lumma | 642d05b7267e3d355fe7c01c112604f7f0af3aa20ea0477d153c11a6b60b7cfa

Analysis

max time kernel
243s
max time network
259s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
24-06-2024 12:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

roblox_executor.htm
Size

30KB
MD5

073999097b3431c6fe7d3f970c4cbf0e
SHA1

71cabf814ac5a25af4ddb05b7737369beef3eb55
SHA256

642d05b7267e3d355fe7c01c112604f7f0af3aa20ea0477d153c11a6b60b7cfa
SHA512

4a2265f8e3264d3b2f8b965e799307e0be37325d913392228aff2ea3ea2e52d752e76532948ad74fe77d9f2719b43a702bc7954fd3d1089106f585fa3c1713ec
SSDEEP

384:9S9jaVJQj0HJ6uJn9jqbIEE6SB7k0F0dmX0p+BgSCsXW3NCu:9S9jaVJQO4uJnQDSB7LFw+BgRn3z

Score

10^/10

lumma stealer

Malware Config

Extracted

Family

lumma

https://archidoveryusk.shop/api

https://publicitycharetew.shop/api

https://computerexcudesp.shop/api

https://leafcalfconflcitw.shop/api

https://injurypiggyoewirog.shop/api

https://bargainnygroandjwk.shop/api

https://disappointcredisotw.shop/api

https://doughtdrillyksow.shop/api

https://facilitycoursedw.shop/api

Signatures

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma
Executes dropped EXE 3 IoCs

Processes:

GlobalCheats.exeGlobalCheats.exeGlobalCheats.exe

pid process

1028 GlobalCheats.exe
1976 GlobalCheats.exe
1748 GlobalCheats.exe

pid	process
1028	GlobalCheats.exe
1976	GlobalCheats.exe
1748	GlobalCheats.exe

Suspicious use of SetThreadContext 3 IoCs

Processes:

GlobalCheats.exeGlobalCheats.exeGlobalCheats.exe

description	pid	process	target process
PID 1028 set thread context of 5508	1028	GlobalCheats.exe	BitLockerToGo.exe
PID 1976 set thread context of 4756	1976	GlobalCheats.exe	BitLockerToGo.exe
PID 1748 set thread context of 3256	1748	GlobalCheats.exe	BitLockerToGo.exe

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

Processes:

firefox.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings firefox.exe
NTFS ADS 1 IoCs

Processes:

firefox.exe

description ioc process

File created C:\Users\Admin\Downloads\GlobalCheats.rar:Zone.Identifier firefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings	firefox.exe

description	ioc	process
File created	C:\Users\Admin\Downloads\GlobalCheats.rar:Zone.Identifier	firefox.exe

Suspicious use of AdjustPrivilegeToken 11 IoCs

Processes:

firefox.exe7zG.exe

description	pid	process
Token: SeDebugPrivilege	3412	firefox.exe
Token: SeDebugPrivilege	3412	firefox.exe
Token: SeDebugPrivilege	3412	firefox.exe
Token: SeRestorePrivilege	2780	7zG.exe
Token: 35	2780	7zG.exe
Token: SeSecurityPrivilege	2780	7zG.exe
Token: SeSecurityPrivilege	2780	7zG.exe
Token: SeDebugPrivilege	3412	firefox.exe
Token: SeDebugPrivilege	3412	firefox.exe
Token: SeDebugPrivilege	3412	firefox.exe
Token: SeDebugPrivilege	3412	firefox.exe

Suspicious use of FindShellTrayWindow 7 IoCs

Processes:

firefox.exe7zG.exe

pid process

3412 firefox.exe
3412 firefox.exe
3412 firefox.exe
3412 firefox.exe
3412 firefox.exe
3412 firefox.exe
2780 7zG.exe
Suspicious use of SendNotifyMessage 5 IoCs

