskMark8_0_6.tmp
3872	CrystalDiskMark8_0_6.tmp
816	chrome.exe
816	chrome.exe
6044	chrome.exe
6044	chrome.exe
372	CrystalDiskInfo9_6_3.tmp
372	CrystalDiskInfo9_6_3.tmp

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
4900	msinfo32.exe
5696	DiskInfo64.exe

Suspicious behavior: MapViewOfSection 3 IoCs

pid	Process
940	QQPlayerShareFile.exe
5088	cmd.exe
5088	cmd.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
5988	msedge.exe
5988	msedge.exe
5988	msedge.exe
5988	msedge.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	740	msiexec.exe
Token: SeIncreaseQuotaPrivilege	740	msiexec.exe
Token: SeSecurityPrivilege	1304	msiexec.exe
Token: SeCreateTokenPrivilege	740	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	740	msiexec.exe
Token: SeLockMemoryPrivilege	740	msiexec.exe
Token: SeIncreaseQuotaPrivilege	740	msiexec.exe
Token: SeMachineAccountPrivilege	740	msiexec.exe
Token: SeTcbPrivilege	740	msiexec.exe
Token: SeSecurityPrivilege	740	msiexec.exe
Token: SeTakeOwnershipPrivilege	740	msiexec.exe
Token: SeLoadDriverPrivilege	740	msiexec.exe
Token: SeSystemProfilePrivilege	740	msiexec.exe
Token: SeSystemtimePrivilege	740	msiexec.exe
Token: SeProfSingleProcessPrivilege	740	msiexec.exe
Token: SeIncBasePriorityPrivilege	740	msiexec.exe
Token: SeCreatePagefilePrivilege	740	msiexec.exe
Token: SeCreatePermanentPrivilege	740	msiexec.exe
Token: SeBackupPrivilege	740	msiexec.exe
Token: SeRestorePrivilege	740	msiexec.exe
Token: SeShutdownPrivilege	740	msiexec.exe
Token: SeDebugPrivilege	740	msiexec.exe
Token: SeAuditPrivilege	740	msiexec.exe
Token: SeSystemEnvironmentPrivilege	740	msiexec.exe
Token: SeChangeNotifyPrivilege	740	msiexec.exe
Token: SeRemoteShutdownPrivilege	740	msiexec.exe
Token: SeUndockPrivilege	740	msiexec.exe
Token: SeSyncAgentPrivilege	740	msiexec.exe
Token: SeEnableDelegationPrivilege	740	msiexec.exe
Token: SeManageVolumePrivilege	740	msiexec.exe
Token: SeImpersonatePrivilege	740	msiexec.exe
Token: SeCreateGlobalPrivilege	740	msiexec.exe
Token: SeCreateTokenPrivilege	740	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	740	msiexec.exe
Token: SeLockMemoryPrivilege	740	msiexec.exe
Token: SeIncreaseQuotaPrivilege	740	msiexec.exe
Token: SeMachineAccountPrivilege	740	msiexec.exe
Token: SeTcbPrivilege	740	msiexec.exe
Token: SeSecurityPrivilege	740	msiexec.exe
Token: SeTakeOwnershipPrivilege	740	msiexec.exe
Token: SeLoadDriverPrivilege	740	msiexec.exe
Token: SeSystemProfilePrivilege	740	msiexec.exe
Token: SeSystemtimePrivilege	740	msiexec.exe
Token: SeProfSingleProcessPrivilege	740	msiexec.exe
Token: SeIncBasePriorityPrivilege	740	msiexec.exe
Token: SeCreatePagefilePrivilege	740	msiexec.exe
Token: SeCreatePermanentPrivilege	740	msiexec.exe
Token: SeBackupPrivilege	740	msiexec.exe
Token: SeRestorePrivilege	740	msiexec.exe
Token: SeShutdownPrivilege	740	msiexec.exe
Token: SeDebugPrivilege	740	msiexec.exe
Token: SeAuditPrivilege	740	msiexec.exe
Token: SeSystemEnvironmentPrivilege	740	msiexec.exe
Token: SeChangeNotifyPrivilege	740	msiexec.exe
Token: SeRemoteShutdownPrivilege	740	msiexec.exe
Token: SeUndockPrivilege	740	msiexec.exe
Token: SeSyncAgentPrivilege	740	msiexec.exe
Token: SeEnableDelegationPrivilege	740	msiexec.exe
Token: SeManageVolumePrivilege	740	msiexec.exe
Token: SeImpersonatePrivilege	740	msiexec.exe
Token: SeCreateGlobalPrivilege	740	msiexec.exe
Token: SeCreateTokenPrivilege	740	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	740	msiexec.exe
Token: SeLockMemoryPrivilege	740	msiexec.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
740	msiexec.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
740	msiexec.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe
1000	taskmgr.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
5528	DiskMark64.exe
5528	DiskMark64.exe
5528	DiskMark64.exe
5696	DiskInfo64.exe
5696	DiskInfo64.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1304 wrote to memory of 3156	1304	msiexec.exe	88
PID 1304 wrote to memory of 3156	1304	msiexec.exe	88
PID 1304 wrote to memory of 3156	1304	msiexec.exe	88
PID 3156 wrote to memory of 3168	3156	MsiExec.exe	92
PID 3156 wrote to memory of 3168	3156	MsiExec.exe	92
PID 3156 wrote to memory of 1488	3156	MsiExec.exe	94
PID 3156 wrote to memory of 1488	3156	MsiExec.exe	94
PID 3156 wrote to memory of 812	3156	MsiExec.exe	95
PID 3156 wrote to memory of 812	3156	MsiExec.exe	95
PID 3156 wrote to memory of 4720	3156	MsiExec.exe	96
PID 3156 wrote to memory of 4720	3156	MsiExec.exe	96
PID 3156 wrote to memory of 2976	3156	MsiExec.exe	97
PID 3156 wrote to memory of 2976	3156	MsiExec.exe	97
PID 3156 wrote to memory of 4736	3156	MsiExec.exe	98
PID 3156 wrote to memory of 4736	3156	MsiExec.exe	98
PID 3156 wrote to memory of 2620	3156	MsiExec.exe	99
PID 3156 wrote to memory of 2620	3156	MsiExec.exe	99
PID 3156 wrote to memory of 540	3156	MsiExec.exe	100
PID 3156 wrote to memory of 540	3156	MsiExec.exe	100
PID 3156 wrote to memory of 1812	3156	MsiExec.exe	101
PID 3156 wrote to memory of 1812	3156	MsiExec.exe	101
PID 3156 wrote to memory of 4356	3156	MsiExec.exe	102
PID 3156 wrote to memory of 4356	3156	MsiExec.exe	102
PID 3156 wrote to memory of 412	3156	MsiExec.exe	103
PID 3156 wrote to memory of 412	3156	MsiExec.exe	103
PID 3156 wrote to memory of 412	3156	MsiExec.exe	103
PID 412 wrote to memory of 940	412	QQPlayerShareFile.exe	105
PID 412 wrote to memory of 940	412	QQPlayerShareFile.exe	105
PID 412 wrote to memory of 940	412	QQPlayerShareFile.exe	105
PID 940 wrote to memory of 5088	940	QQPlayerShareFile.exe	108
PID 940 wrote to memory of 5088	940	QQPlayerShareFile.exe	108
PID 940 wrote to memory of 5088	940	QQPlayerShareFile.exe	108
PID 940 wrote to memory of 5088	940	QQPlayerShareFile.exe	108
PID 5088 wrote to memory of 3648	5088	cmd.exe	121
PID 5088 wrote to memory of 3648	5088	cmd.exe	121
PID 5088 wrote to memory of 3648	5088	cmd.exe	121
PID 5088 wrote to memory of 3648	5088	cmd.exe	121
PID 5088 wrote to memory of 3648	5088	cmd.exe	121
PID 816 wrote to memory of 2924	816	chrome.exe	133
PID 816 wrote to memory of 2924	816	chrome.exe	133
PID 816 wrote to memory of 3444	816	chrome.exe	134
PID 816 wrote to memory of 3444	816	chrome.exe	134
PID 816 wrote to memory of 1612	816	chrome.exe	135
PID 816 wrote to memory of 1612	816	chrome.exe	135
PID 816 wrote to memory of 1612	816	chrome.exe	135
PID 816 wrote to memory of 1612	816	chrome.exe	135
PID 816 wrote to memory of 1612	816	chrome.exe	135
PID 816 wrote to memory of 1612	816	chrome.exe	135
PID 816 wrote to memory of 1612	816	chrome.exe	135
PID 816 wrote to memory of 1612	816	chrome.exe	135
PID 816 wrote to memory of 1612	816	chrome.exe	135
PID 816 wrote to memory of 1612	816	chrome.exe	135
PID 816 wrote to memory of 1612	816	chrome.exe	135
PID 816 wrote to memory of 1612	816	chrome.exe	135
PID 816 wrote to memory of 1612	816	chrome.exe	135
PID 816 wrote to memory of 1612	816	chrome.exe	135
PID 816 wrote to memory of 1612	816	chrome.exe	135
PID 816 wrote to memory of 1612	816	chrome.exe	135
PID 816 wrote to memory of 1612	816	chrome.exe	135
PID 816 wrote to memory of 1612	816	chrome.exe	135
PID 816 wrote to memory of 1612	816	chrome.exe	135
PID 816 wrote to memory of 1612	816	chrome.exe	135
PID 816 wrote to memory of 1612	816	chrome.exe	135
PID 816 wrote to memory of 1612	816	chrome.exe	135

C:\Windows\system32\msiexec.exe
msiexec.exe /I "C:\Users\Admin\AppData\Local\Temp\msi (2).msi"
1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:740

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1304
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding C485B5774BC1B0BAB8121FA32C336AB0 C
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:3156
- - C:\Users\Admin\AppData\Local\Temp\{F1987B86-6F7F-49DC-8988-602FE2A4824D}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{F1987B86-6F7F-49DC-8988-602FE2A4824D}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{DE6DB5AB-6BA5-46B0-8C2F-CB75FA0A0D4E}
    3⤵
    - Executes dropped EXE
    PID:3168
- - C:\Users\Admin\AppData\Local\Temp\{F1987B86-6F7F-49DC-8988-602FE2A4824D}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{F1987B86-6F7F-49DC-8988-602FE2A4824D}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{2B045BE0-6C3B-42F8-A73D-628A61F81AF7}
    3⤵
    - Executes dropped EXE
    PID:1488
- - C:\Users\Admin\AppData\Local\Temp\{F1987B86-6F7F-49DC-8988-602FE2A4824D}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{F1987B86-6F7F-49DC-8988-602FE2A4824D}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{2FACA560-B17C-4A70-888F-FCD4597CB6D4}
    3⤵
    - Executes dropped EXE
    PID:812
- - C:\Users\Admin\AppData\Local\Temp\{F1987B86-6F7F-49DC-8988-602FE2A4824D}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{F1987B86-6F7F-49DC-8988-602FE2A4824D}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{15DA221C-FC8D-467C-A9D0-9B3C07EDA66C}
    3⤵
    - Executes dropped EXE
    PID:4720
- - C:\Users\Admin\AppData\Local\Temp\{F1987B86-6F7F-49DC-8988-602FE2A4824D}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{F1987B86-6F7F-49DC-8988-602FE2A4824D}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{01041E62-E884-420E-8DB5-CB0B24BF7F92}
    3⤵
    - Executes dropped EXE
    PID:2976
- - C:\Users\Admin\AppData\Local\Temp\{F1987B86-6F7F-49DC-8988-602FE2A4824D}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{F1987B86-6F7F-49DC-8988-602FE2A4824D}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{81F46D70-142D-48ED-B8B4-37797481D2BF}
    3⤵
    - Executes dropped EXE
    PID:4736
- - C:\Users\Admin\AppData\Local\Temp\{F1987B86-6F7F-49DC-8988-602FE2A4824D}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{F1987B86-6F7F-49DC-8988-602FE2A4824D}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{3A1BC340-D308-4814-BE45-5FCDDFCC7C0B}
    3⤵
    - Executes dropped EXE
    PID:2620
- - C:\Users\Admin\AppData\Local\Temp\{F1987B86-6F7F-49DC-8988-602FE2A4824D}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{F1987B86-6F7F-49DC-8988-602FE2A4824D}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{3CF624BC-8233-4169-8F4F-8B08132B096A}
    3⤵
    - Executes dropped EXE
    PID:540
- - C:\Users\Admin\AppData\Local\Temp\{F1987B86-6F7F-49DC-8988-602FE2A4824D}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{F1987B86-6F7F-49DC-8988-602FE2A4824D}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{84846230-0B21-4234-9948-4E729A744721}
    3⤵
    - Executes dropped EXE
    PID:1812
- - C:\Users\Admin\AppData\Local\Temp\{F1987B86-6F7F-49DC-8988-602FE2A4824D}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{F1987B86-6F7F-49DC-8988-602FE2A4824D}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{6176C8DA-119D-42BF-81A8-871BDD061AAB}
    3⤵
    - Executes dropped EXE
    PID:4356
- - C:\Users\Admin\AppData\Local\Temp\{97FC3614-918B-47E5-8913-4971398713DE}\QQPlayerShareFile.exe
    C:\Users\Admin\AppData\Local\Temp\{97FC3614-918B-47E5-8913-4971398713DE}\QQPlayerShareFile.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:412
  - - C:\Users\Admin\AppData\Roaming\manageFirefoxTok_5\QQPlayerShareFile.exe
      C:\Users\Admin\AppData\Roaming\manageFirefoxTok_5\QQPlayerShareFile.exe
      4⤵
      Suspicious use of SetThreadContext
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: MapViewOfSection
      Suspicious use of WriteProcessMemory
      PID:940
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\SysWOW64\cmd.exe
        5⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious behavior: MapViewOfSection
        Suspicious use of WriteProcessMemory
        
