lumma | hxxps://app[.]mediafire[.]com/xkbh3zyd38ygb

Analysis

max time kernel
504s
max time network
505s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
02-07-2024 21:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://app.mediafire.com/xkbh3zyd38ygb

Score

10^/10

lumma stealer

Malware Config

Extracted

Family

lumma

https://potterryisiw.shop/api

https://foodypannyjsud.shop/api

https://contintnetksows.shop/api

https://reinforcedirectorywd.shop/api

Signatures

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma
Executes dropped EXE 1 IoCs

Processes:

Loader.exe

pid process

5700 Loader.exe
Suspicious use of SetThreadContext 1 IoCs

Processes:

Loader.exe

description pid process target process

PID 5700 set thread context of 5652 5700 Loader.exe RegAsm.exe
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

5400 5700 WerFault.exe Loader.exe

pid	process
5700	Loader.exe

description	pid	process	target process
PID 5700 set thread context of 5652	5700	Loader.exe	RegAsm.exe

pid	pid_target	process	target process
5400	5700	WerFault.exe	Loader.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exemsedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

Processes:

chrome.exemsedge.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133644292579662991"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe

Modifies registry class 64 IoCs

Processes:

chrome.exechrome.exechrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202020202	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202020202	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0000000001000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\SniffedFolderType = "Generic"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\SniffedFolderType = "Generic"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\NodeSlot = "10"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\SniffedFolderType = "Generic"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

chrome.exechrome.exetaskmgr.exe

pid	process
1480	chrome.exe
1480	chrome.exe
5592	chrome.exe
5592	chrome.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

Processes:

chrome.exetaskmgr.exe

pid process

5896 chrome.exe
5724 taskmgr.exe

pid	process
5896	chrome.exe
5724	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

Processes:

chrome.exe

pid	process
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeCreatePagefilePrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeCreatePagefilePrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeCreatePagefilePrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeCreatePagefilePrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeCreatePagefilePrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeCreatePagefilePrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeCreatePagefilePrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeCreatePagefilePrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeCreatePagefilePrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeCreatePagefilePrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeCreatePagefilePrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeCreatePagefilePrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeCreatePagefilePrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeCreatePagefilePrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeCreatePagefilePrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeCreatePagefilePrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeCreatePagefilePrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeCreatePagefilePrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeCreatePagefilePrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeCreatePagefilePrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeCreatePagefilePrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeCreatePagefilePrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeCreatePagefilePrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeCreatePagefilePrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeCreatePagefilePrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeCreatePagefilePrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeCreatePagefilePrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeCreatePagefilePrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeCreatePagefilePrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeCreatePagefilePrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeCreatePagefilePrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeCreatePagefilePrivilege	1480	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exe

pid	process
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

chrome.exetaskmgr.exe

pid	process
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe
5724	taskmgr.exe

Suspicious use of SetWindowsHookEx 9 IoCs

Processes:

chrome.exechrome.exechrome.exehelppane.exe

pid process

5896 chrome.exe
5896 chrome.exe
5896 chrome.exe
4836 chrome.exe
924 chrome.exe
924 chrome.exe
924 chrome.exe
3896 helppane.exe
3896 helppane.exe

pid	process
5896	chrome.exe
5896	chrome.exe
5896	chrome.exe
4836	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
3896	helppane.exe
3896	helppane.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1480 wrote to memory of 2196	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 2196	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1972	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1972	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1972	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1972	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1972	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1972	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1972	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1972	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1972	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1972	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1972	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1972	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1972	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1972	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1972	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1972	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1972	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1972	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1972	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1972	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1972	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1972	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1972	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1972	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1972	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1972	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1972	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1972	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1972	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1972	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1972	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1864	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1864	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1880	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1880	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1880	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1880	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1880	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1880	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1880	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1880	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1880	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1880	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1880	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1880	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1880	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1880	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1880	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1880	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1880	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1880	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1880	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1880	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1880	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1880	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1880	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1880	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1880	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1880	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1880	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1880	1480	chrome.exe	chrome.exe
PID 1480 wrote to memory of 1880	1480	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://app.mediafire.com/xkbh3zyd38ygb
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1480

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb7edab58,0x7ffcb7edab68,0x7ffcb7edab78
2⤵
PID:2196

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1684 --field-trial-handle=1644,i,9444009178876536776,12032619579324759602,131072 /prefetch:2
2⤵
PID:1972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1644,i,9444009178876536776,12032619579324759602,131072 /prefetch:8
2⤵
PID:1864

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2216 --field-trial-handle=1644,i,9444009178876536776,12032619579324759602,131072 /prefetch:8
2⤵
PID:1880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2952 --field-trial-handle=1644,i,9444009178876536776,12032619579324759602,131072 /prefetch:1
2⤵
PID:3448

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2976 --field-trial-handle=1644,i,9444009178876536776,12032619579324759602,131072 /prefetch:1
2⤵
PID:840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4412 --field-trial-handle=1644,i,9444009178876536776,12032619579324759602,131072 /prefetch:8
2⤵
PID:4548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4580 --field-trial-handle=1644,i,9444009178876536776,12032619579324759602,131072 /prefetch:8
2⤵
PID:3388