Processes:

firefox.exe

pid process

3412 firefox.exe
3412 firefox.exe
3412 firefox.exe
3412 firefox.exe
3412 firefox.exe
Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

firefox.exe

pid process

3412 firefox.exe
3412 firefox.exe
3412 firefox.exe
3412 firefox.exe

pid	process
3412	firefox.exe
3412	firefox.exe
3412	firefox.exe
3412	firefox.exe
3412	firefox.exe
3412	firefox.exe
2780	7zG.exe

pid	process
3412	firefox.exe
3412	firefox.exe
3412	firefox.exe
3412	firefox.exe
3412	firefox.exe

pid	process
3412	firefox.exe
3412	firefox.exe
3412	firefox.exe
3412	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

firefox.exefirefox.exe

description	pid	process	target process
PID 2288 wrote to memory of 3412	2288	firefox.exe	firefox.exe
PID 2288 wrote to memory of 3412	2288	firefox.exe	firefox.exe
PID 2288 wrote to memory of 3412	2288	firefox.exe	firefox.exe
PID 2288 wrote to memory of 3412	2288	firefox.exe	firefox.exe
PID 2288 wrote to memory of 3412	2288	firefox.exe	firefox.exe
PID 2288 wrote to memory of 3412	2288	firefox.exe	firefox.exe
PID 2288 wrote to memory of 3412	2288	firefox.exe	firefox.exe
PID 2288 wrote to memory of 3412	2288	firefox.exe	firefox.exe
PID 2288 wrote to memory of 3412	2288	firefox.exe	firefox.exe
PID 2288 wrote to memory of 3412	2288	firefox.exe	firefox.exe
PID 2288 wrote to memory of 3412	2288	firefox.exe	firefox.exe
PID 3412 wrote to memory of 4836	3412	firefox.exe	firefox.exe
PID 3412 wrote to memory of 4836	3412	firefox.exe	firefox.exe
PID 3412 wrote to memory of 4836	3412	firefox.exe	firefox.exe
PID 3412 wrote to memory of 4836	3412	firefox.exe	firefox.exe
PID 3412 wrote to memory of 4836	3412	firefox.exe	firefox.exe
PID 3412 wrote to memory of 4836	3412	firefox.exe	firefox.exe
PID 3412 wrote to memory of 4836	3412	firefox.exe	firefox.exe
PID 3412 wrote to memory of 4836	3412	firefox.exe	firefox.exe
PID 3412 wrote to memory of 4836	3412	firefox.exe	firefox.exe
PID 3412 wrote to memory of 4836	3412	firefox.exe	firefox.exe
PID 3412 wrote to memory of 4836	3412	firefox.exe	firefox.exe
PID 3412 wrote to memory of 4836	3412	firefox.exe	firefox.exe
PID 3412 wrote to memory of 4836	3412	firefox.exe	firefox.exe
PID 3412 wrote to memory of 4836	3412	firefox.exe	firefox.exe
PID 3412 wrote to memory of 4836	3412	firefox.exe	firefox.exe
PID 3412 wrote to memory of 4836	3412	firefox.exe	firefox.exe
PID 3412 wrote to memory of 4836	3412	firefox.exe	firefox.exe
PID 3412 wrote to memory of 4836	3412	firefox.exe	firefox.exe
PID 3412 wrote to memory of 4836	3412	firefox.exe	firefox.exe
PID 3412 wrote to memory of 4836	3412	firefox.exe	firefox.exe
PID 3412 wrote to memory of 4836	3412	firefox.exe	firefox.exe
PID 3412 wrote to memory of 4836	3412	firefox.exe	firefox.exe
PID 3412 wrote to memory of 4836	3412	firefox.exe	firefox.exe
PID 3412 wrote to memory of 4836	3412	firefox.exe	firefox.exe
PID 3412 wrote to memory of 4836	3412	firefox.exe	firefox.exe
PID 3412 wrote to memory of 4836	3412	firefox.exe	firefox.exe
PID 3412 wrote to memory of 4836	3412	firefox.exe	firefox.exe
PID 3412 wrote to memory of 4836	3412	firefox.exe	firefox.exe
PID 3412 wrote to memory of 4836	3412	firefox.exe	firefox.exe
PID 3412 wrote to memory of 4836	3412	firefox.exe	firefox.exe
PID 3412 wrote to memory of 4836	3412	firefox.exe	firefox.exe
PID 3412 wrote to memory of 4836	3412	firefox.exe	firefox.exe
PID 3412 wrote to memory of 4836	3412	firefox.exe	firefox.exe
PID 3412 wrote to memory of 4836	3412	firefox.exe	firefox.exe
PID 3412 wrote to memory of 4836	3412	firefox.exe	firefox.exe
PID 3412 wrote to memory of 4836	3412	firefox.exe	firefox.exe
PID 3412 wrote to memory of 4836	3412	firefox.exe	firefox.exe
PID 3412 wrote to memory of 4836	3412	firefox.exe	firefox.exe
PID 3412 wrote to memory of 4836	3412	firefox.exe	firefox.exe
PID 3412 wrote to memory of 4836	3412	firefox.exe	firefox.exe
PID 3412 wrote to memory of 4836	3412	firefox.exe	firefox.exe
PID 3412 wrote to memory of 4836	3412	firefox.exe	firefox.exe
PID 3412 wrote to memory of 4836	3412	firefox.exe	firefox.exe
PID 3412 wrote to memory of 3276	3412	firefox.exe	firefox.exe
PID 3412 wrote to memory of 3276	3412	firefox.exe	firefox.exe
PID 3412 wrote to memory of 3276	3412	firefox.exe	firefox.exe
PID 3412 wrote to memory of 3276	3412	firefox.exe	firefox.exe
PID 3412 wrote to memory of 3276	3412	firefox.exe	firefox.exe
PID 3412 wrote to memory of 3276	3412	firefox.exe	firefox.exe
PID 3412 wrote to memory of 3276	3412	firefox.exe	firefox.exe
PID 3412 wrote to memory of 3276	3412	firefox.exe	firefox.exe
PID 3412 wrote to memory of 3276	3412	firefox.exe	firefox.exe
PID 3412 wrote to memory of 3276	3412	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\roblox_executor.htm"
1⤵
- Suspicious use of WriteProcessMemory
PID:2288