        PID:5088
      - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3648

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1000

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2172

C:\Windows\system32\msinfo32.exe
"C:\Windows\system32\msinfo32.exe" "C:\Users\Admin\Desktop\ShowResize.nfo"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Suspicious behavior: GetForegroundWindowSpam
PID:4900

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of WriteProcessMemory
PID:816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff915f1dcf8,0x7ff915f1dd04,0x7ff915f1dd10
  2⤵
  PID:2924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=2056,i,7594020042836376715,7675987071986143422,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Downloads MZ/PE file
  PID:3444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2068,i,7594020042836376715,7675987071986143422,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2052 /prefetch:2
  2⤵
  PID:1612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2412,i,7594020042836376715,7675987071986143422,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2428 /prefetch:8
  2⤵
  PID:1012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3276,i,7594020042836376715,7675987071986143422,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:2964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3280,i,7594020042836376715,7675987071986143422,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:3964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3828,i,7594020042836376715,7675987071986143422,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3984 /prefetch:2
  2⤵
  PID:184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4772,i,7594020042836376715,7675987071986143422,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4760 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5388,i,7594020042836376715,7675987071986143422,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5416 /prefetch:8
  2⤵
  PID:2036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5492,i,7594020042836376715,7675987071986143422,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5500 /prefetch:8
  2⤵
  PID:1748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5448,i,7594020042836376715,7675987071986143422,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5572 /prefetch:8
  2⤵
  PID:1996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5764,i,7594020042836376715,7675987071986143422,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5772 /prefetch:8
  2⤵
  PID:4676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5576,i,7594020042836376715,7675987071986143422,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5452 /prefetch:8
  2⤵
  PID:3016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5552,i,7594020042836376715,7675987071986143422,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5776 /prefetch:8
  2⤵
  PID:756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5968,i,7594020042836376715,7675987071986143422,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3504,i,7594020042836376715,7675987071986143422,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3540 /prefetch:1
  2⤵
  PID:5080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3368,i,7594020042836376715,7675987071986143422,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:1596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5896,i,7594020042836376715,7675987071986143422,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:1676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5876,i,7594020042836376715,7675987071986143422,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3952 /prefetch:1
  2⤵
  PID:1736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=6096,i,7594020042836376715,7675987071986143422,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  PID:692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6184,i,7594020042836376715,7675987071986143422,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6176 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6356,i,7594020042836376715,7675987071986143422,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6328 /prefetch:1
  2⤵
  PID:3640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6168,i,7594020042836376715,7675987071986143422,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6544 /prefetch:1
  2⤵
  PID:3912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6948,i,7594020042836376715,7675987071986143422,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7192 /prefetch:1
  2⤵
  PID:1472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=6320,i,7594020042836376715,7675987071986143422,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:1020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5928,i,7594020042836376715,7675987071986143422,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6104 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=7444,i,7594020042836376715,7675987071986143422,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7476 /prefetch:1
  2⤵
  PID:628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=6124,i,7594020042836376715,7675987071986143422,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2492 /prefetch:1
  2⤵
  PID:1316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=6220,i,7594020042836376715,7675987071986143422,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7628 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6752,i,7594020042836376715,7675987071986143422,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7768 /prefetch:8
  2⤵
  PID:212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=7052,i,7594020042836376715,7675987071986143422,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7024 /prefetch:8
  2⤵
  PID:880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=7040,i,7594020042836376715,7675987071986143422,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6956 /prefetch:8
  2⤵
  PID:996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=7036,i,7594020042836376715,7675987071986143422,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7092 /prefetch:8
  2⤵
  PID:4044
- C:\Users\Admin\Downloads\CrystalDiskMark8_0_6.exe
  "C:\Users\Admin\Downloads\CrystalDiskMark8_0_6.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1996
- - C:\Users\Admin\AppData\Local\Temp\is-G2LFA.tmp\CrystalDiskMark8_0_6.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-G2LFA.tmp\CrystalDiskMark8_0_6.tmp" /SL5="$A0416,3177213,857600,C:\Users\Admin\Downloads\CrystalDiskMark8_0_6.exe"
    3⤵
    - Drops file in Program Files directory
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:3872
  - - C:\Program Files\CrystalDiskMark8\DiskMark64.exe
      "C:\Program Files\CrystalDiskMark8\DiskMark64.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5528
    - - C:\Program Files\CrystalDiskMark8\CdmResource\diskspd\diskspd64.exe
        
        "C:\Program Files\CrystalDiskMark8\CdmResource\diskspd\diskspd64.exe" -b1024K -o8 -t1 -W0 -S -w0 -ag -d5 -A5528 -L "C:\CrystalDiskMark0E5C56EC\CrystalDiskMark0E5C56EC.tmp"
        5⤵
        Executes dropped EXE
        
        PID:6204
    - - C:\Program Files\CrystalDiskMark8\CdmResource\diskspd\diskspd64.exe
        
        "C:\Program Files\CrystalDiskMark8\CdmResource\diskspd\diskspd64.exe" -b1024K -o8 -t1 -W0 -S -w0 -ag -d5 -A5528 -L "C:\CrystalDiskMark0E5C56EC\CrystalDiskMark0E5C56EC.tmp"
        5⤵
        Executes dropped EXE
        
        PID:6560
    - - C:\Program Files\CrystalDiskMark8\CdmResource\diskspd\diskspd64.exe
        
        "C:\Program Files\CrystalDiskMark8\CdmResource\diskspd\diskspd64.exe" -b1024K -o8 -t1 -W0 -S -w0 -ag -d5 -A5528 -L "C:\CrystalDiskMark0E5C56EC\CrystalDiskMark0E5C56EC.tmp"
        5⤵
        Executes dropped EXE
        
        PID:6188
    - - C:\Program Files\CrystalDiskMark8\CdmResource\diskspd\diskspd64.exe
        
        "C:\Program Files\CrystalDiskMark8\CdmResource\diskspd\diskspd64.exe" -b1024K -o8 -t1 -W0 -S -w0 -ag -d5 -A5528 -L "C:\CrystalDiskMark0E5C56EC\CrystalDiskMark0E5C56EC.tmp"
        5⤵
        Executes dropped EXE
        
        PID:6096
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://crystalmark.info/
      4⤵
      PID:5968
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument https://crystalmark.info/
        5⤵
        Enumerates system info in registry
        Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        
        PID:5988
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x244,0x248,0x24c,0x240,0x218,0x7ff9101ef208,0x7ff9101ef214,0x7ff9101ef220
        6⤵
        
        PID:6036
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1736,i,77020180916824907,2073538751482269312,262144 --variations-seed-version --mojo-platform-channel-handle=2140 /prefetch:3
        6⤵
        
        PID:2856
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2088,i,77020180916824907,2073538751482269312,262144 --variations-seed-version --mojo-platform-channel-handle=2084 /prefetch:2
        6⤵
        
        PID:5540
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2584,i,77020180916824907,2073538751482269312,262144 --variations-seed-version --mojo-platform-channel-handle=2708 /prefetch:8
        6⤵
        
        PID:5480
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3404,i,77020180916824907,2073538751482269312,262144 --variations-seed-version --mojo-platform-channel-handle=3456 /prefetch:1
        6⤵
        
        PID:5268
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3432,i,77020180916824907,2073538751482269312,262144 --variations-seed-version --mojo-platform-channel-handle=3472 /prefetch:1
        6⤵
        
        PID:5224
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4152,i,77020180916824907,2073538751482269312,262144 --variations-seed-version --mojo-platform-channel-handle=4204 /prefetch:1
        6⤵
        
        PID:5660
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4160,i,77020180916824907,2073538751482269312,262144 --variations-seed-version --mojo-platform-channel-handle=4220 /prefetch:2
        6⤵
        
        PID:5668
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3592,i,77020180916824907,2073538751482269312,262144 --variations-seed-version --mojo-platform-channel-handle=3616 /prefetch:8
        6⤵
        
        PID:5572
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5328,i,77020180916824907,2073538751482269312,262144 --variations-seed-version --mojo-platform-channel-handle=5336 /prefetch:8
        6⤵
        