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4700 --field-trial-handle=1644,i,9444009178876536776,12032619579324759602,131072 /prefetch:1
2⤵
PID:1576

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3960 --field-trial-handle=1644,i,9444009178876536776,12032619579324759602,131072 /prefetch:1
2⤵
PID:4632

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4860 --field-trial-handle=1644,i,9444009178876536776,12032619579324759602,131072 /prefetch:1
2⤵
PID:4920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5016 --field-trial-handle=1644,i,9444009178876536776,12032619579324759602,131072 /prefetch:1
2⤵
PID:3696

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5220 --field-trial-handle=1644,i,9444009178876536776,12032619579324759602,131072 /prefetch:1
2⤵
PID:5400

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5396 --field-trial-handle=1644,i,9444009178876536776,12032619579324759602,131072 /prefetch:1
2⤵
PID:5548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5640 --field-trial-handle=1644,i,9444009178876536776,12032619579324759602,131072 /prefetch:1
2⤵
PID:5712

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6172 --field-trial-handle=1644,i,9444009178876536776,12032619579324759602,131072 /prefetch:1
2⤵
PID:5844

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6340 --field-trial-handle=1644,i,9444009178876536776,12032619579324759602,131072 /prefetch:1
2⤵
PID:5940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6004 --field-trial-handle=1644,i,9444009178876536776,12032619579324759602,131072 /prefetch:1
2⤵
PID:6136

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5472 --field-trial-handle=1644,i,9444009178876536776,12032619579324759602,131072 /prefetch:1
2⤵
PID:5588

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4904 --field-trial-handle=1644,i,9444009178876536776,12032619579324759602,131072 /prefetch:1
2⤵
PID:5024

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4884 --field-trial-handle=1644,i,9444009178876536776,12032619579324759602,131072 /prefetch:8
2⤵
PID:5536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3000 --field-trial-handle=1644,i,9444009178876536776,12032619579324759602,131072 /prefetch:8
2⤵
PID:5920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6500 --field-trial-handle=1644,i,9444009178876536776,12032619579324759602,131072 /prefetch:1
2⤵
PID:2552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5476 --field-trial-handle=1644,i,9444009178876536776,12032619579324759602,131072 /prefetch:1
2⤵
PID:5696

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4780 --field-trial-handle=1644,i,9444009178876536776,12032619579324759602,131072 /prefetch:1
2⤵
PID:1948

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5988 --field-trial-handle=1644,i,9444009178876536776,12032619579324759602,131072 /prefetch:1
2⤵
PID:5000

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5036 --field-trial-handle=1644,i,9444009178876536776,12032619579324759602,131072 /prefetch:8
2⤵
PID:5808

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5528 --field-trial-handle=1644,i,9444009178876536776,12032619579324759602,131072 /prefetch:8
2⤵
PID:2592

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=4724 --field-trial-handle=1644,i,9444009178876536776,12032619579324759602,131072 /prefetch:1
2⤵
PID:5712

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 --field-trial-handle=1644,i,9444009178876536776,12032619579324759602,131072 /prefetch:8
2⤵
PID:2292

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=4436 --field-trial-handle=1644,i,9444009178876536776,12032619579324759602,131072 /prefetch:1
2⤵
PID:4940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=4488 --field-trial-handle=1644,i,9444009178876536776,12032619579324759602,131072 /prefetch:1
2⤵
PID:6084

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=2980 --field-trial-handle=1644,i,9444009178876536776,12032619579324759602,131072 /prefetch:1
2⤵
PID:4688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4812 --field-trial-handle=1644,i,9444009178876536776,12032619579324759602,131072 /prefetch:8
2⤵
PID:5716

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6296 --field-trial-handle=1644,i,9444009178876536776,12032619579324759602,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5592

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6564 --field-trial-handle=1644,i,9444009178876536776,12032619579324759602,131072 /prefetch:8
2⤵
PID:5228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5776 --field-trial-handle=1644,i,9444009178876536776,12032619579324759602,131072 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5896

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=6220 --field-trial-handle=1644,i,9444009178876536776,12032619579324759602,131072 /prefetch:1
2⤵
PID:1704

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6256 --field-trial-handle=1644,i,9444009178876536776,12032619579324759602,131072 /prefetch:8
2⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4836

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1452 --field-trial-handle=1644,i,9444009178876536776,12032619579324759602,131072 /prefetch:8
2⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:924

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3760,i,13035806169561352434,1332896185314862791,262144 --variations-seed-version --mojo-platform-channel-handle=1040 /prefetch:8
1⤵
PID:3168

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5716

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Mod Menu v2.7\" -spe -an -ai#7zMap16767:88:7zEvent23599
1⤵
PID:1084

C:\Users\Admin\Downloads\Mod Menu v2.7\Loader.exe
"C:\Users\Admin\Downloads\Mod Menu v2.7\Loader.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:5700