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\roblox_executor.htm
2⤵
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3412

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3412.0.363010305\1666710512" -parentBuildID 20230214051806 -prefsHandle 1756 -prefMapHandle 1748 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {68b1b02f-35fa-4b5e-ac20-6af85dcae4b8} 3412 "\\.\pipe\gecko-crash-server-pipe.3412" 1848 1e2853b0e58 gpu
3⤵
PID:4836

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3412.1.974868334\898082108" -parentBuildID 20230214051806 -prefsHandle 2404 -prefMapHandle 2400 -prefsLen 22927 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d87d688-827a-454d-a867-e5a710c89e5f} 3412 "\\.\pipe\gecko-crash-server-pipe.3412" 2428 1e2858acf58 socket
3⤵
PID:3276

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3412.2.1363802508\124473889" -childID 1 -isForBrowser -prefsHandle 2856 -prefMapHandle 3052 -prefsLen 22965 -prefMapSize 235121 -jsInitHandle 1312 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4a342e06-0b51-43b7-b40f-715bee9262a7} 3412 "\\.\pipe\gecko-crash-server-pipe.3412" 2632 1e288524e58 tab
3⤵
PID:1072

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3412.3.719805057\1668217985" -childID 2 -isForBrowser -prefsHandle 3448 -prefMapHandle 3288 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1312 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5133bcfe-835b-4080-a438-f04369d1adc1} 3412 "\\.\pipe\gecko-crash-server-pipe.3412" 3144 1e2f877df58 tab
3⤵
PID:4084

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3412.4.1804479849\103551705" -childID 3 -isForBrowser -prefsHandle 5088 -prefMapHandle 5084 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1312 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b45a0df7-7a23-4a97-bcfa-b8bb703390ce} 3412 "\\.\pipe\gecko-crash-server-pipe.3412" 5100 1e28b4dff58 tab
3⤵
PID:1860

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3412.5.597778139\864432007" -childID 4 -isForBrowser -prefsHandle 5232 -prefMapHandle 5236 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1312 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bf484bf1-3577-4551-b1b7-3ea1f478b5d7} 3412 "\\.\pipe\gecko-crash-server-pipe.3412" 5220 1e28be72a58 tab
3⤵
PID:4980