        PID:6096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=6996,i,7594020042836376715,7675987071986143422,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6972 /prefetch:2
  2⤵
  PID:1940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=3244,i,7594020042836376715,7675987071986143422,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=8080 /prefetch:1
  2⤵
  PID:5680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=8176,i,7594020042836376715,7675987071986143422,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7172 /prefetch:1
  2⤵
  PID:1568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=7932,i,7594020042836376715,7675987071986143422,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=8444 /prefetch:1
  2⤵
  PID:5788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=8364,i,7594020042836376715,7675987071986143422,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6228 /prefetch:1
  2⤵
  PID:3716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=8608,i,7594020042836376715,7675987071986143422,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=8232 /prefetch:1
  2⤵
  PID:6836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=8648,i,7594020042836376715,7675987071986143422,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6964 /prefetch:1
  2⤵
  PID:6844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=8688,i,7594020042836376715,7675987071986143422,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=8284 /prefetch:1
  2⤵
  PID:6852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=8432,i,7594020042836376715,7675987071986143422,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7612 /prefetch:1
  2⤵
  PID:6864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=8724,i,7594020042836376715,7675987071986143422,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7708 /prefetch:1
  2⤵
  PID:6872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=8704,i,7594020042836376715,7675987071986143422,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=8280 /prefetch:1
  2⤵
  PID:6860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=7124,i,7594020042836376715,7675987071986143422,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=8160 /prefetch:1
  2⤵
  PID:6240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=9856,i,7594020042836376715,7675987071986143422,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=9412 /prefetch:1
  2⤵
  PID:6616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=7712,i,7594020042836376715,7675987071986143422,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7016 /prefetch:1
  2⤵
  PID:5444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --field-trial-handle=9976,i,7594020042836376715,7675987071986143422,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=10024 /prefetch:1
  2⤵
  PID:5396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --field-trial-handle=10148,i,7594020042836376715,7675987071986143422,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=10176 /prefetch:1
  2⤵
  PID:6104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --field-trial-handle=9092,i,7594020042836376715,7675987071986143422,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=9860 /prefetch:1
  2⤵
  PID:6508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --field-trial-handle=10036,i,7594020042836376715,7675987071986143422,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=10084 /prefetch:1
  2⤵
  PID:6712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --field-trial-handle=9416,i,7594020042836376715,7675987071986143422,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=1276 /prefetch:1
  2⤵
  PID:6384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --field-trial-handle=10068,i,7594020042836376715,7675987071986143422,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=9100 /prefetch:1
  2⤵
  PID:5732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --field-trial-handle=7788,i,7594020042836376715,7675987071986143422,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=8136 /prefetch:1
  2⤵
  PID:6200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --field-trial-handle=8160,i,7594020042836376715,7675987071986143422,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=9552 /prefetch:1
  2⤵
  PID:6160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --field-trial-handle=7008,i,7594020042836376715,7675987071986143422,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=9640 /prefetch:1
  2⤵
  PID:6184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --field-trial-handle=9668,i,7594020042836376715,7675987071986143422,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=9792 /prefetch:1
  2⤵
  PID:5432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --field-trial-handle=10296,i,7594020042836376715,7675987071986143422,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=10304 /prefetch:1
  2⤵
  PID:6704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --field-trial-handle=10324,i,7594020042836376715,7675987071986143422,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=10432 /prefetch:1
  2⤵
  PID:6716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --field-trial-handle=10456,i,7594020042836376715,7675987071986143422,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=10484 /prefetch:1
  2⤵
  PID:6724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --field-trial-handle=10600,i,7594020042836376715,7675987071986143422,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=10632 /prefetch:1
  2⤵
  PID:540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --field-trial-handle=9644,i,7594020042836376715,7675987071986143422,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=10748 /prefetch:1
  2⤵
  PID:3888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --field-trial-handle=10980,i,7594020042836376715,7675987071986143422,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=11124 /prefetch:1
  2⤵
  PID:6872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --field-trial-handle=10992,i,7594020042836376715,7675987071986143422,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=11172 /prefetch:1
  2⤵
  PID:6232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --field-trial-handle=11024,i,7594020042836376715,7675987071986143422,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=11192 /prefetch:1
  2⤵
  PID:5844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --field-trial-handle=10604,i,7594020042836376715,7675987071986143422,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=11560 /prefetch:1
  2⤵
  PID:5144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=8088,i,7594020042836376715,7675987071986143422,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=8072 /prefetch:8
  2⤵
  PID:5360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --field-trial-handle=11252,i,7594020042836376715,7675987071986143422,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=10956 /prefetch:1
  2⤵
  PID:6240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --field-trial-handle=10856,i,7594020042836376715,7675987071986143422,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=10644 /prefetch:1
  2⤵
  PID:6496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --field-trial-handle=9876,i,7594020042836376715,7675987071986143422,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=11480 /prefetch:1
  2⤵
  PID:3696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --field-trial-handle=10548,i,7594020042836376715,7675987071986143422,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=10928 /prefetch:1
  2⤵
  PID:5960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --field-trial-handle=9632,i,7594020042836376715,7675987071986143422,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=9468 /prefetch:1
  2⤵
  PID:5412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --field-trial-handle=11244,i,7594020042836376715,7675987071986143422,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=9936 /prefetch:1
  2⤵
  PID:6756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --field-trial-handle=7044,i,7594020042836376715,7675987071986143422,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7068 /prefetch:1
  2⤵
  PID:5320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --field-trial-handle=8016,i,7594020042836376715,7675987071986143422,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7176 /prefetch:1
  2⤵
  PID:6704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --field-trial-handle=8220,i,7594020042836376715,7675987071986143422,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=8000 /prefetch:1
  2⤵
  PID:6140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --field-trial-handle=11828,i,7594020042836376715,7675987071986143422,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=8032 /prefetch:1
  2⤵
  PID:6376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=11272,i,7594020042836376715,7675987071986143422,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=9388 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=10076,i,7594020042836376715,7675987071986143422,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=8236 /prefetch:8
  2⤵
  PID:692
- C:\Users\Admin\Downloads\CrystalDiskInfo9_6_3.exe
  "C:\Users\Admin\Downloads\CrystalDiskInfo9_6_3.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:668
- - C:\Users\Admin\AppData\Local\Temp\is-FN720.tmp\CrystalDiskInfo9_6_3.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-FN720.tmp\CrystalDiskInfo9_6_3.tmp" /SL5="$E0444,4836973,857600,C:\Users\Admin\Downloads\CrystalDiskInfo9_6_3.exe"
    3⤵
    - Drops file in Program Files directory
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:372
  - - C:\Program Files\CrystalDiskInfo\DiskInfo64.exe
      "C:\Program Files\CrystalDiskInfo\DiskInfo64.exe"
      4⤵
      Enumerates connected drives
      Writes to the Master Boot Record (MBR)
      Drops file in Program Files directory
      Executes dropped EXE
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious use of SetWindowsHookEx
      PID:5696

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:3824

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4600

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:5508

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\CrystalDiskInfo\CdiResource\themes\Simplicity\is-1UING.tmp

Filesize
923B

MD5
dce02b9a45fba2a70042c8c1e03d9b94

SHA1
978e46984c3122ca2ecc5392b6b6f877dbe178b3

SHA256
0b0106761cac0e726c84c5883c989fae0e33c9ec90f3951e9a16e0e6128c183f

SHA512
476d6d814e6d5402d33748469d4cc86acb41aa79b9e4ce851c1531fb6706b9adcf1386b44cb293c8abb0b11768fb004ba89814a0caaab4579538d35edfa3060f

Download Submit
C:\Program Files\CrystalDiskInfo\CdiResource\themes\Simplicity\is-DPVT0.tmp

Filesize
1KB

MD5
e8799e2989a9ec24ea55195adf9d2e89

SHA1
3ba12b043c5d27b56b9691271d53d037dbe0f410

SHA256
3ff066b7b8d75fa423837c5880f45727b86e1f2366852c399d672c3dcf6a80ae

SHA512
05b854ac0c5faef1f255e2d24c1923c40019f1eef8d4a77215469ecba004720e6f781f84a872e790a9163799be6cd7cec088e04200e15aed5b7ada174b2436b7

Download Submit
C:\Program Files\CrystalDiskInfo\CdiResource\themes\Simplicity\is-KSSP5.tmp

Filesize
1KB

MD5
cd53ebbeedfcdbe04ac94f0323440d83

SHA1
2249087471df17ab704b9e24c620a7d7f9e406d9

SHA256
16e367b75d0cb12efeb05cf23e696c06941e319509302bd99942b06d8daa4cb6

SHA512
07bbf2cfff944579a68dc337ecf7ededebd408ba7849f58e4de6215656f94f04d6af3b197c00b147092cb018dfaf196b1fbdd384360319fb1367fc55c77e2ee6

Download Submit
C:\Program Files\CrystalDiskInfo\CdiResource\themes\Simplicity\is-M3BA0.tmp

Filesize
1KB

MD5
f8b559a259cfe0f8eb39d1596f371767

SHA1
fdb89b6a1f08f7d8e83fd862403da71e110f737f

SHA256
c964d3efbe51d9c9ceb113d6eee196e1fd19938cadd733011c24b91d093f16de

SHA512
d8ab05bfac764187049cc0ca3c7a5e7112e5bd685b083d01fee6ea1939b8ff53c1a316e549f3a4c2a1e011fea101155fe36109c875593884972dbb0fbbef171a

Download Submit
C:\Program Files\CrystalDiskInfo\CdiResource\themes\Simplicity\is-QU598.tmp

Filesize
1KB

MD5
8d1ad40d84930c904a3c46a2e876110e

SHA1
b49b07507ded62c5be9db303de3c0ac129eeb89c

SHA256
d7ad392146e0be9b808bf4568cf9e10d8f6c20c2055aee1f26763118fd6d422a

SHA512
d8f63bacd180132d4d63a9ef40fea46c0b2a712ccfca9b05814ebecd300e31e2f55a72dec9a7fe18c150866a0abf0eb88aceed5ff6c856895dfc2ed0cd052137

Download Submit
C:\Program Files\CrystalDiskInfo\DiskInfo.ini

Filesize
56B

MD5
639b21ec594fd6ec5802c828dd4ff54a

SHA1
74ce0add6ab4393ec10564121e3e11927f845cf6

SHA256
14d1c79e51df74708de3a6868d6fdd3dd30a33867051a7c60f0746ffc977003a

SHA512
89e36f93a2afec70873e4a6735db00cfbf01715888bab35cc7feab68e5a353495b2269f47b6cb2f4ecfd2faedc66367c1bbb157757a6dea0f91f93c0b99522d1

Download Submit
C:\Program Files\CrystalDiskInfo\DiskInfo.ini

Filesize
171B

MD5
238f8a029d60d866a56a340a4fbf9c60

SHA1
437169c97cf23754c06136c51e2cdc395a1fdfd4

SHA256
1eb78521e4f6f03a1fd5908a7ec5d02a724b978fab197d243a8c5d210b9f5189

SHA512
9710e5a5e59b6a363c7df08968d1774602b3e648e224b53fa93f1482b72c09c11e2d222e00fd60da8ed3f933ee696f07cd27b0d2248e393634e6d6b5bd98262b

Download Submit
C:\Program Files\CrystalDiskInfo\DiskInfo.ini

Filesize
187B

MD5
ccb43ccfe24c3805fcc77132febb7736

SHA1
998affd7cb6e266af3ffee5a83ea76a09d03f4de

SHA256
aa2d5d7ab4e2354f3bd40b3762d1d0dc6b519af3c294c8fd1caadf7cee9cf5bc

SHA512
59f2b130a6ac55868fb961a31b27a101b36cc596c5027876187910082214a1d9192b870f8fdbd68163a3f7250bf34cbd8787fd53afb52ecac9f981afa695a0eb

Download Submit
C:\Program Files\CrystalDiskInfo\DiskInfo.ini

Filesize
456B

MD5
76a5871472e079734bf1398b2e01515f

SHA1
77f17e525a5b9c4526ea1a620ecb05a02d2d87f3

SHA256
cbfdb7ac2775c1096fd3d2ef03f4a630a5e385f89818df6671429e689f4b64f6

SHA512
85b143b13dd2f7ae9c86c3785c5ac3687e0ba01b9ce9245838032e54d9b09538424af0950a6299c7ed3b8503d844129179dccafd8e14845d5655cad69cdcd356

Download Submit
C:\Program Files\CrystalDiskInfo\DiskInfo.ini

Filesize
474B

MD5
15ed1767df34b13ad7ad32c824e76d8f

SHA1
fc55cc63cbd39341cc85135354f49c199acc76b5

SHA256
8662283250b5893b87de44c289c5597977b682392ba905f7f4534715199ffb74

SHA512
e8b6d4b01e860d5b568b569530d5847775b5e2d12a2d1cad1dbe385fee43476d5cc278e09c1ab7789ab51ed035b95fff0fe160929ffb85cbf703d75e796c7057

Download Submit
C:\Program Files\CrystalDiskInfo\DiskInfo64.exe

Filesize
2.7MB

MD5
7cfdfaf2dab57f03362a68fbc20a469d

SHA1
d5905f9611473ff91fb0c0abb4eeffa05815a602

SHA256
07b93364756ad9d6a5bae1cc8d342a8fea3b0c6c70dc4f1738267b54b15c8970

SHA512
4a066fabdb5ca2bedb8fb7e86fc49c0fdfa4aa87b231ef50764437243e56f898a8c837d9e4c21687b82b90886d56849e86e6c145b450abc2acf14164c8720562

Download Submit
C:\Program Files\CrystalDiskInfo\Smart\WDC WDS100T2B0A232138804165\09.csv

Filesize
25B

MD5
a5cc4594bd4b17e1d5339009fdbc5e93

SHA1
519a92226184d79be587bebfbf9ef0e2d15b2869

SHA256
46e95eea801d76561c678638fba331ec02638ff204f446777362c37545c28f1a

SHA512
e8a6db5d363a442c7a1427ca5bc0009a67e923000c664d8006b94ac2624f512c77cabe8c6fd7ebc0603ec8e296cf33bb7b17ddf705943c959a66fa9eeeb3cdbe

Download Submit
C:\Program Files\CrystalDiskInfo\Smart\WDC WDS100T2B0A232138804165\Smart.ini

Filesize
557B

MD5
a328db9e711968574d515f2baebd3014

SHA1
e178a1e7cf8d0347a4fa46a9f565e22097a76430

SHA256
3004145e6599a3d87d8130964cec8a839bf1da36b5ead536f56ecbd73baf276e

SHA512
54035e7b9356d755efa619a9eb1994f077bc4638ba488cd20602e1c30af7b1966bc202aa52f5b0b077c373d5f4c4e95b389d5c32a8461f8e376f07bb8f6f22a5