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
2⤵
PID:5652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5700 -s 280
2⤵
- Program crash
PID:5400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 5700 -ip 5700
1⤵
PID:3028

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
PID:5724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4600,i,13035806169561352434,1332896185314862791,262144 --variations-seed-version --mojo-platform-channel-handle=5064 /prefetch:8
1⤵
PID:2364

C:\Windows\helppane.exe
C:\Windows\helppane.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:3896

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:https://go.microsoft.com/fwlink/?LinkId=517009
2⤵
PID:2024

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --field-trial-handle=4152,i,13035806169561352434,1332896185314862791,262144 --variations-seed-version --mojo-platform-channel-handle=3828 /prefetch:1
1⤵
PID:184

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=3884,i,13035806169561352434,1332896185314862791,262144 --variations-seed-version --mojo-platform-channel-handle=3552 /prefetch:1
1⤵
PID:5452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --field-trial-handle=5216,i,13035806169561352434,1332896185314862791,262144 --variations-seed-version --mojo-platform-channel-handle=5256 /prefetch:1
1⤵
PID:5876

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5392,i,13035806169561352434,1332896185314862791,262144 --variations-seed-version --mojo-platform-channel-handle=3764 /prefetch:8
1⤵
PID:1472

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5404,i,13035806169561352434,1332896185314862791,262144 --variations-seed-version --mojo-platform-channel-handle=5472 /prefetch:8
1⤵
PID:5836

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5984,i,13035806169561352434,1332896185314862791,262144 --variations-seed-version --mojo-platform-channel-handle=6000 /prefetch:8
1⤵
PID:736

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --field-trial-handle=6140,i,13035806169561352434,1332896185314862791,262144 --variations-seed-version --mojo-platform-channel-handle=6152 /prefetch:1
1⤵
PID:6012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --field-trial-handle=6136,i,13035806169561352434,1332896185314862791,262144 --variations-seed-version --mojo-platform-channel-handle=6292 /prefetch:1
1⤵
PID:3300

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --field-trial-handle=5996,i,13035806169561352434,1332896185314862791,262144 --variations-seed-version --mojo-platform-channel-handle=6348 /prefetch:1
1⤵
PID:2592

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --field-trial-handle=5420,i,13035806169561352434,1332896185314862791,262144 --variations-seed-version --mojo-platform-channel-handle=6340 /prefetch:1
1⤵
PID:4508

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
PID:5608

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.118 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=124.0.2478.80 --initial-client-data=0x238,0x23c,0x240,0x234,0x248,0x7ffc9f3dceb8,0x7ffc9f3dcec4,0x7ffc9f3dced0
2⤵
PID:1032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2288,i,6204702724775822255,16440870773792670616,262144 --variations-seed-version --mojo-platform-channel-handle=2284 /prefetch:2
2⤵
PID:2704

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1888,i,6204702724775822255,16440870773792670616,262144 --variations-seed-version --mojo-platform-channel-handle=2320 /prefetch:3
2⤵
PID:5040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2332,i,6204702724775822255,16440870773792670616,262144 --variations-seed-version --mojo-platform-channel-handle=2496 /prefetch:8
2⤵
PID:404

C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4468,i,6204702724775822255,16440870773792670616,262144 --variations-seed-version --mojo-platform-channel-handle=4492 /prefetch:8
2⤵
PID:5892

C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4468,i,6204702724775822255,16440870773792670616,262144 --variations-seed-version --mojo-platform-channel-handle=4492 /prefetch:8
2⤵
PID:1860

C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\elevation_service.exe"
1⤵
PID:5108

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
Filesize
40B

MD5
e646991f9b7863013f4543e5deea2d49

SHA1
7d3ab1c249b15c5bc5761baef819fa96b043539a

SHA256
0cc277125b5bd55a7c42e32f351b5bce3ca6003f28bc0646db5bc6b9b5135c07

SHA512
8b7b264f086ee2d1c1ec1199307d6511ce964890e84312a1c12c21a0a1fac24d6bf005a2ded820ecae3b51b58229a8ce724e98e40b03e1f93d3914948025a76f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d
Filesize
19KB

MD5
9db75af2ae54430b2c88c452b4d66505

SHA1
805a267ffe69bc89075066761742682e32461a47

SHA256
921262b9d71dc673eed53926026576bdfd85b2f3192e12ec3931de84d48a8b33

SHA512
bacaa8f5afdca197f3642bb4f673321a6448c5e6c10cd10624cd214b3c0a0e8976d542efa2c9724360cfa7116f129b4f6a456dc3ed718cb8d75632ab55c89a44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024
Filesize
62KB

MD5
1721006aa7e52dafddd68998f1ca9ac0

SHA1
884e3081a1227cd1ed4ec63fb0a98bec572165ba

SHA256
c16e012546b3d1ef206a1ecbbb7bf8b5dfd0c13cfeb3bdc8af8c11eaa9da8b84

SHA512
ff7bfd489dc8c5001eea8f823e5ec7abf134e8ad52ee9544a8f4c20800cb67a724ec157ca8f4c434a94262a8e07c3452b6ad994510b2b9118c78e2f53d75a493

