Analysis Overview
SHA256
645c3447acfa5a82f0c75eb520ad89c17b021422a0264e93114128e92796bd85
Threat Level: Likely benign
The file Monogram-EM-Logo-by-Greenlines-Studios.jpg was found to be: Likely benign.
Malicious Activity Summary
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-09-24 20:44
Signatures
Analysis: behavioral3
Detonation Overview
Submitted
2023-09-24 20:44
Reported
2023-09-24 20:47
Platform
macos-20230831-en
Max time kernel
119s
Max time network
134s
Command Line
Signatures
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/Monogram-EM-Logo-by-Greenlines-Studios.jpg"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/Monogram-EM-Logo-by-Greenlines-Studios.jpg"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/Monogram-EM-Logo-by-Greenlines-Studios.jpg"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/Monogram-EM-Logo-by-Greenlines-Studios.jpg]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/Monogram-EM-Logo-by-Greenlines-Studios.jpg]
/bin/zsh
[/bin/zsh -c /Users/run/Monogram-EM-Logo-by-Greenlines-Studios.jpg]
/bin/zsh
[/bin/zsh -c /Users/run/Monogram-EM-Logo-by-Greenlines-Studios.jpg]
/Users/run/Monogram-EM-Logo-by-Greenlines-Studios.jpg
[/Users/run/Monogram-EM-Logo-by-Greenlines-Studios.jpg]
/Users/run/Monogram-EM-Logo-by-Greenlines-Studios.jpg
[/Users/run/Monogram-EM-Logo-by-Greenlines-Studios.jpg]
/usr/sbin/spctl
[/usr/sbin/spctl --test-devid-status]
/usr/bin/syslog
[/usr/bin/syslog -s -k com.apple.message.domain com.apple.security.assessment.current_state com.apple.message.signature assessments enabled com.apple.message.signature2 devid enabled Message Gatekeeper state assessments enabled/devid enabled]
/usr/bin/pluginkit
[/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync]
/usr/sbin/spctl
[/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdaterD830718C/OneDrive.app]
/sbin/mount_msdos
[/sbin/mount_msdos -o perm -o nobrowse /dev/disk1s1 /Volumes/firmwaresyncd.OVohYs]
/sbin/kextload
[/sbin/kextload /System/Library/Extensions/msdosfs.kext]
/usr/bin/rsync
[rsync --ignore-times --links --perms --recursive --times --delete-after --include=/Contents/Frameworks/Google Chrome Framework.framework/Versions/Current --exclude=/Contents/Frameworks/Google Chrome Framework.framework/Versions/* --exclude=/Contents/Versions/* /tmp/KSInstallAction.RCIxUNSygB/m/Google Chrome.app/ /Applications/Google Chrome.app]
/usr/bin/rsync
[rsync --ignore-times --links --perms --recursive --times --delete-after --include=/Contents/Frameworks/Google Chrome Framework.framework/Versions/Current --exclude=/Contents/Frameworks/Google Chrome Framework.framework/Versions/* --exclude=/Contents/Versions/* /tmp/KSInstallAction.RCIxUNSygB/m/Google Chrome.app/ /Applications/Google Chrome.app]
/bin/rm
[rm -f /Applications/Google Chrome.app/.want_full_installer]
/bin/rm
[rm -f /Applications/Google Chrome.app/.want_full_installer]
/usr/bin/defaults
[defaults read /Applications/Google Chrome.app/Contents/Info CFBundleShortVersionString]
/usr/bin/defaults
[defaults read /Applications/Google Chrome.app/Contents/Info CFBundleShortVersionString]
/usr/bin/defaults
[defaults read /Applications/Google Chrome.app/Contents/Info KSVersion]
/usr/bin/defaults
[defaults read /Applications/Google Chrome.app/Contents/Info KSVersion]
/usr/bin/defaults
[defaults read /Applications/Google Chrome.app/Contents/Info KSUpdateURL]
/usr/bin/defaults
[defaults read /Applications/Google Chrome.app/Contents/Info KSUpdateURL]
/usr/bin/defaults
[defaults read /Applications/Google Chrome.app/Contents/Info KSChannelID]
/usr/bin/defaults
[defaults read /Applications/Google Chrome.app/Contents/Info KSChannelID]
/usr/bin/defaults
[defaults read /Applications/Google Chrome.app/Contents/Info CrProductDirName]
/usr/bin/defaults
[defaults read /Applications/Google Chrome.app/Contents/Info CrProductDirName]
/System/Library/Frameworks/CoreServices.framework/Frameworks/LaunchServices.framework/Support/lsregister