Download Submit
C:\Program Files\CrystalDiskMark8\DiskMark64.exe

Filesize
866KB

MD5
1fa1f9e12ea9df2dd512c9200ded6569

SHA1
10e2fba226b80e550ae844015415f528a1c9d8f1

SHA256
4a3aa9ed859e5b98ef0582a99f564c467d1e9b1a50c957cad9b5218b1e36d8a7

SHA512
59735210335c0a917142fcf71e01a38a5db503b44ef3efac8d73f8ae5cf62b3ec7a2785ecd5ef2e6efea655fc9a56dbc0bbd48bc551ec8bb0fd7190ee495ee24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
4a73d5193b5b9cb06e435b2716e488cf

SHA1
c151dd0d675f95657930827b1fae01e9e6bdb192

SHA256
512e400c750b887f6be0533926d792b568f669ffca8b5a24022965c1817a747e

SHA512
81b716889aba8773a6cde7fb7bb3df49533f82d7922c9cd5d28cdce6d1b9ca4f9af07b3905335730d47d709dc0027166a9af502f938e2571a2a5e9e8794f877c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
29KB

MD5
b86c5440405fd643e40d60ebcc415dcf

SHA1
72125461c02a765f0b843b65fe42662134531ac0

SHA256
da169610bb74a50c731945d339b5c21c529db620eb16482c97ede5190a367fbc

SHA512
b53229c2bd43d688ca88119cbb9104109d956edfd5e059770d8e6c138b2e104fa3f4a051dceb72dc9389b46b9a0ff96e16db52210c096990a4e05afa8a2c2a1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
27KB

MD5
b07d20390b738d63142eec5b71ecb57b

SHA1
c198f2b522bc07d0cafb284758b794fc63cd1e03

SHA256
9d8aa93698d094040148a5c2610445ea21db8c8570ca661fe3e2fc3f099d9b76

SHA512
98b895afd2739b1f5dfcb9e443feb8b3a18835ebf4c194f8cbbe15aa94110a40fbcc8726cb82eb5618744e34939ac919fee6ecd5739195bfa980dcaefffa9e56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
52KB

MD5
26fd53c61d3acce797887579deaff31e

SHA1
95e319ed30d1f1774462a1503468f8eb3ef03b4f

SHA256
cec3e6f7f6b594a58adc42083b1c5a610c4d4e7426eb4ec14cfaa4b0be29a27b

SHA512
3b6970feb936100bd850350e6b08c8aa3c74ac2330cbc11a77c63e293c5f7015812275321331601cd44c6b59e21f588dce648d70eef2b4c25a7f7532928ca569

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
91KB

MD5
df9065b831922fc96d3a73913010ca6c

SHA1
acaaea8e4245ac6660240ddf662e3c782008aea3

SHA256
2bf1ffab5df7d556bc5e963338a261cc4cefaaab9955549902be06e8a7918aa7

SHA512
a04aed9c5551c68279f0722c0541a8c889167c4979c646e4572b75ac5c676bd6c2db446ab9e63ad371f689ffa6db4f459858632e7ec5993169e1a5bace62c1b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
110KB

MD5
44e8f96a12d1d900cceafdbe2f1a0dc4

SHA1
1c2b21b9173ed142f5609fd310b434661f9ee0a1

SHA256
13e0bae5abd2697827f32b9554021d872bf06365f236fc2255eb2f46c62a1824

SHA512
93553e10a86a3837c6640dfd92104339d7034d4787c53446659bd5967fec00541e3467001052172bc1b34ed058639aff955ea455f3868e46088880083575dc06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
144KB

MD5
e116777c20ba71f1c0641caa94a38961

SHA1
990434c82476cc1328984b28659a6627ffcd7b94

SHA256
4bfbc45a1e128525440ce1fdd2f78c8a592a21b494d23ba5533a4dd58998501c

SHA512
2c5ef85df857c06df603ade38b6d3694a774c8c4acf66a68ade5b2966fd7ef553ce7b1af972b85a35044129549fc8768bb0ef40d3d044c4ece601323e154f8c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
53KB

MD5
9383161b0aea6a5c8ded302dc032154c

SHA1
26e5c44ad8e774cf8a99aadf1c9920aadf4bd7c8

SHA256
64a32e78c647acd4e2e001390aee9e1f50c08c6c52f4734efa4b02a0882c1363

SHA512
97ee9ab478d66536c129aeb1afc31c6eb8ca220dcc140c47489112d9a2d97c617dfe9cb54bdc54f9dc85d87aabca6b0f6feeac6dcafb12abf3f1c58b94fe1fb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
41KB

MD5
c6b0207050d74eb447897ef0d2c8bb7e

SHA1
6f499b18b34e9a899f24ebc6f0e14f9e10321839

SHA256
9fa03ba7b4b4fe313d4b6d529712ead01a33324e92c5939a22f4c85923c537e0

SHA512
7b33c4516a7b073b5670c348f3dfa16868d17f124269e7a2901151f1a2f05ccbff3a548133f7db0a37a7d6e3bf511fe1f234c5e97143a3ec341496f5f1786d6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
24KB

MD5
5366c57b20a86f1956780da5e26aac90

SHA1
927dca34817d3c42d9647a846854dad3cbcdb533

SHA256
f254eb93b015455a3c89aaf970631bc989fe2bd387f79e871b514992359651aa

SHA512
15d7127970436f2510344600f3acecc19c39a05f8e82c8a7950095386382b2e2da55883a5a9faa97b84452e67315b9ac1693b6592274c8c1c35c813dfeb543a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
24KB

MD5
344ee6eaad74df6b72dec90b1b888aab

SHA1
490e2d92c7f8f3934c14e6c467d8409194bb2c9a

SHA256
a3cf4861c7d0c966f0ed6564f6aad6b28cbd3421a9ca4f60e2246848d249f196

SHA512
2a9a9162d610376512a8fae2cf9eb7e5146cc44c8ebde7a12e9a3985da1718c62ae517c25b00de7c0269efab61b4850a0becfbf04382a25730dbe9cf59825a62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
72KB

MD5
4d129a39cb6e31a3a49417f731eb6246

SHA1
5ffc21a2df889d4e821567c5184a28211be6381d

SHA256
95df9795468f417ad19eac22a96052086b42716f160238a71fb2057bc0ed451c

SHA512
a9337946ab3c8d18b56be5ecbaf1425e2c386e293da3532a4cd42f0349e9a1b49309b7c3cf050cc89c140a34c4c04a7b5e030087e13c4c4441279782c13f7025

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
111KB

MD5
c00a1feeef13acff3a6e7a88101f6ab7

SHA1
fd973a51c309a20efb4871add625dcb87699b4bb

SHA256
e74ee67f30174ad3f3ea5f87c76d297393745a97c673e4b55b8a00b4045ef369

SHA512
30dd61b39af0142cc22d51a202a1676171710b9840af40b15cc1010f09f6004702fd2efe9cd1fcc60d39a9d2faea02123d64e910836d056d6ee3b6996a013740

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

Filesize
92KB

MD5
fde9749618b9af1253fcca25447b2157

SHA1
3e428ef8a8a292b51d7f50483a6e1ddb89256a8a

SHA256
11b37b434088342eca52d54cd2d72ca5587ad013c35e62a03f48c0fe10117545

SHA512
5485516fddfec1d807ba8f19faefadf6787a605ad509685a3252404b1b6d69d51156c81f132ea6d67008b75d5419c93d24d8a9baf536165324834dba4f3e310f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

Filesize
101KB

MD5
e5d1cae3de34a0234ef8b32561b24ca0

SHA1
5acb6671874f6b1dc2fe8460d5a390bfa72e3e2e

SHA256
ae563bdec85cda8d467dade4b99b19d4d5402a1118ab622f0912e9b6684ab6f2

SHA512
1ee0d053b11ebc64b0fff970d0318d4c66020964f8b3c01d2784c561029cf76189905597dd0845819fccd2198809a1322448805d0b1ae3feb4775ec462a2d584

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

Filesize
34KB

MD5
f297bc9b0756bbffe543be4c87063d2d

SHA1
85112c03b7ad3bda2f29231b7cfda063922c0f3b

SHA256
876b1500511e63f8211a4291301c18ed6a39a29461352a3c0c71a62e1b4a3fec

SHA512
6f2cbde67a5281e84778fe306138d05a96cf5250241b1e1ad55080009f9974c42db2af03f0f93632d40425964d1999a716e00534568cf881d08befa3ebae30a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

Filesize
17KB

MD5
dda0c2b2a76df0eeaa14467d0aa9abf7

SHA1
91544220cdb810c2533fa02411667d7b9b5903bf

SHA256
974576e81826596f65799851143b618b4972be002738d486e1e4a1e5e8dee3bc

SHA512
6c3b12a45349cf89e3a537f7fbb2891d2c4a5970cb658e2707fcbd277c46134db32b3e21169cd4b825e6e16cc51a4c9c0197154ddbc0bf8726c13de560d0da82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

Filesize
34KB

MD5
ab065e8dd803c64a3a0182fd2408ae56

SHA1
827abe511fd397ce66ff508e2b12d8eba432f987

SHA256
05cb91450ddbf1f38651d9fadcc9a6e4e643164ab61b7e60d3b4f572de6b60f6

SHA512
3fdfac8b2c135881eed064b2c553fa4414011429dd2b1098a3d9aa3a6513445c3d3007a77cd2387f07b6e60f3a2042acd9f51d5c78c29a11b24a6108f30f58ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

Filesize
17KB

MD5
6895b30fd94bd7cc5d3c618e793463a7

SHA1
f6be1f52c71ec4c063f125a7fd9e957d98cbb2ff

SHA256
2529f54e50ceba464bb1bec31bd363cf9713ad08db614b8acbc8b187378ddf73

SHA512
da970adfadb97210c587a257f3326103f37a4717cbb3f1115c8bae8326899538f698f5a9d803f7cfe79a2e7cd017617b3b5674b1139c53f480e5fecf866933eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028

Filesize
16KB

MD5
74ca1a3f286d5c701a52a499255fb80d

SHA1
dfbb0c0046fc269ff9525412e03493f2898c20f9

SHA256
a579230f6467a4a704cfa0d6a1edcb7f0be7b1b68a0dd485e9e4303e2cef435c

SHA512
32bf6d0f395e3b97b6490c62e5c4fca3fad90808af82fef9e1aa685acb1d3ee622d66a98240a3693c86ee550fac55d065a1c04e3a6d722ca995622c0070cdde9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a

Filesize
16KB

MD5
e411013ba7d6ccbd27371a812ca7ea86

SHA1
34c69a523b4eed2b70e5a62fbd27090c46720ed0

SHA256
52b2a42be77cd0e6317035f459f6920e99c3f4e3aa418d278c2a1621202de77f

SHA512
50194dff8cec6f65506d2019d5680c539683ed5eaa7fad12ed278664400b8659fe13a41bde15d8b22286b2e235fbdd0125c468d52109fe32dabb4463f71d5599

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002b

Filesize
60KB

MD5
c9e86cac4a773d2d99597fef4455b3e5

SHA1
6ed22537dc85c796659baf829c0fda80cf9608b8

SHA256
9ff2ebd204489666d2cc02d75b5a747480d7248dc72af4ed3c51fa9c37ff383a

SHA512
3de9ae411ba1c83d913bef4bcb772b97b8d0c9cd48189f07df1bb3992fe1aaaa6c77e2446c1b5f98cf2e19ca3c00095cf1c404faae296af59cc3edcec7b56a67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002c

Filesize
33KB

MD5
0d314f4cf0fd655a32a868b968543b1c

SHA1
ff7480144e386b5cba5258f448e22edb0a5dc528

SHA256
b1ecf075baf69e56940fb47c9aa7621fecc37c9124788e82e57082c7c2a4a70d

SHA512
55afa0b031e5be85e3cd1503615566e85216d12aa37a30e2af3673af47c6b254bf8095d30c00a0e509ac33bf313afdca294a0aa533502a1fb437f727bc141d14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002d