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000039
Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006b
Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006c
Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\820ced3a55dc4279_0
Filesize
283B

MD5
e7879ff88172a01b1e9245c53a56d16f

SHA1
2fc7f40e118b0c4ee45333156d67d2d00a2cbe33

SHA256
6a400c02db125b2af87b647f4bda86926ef3134a5e4dcf367b3c439cabbaa2d9

SHA512
8f935d1d722421b513dd86b0ddcf22d1ba8a69360226e1338dd1c84913830e1a2af2f98d6a241f2dc3a62e0e0a00e4dcf225184d67d6bcef454625ce9ebf65e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9866f829aa5b6a67_0
Filesize
19KB

MD5
4eb3511fc2c6e1dea343433b0358cb95

SHA1
8d9012ed60427aa7363782a721c1b901227c6659

SHA256
7826fbba75d677096ef19fe2f46ff16f5a70e08c76229481066de1c179532839

SHA512
c5200f6d57a8278cfa6e2a2ade4f1c14cda48899380f15c5a490850ceea3ebf0d0f55573c686b6b7b3674b4586da1382a90625791a78536ef9ad9252d9fc2b68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index
Filesize
5KB

MD5
7e53862c28c6f16b2afd99bc8391d892

SHA1
da45802f390434e1783042287446dcaec24fdda1

SHA256
3ccd560a8fd98968cf352b909a7206cc0d5f5ecc7bbd58638be1f45be8fe14cb

SHA512
b76b143d7293bd1f591ec4bd8f0ef756e7b497e1607d7e7128d9a9392cfc12c5c27821914e3ac3f8f66111b4b054fa4668e7c362fd5dd89622b3230307e8950b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
4KB

MD5
e917cecb18830a1020265004adc47b20

SHA1
ae58cad61640b125445a8f04821329e2057b127b

SHA256
d184e95e008c96503a0ccb4af3bcf2b7ea3f11085ad67280028170d69d159e2f

SHA512
9cdd7fdb6f4c4b718681cf2a62a6168027d9ef7ec45136c64e7f871c46bd0d68fbbae763287febac03a4476db780e71c9e4afecdf67540da83d903169ea44876

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
4KB

MD5
7732b5b0485e524012ca765196080def

SHA1
e311aa50b385bb397bf6a07c34c08413d3d4520f

SHA256
8999d073465207319db6558b48fc78f218d110ebc1c12e894c5c09cf96d6edaf

SHA512
ee991299b178e207a30e6f15e5136a068892c7bfcffa65190af8176afb3905aedbcacbaec7dce17f5c3d20e5e780673bc3b58904a676ad71954c1b905bee81f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
6KB

MD5
218ad86010fc9c4aa9afe7e024f2d4b7

SHA1
e74477e95ec188428f7283cbd77c935530a61950

SHA256
96742f342bdffa28b636d3202d249bee406c02e8d5369e2bb582aa7dd0eab3e0

SHA512
c036ba0a9991a3272c33318b763a3c5e7d7b4db8cdbb17895a322b2457417e812981a5e64b4b298e62e8dd2cf3f9831434f9f814e8f867a98f25ba463dc48498

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
5KB

MD5
d55eaf51fbfff34267ed4bd3925ecc2b

SHA1
ab4a5a2ddc954715e1832a47029a7bfb862ebde0

SHA256
334b3fa6513c8114fddfbaeb0a26ad17d86e51421a3b9f3b241545c5aeb25abe

SHA512
2bfd5d5ad4cd2fc2bb5bf61815decd6100defa226d958faf4fbe3750ffdc8cebc6f4069fc3f9659f9fae0605c0c9d886cf61054067d3a8133fc8da4142989acc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
5KB

MD5
6f372c0608a5d7c506d189559152ac2b

SHA1
5206539bcb3fab7ff83014875a4b40f1d108b39b

SHA256
cbb611f981663178a667453ec53af04df2b363014f4e01e6209f1080f3f283a6

SHA512
ca8be1cdaecbf549a7769f57c9b2ad3bc88443fad42bcf03296647a5290c64d8e41e4313d81b7fd193bf87cfc9706d77665ec6b522c44bf7f82a36ff67c18816

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
4KB

MD5
a0347df320d47ee30a8b819744b77e50

SHA1
2fa39dc0941e092501e76e59401241b7da264606

SHA256
c6497a96d6f597520ff03ece927e8d30a233751bb2a4fa4e757e2e3cc5b82d47

SHA512
aef698260dd403688bd8873029f5fb7c7f3d488272826b1f2b0fd6351a08082bbb6405d20d668c337bdfe740f2f66137bbc19efb415069d50c2d3bac50157b9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.virustotal.com_0.indexeddb.leveldb\MANIFEST-000001
Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
15KB