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3412.6.699046070\956076257" -childID 5 -isForBrowser -prefsHandle 5424 -prefMapHandle 5428 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1312 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2786d751-ae7d-49b1-a106-57b54113289d} 3412 "\\.\pipe\gecko-crash-server-pipe.3412" 5412 1e28be73358 tab
3⤵
PID:1732

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3412.7.1360533457\1171237037" -childID 6 -isForBrowser -prefsHandle 4992 -prefMapHandle 4996 -prefsLen 28041 -prefMapSize 235121 -jsInitHandle 1312 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a94a8eb9-bba8-4853-9515-57077ab77e97} 3412 "\\.\pipe\gecko-crash-server-pipe.3412" 3768 1e28a94f058 tab
3⤵
PID:4420

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3412.8.1595964617\733637304" -childID 7 -isForBrowser -prefsHandle 3508 -prefMapHandle 3308 -prefsLen 28041 -prefMapSize 235121 -jsInitHandle 1312 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0c3af6f6-4371-4b00-bbe6-7acbda99c1e6} 3412 "\\.\pipe\gecko-crash-server-pipe.3412" 5944 1e28bc46958 tab
3⤵
PID:4848

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3412.9.1798597969\1259177379" -parentBuildID 20230214051806 -prefsHandle 10160 -prefMapHandle 10216 -prefsLen 28041 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6d327dc8-9978-4beb-8e5b-ab753de98c3c} 3412 "\\.\pipe\gecko-crash-server-pipe.3412" 10144 1e2f877a858 rdd
3⤵
PID:5888

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3412.10.1742150621\182672663" -childID 8 -isForBrowser -prefsHandle 9848 -prefMapHandle 9852 -prefsLen 28041 -prefMapSize 235121 -jsInitHandle 1312 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {09b797c5-9490-4c6c-92a2-4c9462c79045} 3412 "\\.\pipe\gecko-crash-server-pipe.3412" 9840 1e28f044b58 tab
3⤵
PID:2392

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3412.11.1676601117\612375693" -childID 9 -isForBrowser -prefsHandle 5400 -prefMapHandle 5404 -prefsLen 28041 -prefMapSize 235121 -jsInitHandle 1312 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {630caa24-a154-4130-aa1e-1df51884c639} 3412 "\\.\pipe\gecko-crash-server-pipe.3412" 5556 1e28f4eba58 tab
3⤵
PID:5576

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3412.12.1415265267\1563297059" -childID 10 -isForBrowser -prefsHandle 10012 -prefMapHandle 5516 -prefsLen 28041 -prefMapSize 235121 -jsInitHandle 1312 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a05bb7ad-2f73-4378-b9f8-91e42055a484} 3412 "\\.\pipe\gecko-crash-server-pipe.3412" 4928 1e288815958 tab
3⤵
PID:5652

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3412.13.667036774\244389831" -childID 11 -isForBrowser -prefsHandle 9316 -prefMapHandle 9304 -prefsLen 28041 -prefMapSize 235121 -jsInitHandle 1312 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9fd47bce-5388-46be-a875-3ddadfd6e63c} 3412 "\\.\pipe\gecko-crash-server-pipe.3412" 9300 1e289b21158 tab
3⤵
PID:2952

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3412.14.367438264\1225020658" -childID 12 -isForBrowser -prefsHandle 9164 -prefMapHandle 9168 -prefsLen 28041 -prefMapSize 235121 -jsInitHandle 1312 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4f363fdf-2422-4193-841f-5c51c7fef0e8} 3412 "\\.\pipe\gecko-crash-server-pipe.3412" 9724 1e289b71b58 tab
3⤵
PID:1940

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3412.15.949297139\902143625" -childID 13 -isForBrowser -prefsHandle 9064 -prefMapHandle 9060 -prefsLen 28041 -prefMapSize 235121 -jsInitHandle 1312 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {07442f11-2f71-4101-8d4f-691a8c30cbe6} 3412 "\\.\pipe\gecko-crash-server-pipe.3412" 8984 1e289b72a58 tab
3⤵
PID:3320