Filesize
18KB

MD5
4327b3a91e9a7aa258b800b3d4f88f62

SHA1
90b0390bed0fc76791bab3da58c34a64f7bc7bf7

SHA256
c31752e1b58c7a5245d3645ebadaf6d535a33d12895e08f77495e0ddbe53f2c8

SHA512
0b60483f3c8059a7f0f35df6575f13fb39af27f08da2e251a3ad31e66a0bed9e101ebc8a9071caf105af2b880a18fedffa5eb43338e2b67b810bcdf0a184441f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002e

Filesize
122KB

MD5
72181db8ad503549bd0258cf76c44e88

SHA1
64b44226d6b84c0db05b0b1eb3e5d2956be61121

SHA256
8de76b201b0c75deb1b6b357b3c9fb100dfcbfc63bc4891a7583172cb3935265

SHA512
2b3aa1df271368b4e50fc85983e861a3e192fab719f3c0b5a9b4a84c4632e4b3b292f97fcc66b743b424a00a1fca8167c1f56e053c3f8869a4bc1a3103f45fe7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002f

Filesize
125KB

MD5
163b896bd16ea00f27935712e48ae51d

SHA1
3d64d993b18f3f24b0aeada2e442fca834dfffcf

SHA256
c93c4246ccf870ea6ceeccbf2ff103f2756be6a751a4eb57117893c01ee8aa8a

SHA512
3520422a4c5a4a4adb4186ff1757f293652c6ed355ed3f3aaabc36d5af0ed64994a32bac396ecfa074ff078e41d9784b00b1f96b912f0f7e0c64c649d37763c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000030

Filesize
51KB

MD5
63a1141e6254336a7650630ba641a43c

SHA1
68fd1b34375eec34a924c15f76d7ad15a68b35ef

SHA256
28b76611a25602a12730d9b9a2556b6f1d5ca4154a8afe605f140ec3d33da914

SHA512
6279c20972f5578649e6925591d042c9cc03a01a3b0c5d3c9ffc8f5ac9c4d077f4461afeb5b72a237b4aca6572fe870188ba224c6dd4cf2b721bf0a9c533ec8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000031

Filesize
29KB

MD5
efee155916cd04d9848dc74bdd1d7931

SHA1
731e55bf3a8127c367ce2ed9a6ff7211c3773959

SHA256
64443b992ef1e7290620a413075becde80cc43d718d9a1039c2e3830219062e0

SHA512
8d4e9570e0223fcd97f53bbdc274edb4280fedeccf6abb3f4f05324adf98c848751e51de66712f43a8da70407653b2344c2e976a26738b536e6b81e5c2dd4b80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000032

Filesize
63KB

MD5
34d5015941e4901485c7974667b85162

SHA1
cf032e42cf197dcc3022001a0bde9d74eb11ac15

SHA256
5c166a5d40aeefd0679a14f95e47ff28824e66abba82adfa30be41803cc25632

SHA512
42cef1d6847f535a6e8afc0469b9f5ef79ce4ab21512ac7eeda8ef9667d5f24bb33b30aba9a29824b3d853d41d4addf6bdee2042cf4fbd0a033b61657c671f0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000033

Filesize
165KB

MD5
b420332e4edf3e1919372b9853b51880

SHA1
39dc8efb6d79aa97c8adc5526462b85194e6d72e

SHA256
13b8509167d08ab49df0c20004314a2959d8d37453d81247ffa539a5b523fbdc

SHA512
32e765690dc8767255bd78a98b607fd1783796d80e9647004ee4cafe52b227ced778414337ce0780a980c61ac5595afc03a01e74b97b2366dcd3ec4346d3a57a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000034

Filesize
23KB

MD5
2ba871fdffd1ef555ac035cf9cd61427

SHA1
6c96fa7b4c995a128e12c4e740a0a811b7322db8

SHA256
55907923082f19bf814ee763902562837eaf18514d24c68642b9f8df4435ffa4

SHA512
f5b6348209e39c574cb48e6c2eb986f8fb2e1cc948fde722d566f727a25f6da649b81592d185304a4b88a28c1a1076b60303788f50edf9989eb079b34b3ab887

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000035

Filesize
28KB

MD5
e92402540216e30704b8f6cb82c666e6

SHA1
62cd8f3d834dd1d079b6bd39fcd39050869519b7

SHA256
28c2d7dd95fa77e4c55661acbae4c094ed26a4383e733c397c87405a1eb07022

SHA512
b17a727c189ca861a9b079a733e94d6858b0f1daa079252dcae1cfee2a1c99fadc63998f196d626167892cde36b57a32836b4efca30022298f314a573b6a11e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000037

Filesize
67KB

MD5
60a30ef624fad5be472ee5d1acd1b2ab

SHA1
5dbb87bbc2e8a6143308e7928536ae778610794a

SHA256
d0ec8a13c2eb6a38d628cd7adaed308116164ceee003f816889b4db1735bfccf

SHA512
315e3ea4d4c6ccf6c14fc509933b01cb77c964b608cb95ce2ee8c331011adaf618e41cf4b8c499c4f6c9e137b88a34caaa7aaa44a69fdabed84df550e178d60a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003d

Filesize
158KB

MD5
83266658f29f5cb762001d5d9f6985a7

SHA1
9ff52157193e1e798944e6a3172d938183f5e550

SHA256
60072b4eb6fc5f1f1214a34fcd55b3cbd1d05eddf778f85611f9b352c4c6452d

SHA512
60b2a8749bb597b71c6cb7113c4ea6c430ab90c6f6a5f78a36ab5fbd2676fbc173ade236be939e862569c786fbdc8e0aa984f1ae4263e91de2ba681cc8ce5d66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003e

Filesize
16KB

MD5
9c6b5ce6b3452e98573e6409c34dd73c

SHA1
de607fadef62e36945a409a838eb8fc36d819b42

SHA256
cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc

SHA512
4cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004b

Filesize
73KB

MD5
70643e8a9fe656bcef175ba5c75c17f4

SHA1
df94212d33cf4419bd19dba3e4bed4d9188a2eab

SHA256
a18e3bf4fc9a03fdf8cdf68e08fabcc653c5c2020e9868a4aa91b7814df5ed69

SHA512
9bc30303b0495a3e522658a7af082630c616bdd16df5d004fc279efbf457693133fe829b4e2e50d5e14e4c3bdc4aec5d5b1d6f845dae85e420182ee4017ee6cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004c

Filesize
26KB

MD5
cb9730521646fef01a3a198ece746240

SHA1
245b35fade029a8b7d6c732dfc79d38103fb0352

SHA256
c0efb52a8618a35eca8aeba777fabacce01992addaca8e89cf240f1f04c3cd71

SHA512
e144e66230ac5d72c986e979a19e0bda6b3d6ad6cce29b8ea26cb4908e650057e436513426f85dca1474379d96e2464893a5e79a505549d7ea6e0c73b65c02e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004d

Filesize
102KB

MD5
4e3b6af6455d4d44be1c63a654bc5079

SHA1
ae1a035747a25df844cc71ac860a9f5ce7251a23

SHA256
384976c29cbd3f199acb925161865e81fc50cc9cd8248546af5014ad9e59c4d6

SHA512
ce82325dc69ea00e02681ea1d1bd1364e1cf64b23f87faef6bf63169c8b26ef79042ab16e2390a8eb21093da4b0c59eb42b05ac782c2d503f4af493e86bbd076

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000050

Filesize
20KB

MD5
7c6f5fefe62c49df01173bcb7dfc91dd

SHA1
ede6f3876a05d575340ab13c393b64ffdfd25dcf

SHA256
9dd2b71ffe36ca9e3160a7446685022c63265f3e1a8fdf9364fb14e9dcc8a449

SHA512
2b57797297e2f50b4f46162b80f0d21abedb39450c591b3980149b609ec285e1425c44890d4c38fc843a3d6451c2685c091fac31b0cac93605bcfbf685b9b114

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000078

Filesize
24KB

MD5
305c6f0e99d859c6d4b3e2c947e5a801

SHA1
c0c06720a96466a1230e85b3b5998fa27ec5696d

SHA256
b66956f60aa2dfe84b5e15dc2b317f2fc689804dbd7783b1ef8fb88c2be5b039

SHA512
f41f0274aa893b9ce9d3ecdc6c6f3d5b7092acd38f529027962f5368f3fb911241dba8e3ffbb2b38a97d667393820a87c6a77907f0d05310c2f1a732e348d9c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
0a9781e2614e2b069e359db32a079d3f

SHA1
90fe858da43e802d86a3ec3ddffb2071288fedc6

SHA256
cdcb4b7a1027a6d286ed0ea9afc201ab248b67e2bbf76a388d38cbe2dc6abc5e

SHA512
77b679fbca884434dd2c0e5dece89b73c9c4e2956407a2c3058b86a051a99a1b97eabf753f86a667856852761d6d6122d64419d9cbc0e2f1b7c6aefc81018dc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.90.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
43KB

MD5
1309260c94369c9e0c6f7babba7e9bac

SHA1
113fb661519c0974ba2cc4ac06b3a17ee9fe116d

SHA256
6f7409fe62efc9b81fe73996023d05c5bd6319ac68040d7122a6adb13b9fdc97

SHA512
59e1361250e47f500faa10c16a1be497b3ac929c84c90acd0ba8183b4e2737fc8535d83018040fa237d6341d23339a84c3f2bbe82d1c004681faa1c0fb4063f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
34KB

MD5
b786af19d81d761445fceb8d1c7c0080

SHA1
593be4cea168946617f47abe93caa1558f3edeb0

SHA256
f54af77f914a9c9c0cca698ad5398c85b074a2b8427fe55e25c1681e22144578

SHA512
d05c77132132434ad272cd89139c0e89a78c3c298d97de679a64fe85d5574b560ba6a751919b95e2b1822b426cab74c7a67ae731ed8837cc5b41b5161f1a6a23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
8c9aea15768f2dc78cb77dbb61a55d51

SHA1
c9b097d40949f52b903221f11272908ff8354a22

SHA256
7bdc6d137e39d4bb2542c1f8a462876b4db7431aedae2aac0c7162ab89f8563b

SHA512
01aa0512d2e44924fef8885dac35ee954379e5c56453b88fef7529b5e63a2da2159bef3a918258488aea729f47e62de7d9a0c70af98c030b5b9738731cc2a576

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
bca5c018341df54f65b03814c44830f9

SHA1
0e9c9a40b4c427bc8a9c560cdbb6056c57618175

SHA256
0f4e695d89868ff851e7a2c66cb0433506f17a1c240f901445fad276c50668a5

SHA512
7557fef6412a320f8bef23e8b537b81b9ad2113431aa4e2d13ecdea7d4d41683ad3c18d94af5b8bcd1a663064f35ce2392b508cc63b7b63cf486e790de62ffd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
a27470bf0acfc78df4333bf75a53a09e

SHA1
11089032028002220837957bb6f3c0aaf3ff1acb

SHA256
75858c8672be5716d4d11e3902b1b1cced7b44170c8bf8e53646870f129a9b83

SHA512
bf444c720452bfa42a7faccb67ab675ffa1fc43e6871758cf6f7d366bfd7555610b1dfc01cf0218c29ef69e66d7664d2b71cc63bdf0c7abd5ab4ad665035b818

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
681c3e0b1bd7fc2ae16c74ffa87e6953

SHA1
d3045ebeb0221b69d816e125c39d12c758693ea6

SHA256
230826770bea38c927c1f8d1a3b83a722477e160acdcad2397f6a06c6bbe6581

SHA512
85160327ce0f02e3db45a0bc8e63c58f33536418769980300394ea1b032af7ae4f38552c85c265ec7e33e30f3ef4a740b403a34533dba4c7b8d7f636debc5c82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
3df94f57efabd973aedd9d60a91892db

SHA1
1fbae416f8d8653955ce5a7dfa0af8716269256f

SHA256
08d18b1381704694dad907c77f6bd422bda630e8ead988cd08c8dc80b119cc1b

SHA512
ab6e26261196d16f3cfeb285ac13842d2dfe515fb92c61372e9cf5d46efb4038f67fa5e8f213bd9415ec7b4acbca39077f7c77baac9ce7dbea945375551b822d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
40e8415cf22e71a7c00979d164e639de