MD5
5935f3df11fb545fcfd85ec4bfe78072

SHA1
2807ce9c61969be2e560abd0c1c3d9f9eee99f41

SHA256
9668a6952d121368ad6296e8b8c99bddd1e8e53434f33232cf0f470d2d9d20f6

SHA512
91f26409b5e4ba279d51de4e55b606f06894a0a1311f6e68eab2f575710adfae6929a81a1e24d1a1f88587aca549d13475986272c37e0a2f9922efa9bfe49f69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
dda4623b9b357ef0bd246328f9d76d1d

SHA1
05dc653e8b6ef3ee8878ff878af7a2a0df9c6cbd

SHA256
c12abd70cd136fd8803b6980facb4498a5e0db906907d079ea3d61aa6f69acfc

SHA512
50e7fb59fcfb3b3cc99006c48589b8d202f6e9f9c60f27e89d2758e81fb8f2326b94563df4b7abe1e3890f9416ac4719ffb2f32eb1ebcd11aaf5560f645e99d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
a90eeec5ae98db1fcad67ce84b846c8d

SHA1
67dbe467533b77bfcc9646e696092b963ffe660e

SHA256
c09d473b44e1be6c741ec80ca57a010db798f7a34d4cfb89782a98b4dbfc271d

SHA512
1aa672d186ff1a0b478965cd90a2aacdbab789e51b3131ca0a9c863b8d787b8be4affca3ecb759eac3aeeeeff9c235360e19d68d8d22dcf02be280eae4de9b6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
4KB

MD5
57728367d2fbe0f0d614e83c4bc3b6b9

SHA1
0da8aaefd823fc55567283a7d4cb629cd390be34

SHA256
084e37d52b94d497b5d2783743fed64ad2782d4b3ab731856fa84d7db6e6c3ec

SHA512
1fd6afea66f9b67e11c382a85c1e9250499506b2718bec4ccc91d181f8ae4865e7493232b0021b112cc713b77fff3dfc5439b788f67de902dfc4b598f4e275fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
4KB

MD5
7a0c19cd9fe5558f81a9411ab527bd38

SHA1
f21c624597f92ab833bce0326fa49dbe8a1e37b7

SHA256
ead1b8e70bb9670b9b6d8b22e669ec72b64ab67fec72d9ebffcda829ae7cd0e2

SHA512
0724deb2efb1b6b5d7a0b6309f36fe352ac4eab816bef40c9c08be712a0e2dcd8a707e32e3dfa5c512b134dea4c9f701814dfc055fe201507fe449337115d3ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
4KB

MD5
6c5ff420cd0ef89e05690eb648f19a61

SHA1
ee55452a0236e1e67122e96d0b2b2ebfd915ba95

SHA256
62f77bde39f7a96416d908c0e320b8eb9d98af42e4173df1deabb5e1413e9e73

SHA512
e0bab15e34c0640bc0ea5e32d91278668fe23e67a9c5d23c7355afaea42e9c615da41d5377db6eb6280b3b86c36cc4cab016ebfc6e86c5a9f55e70efe4c3fc3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
4KB

MD5
0a0611c7457074d24b6d013bb413f946

SHA1
c21f15248f0dc73fb97facaf167859785cf2c517

SHA256
29a8d071dbd0d6ab1e42eeeee1ed632bde56a658c345110a95118ac2c09e0bdb

SHA512
e5c9f761c44476bf83075d951e0d360d6e15549e6aef06093d5d8eb473ca0ea278d94de2faaefec754cf0b2f51ccc367fad8b94022c1a86e4979036078025c44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
4KB

MD5
073344d5947fba42aceb444b75ab7e7a

SHA1
c888f5e0e33ed591c51353a98ebba16286de0042

SHA256
6b154355757f4c8e83bef5bbcbf4af3f22759e7bfe8642a01bdd3ec14cf184b2

SHA512
7229aa8440445a520c43e13ffe9f62b28c0875cf884f31f322b3d355befffab26b5321640c3b1c033af7431eb2c4a4208b58a2cd9c7f65a02de305ad1191f076

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
4KB

MD5
d616ba69e94b29fbbd745f37ef6f7e56

SHA1
3900c0b5950842bbeb68b7c13bb4af7ecf556a19

SHA256
862af77089e4462b2a24c4edd9f2156e2edf45cb97c298bcbb22828287a80356

SHA512
1a35262ad696e786283405d0471eace2e591cc4acad29367d8ea52e981a5c30982d964a5dde0e50b4626d06edb654fe68637a541666230dbc6b07438c9be9d65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
29afd3c50e2a1d2407721415b806807f

SHA1
27a67683106659f5370eb989c535aba4e0700b33

SHA256
adaed80a1e0a69e4cc0caee2bb18f531ea0777e16e508c165bfe2d2356db7544

SHA512
f2a023b60c5e4db352f0b5154f9c66ab334dd17c7b1c8cccaccde1175f4e859ccf94e276833a1de41b7ca98950ee06399b05d1a4ab48f409031f5b902e5d2c0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
4KB