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3412.16.1298786383\673914053" -childID 14 -isForBrowser -prefsHandle 8652 -prefMapHandle 8656 -prefsLen 28177 -prefMapSize 235121 -jsInitHandle 1312 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7cd02620-6f91-4acb-9ff1-7bd63f7d581a} 3412 "\\.\pipe\gecko-crash-server-pipe.3412" 8692 1e28ddd3858 tab
3⤵
PID:2620

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3412.17.684130157\2008557955" -childID 15 -isForBrowser -prefsHandle 8488 -prefMapHandle 8484 -prefsLen 28177 -prefMapSize 235121 -jsInitHandle 1312 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {34dba1f1-6945-4a14-ae63-0b3b162df6a4} 3412 "\\.\pipe\gecko-crash-server-pipe.3412" 8500 1e28ddda758 tab
3⤵
PID:5988

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3412.18.1908896145\369798261" -childID 16 -isForBrowser -prefsHandle 8568 -prefMapHandle 8564 -prefsLen 28177 -prefMapSize 235121 -jsInitHandle 1312 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bdf2e3e0-7077-446f-9bb9-a250a88cd59f} 3412 "\\.\pipe\gecko-crash-server-pipe.3412" 8356 1e28dddb058 tab
3⤵
PID:4988

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3412.19.538400895\1900777548" -childID 17 -isForBrowser -prefsHandle 8120 -prefMapHandle 8180 -prefsLen 28177 -prefMapSize 235121 -jsInitHandle 1312 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {071a6d4a-c023-4fcf-94fb-c75abcb36162} 3412 "\\.\pipe\gecko-crash-server-pipe.3412" 8216 1e28db75258 tab
3⤵
PID:2868

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3412.20.1142804842\1302497102" -childID 18 -isForBrowser -prefsHandle 6068 -prefMapHandle 9964 -prefsLen 28217 -prefMapSize 235121 -jsInitHandle 1312 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4e6c5efc-a3e4-4b4c-b1c5-6005eac41b00} 3412 "\\.\pipe\gecko-crash-server-pipe.3412" 8360 1e286d97658 tab
3⤵
PID:5788

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3412.21.330898496\350452758" -childID 19 -isForBrowser -prefsHandle 6064 -prefMapHandle 6060 -prefsLen 28217 -prefMapSize 235121 -jsInitHandle 1312 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7b2d3840-b81d-415c-ba1e-2ed17d7440d6} 3412 "\\.\pipe\gecko-crash-server-pipe.3412" 9056 1e286d97c58 tab
3⤵
PID:2084

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3412.22.411182155\1929115032" -childID 20 -isForBrowser -prefsHandle 8612 -prefMapHandle 8628 -prefsLen 28217 -prefMapSize 235121 -jsInitHandle 1312 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f86e11ed-aacb-4e3a-b34a-dd051df1724b} 3412 "\\.\pipe\gecko-crash-server-pipe.3412" 8604 1e286d95258 tab
3⤵
PID:2888

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5388

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\GlobalCheats\" -ad -an -ai#7zMap14245:86:7zEvent28717
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2780

C:\Users\Admin\Downloads\GlobalCheats\GlobalCheats.exe
"C:\Users\Admin\Downloads\GlobalCheats\GlobalCheats.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:1028

C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
2⤵
PID:5508

C:\Users\Admin\Downloads\GlobalCheats\GlobalCheats.exe
"C:\Users\Admin\Downloads\GlobalCheats\GlobalCheats.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:1976

C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
2⤵
PID:4756

C:\Users\Admin\Downloads\GlobalCheats\GlobalCheats.exe
"C:\Users\Admin\Downloads\GlobalCheats\GlobalCheats.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:1748

C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
2⤵
PID:3256

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kvgg58fx.default-release\activity-stream.discovery_stream.json.tmp
Filesize
24KB

MD5
a647d842da1451111e2e72bf436c53d9

SHA1
fb2f465e2d19c554f530622390c7353be9e72b62

SHA256
32faeb9dd9139d53ee7980fb825bd1f76c97f0cf0c7f8fceec2dc7f4562f491f

SHA512
9b5c5a9345fd30bbdd55806759c1a1b8363d865331fce0c8fd7d6df2feabb10df7c906d327aad1f5d50cafbb4e670aa1184ff3a89b16f01b1e34ac616c9bfa18