SHA1
a00444d84aade4f722592f490fcaf4548dc70d4c

SHA256
045b0a61beb6b6ca5586203c2c3e0498196ee3432c841a1b547d9b04fa6b0a00

SHA512
a55d9e63f2506bdc1136598da7e3fbe370f7c67ff9417de96a7565c0e3def66424604f5f6f50a6f8ed3db75f1fcbc51e0865669a488ce3658f367909754a7e5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
befd64b623a5db9fe65dc3280c1fb3f4

SHA1
ab2d31cdc8b875de781dcfee9d01efa48a58bad9

SHA256
f37baec13526d9ad45a7db72b163ce55d40b532ffa422fcebcf01257e5e5f7d6

SHA512
c6554babbb0e4d1c770383b6f7c3f461c23c45e31c5fbf3937cf49f7e68ec83848d0cf66673163c1bf4386d47e84859742759ec0efdef5e3616ff4d561d9de5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
cbc5e292cc8dfc13da7988374c7be467

SHA1
a822c63e2f021b0469f7526e07d8cf5deb26d2a8

SHA256
4dd3e0b8df31f6f1ad09267dbe5e84b8df63dd1ca1f75c8437e0a80fc0ecdc5b

SHA512
1b3924c1b3c366e70b5d4bc3ef7ea897e923b51fd7a348d0a354f7f0594cd10f2cebc848d4caff62359071a8d429b1c7ab649430379fdf2f8708879adc2d4f38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
55d7ffc6e03ba5fa5fb17c07bb3552ff

SHA1
443dc81323ab7d9a3d99ba160a328639bec50368

SHA256
d92bda59c049841ef56e53aa6d11ac8c99ffb898de4807a95df50a7d523db208

SHA512
6371312819243e4e0398b51973d41f78a1082bfec64d47ae23b5987f8ad8c70b2a6a7ce2f862b717551e7eb43cd1aaf282a89e227919d7e5fc2bef48c9f44952

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
2b8e5b8056c716f1543b18c21a97bd8e

SHA1
4421e48988020a1497e85009a187f2cf48fa3f5f

SHA256
ea3b3d8051e7f85adc89b2be5b8169e53f3ec6384006a405204a1e62ef265d0e

SHA512
819d36f366a2873d78b01b1c77c82c19f745c95debbd00beaf0f7b85be82e3bf9171da1232328e0bb86b40f8189c185922fb053355e4a3721254d671a9b2e5fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
8db17dc244956d99971493fa9522b037

SHA1
463f3088e9b2510b45a4fd2c9b59ee2c4c7e5db4

SHA256
3a8875fb2012fb7a3feeba07577d198a33edda9feecab354f00b5d2faa42036c

SHA512
dfd02d48310e766f4e7c0053afffbfb1414bd7341492894925e65ba451ee53a5597803f33ea7144d73c884c41648d61b8b5587f956bb14d1bc0d6fb5a6ac254f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
18KB

MD5
6ec5d242c04cdd9af280d23dcb4922d1

SHA1
1504bb6b61b75fb08e2269690494e53c71df904a

SHA256
424d6d9008c512dbb567da4948835a06a8ec6a7d60e2cde43f4a4f510346df6e

SHA512
c5020df617dd66afe7b1d7600befc7130f56e80300a1bcb43bc01960b3da4a572c262161c847cb07b079ea0a3ca9fe65d47b283468e7f04a40afbd06a96041e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
26b2dc69582d0627fbd4283b441fab7e

SHA1
a86fe1e854808c2b3ee15c8f7fc7beafd67ed322

SHA256
45f3fb0d2701c959109f3e6d7ecd8483d71a4a2167f051bada4dd7d44652b36a

SHA512
ebc214008966690998abbfe5f35c50c8dc9ab387c810754d31784fd5c3e099f8e28ad56b4e6c22cc7cff18913b890e1719bbd9fc923d16f04b4753f62b33e543

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
dfb74b93a06911292fbe64c56a8c6ab8

SHA1
7a4394dddb2f0ebee243e5b14c7411318542ae79

SHA256
b1c92596515bdb79d4b28faaea567497fb7351f5b1ec36377567bcbda7ccdf29

SHA512
cbff190971f4100bb51df6382a652088ce74e3d4b0c33984cb82ffa5113321ce323aa18f852ef38a64340fe0bfdc759aefb8ad2304a517125866dea05cfb107a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5c02a7.TMP

Filesize
48B

MD5
21c26d4b42403f15390521aca8de9a22

SHA1
f7063eba37ccdae533c7c15b9e966651a032cc39

SHA256
33b38d1f769db6e46f1259e8e4223236d62cea623cc5710aec22af3a6c15558f

SHA512
0b7567410622e55ebccf225364028aa4e33a30bbde06f1e6c565b5a3b055d4cdaedcd87df9af594f38f858d66065efb5f306a09c490f11f32b763b563f395cd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary\cache\b0717da911c9bfb2_0

Filesize
64KB

MD5
fe1727afb4996dcfe9da91ce8a9e04f4

SHA1
d57b91a18668485d52bfb343e9409b2ee7c06f67

SHA256
8d9244733567562a6c73db1d21fff0a761f7468fd5230df7191c968daf47efee

SHA512
cb6e02dd9f231cd255968dae511c343604156234a3dba63e315d80814e31fbad3da9e02a9239d4eed700dd28090d19e64ab62ee9268bb21b5e563bb860b19665

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary\cache\index-dir\the-real-index

Filesize
72B

MD5
bdfadbf40f5d1c1df440aa8a38075c7a

SHA1
d9610d6be747a3a3cda1f0766b9822525f8574df

SHA256
a91f5c020ef2869be004ff6f0d67a59552aed78b4a82deefd61a08afff7558f4

SHA512
1309e6423b7b6a56333740dabd1436c7bf48cd88e47443032d25bb561a775cc1c2fed255d46fa98741240bff0b4ccb32575a36408dab0fede1c0a0020952dcc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\ed959d4a-5bb9-4bd0-804a-91cdf19eea81.tmp

Filesize
12KB

MD5
67b22529e205ecdd15452c656ec362e8

SHA1
ee4a7232871109eb43c969e492c3f19f1018dee9

SHA256
e36e624e71a83226529ec4db1887fd902de24c315ac8c4f765ac2635969f5621

SHA512
d06cbf0edd349f01b6a208e8bde0985ffd27750c40bb89e3d61c495aa354c48040cc4e004f8ea6343ee03e8fcd71a4350ac665132e85dd93adac2ee4500d286a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
153KB

MD5
f5b9488769f21cb95231b666e1cdc227

SHA1
68ea6e7276272c3cec1781ca685e8de76c1c2003

SHA256
66a87ab5cd3e96a222dcc4e68cc8bfc60137fea6d027a6709a138c19ae22fc72

SHA512
20e6c47c3c5c2ea595022e077b4f1045619a549de0358138298a8d90ba60f22ae8438b70b9151a6de0e87c25986fa98e2135d366164aa9493d24b4de96ca55c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
041afe907ee152337fbe51295b358bd4

SHA1
a804542760800e166e0e3f0010fbfabb208862aa

SHA256
464bd1ff313f7185d3152d3714fb6e842158c02511f8067dbda498cd260b9efb

SHA512
8404334545544c6766b6cdf80a69228e87a76918adbfd34c67327fe6bcc891e3f12013873b915b4d7b4df650bf131a130d646da55cfdb4c44cc6fd585214d5e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
153KB

MD5
419a271b8bf5bc6790e51c1676462ca2

SHA1
b47632eb5c51c79b4fc9df99cee84732d6750554

SHA256
d40e35e3994a011b666b7eff797f214b0dc753c0b3c4e358d17b1cfc28b4db8e

SHA512
81017af20f344729f7316363a6ba811a0e28c7b959be9465800306201d981ad3139d67c7660055b5e15535ac04d3d6009c5fa126dc3ee63ac7cc18f691754f31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
049e5a246ed025dee243db0ba8e2984c

SHA1
15ec2d2b28dcfc17c1cfb5d0c13482d0706f942d

SHA256
33071ca42c472861a2fabd0f82f8b03ef0daaa6796b24b83f3df02587e4c3d12

SHA512
bc5f6fa6a8cae20ab40eae4552650d75f38ebb158c95288a79d9f332623bb507946513c39d19c00a5aee323df01f0f1a51c54594ef1c293289baf45f4ae2145b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
4facd0ff10154cde70c99baa7df81001

SHA1
65267ea75bcb63edd2905e288d7b96b543708205

SHA256
a13534df0cd0a79a3a1b91085a6d575b47d5a9aad7fc6d712fd2616c0e95a23b

SHA512
ad8d2b965851c0ddc23e92ae151b3b0b2bcda850c446f4278bdb0754d6b42ead8fc034b394749578a27b33ad7e4ab0633f974dfd4773fbe4d93ae477f00b73f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
b114a39ea12503ea3d5d204bae06ea6b

SHA1
713d5b70843eebe0057da20061d72c415e4b1a4b

SHA256
8e1e75373fddb435f50a77f43bb256e43842841877e49c9df6e66f2f757d614b

SHA512
8a10773d1a665dc6bac2cfcb1215aabbce3e0282ad3d26a58c9494ae1199b8edfe98fbd56811dfa161db73dfd2ac7d92ac4ef7996fae60ac224b9cc267e1026a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\942faa1d-f5b2-42c6-8754-ef1c3f63cd53.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
ed8406b806f53697bd84811be7a9fca0

SHA1
481beb4e201845edb9d4c45b97366578069b5c65

SHA256
0eb9ea093074f0deeec9d17bd3c52c2b410b9867488d8a571b05897452d1e14f

SHA512
91f1ed85b48b7b975a172fcce4291d64ef7e4fee748fac4ae95b13b9767d88525c345478adf3dbed9de4c337c366d3f13cbaffc4fefaeae69be6202d4ccc05df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5c5329.TMP

Filesize
3KB

MD5
e3a7d0349f4b765c50a4815ff1a1c87c

SHA1
a22448c5a80072d814647a93d5bbee8f44b7fa8d

SHA256
eeb43e5a8858c758c1a3fea247e88e7aefd0be82074ceb2dbfc44399745e2fce

SHA512
32b906cbc8fa27f407a195e4feebc7d0bccd149617a01c5a77b71461c297f6d04029c17be9af3a350f2f80b81f0964991d3d4046b5f364de16bbfa0899d5030b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DawnGraphiteCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
69KB

MD5
164a788f50529fc93a6077e50675c617

SHA1
c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48

SHA256
b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17

SHA512
ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
65999e80a4aef371b8b46fd1faf332d3

SHA1
ef9d6603233edb255377aed92c0b13ceae9a465e

SHA256
1114491ba9177c87163221b262a80e28a0c4365e90e1ca170f11a29cc65ca08b

SHA512
51e5d7155ee765693a1ec73aecf28c303e4f51124d2e1f724b2351dc3506d57ea189f829e1624bb0cc2bba8401778a46cef693c11c8b79bf81acd376219b78db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
b1daeeecb5f0f16b32a16f4f18d019db

SHA1
3004bce52d6dc937e8a7b342754ea5f28a80e2b5

SHA256
e70bb2ef7efed711bb5d79eb36f6a1ba26a2edb122288a852b9b5cfd6f9a33cd

SHA512
5c2150f88ebbc97f2a1f8678c16e33a16a0ae3df8dcc624dd36eb4ab1ed4a4fe7f3c02d40135e7a81317d8e16120bfc113a07aea7346123527d0d1a342de7340

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
31KB

MD5
2a6f234f4376171d4ebe36d83346823e

SHA1
5873ba11112e97a323f4f3390b635ee2dd36f817

SHA256
3f8087d727c04d4b67ef3cc4e53a6a7981ddbdca229dbf5d5b632250d7cd2e13

SHA512
d4a8a4f93a9815f00362cbf2127dba09a4fb444475c345a9ed9aa03bde24be6b760c425fb0718421ff8ffe66645b17543bcc21ab88115c27030942e78e13361b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
6KB

MD5
b17fe48a00c035dbead223e89c37e68e

SHA1
05f3b3530ad72b915be83a851b4fd28fdf57a827

SHA256
217800575b1b2e3bf2b115124b5fb9cc66afd343f8ed62cd6a71fc13ca1ae05a

SHA512
27528792b37533d50bd2a10d29d5e944fe2168078a44e8c08e73586b0b92f80d1a64612c178e87426bb9426b3ffd5cf8b980f12c6c0cc0661bd3c252a3658c49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
17KB