MD5
088113efd18e40cd0d162fc12bfab8cf

SHA1
5cbef869b896edb3ac69cb693217b689ef6b70d0

SHA256
e281960c07c4ed807abb5b695a2854230533fbb7099f5badc567cebb5790ea0e

SHA512
e5caea1816db86aee2c6b06c57b063826d50ddadf92736d7fe7b9d7e12f316f5ac2bc79dfc8a0b5ba174ff8b1c364dc7b84a679780e6aa15d85228457e16de16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
4KB

MD5
e46fa7350e8dcbcfc8435bf86f45cfa0

SHA1
ef13398e2d60cd24fcf07f016769a402dcc07b6a

SHA256
d4eb2df0281c0ae995b5db7981432c80830f9137851ad336790aab744b31e719

SHA512
136e4bf4b4e888356d671866e180edb4ee1b5fe27f2c4ba3bd72f30af6da2f6dd5187d97c5efffac61d34a1a067e88d931e160b2296866d6304594a0a59bf4a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
4KB

MD5
4630a652fc5960316546ec36924f300e

SHA1
7469c026b8c05c1331cccfe83b9d41bcd875d28e

SHA256
0697329217adda9c00149d82911b187f2813299ff302bc94d20ca9f7c0ed6657

SHA512
db0ef117553ebc3740c7e96222ff0bc92d487ce6a7e439eed635ecaaa5299ab7883bd8efe03d0985d0e25953c369690c030ced161e485cf99d282d023cb3aba2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
38cdcf3973f59c41e8f880c22273c942

SHA1
75985aad772478afe699fb7c269fd67121e4095a

SHA256
ce712c9c6c74c56eb701008dd0e22f9d181b19a4203aa07e18e7a6cfe23aaf9f

SHA512
a17b9c8117404e70a9364b72dc82d9d5807accb22897afd453eee0be4f057790381bfb97992b40ca724dbe9dfd089cc85f4df903956238e81ee33de941b5a2f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
99730070dbd0cbf8a625055b322e7081

SHA1
18c642cb56a981e44b17fcb2116092f4db3d608d

SHA256
a0581862c60bf0abc390c1ddd2fe6f2d93b020d3ca60f9988f0ac5450b11bd2c

SHA512
1f5504ef0d3bd80596bada8f423d08f3656513e3051bd35e7a6903a6540e0e1fbbd3042556321ee18d9b082929cd952b12e8a4c5a06278d605be36dcf6ede4aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
e6daddaa47da8a9ebfd7f5824be5927a

SHA1
b7fdebca9065fe79a2c3594a61b39fb58efa1506

SHA256
7628a5eadc2ba2d8bfe8cba1f14a5005a04ca0a070995a247ef533cd95f9630a

SHA512
6377d1362389b196264e9cb042c3f42bca179db9079772756e970427aeffca6b9469ff99f674604c7e5e6342f24aa46120b4ca59dc50da5bace34aea1a2aef3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
aef8dfeccbf1fa8ccdb7be4e9d2fffd3

SHA1
97d3b5d52e76d9d1de443c10a4129901ea847278

SHA256
fbde862235e3a68d21924273a68931a125987e1dc796d49ef99c42e8a71dc317

SHA512
eac80eff18beae4cc71d88181317c71ca6a0f2fad956f9695c8c7736e7bb6903b7a0ed40657c9b02f6dd487175d7dc35f42d184b461f7f9ae37f62f705b0289b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
a91660f598d45f0a5263cb2022465757

SHA1
7d4f4ef89a612463db32950028b7e503e6708a12

SHA256
ca304482a9d861940b1bf8f8dadd0042adb5801f76e6deca890fb367ec9a9462

SHA512
7c3a2c9f3b4f31d6b8c55d18e3dc63c5526b686ad35a51b96df9157f3579cd23bd4633807d6fa23da4cfa74baad765bcf19a93b371769cf87da4f741113bea64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\0c50659d-7b50-4d83-9d21-302b2282c3c8\index-dir\the-real-index
Filesize
72B

MD5
c499124e849b188f05f35983d29aabcd

SHA1
4e903d733623673c8e98407a970d453d1c2c2116

SHA256
114cd0292904d9b2d081d8c98b55a8707630e4965998884c5b21eb3bdfb63382

SHA512
2c038393967e02996d797e38d6e6d0169a30dd0b477e2219e34236e89a0edb44abb93b1bcff9759a5899ab744d76fcb8924f078cfe740000f6e90afc57025d09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\0c50659d-7b50-4d83-9d21-302b2282c3c8\index-dir\the-real-index~RFe5f147b.TMP
Filesize
48B

MD5
d0d0500fec97f9add75db2e11caab0b7

SHA1
932bdaead031ca42d116fcf7e085e592924252ec

SHA256
4d66de3adf19c2fe3fb12344a5ad5ee4e06c285c302fd991444f7e791e1b5e91

SHA512
912c6032c7c960f85bd9f37d749494f2bd79adfdf8c739e874acd5222c9a1c3caade1f0670f4ea9c01ea667124941d10773528f571c5de7dd937a2bce9f903f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\index.txt
Filesize
122B