[/System/Library/Frameworks/CoreServices.framework/Frameworks/LaunchServices.framework/Support/lsregister -f /Applications/Google Chrome.app]
/System/Library/Frameworks/CoreServices.framework/Frameworks/LaunchServices.framework/Support/lsregister
[/System/Library/Frameworks/CoreServices.framework/Frameworks/LaunchServices.framework/Support/lsregister -f /Applications/Google Chrome.app]
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/MacOS/ksadmin
[ksadmin --register --productid com.google.Chrome --version 116.0.5845.140 --xcpath /Applications/Google Chrome.app --url https://tools.google.com/service/update2 --tag universal --tag-path /Applications/Google Chrome.app/Contents/Info.plist --tag-key KSChannelID --brand-path /Library/Google/Google Chrome Brand.plist --brand-key KSBrandID --version-path /Applications/Google Chrome.app/Contents/Info.plist --version-key KSVersion]
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/MacOS/ksadmin
[ksadmin --register --productid com.google.Chrome --version 116.0.5845.140 --xcpath /Applications/Google Chrome.app --url https://tools.google.com/service/update2 --tag universal --tag-path /Applications/Google Chrome.app/Contents/Info.plist --tag-key KSChannelID --brand-path /Library/Google/Google Chrome Brand.plist --brand-key KSBrandID --version-path /Applications/Google Chrome.app/Contents/Info.plist --version-key KSVersion]
/bin/ps
[ps -ewwo comm=]
/bin/ps
[ps -ewwo comm=]
/usr/bin/grep
[grep -Fqx /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/95.0.4638.69/]
/usr/bin/grep
[grep -Fqx /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/95.0.4638.69/]
/usr/bin/cut
[cut -c 1-108]
/usr/bin/cut
[cut -c 1-108]
/usr/sbin/lsof
[lsof /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/95.0.4638.69/Google Chrome Framework]
/usr/sbin/lsof
[lsof /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/95.0.4638.69/Google Chrome Framework]
/bin/rm
[rm -rf /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/95.0.4638.69]
/bin/rm
[rm -rf /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/95.0.4638.69]
/usr/sbin/chown
[chown -Rh root:wheel /Applications/Google Chrome.app]
/usr/sbin/chown
[chown -Rh root:wheel /Applications/Google Chrome.app]
/bin/chmod
[chmod -R a+rX,u+w,go-w /Applications/Google Chrome.app]
/bin/chmod
[chmod -R a+rX,u+w,go-w /Applications/Google Chrome.app]
/usr/bin/find
[find /Applications/Google Chrome.app -type l -exec chmod -h a+rX,u+w,go-w {} +]
/usr/bin/find
[find /Applications/Google Chrome.app -type l -exec chmod -h a+rX,u+w,go-w {} +]
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/MacOS/chmod
[chmod -h a+rX,u+w,go-w /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Default Apps /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Resources /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/KeystoneRegistration /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Versions/Current /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/Current /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.140/Frameworks/KeystoneRegistration.framework/KeystoneRegistration /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.140/Frameworks/KeystoneRegistration.framework/Resources /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.140/Frameworks/KeystoneRegistration.framework/Versions/Current /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.140/Frameworks/KeystoneRegistration.framework/Helpers /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.140/Helpers/GoogleUpdater.app/Contents/Helpers/GoogleSoftwareUpdate.bundle/Contents/MacOS/ksadmin /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Libraries /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Google Chrome Framework /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Internet Plug-Ins /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Frameworks /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Helpers]
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/MacOS/chmod