MD5
a04646ca23b8cbe3e093c9a3189cec03

SHA1
2ebb3695924a4a583cb00ae86756ad11988fa06c

SHA256
59754d71d770a8bdb9d21df402286d5af8372ae96f623d3dcbdb643f7f3e949f

SHA512
be939c264b15c9ce7540b09561c777f86d0b947b4d9bcee092dde1619c272541aea326fbe4eabf089889658d0a52e680d6cb52bc5006b14b17a858137e2a8652

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
7KB

MD5
f8474166244940f2f427eea9d5d53cc0

SHA1
70fefda4a9d3614f3b4985bd61ef1fba5b797c74

SHA256
9a7eca62c03171c1839c3083e0ee361471b7e1c4168023fe297b022da34fe766

SHA512
e600ca7b7ab089900130afe086e6979a19cc2a057d0a533bb58755c033a8e8a2f975a898f33f510f74bedc32a2478f18979efb335dfa2e08d478c1632fe8239e

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIC16B.tmp

Filesize
171KB

MD5
a0e940a3d3c1523416675125e3b0c07e

SHA1
2e29eeba6da9a4023bc8071158feee3b0277fd1b

SHA256
b8fa7aa425e4084ea3721780a13d11e08b8d53d1c5414b73f22faeca1bfd314f

SHA512
736ea06824388372aeef1938c6b11e66f4595e0b0589d7b4a87ff4abbabe52e82dff64d916293eab47aa869cf372ced2c66755dd8a8471b2ab0d3a37ba91d0b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIC583.tmp

Filesize
2.5MB

MD5
4edc6d1eca1439bc17287a1fee6de231

SHA1
75ff6902918d52f35b6c979b9063d87d7945eecc

SHA256
63ecfcb2b8e359616c108e840b22fb8dfd7d0be2d03a0be68b9f0e2c4021729b

SHA512
42806323d9becae869bef0edac460e19355d61c56c50a30ca8435e67f7f0001b2b0553de5a2644d2461bb37b749fc9e76ecf34d19955a06b7f2e6b122527c200

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir816_1476255431\e1313383-892c-461f-aa20-691e844e09ae.tmp

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Temp\{97FC3614-918B-47E5-8913-4971398713DE}\AsyncTask.dll

Filesize
76KB

MD5
8ad07f53e87fcc18d62bd016ae18607d

SHA1
5dc05a1760c0c5530b7026192a103f8b6b71d987

SHA256
10ad2b5cee7cf2be73c8b5e33db376bf51af570e7365f7f8681670f8410f5883

SHA512
23118817c41c3c3123067a3b151939992d2c5548a8e7ddcacf2fef52cdd18e8f308a9ff796d8270a13ab1c383fb89bd97502451b515ef6a3244ba95ea6ae2ee5

Download Submit
C:\Users\Admin\AppData\Local\Temp\{97FC3614-918B-47E5-8913-4971398713DE}\Common.dll

Filesize
1.7MB

MD5
db7f889a32083695ad19c0328f31503f

SHA1
d75d249716fd75623167c8d04ee68d2ab4a47148

SHA256
e3786ceef2b7207512140843702a2782f0c8351c486fda4c89081430c2980f55

SHA512
38bb16ef68e09d6a86b567ebc3c23f07152bbf1e5dadc7b27c6fff6fcfb9250ef23b364ea1171ba891b2dd7f97a740a592962856bcad0807698faabc05ceddfd

Download Submit
C:\Users\Admin\AppData\Local\Temp\{97FC3614-918B-47E5-8913-4971398713DE}\GF.dll

Filesize
4.1MB

MD5
5bf5766fe289788172eb10922e307d34

SHA1
5ab3a9c2f3c7f7838d471ab08cf6105214d4e398

SHA256
f26ba7f1efefdc477ea985b2fe1c8f1c2ca9584c4f98ea8543ec361ba4b93e6c

SHA512
237866b896008efd349b1011d37629e701c1623afa402ae88c753d3b568118e3bc43a5b092acdb90b51d8af0c5315fe72e75f4e2ab95b74398fd7ee70a1aaaa4

Download Submit
C:\Users\Admin\AppData\Local\Temp\{97FC3614-918B-47E5-8913-4971398713DE}\LogManager.DLL

Filesize
611KB

MD5
c12fd4f6b63bb2101b0cbf1d025409e7

SHA1
6fa7d5cac8c392578b1cd482b325b4ec54171d94

SHA256
e9e34c898f456f364d6dac18815c4df96e728a3c08bea94c048bc7ef6664803b

SHA512
97226e19912d597739e56bddf69c9d57cf0517c54765531a2fd3ed8db3712ce33abe7ca26103993de2f7762c22276e2bbec4244b9b93a5d40421f9c100bd042a

Download Submit
C:\Users\Admin\AppData\Local\Temp\{97FC3614-918B-47E5-8913-4971398713DE}\LogUpload.DLL

Filesize
144KB

MD5
a06e82578ded2e7cc6b9fa632afeddb8

SHA1
78a780d86be437691d0374aa889b08e0bac1f6fd

SHA256
967ef6e7ddb4629e781eb159aaed4c1c45e529caa82cab0db0a564042c316e7d

SHA512
b5d5750b3bb7f7d5b7a722be2d42b17d674d250cb74a296934bd66fdac30609c2a1da22c99643ab2a15ca7bd85d6b623da05d7241e30e3437f549439fe99231f

Download Submit
C:\Users\Admin\AppData\Local\Temp\{97FC3614-918B-47E5-8913-4971398713DE}\QLCommon.dll

Filesize
755KB

MD5
8f3ffde27110d14e7e691e4f68d6154f

SHA1
cb880924c20523ebfbd14bac45e731d5dfc7ced0

SHA256
6005266d708e7a6a4a3b744a53a533b544f090b1714accb85746fb4c9bde967e

SHA512
300b81e225adc87c7ab475f76009d522ee82aef7a8147c207f7ea9d14a96499d763dffa3fe19f1ed7338cf68bb8b010a2733ac3b1030e17c5b038e252cb46f35

Download Submit
C:\Users\Admin\AppData\Local\Temp\{97FC3614-918B-47E5-8913-4971398713DE}\QQPlayerBase.dll

Filesize
88KB

MD5
fd0d21afaa1112d34f2317ffd17431c6

SHA1
eec4b2316a70dd75a6ce87369ac32542d6207503

SHA256
d0fec47c045e08635d0ae5459cae2ce6a4a9f75a38d0aa44c8afd4478c7f9a44

SHA512
6c11b8357bf4dfbb3c4887789434a4055ed9b7408fb6e85594784288df3c72c21a54f78da9d72e56ec89bf82671ae77d83d265f1021d53a557ec1c40435955cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\{97FC3614-918B-47E5-8913-4971398713DE}\QQPlayerCommon.dll

Filesize
132KB

MD5
4913889ebb2912c097887d1e19b257f7

SHA1
df1df63abc1ccfd372b0db117d202ca414cd90a1

SHA256
4e3c712a87bb8e39127f7d113f05f45ad88cee974fe72176118eb0fbdf3d89cd

SHA512
f78247a19d703a7bd3704f1765b2c813903abfa747eca02ff7f23faa2ac3b4c4faa94540e1c77632db4a3f1085b2cbd81cf4ab963e2a80c2ae308024015a5275

Download Submit
C:\Users\Admin\AppData\Local\Temp\{97FC3614-918B-47E5-8913-4971398713DE}\QQPlayerCore.dll

Filesize
84KB

MD5
372406b863686ce1928aa27622bc3e8b

SHA1
acbffffb5f36b0d33977001fac52d0a2309160e8

SHA256
0a19b3e74e6b61aae5aa95b030c8dc0d69b998e84b76fe0158b19789628749bc

SHA512
64b72f0eac456ab6ffd568f5eea42a680ab9482470dc4d79c272528671496b0437952a4dcc75f89a560b539c59f1d5b7dc2c4b778d213fda9a6cb164300245fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\{97FC3614-918B-47E5-8913-4971398713DE}\QQPlayerService.dll

Filesize
383KB

MD5
3eaf12845c1f48ce1bd2766dcf1fe4d7

SHA1
27d88692f4541c1cc21d34fbc653278cf292c27c

SHA256
aaf26c61fd2cc037000ef1d01e111af583607000f470f53ab53f3a8befb238e1

SHA512
04dfaf86ce70da687671c5cb79a3ad53b3788abae3405b20400e1510c6bbf4b71b346ca3a6031342fc8809b193cd5a6d09c15c5402649adc950480e75f94343f

Download Submit
C:\Users\Admin\AppData\Local\Temp\{97FC3614-918B-47E5-8913-4971398713DE}\QQPlayerShareFile.exe

Filesize
690KB

MD5
87145df108044cebf58cadce231bc82f

SHA1
42574bbf3a4922e8c89da685cf7a51100b9d7464

SHA256
3c5ef21065ce78141738202ee7f678f8b1fe666d49b7639ff82f95eda73cdd2b

SHA512
e1396249d1d8770fef3746d79796f40915581922018d0176069095b43fa1f3bdf500bf55c940048f8080bf4a3e8a9c24ee553c45447c1510915350d8a759ce96

Download Submit
C:\Users\Admin\AppData\Local\Temp\{97FC3614-918B-47E5-8913-4971398713DE}\QQPlayerStatistic.dll

Filesize
416KB

MD5
383267627150fb4ae75d7a2b7d19a671

SHA1
cc46021b1331a9756c82501e68b238c454a3d9e9

SHA256
6877d61fa6813a94bb52b798fca5a9cf413a8b7931bed93169bedab22db73e92

SHA512
f2bc1c16919342d5528e3a0b195187366e22a5be268fb74db072f1dbbebd813031136fb568a49316029c05c7a11f4e4437ac6d6e0c7d959eb71da59e364f9c2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\{97FC3614-918B-47E5-8913-4971398713DE}\arkFS.dll

Filesize
65KB

MD5
c3207d5d8b4df7a13b678fca4c34f324

SHA1
0ad8d445eef3e224650fb299e834901d25c50685

SHA256
74ea46fc311a23b0c40d97306abc5cab49ace283052f595d0bc9a80f97ac1a12

SHA512
60033aebe094b04bbdf83ada96c346073746a2973b983a79f2135be601ed37f7e931ab49f80116647eb0f11912b0e8853616f18a2af95a2c747f69729fd5f8cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\{97FC3614-918B-47E5-8913-4971398713DE}\arkGraphic.dll

Filesize
362KB

MD5
98ad97b13924d6277f349b9991ce53bc

SHA1
cfa870923cd6b57b84941bbbaebb7d63cd4141ee

SHA256
c8d7894f34f6627bedd8b7169bc8692cf29c3178307389821f2b2e4586818e57

SHA512
6766a56189b8bc712ad7312589600b6d4d2e172c30963c33191ca42d5ab19095d0d8f0c92dcbda4038ccdc10a2ea8933ae3c814969a3c9d090f0c19243ec780e

Download Submit
C:\Users\Admin\AppData\Local\Temp\{97FC3614-918B-47E5-8913-4971398713DE}\arkIOStub.dll

Filesize
25KB

MD5
e6f65df00571bfdbea3f32773bb2de8b

SHA1
f2574a80c5f3e047f0c1a48520ae37da62c8b80c

SHA256
7a4b53fb08494c424070e7dfdfe52b801179f930adae374459f074ca6bd99e19

SHA512
0f363869b0d214c80df335f05ef2a8b506bdcdd613a124f21492e7f9ad602dd7881f6ca16bf3ff8b04c45c7d94f361310b7978705f5c75c22826a142dd86c332

Download Submit
C:\Users\Admin\AppData\Local\Temp\{97FC3614-918B-47E5-8913-4971398713DE}\arkImage.dll

Filesize
67KB

MD5
154f3d8496f905322b941832f2b02a6d

SHA1
680324386894a1dae85598dd0f74c51770c43f8a

SHA256
236337516c0ee3403d227925eb6c24df026b09a614e7a2a8ab3e0c6b7bc08787

SHA512
0b5ba72ca6193c928409f5225e40aa929b64f67e62104601605f04aa89c53b93436f938819f9a5618a39eec3d2d27380ba99863abef777557d72c14104a7d445