MD5
d38b5ab3a3a47779df0f47ac68851bcf

SHA1
11658793d25a8e260ca5988ec4a287e17009de53

SHA256
000f323216dc8cf91762acfccba1388162165a2241a37a28e670a4e3c9528242

SHA512
6ea0e9e66da6a42badb59b358e068e4107bd28a8b028907b2791886beb607e4c2979a246d8471e76497a674abe597cfc96c1c8e7b317ed35586af87d1f4bae2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\index.txt~RFe5f14aa.TMP
Filesize
128B

MD5
8ccb53c4d2fdb44033cc9e64f6807c00

SHA1
fd599c7db492cca2aac7bc52773c3070c62966fb

SHA256
2f54f5345581307ce2a22891592bef4fc349b61538f2c6f1788aeeccb7d0b827

SHA512
20b3f94c083b88d664d910a0e206cc479fe235d7b5bcf33a687c2e38bb64d10fd9f614b9c7c3bb8d907bdd6c25cfd39ac741e4fcdc532f451ef85352421cea49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
120B

MD5
2bb789e2ec99cd1f35ed01b6715ab3f9

SHA1
9b547ed10cc55abe54dc4569b8b836efbac48e03

SHA256
97270be840355349326ce2b7024b9946806ed79586519a6b6a28c3b3851d1c53

SHA512
6eecb09a43628f541546754b35dfcfc0cec34f1b199c77bfed567c341f25aeac8f1fae8fb937d80b6e228dc52b5a1c0658410fb653cac4a5953fe604b2eb0643

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe586feb.TMP
Filesize
120B

MD5
cfbe07a55fcdcf912425695bbeef3efa

SHA1
c7b6be652c99cbfd42c31ad58c860f358ad0b5ab

SHA256
ad90c5411596911f7302b17b7af2a2f6b5b7179e03507ce27738d80d96526e37

SHA512
7c15d0ecbb49bebfcf6bd64ad9ae24b8e1664073d1b18ba2d1f194f011c63cf687411dfefc42b154beca1bb99032b817cb552e65ca4303c7ddd674395ee74de2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0
Filesize
121KB

MD5
883e3a11b8fe5e10ee359e5733c37544

SHA1
21898a0919a428be59f1b3d0f1153da6efdf98ec

SHA256
966787b802d9da7b25a9be29b2cd5fa7c76e5f127abf009226e518d0b404ffe2

SHA512
39756d4f24350bb0256754ef097bb5268cb4f6481d264ed5a190112fdeb41326c1dd00611a8da9cf1219a93cd96be7fd2cb0510cb8dc01f0253dddd545f924a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
72B

MD5
7f2dfffe79a9d0eac8e21f3229b802be

SHA1
01fb7d9d618078f8176f6ebf9e29a85f386cd6a4

SHA256
55f666cd98b1d20d25cff2da298d6277118354db3f42ab88a4ac1451bd1611a8

SHA512
f38180f8bcafa65f3eea2feede263607e69607758290640c60412058c2ffc46cf8a2cae198588f46d50142927784fdda85e828ff584709fd9150162705194650

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58fe60.TMP
Filesize
48B

MD5
dd7e6aafcc6fb554be054f7f3dada04f

SHA1
e244b21bcc58ac5ea0ca6eea85fc5d67fa641747

SHA256
d84b7c6ca5ec23e5e373c8d1546de4c20a20ce50f7b12da4d8921708b8b7d1c2

SHA512
e59cd3fd01129f3739b91e750c64040d48b9dee9fea97189ef1ea9d65d77b02530e5098a3044252668c3cc661bd0ddc542ca59972618fe15e22cfdd875282ec0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
255KB

MD5
495fdf696713de08f3fbdc1e279215f0

SHA1
2632556e17672ce1b30a7f833b458a2dff80ea48

SHA256
867482a9fc6d843f0f9bef7c59d85ffc82f77fe088e94ebd2f9a97fec63c2392

SHA512
406fcfbcdf0f015c5594d356dd711dcad0317e9e0342f957b098ee0129643a53f5278bd2fcd6f7dafe52b0f17aa7b5de999b8c7c35c7d3fd212cc33aa91ec817

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
255KB

MD5
76cf0ae93c864254220da7160bcdd2d8

SHA1
8473df9133ebf3435688c51d16b96762648c565e

SHA256
f7b1eb2204e1518ec82ca8858db6cf5c2f1913fe482dd77690b436d70f0b1316

SHA512
43b8e78906c72e3300155fb48a5f0fa5e66eb572ada7b4b3099a68514513ce6f6d1ff130826951f2db4e56023974e7f6b319fdbfb2ec41256d99b05f4326c6da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
100KB