[chmod -h a+rX,u+w,go-w /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Default Apps /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Resources /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/KeystoneRegistration /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Versions/Current /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/Current /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.140/Frameworks/KeystoneRegistration.framework/KeystoneRegistration /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.140/Frameworks/KeystoneRegistration.framework/Resources /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.140/Frameworks/KeystoneRegistration.framework/Versions/Current /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.140/Frameworks/KeystoneRegistration.framework/Helpers /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.140/Helpers/GoogleUpdater.app/Contents/Helpers/GoogleSoftwareUpdate.bundle/Contents/MacOS/ksadmin /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Libraries /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Google Chrome Framework /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Internet Plug-Ins /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Frameworks /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Helpers]
/bin/chmod
[chmod -h a+rX,u+w,go-w /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Default Apps /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Resources /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/KeystoneRegistration /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Versions/Current /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/Current /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.140/Frameworks/KeystoneRegistration.framework/KeystoneRegistration /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.140/Frameworks/KeystoneRegistration.framework/Resources /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.140/Frameworks/KeystoneRegistration.framework/Versions/Current /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.140/Frameworks/KeystoneRegistration.framework/Helpers /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.140/Helpers/GoogleUpdater.app/Contents/Helpers/GoogleSoftwareUpdate.bundle/Contents/MacOS/ksadmin /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Libraries /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Google Chrome Framework /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Internet Plug-Ins /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Frameworks /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Helpers]
/bin/chmod
[chmod -h a+rX,u+w,go-w /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Default Apps /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Resources /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/KeystoneRegistration /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Versions/Current /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/Current /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.140/Frameworks/KeystoneRegistration.framework/KeystoneRegistration /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.140/Frameworks/KeystoneRegistration.framework/Resources /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.140/Frameworks/KeystoneRegistration.framework/Versions/Current /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.140/Frameworks/KeystoneRegistration.framework/Helpers /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.140/Helpers/GoogleUpdater.app/Contents/Helpers/GoogleSoftwareUpdate.bundle/Contents/MacOS/ksadmin /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Libraries /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Google Chrome Framework /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Internet Plug-Ins /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Frameworks /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Helpers]
/usr/bin/xattr