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kvgg58fx.default-release\cache2\doomed\8315
Filesize
10KB

MD5
3fdaecc43bcce853500b82372245a6fe

SHA1
c9aba2cb2f8a68154890bc2b9485eb591968c39b

SHA256
0b428cadd6818ad392dfe97978c68f324d727a416689cadcd14232d4daca55a7

SHA512
9b2eddb00aaad4cf77d206f21e412145d9581c884238a2713cb2d9433d4b03c66bf9ac5c983e8255fc60e0e4747577b9aa244a11a531d45817e74fcf5b592ff6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kvgg58fx.default-release\cache2\entries\5CD1EBDF6B57F13C7E783CE5E6D8E9C44014FE1A
Filesize
13KB

MD5
0a3719773190ebc8d4d437510dfd1a23

SHA1
f4a39bc15b77ce5870989344de9d34936fc7fd88

SHA256
0f2e10a9e4285563ad772d40ad1ab4fd3b3d5e2737b62d570ef0ed9138ca1dcf

SHA512
7aed71b529e01926b259a5966285c4d9b56ad4f5d789643c2b6f24168e814d3d57d8dd9089a12cade051ce506ce5a98316384248e3da679216d45c45b75a3a63

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kvgg58fx.default-release\cache2\entries\F6A33C0B97C91D67810300F4BE9348D951E89280
Filesize
43KB

MD5
862ce3ebe45d46b25136a90312bc1b32

SHA1
1eb636a30c1624728103635abe40fee88f642599

SHA256
4ea45543f26252c3850b510d2dc9372e85fce3edfaf0b7d6546ba83b140a017c

SHA512
26fcaed2bf82214eaa469fcffb884034733e56d18d3edacdb6bd3d8a8e057fec27d89fd42d2e6d21cb61743ddf455b3f112ed99670167e1d2e24b2b53dc9c161

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kvgg58fx.default-release\cache2\entries\F8CBD54DDA10F4286A41EC6A537240712D6C2308
Filesize
9KB

MD5
7726e22a29d556296456df2eae34df96

SHA1
9da6ff9cfc89b80c9f702747b0a1a7808d0ccb1c

SHA256
3302e18a9367fd0b8b4dc3ddabc64ebdf8a451e8527bae62c231c74c3ec02fb4

SHA512
7abbe46db067f9fd2a8dcdbbdf14b0be3b8a6cd4b98eaa7d5985863f803d067e65edaaf1b0baf1528f879d1f7f748c2214dc524397ee176d089344db25f76a3b

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon
Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize
5KB

MD5
73df875e1fe665acb9946c1b16ca301e

SHA1
62a64de54be3b13078033c791cdcf2dbb0627e46

SHA256
606dd9543ce10b830b487790b7eaf1e3cc6b3b8997d3c8e5110758188ae9b09b

SHA512
7b25d797a37e8339cd9cda487271a9d5e13171c8b7e847ef8e55863f844d0e02661395b0f1aae78f2e201a0b6bdea293217b9c29827987096baaade8ac1b294e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvgg58fx.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvgg58fx.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvgg58fx.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvgg58fx.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvgg58fx.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvgg58fx.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvgg58fx.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvgg58fx.default-release\prefs-1.js
Filesize
6KB

MD5
7fe9e72e2254f0b2e1fa81e507226ee8

SHA1
afa35d52c6219817d2f1beb9c351ece3216aa171

SHA256
7617ec7e62dde0c1dbf2eec7e8f2072dd8d3e47d4c4bff3afbd33ad2debdd418

SHA512
3682eeb19da1c4410fd760194104b410f90c2f96cef65b536dce4f8ddab11bd4ed5a567c990bd35cd72ca52f15ae56e7b09623af5bf5a8f2b1cc5b4cdc37afc4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvgg58fx.default-release\prefs-1.js
Filesize
9KB

MD5
a1b6e7d8d77d4277ed910f21a9cff384

SHA1
85d8f8a359e7641bad78bdda945d2aa47fe66b3f

SHA256
8671123ab194e63c7c20c7e6d11c4300837038e9d299e2e3fcc5a796a8265754

SHA512
820c505d8c909b4328bee94e700fb09e6a523fdb4d562bfec519d3e3be65055ebdb1d599d4a159b4b5377a7e61f48457f68550210e7ec6422e9935cc99bea922