MD5
66927c860cc539046d2d35b63e22b3e5

SHA1
05785153fc4305b2edce2426f28e0c35aff7352a

SHA256
0bd1ed76c302a941944f6229458e61fed15b19ec081b601a733ce81f9466ada5

SHA512
07493dd7a09351232d889079a5022e27459098aaa67fe905a042ead69fba0d0d88d58a4cf48f5e6d94abfe441b557b23d44b7d4c02b27c19fb0e7bc776a0776f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58b12a.TMP
Filesize
96KB

MD5
553c4c8eced7df8417d376b5e56a2199

SHA1
02dbd710c3c29a92210a38d9dfcfdcb4c16a16b6

SHA256
ff2d8df87b5067c8b2972b5bebdf986f7ab1440bdc7cba3df07be8bae3411bad

SHA512
4ec292c96de15cd0d9bf09d11c43c46154b91f50f5e78b63b019518cb48880fb34ef48c63131172780e9b8a5d351623e999b33660fea5ab16bc734b0e3277ade

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\e3e02ff9-974d-436b-b73a-d2f912687f9e.tmp
Filesize
255KB

MD5
15c099c636d3d384877a0610af56e16c

SHA1
3e133cc8a9eb9195f451d44fc637ffaf7f565851

SHA256
b21e49941c0443f9ef9407a60369e351a18ba1d30a1084bc4826df5286e7d584

SHA512
8ccb54be690f96fdcec7b19bbcec4e97786bfbc9fae3f9e0417b7aa5f21f9315014b94c6d36c5659da4e7ff1d070dc5ff1d87220c6fe84ce14ca96ca6b12a752

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c6cfb49f-7d60-49c2-bfc1-032381e649df.tmp
Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
72KB

MD5
5395ed12389866440c38c700ee77475e

SHA1
2ac3e780dce7f8c1aa289b23993d41b404cc55dd

SHA256
711b1cb3a0a4cecb43c32390c51050d724485439dea4a23086e63d2e3310fa37

SHA512
7664f1cbb7540e9866053019664b2748eb2cfa3c2bf9137a3ae5ed93f8209eb50c7dc3b89f0bce1a49cc642ecd060cd58cf80b34201f86628e896dec0285a4ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
Filesize
2KB

MD5
f5da5b33529b5070cc00eeee39bee68a

SHA1
1a66ce5bc1fced3e7318eea5df00535069dbf429

SHA256
e88fde7745c2f6b9b0c2e74d7916c9f4db876919fed0fd214844f13ee9915287

SHA512
06f0d186c71d193bb1c5c4b5d5d55a2afde7517f3ddb348c3e2c41d0120edd666c6de779d2d4eda449a2f78085789b22cb4cfbd43936c38e19995519146c073f

Download Submit
C:\Users\Admin\Downloads\Mod Menu v2.7\Loader.exe
Filesize
944KB

MD5
3b04ee8724c5c12c819ff01cb88fa0a0

SHA1
b732ed61774148ee3b2b62ec0067f3b1c84177fc

SHA256
069cf891ad698686b17fe99bb32296c1048a4c05c350ed6dd4f7747e7aa1fea6

SHA512
74c6178683bdd0eb6f819b6e459fa9c5cca27efc238300f05ed3cee9c8c0559d6c25f97b508425353ceb615beee6f130bf25ef55face092652b0428725f1484d

Download Submit
\??\pipe\crashpad_1480_JDZNVWWPGMAGFXWR
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/5652-1472-0x0000000000400000-0x0000000000458000-memory.dmp

Filesize
352KB

Download
memory/5652-1471-0x0000000000400000-0x0000000000458000-memory.dmp

Filesize
352KB

Download
memory/5652-1469-0x0000000000400000-0x0000000000458000-memory.dmp

Filesize
352KB

Download
memory/5700-1468-0x00000000008B0000-0x00000000008B1000-memory.dmp

Filesize
4KB

Download
memory/5724-1489-0x000001C7DF440000-0x000001C7DF441000-memory.dmp

Filesize
4KB

Download
memory/5724-1482-0x000001C7DF440000-0x000001C7DF441000-memory.dmp

Filesize
4KB

Download
memory/5724-1484-0x000001C7DF440000-0x000001C7DF441000-memory.dmp

Filesize
4KB

Download
memory/5724-1483-0x000001C7DF440000-0x000001C7DF441000-memory.dmp

Filesize
4KB

Download
memory/5724-1488-0x000001C7DF440000-0x000001C7DF441000-memory.dmp

Filesize
4KB

Download
memory/5724-1494-0x000001C7DF440000-0x000001C7DF441000-memory.dmp

Filesize
4KB

Download
memory/5724-1493-0x000001C7DF440000-0x000001C7DF441000-memory.dmp

Filesize
4KB

Download
memory/5724-1492-0x000001C7DF440000-0x000001C7DF441000-memory.dmp

Filesize
4KB

Download
memory/5724-1491-0x000001C7DF440000-0x000001C7DF441000-memory.dmp

Filesize
4KB

Download
memory/5724-1490-0x000001C7DF440000-0x000001C7DF441000-memory.dmp

Filesize
4KB

Download