[xattr -d -r com.apple.quarantine /Applications/Google Chrome.app]
/usr/bin/xattr
[xattr -d -r com.apple.quarantine /Applications/Google Chrome.app]
/usr/bin/hdiutil
[/usr/bin/hdiutil detach /tmp/KSInstallAction.RCIxUNSygB/m]
/sbin/umount
[/sbin/umount /private/tmp/KSInstallAction.RCIxUNSygB/m]
/sbin/umount
[/sbin/umount /private/tmp/KSInstallAction.RCIxUNSygB/m]
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/MacOS/ksfetch
[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/MacOS/ksfetch]
/usr/libexec/xpcproxy
[xpcproxy com.apple.ReportCrash.Root]
/System/Library/CoreServices/ReportCrash
[/System/Library/CoreServices/ReportCrash daemon]
/usr/libexec/xpcproxy
[xpcproxy com.apple.ReportMemoryException]
/usr/libexec/ReportMemoryException
[/usr/libexec/ReportMemoryException]
/usr/libexec/xpcproxy
[xpcproxy com.apple.mediaremoteagent]
/System/Library/PrivateFrameworks/MediaRemote.framework/Support/mediaremoteagent
[/System/Library/PrivateFrameworks/MediaRemote.framework/Support/mediaremoteagent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.imfoundation.IMRemoteURLConnectionAgent 486]
/System/Library/PrivateFrameworks/IMFoundation.framework/XPCServices/IMRemoteURLConnectionAgent.xpc/Contents/MacOS/IMRemoteURLConnectionAgent
[/System/Library/PrivateFrameworks/IMFoundation.framework/XPCServices/IMRemoteURLConnectionAgent.xpc/Contents/MacOS/IMRemoteURLConnectionAgent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.ReportCrash]
/System/Library/CoreServices/ReportCrash
[/System/Library/CoreServices/ReportCrash agent]
/usr/sbin/spctl
[/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app]
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | mobile.events.data.trafficmanager.net | udp |
| US | 20.42.73.25:443 | tcp | |
| US | 8.8.8.8:53 | api.apple-cloudkit.fe.apple-dns.net | udp |
| US | 8.8.8.8:53 | e4686.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e4686.dsce9.akamaiedge.net | udp |
| NL | 142.251.39.110:443 | tcp | |
| US | 8.8.8.8:53 | e673.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | ocsp.entrust.net.edgekey.net | udp |
| US | 8.8.8.8:53 | gsp64-ssl.ls-apple.com.akadns.net | udp |
| N/A | 224.0.0.251:5353 | udp |
Files
/Library/Google/GoogleSoftwareUpdate/TicketStore/.dat.nosync02c5.3SEd8U
| MD5 | d8c1da4da2463fdb980d45c3bc7a5947 |
| SHA1 | 1d07c6f92f10d6c85c8d331eeba6a7d06682be1f |
| SHA256 | f5eac6457ac6b1b01caa04dc3e50b702b5cb9689371b7c078a196c47f60e125c |
| SHA512 | 4acb9f419ac77e49d3cbd06ff8d2cba1be55fa63bcaf90f916608d5cd05581f5176a0c628c3ea16456bc70e3c6b9b4a8394f1d9ce896dc1cb9bd65445eed9dbb |
Analysis: behavioral1
Detonation Overview
Submitted
2023-09-24 20:44
Reported
2023-09-24 20:47
Platform
win7-20230831-en
Max time kernel
55s
Max time network
152s
Command Line
Signatures
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\Monogram-EM-Logo-by-Greenlines-Studios.jpg
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6759758,0x7fef6759768,0x7fef6759778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1124 --field-trial-handle=1360,i,9346265728110300457,18313924191095399619,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1496 --field-trial-handle=1360,i,9346265728110300457,18313924191095399619,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1596 --field-trial-handle=1360,i,9346265728110300457,18313924191095399619,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2292 --field-trial-handle=1360,i,9346265728110300457,18313924191095399619,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2280 --field-trial-handle=1360,i,9346265728110300457,18313924191095399619,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1464 --field-trial-handle=1360,i,9346265728110300457,18313924191095399619,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3308 --field-trial-handle=1360,i,9346265728110300457,18313924191095399619,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1384 --field-trial-handle=1360,i,9346265728110300457,18313924191095399619,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3564 --field-trial-handle=1360,i,9346265728110300457,18313924191095399619,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3564 --field-trial-handle=1360,i,9346265728110300457,18313924191095399619,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3752 --field-trial-handle=1360,i,9346265728110300457,18313924191095399619,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3712 --field-trial-handle=1360,i,9346265728110300457,18313924191095399619,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 --field-trial-handle=1360,i,9346265728110300457,18313924191095399619,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2040 --field-trial-handle=1360,i,9346265728110300457,18313924191095399619,131072 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | apis.google.com | udp |
| DE | 172.217.23.206:443 | apis.google.com | udp |
| DE | 172.217.23.206:443 | apis.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| NL | 142.250.179.202:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| NL | 142.251.36.14:443 | encrypted-tbn0.gstatic.com | tcp |
| NL | 142.251.36.14:443 | encrypted-tbn0.gstatic.com | tcp |
| NL | 142.251.36.14:443 | encrypted-tbn0.gstatic.com | tcp |
| NL | 142.251.36.14:443 | encrypted-tbn0.gstatic.com | tcp |
| NL | 142.251.36.14:443 | encrypted-tbn0.gstatic.com | tcp |
| NL | 142.251.36.14:443 | encrypted-tbn0.gstatic.com | tcp |
| US | 8.8.8.8:53 | www.roblox.com | udp |
| NL | 142.251.36.14:443 | encrypted-tbn0.gstatic.com | udp |
| US | 128.116.115.4:443 | www.roblox.com | tcp |
| US | 128.116.115.4:443 | www.roblox.com | tcp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| US | 205.185.216.42:443 | static.rbxcdn.com | tcp |
| US | 2.18.121.137:443 | js.rbxcdn.com | tcp |
| US | 2.18.121.137:443 | js.rbxcdn.com | tcp |
| US | 2.18.121.137:443 | js.rbxcdn.com | tcp |
| US | 2.18.121.137:443 | js.rbxcdn.com | tcp |
| US | 2.18.121.137:443 | js.rbxcdn.com | tcp |
| US | 2.18.121.137:443 | js.rbxcdn.com | tcp |
| US | 2.18.121.145:443 | css.rbxcdn.com | tcp |
| US | 2.18.121.145:443 | css.rbxcdn.com | tcp |
| US | 2.18.121.145:443 | css.rbxcdn.com | tcp |
| US | 2.18.121.145:443 | css.rbxcdn.com | tcp |
| US | 2.18.121.145:443 | css.rbxcdn.com | tcp |
| US | 2.18.121.145:443 | css.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | roblox.com | udp |
| US | 8.8.8.8:53 | metrics.roblox.com | udp |
| US | 8.8.8.8:53 | roblox-api.arkoselabs.com | udp |
| US | 172.64.154.86:443 | roblox-api.arkoselabs.com | tcp |
| US | 128.116.102.3:443 | roblox.com | tcp |
| US | 8.8.8.8:53 | apis.rbxcdn.com | udp |
| US | 2.18.121.136:443 | apis.rbxcdn.com | tcp |
| US | 2.18.121.145:443 | css.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | locale.roblox.com | udp |
| US | 8.8.8.8:53 | apis.roblox.com | udp |
| US | 8.8.8.8:53 | images.rbxcdn.com | udp |
| US | 8.8.8.8:53 | auth.roblox.com | udp |
| US | 128.116.115.4:443 | auth.roblox.com | tcp |
| US | 128.116.115.4:443 | auth.roblox.com | tcp |
| US | 2.18.121.147:443 | images.rbxcdn.com | tcp |
| US | 2.18.121.147:443 | images.rbxcdn.com | tcp |
| US | 2.18.121.147:443 | images.rbxcdn.com | tcp |
| US | 2.18.121.147:443 | images.rbxcdn.com | tcp |
| US | 2.18.121.147:443 | images.rbxcdn.com | tcp |
| US | 2.18.121.147:443 | images.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| US | 128.116.115.3:443 | ecsv2.roblox.com | tcp |
| NL | 142.250.179.202:443 | content-autofill.googleapis.com | udp |
| US | 128.116.115.3:443 | ecsv2.roblox.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 216.58.208.110:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | r3---sn-5hne6nsr.gvt1.com | udp |
| NL | 172.217.132.72:443 | r3---sn-5hne6nsr.gvt1.com | udp |
| US | 8.8.8.8:53 | ncs.roblox.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 192.178.48.131:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | assetgame.roblox.com | udp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| US | 205.185.216.10:443 | static.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | ssl.google-analytics.com | udp |