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvgg58fx.default-release\prefs.js
Filesize
6KB

MD5
7fcace19070b31a68a57d6f479308db1

SHA1
82c9ae34e9b84b251d2683a88d45c8a254a9feea

SHA256
f5479ccfea470a168564e6197d10ad8f63fca1e9304f743cfd4e21c89c2e1d5d

SHA512
ae9419b66ada21a3dbb5522a91c72b38a8e7f25d578c40ad418af19f2df900108d3be8268bcfa48cf13e0880b02895739ca58c32226f599ed2cecd1199805265

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvgg58fx.default-release\prefs.js
Filesize
7KB

MD5
3e1d0571dfcb35cadf038e27b38decd7

SHA1
c4865032258c8f72bdd3f3397f09baec75074d1c

SHA256
2956711b32c0e3f2ad9791176f9f8164e2f2b43eaffb35fb819b5e1cc24976aa

SHA512
4bf0959062086256b047c33e66c71ff70e75201076daee56e30b48da6077bf778d6d1959e1c634828d77ca4b1e09b8e9bbc4f8a13d1e25856abf964ed72fabc5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvgg58fx.default-release\prefs.js
Filesize
7KB

MD5
c95864d86f2568aab665228ba62fa746

SHA1
a110d04da540dd6a22f4a34d93e19ffd918053f9

SHA256
97fee0dc895a51272eca816ae09f9ec83bce72978314470d810fdb27869c0b45

SHA512
00463d59586a7930203659b6e457433c60a21bc8dcaee36be51bb8dbc04afe25de583dcffb143a49fc55d7c20e54924ac95627c5656b14b76b33847f38eb8a3a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvgg58fx.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
410c44feabda9b8bdcc7400f3e7b12fb

SHA1
dc0b3fd17a3d6a97b9e049d033f78b293beac771

SHA256
8e030dfe5ec312f560f54be6328542c3a5f63a5e1852f67e142537b6ce0f8435

SHA512
a32bd059a7d552dc2baae841c5a015deb17a28443094febd489edf9a25b9aa318720298c83c0aff7e771f11060c48a0586c5904fc74d16c3ecb09a316b6466f2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvgg58fx.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
4KB

MD5
f475fdb5ff3d10ffe05ac3607be42d2d

SHA1
b41b2e80cd9e4ea398f9cce6e8ef298499332a82

SHA256
6f69b0a8571f1f472d7d6afcb658c5e6b2903f307b195b1d4bc0daec6d8f0775

SHA512
cff19ee514079a40ef01edbbacd3875a4760a0e9977ea3dc7aabb669edab60f49e4ad938e1608382d2bc10822bfccf2517974389a864cdb73cf7402b2058893a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvgg58fx.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
14KB

MD5
e5c092297af25d8a65ac338c1918caf9

SHA1
8cbea1d764de4c73f057ee4b47576c15ff36998a

SHA256
20155616f35707ceec6fc73256fcc0d0be42448e2894aba75bf7e3e239574f8f

SHA512
080f946709a4f1db50b0f89ecee3fd14934b641df4d20f16671c48e209b72c7aabb9c61fc3c5e69ec57bea306254aecc7f9e8d509699f58ecbf253e7871d017d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvgg58fx.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
3KB

MD5
49f112ffb27c14d87f8fcf43d4b1a8c0

SHA1
caefc9a0cfe62c6d3a84e35df622556cc47cd820

SHA256
0d743d01470b884316162e4eb37c19b39fa9814d3154acecf337d394c03046f7

SHA512
aeae386abd03021b419c13eb1c2213a2f380c5d11633257790f500109f7931de886374d4d66c2a33e208cb784de906c45aeceddf3659f6ae8f0840337531072a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvgg58fx.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
15KB