Download Submit
C:\Users\Admin\AppData\Local\Temp\{97FC3614-918B-47E5-8913-4971398713DE}\libeay32.dll

Filesize
1.1MB

MD5
e709374bfc5d26439a4b626520d2dbbb

SHA1
4f0243611cfece832b086c2ed7ad2675ce11a203

SHA256
7cee2f68fa47f8f1657e9f5238b203b4966bd20cb3b506cb69c5da645a1cffde

SHA512
c0b55df21c615cea386825de0331325fbf2a1f0f78001d16ca30856c383427aec537edacff652e1b4bcc9e2b636b0d14505cedcfd6fa4c66ee3db7e4dfe12ff3

Download Submit
C:\Users\Admin\AppData\Local\Temp\{97FC3614-918B-47E5-8913-4971398713DE}\libexpat.dll

Filesize
123KB

MD5
e92990c951fdf5adf27348c42ee4fd87

SHA1
cdf27bb4b12e2306e3144cc9355e8a1e4ab2611b

SHA256
d5c80d353fa48fe010f0652cd92c571dacded2f8321c83210a37a633f3ea8172

SHA512
0404b7598ef6db80cfee7df83bca2a16aff825e6a7a05ed11698fa745ddeb1f582306a113055cbe296fc17a9d68ec1a422b641166ba422d070f11d65310dd952

Download Submit
C:\Users\Admin\AppData\Local\Temp\{97FC3614-918B-47E5-8913-4971398713DE}\msvcp140.dll

Filesize
429KB

MD5
1d8c79f293ca86e8857149fb4efe4452

SHA1
7474e7a5cb9c79c4b99fdf9fb50ef3011bef7e8f

SHA256
c09b126e7d4c1e6efb3ffcda2358252ce37383572c78e56ca97497a7f7c793e4

SHA512
83c4d842d4b07ba5cec559b6cd1c22ab8201941a667e7b173c405d2fc8862f7e5d9703e14bd7a1babd75165c30e1a2c95f9d1648f318340ea5e2b145d54919b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\{97FC3614-918B-47E5-8913-4971398713DE}\msvcr100.dll

Filesize
763KB

MD5
26b2d9c49e69a59bea22558525f3d643

SHA1
b32a7c2413b6f4652b8822d6b08a581f7b9120b5

SHA256
092b59a6c1c778ecf56ce7219b103b0a547a14fe3bd94abdd7fdc0c894b31e8f

SHA512
d50cbd211d945576e2d8f87391f39dd30744ee6f6c940a2f1768c4e9bb3f6e90b443409414e97ca0957596922ebd4f865cf1f3384cdde96ba585461e80fb0aae

Download Submit
C:\Users\Admin\AppData\Local\Temp\{97FC3614-918B-47E5-8913-4971398713DE}\tinyxml.dll

Filesize
65KB

MD5
19f1ed1a772ea201af1e986df1e109c1

SHA1
d660df3e089edf616b44812fede39c3d62ad446c

SHA256
7dff6b0e5686076247d1d62854b0475d909056078cbfd44326b94f835bac8870

SHA512
525ea43fd1d85b73ac4404949214f09b1cfc516b7e898749ef7d73a5e209299e2e2d99f52260fbe1c254201b4350d78e5e17060cba13e9a5cc17c3333759ad0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\{97FC3614-918B-47E5-8913-4971398713DE}\vcruntime140.dll

Filesize
83KB

MD5
b77eeaeaf5f8493189b89852f3a7a712

SHA1
c40cf51c2eadb070a570b969b0525dc3fb684339

SHA256
b7c13f8519340257ba6ae3129afce961f137e394dde3e4e41971b9f912355f5e

SHA512
a09a1b60c9605969a30f99d3f6215d4bf923759b4057ba0a5375559234f17d47555a84268e340ffc9ad07e03d11f40dd1f3fb5da108d11eb7f7933b7d87f2de3

Download Submit
C:\Users\Admin\AppData\Local\Temp\{97FC3614-918B-47E5-8913-4971398713DE}\xGraphic32.dll

Filesize
1.1MB

MD5
fe4d441eb2b6a60e009c9314a99dfb2b

SHA1
f837a8f4e9cf592875c5d112d9b624027767e837

SHA256
f53d09f2e80ef5f2ea6f02a80aef823d58a85d4cfbd069ce8905a7da9710d5de

SHA512
0851f7cfc763a85ab1ef4cb7e5fe0d159dc5cee2fe7f1a8452f5843448712a27ff948146102126c16951b95a03be60fdd8f3dbe6464ab48876ba6ab1d2a53df0

Download Submit
C:\Users\Admin\AppData\Local\Temp\{97FC3614-918B-47E5-8913-4971398713DE}\zlib.dll

Filesize
79KB

MD5
5953ee89e5c1777f389bc6f571021110

SHA1
ccd673eb9ef3f5dd7d71afd7aeaf1297e198fbcd

SHA256
aedaae71c32fde725c894e68b6cdce302c9564b9fac08656d66e0be883dca93b

SHA512
89d271f9f6092d8cfe88b698f9c6359149c0666e849b1d7df94300535b9df67e46e1212ad33c124970cb42bdfbd101bd2b6e262fdc125ccee70159c0b0d62616

Download Submit
C:\Users\Admin\AppData\Local\Temp\{F1987B86-6F7F-49DC-8988-602FE2A4824D}\ISBEW64.exe

Filesize
178KB

MD5
40f3a092744e46f3531a40b917cca81e

SHA1
c73f62a44cb3a75933cecf1be73a48d0d623039b

SHA256
561f14cdece85b38617403e1c525ff0b1b752303797894607a4615d0bd66f97f

SHA512
1589b27db29051c772e5ba56953d9f798efbf74d75e0524fa8569df092d28960972779811a7916198d0707d35b1093d3e0dd7669a8179c412cfa7df7120733b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\{F1987B86-6F7F-49DC-8988-602FE2A4824D}\ISRT.dll

Filesize
426KB

MD5
8af02bf8e358e11caec4f2e7884b43cc

SHA1
16badc6c610eeb08de121ab268093dd36b56bf27

SHA256
58a724d23c63387a2dda27ccfdbc8ca87fd4db671bea8bb636247667f6a5a11e

SHA512
d0228a8cc93ff6647c2f4ba645fa224dc9d114e2adb5b5d01670b6dafc2258b5b1be11629868748e77b346e291974325e8e8e1192042d7c04a35fc727ad4e3fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\{F1987B86-6F7F-49DC-8988-602FE2A4824D}\_isres_0x0409.dll

Filesize
1.8MB

MD5
7de024bc275f9cdeaf66a865e6fd8e58

SHA1
5086e4a26f9b80699ea8d9f2a33cead28a1819c0

SHA256
bd32468ee7e8885323f22eabbff9763a0f6ffef3cc151e0bd0481df5888f4152

SHA512
191c57e22ea13d13806dd390c4039029d40c7532918618d185d8a627aabc3969c7af2e532e3c933bde8f652b4723d951bf712e9ba0cc0d172dde693012f5ef1a

Download Submit
C:\Users\Admin\AppData\Roaming\CrystalDiskMark\DiskMark64.ini

Filesize
65B

MD5
21f1095279e170b820c35afb428e3716

SHA1
c0b8061d12fc03131ccd163b3a8efda525f56275

SHA256
20495311dd3fe12dd93872d5cb566655dbd7cda18fc50b839110f31c257974bc

SHA512
77dc2eb089411dca3031497ae486a871216e9e04f40aaa108409ff3e84452020f6c0d40ed35625a04c8adfc8b163dac1a70eeb65a851c7018c10919176b0bc72

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 166207.crdownload

Filesize
5.7MB

MD5
7eb19276227f4ed5c70bc93bf1502dbd

SHA1
652c7e722638ff9501f65d1d6264332baacc55fc

SHA256
0bb357b4393e529d0a1598592bf4753cb4c34382966ddb57e39761ce3c4c794b

SHA512
7d0f30fa760385bd9ab5d474644748162ca0f8f1c5cd9bf46124082861ab51d15e87c64f76fcba0432c515ae70c623f0205df482f05f3aad7f0b388344430522

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 716264.crdownload

Filesize
4.0MB

MD5
10e531bb5f382d66550e4387dcf987c3

SHA1
ae437e425de7bccffd8871c8f695f5c96035d0de

SHA256
ea1cdefc4a59fe6fc51ce41ef86f39b75114af035199f9dcfeebb8bd4c7873c9

SHA512
66dbf04db9c5959ee77b1c1854581d6e6bbc7c092b91c49b6955a6cdfa2de2463ec39fff78caa3898c44f7e0dad798149793ef924b441af41d8460cc34655cfe

Download Submit
memory/372-4344-0x0000000000400000-0x0000000000719000-memory.dmp

Filesize
3.1MB

Download
memory/412-186-0x00007FF933A50000-0x00007FF933C45000-memory.dmp

Filesize
2.0MB

Download
memory/668-4345-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/668-3063-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/940-284-0x00007FF933A50000-0x00007FF933C45000-memory.dmp

Filesize
2.0MB

Download
memory/1000-304-0x0000028C33920000-0x0000028C33921000-memory.dmp

Filesize
4KB

Download
memory/1000-297-0x0000028C33920000-0x0000028C33921000-memory.dmp

Filesize
4KB

Download
memory/1000-305-0x0000028C33920000-0x0000028C33921000-memory.dmp

Filesize
4KB

Download
memory/1000-307-0x0000028C33920000-0x0000028C33921000-memory.dmp

Filesize
4KB

Download
memory/1000-302-0x0000028C33920000-0x0000028C33921000-memory.dmp

Filesize
4KB

Download
memory/1000-303-0x0000028C33920000-0x0000028C33921000-memory.dmp

Filesize
4KB

Download
memory/1000-301-0x0000028C33920000-0x0000028C33921000-memory.dmp

Filesize
4KB

Download
memory/1000-296-0x0000028C33920000-0x0000028C33921000-memory.dmp

Filesize
4KB

Download
memory/1000-295-0x0000028C33920000-0x0000028C33921000-memory.dmp

Filesize
4KB

Download
memory/1000-306-0x0000028C33920000-0x0000028C33921000-memory.dmp

Filesize
4KB

Download
memory/1996-1769-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/1996-1017-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/3156-65-0x0000000003230000-0x00000000033F7000-memory.dmp

Filesize
1.8MB

Download
memory/3156-60-0x0000000010000000-0x0000000010114000-memory.dmp

Filesize
1.1MB

Download
memory/3648-318-0x00000000059E0000-0x0000000005A56000-memory.dmp

Filesize
472KB

Download
memory/3648-320-0x0000000005AD0000-0x0000000005B20000-memory.dmp

Filesize
320KB

Download
memory/3648-321-0x0000000005D00000-0x0000000005EC2000-memory.dmp

Filesize
1.8MB

Download
memory/3648-322-0x0000000006BF0000-0x000000000711C000-memory.dmp

Filesize
5.2MB

Download
memory/3648-323-0x0000000006700000-0x000000000671E000-memory.dmp

Filesize
120KB

Download
memory/3648-319-0x0000000006010000-0x00000000065B4000-memory.dmp

Filesize
5.6MB

Download
memory/3648-317-0x0000000005940000-0x00000000059D2000-memory.dmp

Filesize
584KB

Download
memory/3648-316-0x0000000001300000-0x00000000013CC000-memory.dmp

Filesize
816KB

Download
memory/3648-324-0x00000000067B0000-0x0000000006816000-memory.dmp

Filesize
408KB

Download
memory/3648-313-0x00000000734B0000-0x0000000074704000-memory.dmp

Filesize
18.3MB

Download
memory/3872-1768-0x0000000000400000-0x0000000000719000-memory.dmp

Filesize
3.1MB

Download
memory/5088-311-0x0000000074710000-0x000000007488B000-memory.dmp

Filesize
1.5MB

Download
memory/5088-309-0x00007FF933A50000-0x00007FF933C45000-memory.dmp

Filesize
2.0MB

Download