MD5
0581263c49dfc00933cc8e11095fa1eb

SHA1
94a29d99ff918b031a9da8d802b9b171dd7d4a78

SHA256
68519559d486103c8ad8174aeec561d7d9b5adaaf389eb554d4f6c25ed635a34

SHA512
9c85959bdff7aa79d0587f83797caccf74d18dab239def4fea3e5618784da4453ad7e58edc20bfd7b0cba1c287220c772c30edbb1951f440e23ac22fb77ef136

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvgg58fx.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize
568KB

MD5
1227bedbafb7eb07b0ef90e07b094daf

SHA1
f7d218a79003676cbac56efc1b479814a1270bcd

SHA256
94ca9f06ad920868729bbe54aa08312e367e8f80f8431ed9ca30329caf03a53f

SHA512
97e0454e0050b34e5dee1ee66b09955b395afea3cb2c5bc54b8d44d4e3e56ce56cf3d0edd8d10682f5746a7b870d8731240e3d484be569909482c7a1aeb251e4

Download Submit
C:\Users\Admin\Downloads\GlobalCheats.O7l4ngKi.rar.part
Filesize
64KB

MD5
2153247f9d2051dab74b2dff82f6d6e9

SHA1
526d5f6e12eb2c05b4f008564874dea77150615b

SHA256
3dd7e904259230d1f13ce734ac1f52aaa2a18c2b3b3c5fcbdd67d23eb251ca99

SHA512
b32386140740b93418c18b185f7038d22513cabf6f1819956c7f7d30df009968ccb75a3ac5ccc9f92a06c1c4b09ea89e1c264e73632460d072c2de440ee62aaa

Download Submit
C:\Users\Admin\Downloads\GlobalCheats.rar
Filesize
34.5MB

MD5
2513b553e4878dcaab9eae0a3cac9c43

SHA1
b4d0cbeb658ecea4d7a5242f1163989425fe7d4b

SHA256
1e33709ffe1e3880066dd0e2922911321c190ffe7f9da6324770e6af763596f4

SHA512
a7dbc2b47bafa300e00141cdb1a4a92f141445b49bb10e3fadba233187c11de7905aa084dd678e0917a1fe53f34160d7852af8f833cc726d479d132391f7becd

Download Submit
C:\Users\Admin\Downloads\GlobalCheats\GlobalCheats.exe
Filesize
34.8MB

MD5
b8f4269e1d9de9b3781ecc799c42ea5f

SHA1
1d24d98e7f1df778595e1ffe50e5d285b5d61960

SHA256
61a637ced40eb3ced6b6cb53448b54f6157835800f590f1b48dc8aae2c741f44

SHA512
5a4fe7c60ef76f232e2e3c8611e22d52d8d6bd8c331e100bb7f86032ec7e21ab3ce406fc4429f3de1970786b165f6a8af25d2f6207296512927d2aedc1489b98

Download Submit
memory/1028-847-0x00007FF717360000-0x00007FF7196E2000-memory.dmp

Filesize
35.5MB

Download
memory/1028-852-0x00007FF717360000-0x00007FF7196E2000-memory.dmp

Filesize
35.5MB

Download
memory/1748-2888-0x00007FF717360000-0x00007FF7196E2000-memory.dmp

Filesize
35.5MB

Download
memory/1748-2884-0x00007FF717360000-0x00007FF7196E2000-memory.dmp

Filesize
35.5MB

Download
memory/1976-856-0x00007FF717360000-0x00007FF7196E2000-memory.dmp

Filesize
35.5MB

Download
memory/1976-860-0x00007FF717360000-0x00007FF7196E2000-memory.dmp

Filesize
35.5MB

Download
memory/3256-2887-0x0000000001030000-0x0000000001086000-memory.dmp

Filesize
344KB

Download
memory/3256-2889-0x0000000001030000-0x0000000001086000-memory.dmp

Filesize
344KB

Download
memory/4756-859-0x0000000001040000-0x0000000001096000-memory.dmp

Filesize
344KB

Download
memory/4756-861-0x0000000001040000-0x0000000001096000-memory.dmp

Filesize
344KB

Download
memory/5508-851-0x0000000000F30000-0x0000000000F86000-memory.dmp

Filesize
344KB

Download
memory/5508-853-0x0000000000F30000-0x0000000000F86000-memory.dmp

Filesize
344KB

Download