| NL | 142.250.179.168:443 | ssl.google-analytics.com | tcp |
| US | 8.8.8.8:53 | realtime-signalr.roblox.com | udp |
| US | 128.116.45.3:443 | realtime-signalr.roblox.com | tcp |
| US | 8.8.8.8:53 | thumbnails.roblox.com | udp |
| US | 128.116.45.4:443 | thumbnails.roblox.com | tcp |
| US | 128.116.45.4:443 | thumbnails.roblox.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | tr.rbxcdn.com | udp |
| US | 8.8.8.8:53 | lms.roblox.com | udp |
| NL | 142.250.179.170:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | contacts.roblox.com | udp |
| US | 8.8.8.8:53 | chat.roblox.com | udp |
| US | 8.8.8.8:53 | accountsettings.roblox.com | udp |
| US | 8.8.8.8:53 | economy.roblox.com | udp |
| US | 8.8.8.8:53 | notifications.roblox.com | udp |
| US | 8.8.8.8:53 | friends.roblox.com | udp |
| US | 8.8.8.8:53 | privatemessages.roblox.com | udp |
| US | 8.8.8.8:53 | trades.roblox.com | udp |
| US | 128.116.115.8:443 | lms.roblox.com | tcp |
| US | 128.116.45.4:443 | trades.roblox.com | tcp |
| US | 128.116.45.3:443 | contacts.roblox.com | tcp |
| US | 128.116.45.4:443 | trades.roblox.com | tcp |
| US | 128.116.45.4:443 | trades.roblox.com | tcp |
| US | 128.116.45.4:443 | trades.roblox.com | tcp |
| US | 128.116.45.4:443 | trades.roblox.com | tcp |
| US | 128.116.45.4:443 | trades.roblox.com | tcp |
| US | 128.116.45.4:443 | trades.roblox.com | tcp |
| US | 128.116.45.4:443 | trades.roblox.com | tcp |
| US | 128.116.45.4:443 | trades.roblox.com | tcp |
| US | 128.116.45.4:443 | trades.roblox.com | tcp |
| US | 128.116.45.4:443 | trades.roblox.com | tcp |
| US | 128.116.45.4:443 | trades.roblox.com | tcp |
| US | 128.116.45.4:443 | trades.roblox.com | tcp |
| US | 128.116.45.4:443 | trades.roblox.com | tcp |
| US | 205.185.216.10:443 | static.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | cdg1-128-116-122-3.roblox.com | udp |
| US | 8.8.8.8:53 | gold.roblox.com | udp |
| US | 8.8.8.8:53 | hkg1-128-116-118-3.roblox.com | udp |
| FR | 128.116.122.3:443 | cdg1-128-116-122-3.roblox.com | tcp |
| US | 8.8.8.8:53 | mia2-128-116-127-3.roblox.com | udp |
| US | 8.8.8.8:53 | lax2-128-116-116-3.roblox.com | udp |
| US | 8.8.8.8:53 | c0hw.rbxcdn.com | udp |
| US | 8.8.8.8:53 | atl1-128-116-99-3.roblox.com | udp |
| HK | 128.116.118.3:443 | hkg1-128-116-118-3.roblox.com | tcp |
| US | 8.8.8.8:53 | c0ak.rbxcdn.com | udp |
| US | 8.8.8.8:53 | aws-us-east-1c-lms.rbx.com | udp |
| US | 128.116.127.3:443 | mia2-128-116-127-3.roblox.com | tcp |
| US | 128.116.116.3:443 | lax2-128-116-116-3.roblox.com | tcp |
| US | 8.8.8.8:53 | syd1-128-116-51-3.roblox.com | udp |
| US | 128.116.99.3:443 | atl1-128-116-99-3.roblox.com | tcp |
| US | 128.116.45.3:443 | gold.roblox.com | tcp |
| AU | 128.116.51.3:443 | syd1-128-116-51-3.roblox.com | tcp |
| US | 52.71.93.133:443 | aws-us-east-1c-lms.rbx.com | tcp |
| US | 2.18.121.135:443 | c0ak.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | presence.roblox.com | udp |
| AU | 128.116.51.3:443 | syd1-128-116-51-3.roblox.com | tcp |
| US | 8.8.8.8:53 | cs.ns1p.net | udp |
| US | 3.128.151.101:443 | cs.ns1p.net | tcp |
| US | 128.116.115.8:443 | lms.roblox.com | tcp |
Files
memory/3012-0-0x0000000001CB0000-0x0000000001CB1000-memory.dmp
\??\pipe\crashpad_2752_LLFSRMRVFPSZRFQS
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Temp\Cab4DE4.tmp
| MD5 | f3441b8572aae8801c04f3060b550443 |
| SHA1 | 4ef0a35436125d6821831ef36c28ffaf196cda15 |
| SHA256 | 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf |
| SHA512 | 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9 |
C:\Users\Admin\AppData\Local\Temp\Tar5047.tmp
| MD5 | 9441737383d21192400eca82fda910ec |
| SHA1 | 725e0d606a4fc9ba44aa8ffde65bed15e65367e4 |
| SHA256 | bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5 |
| SHA512 | 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a73cbd6887dbee5149b9e5597d44357e |
| SHA1 | a6d2db6138da9f8c02dd64ae6d20eecaafeaf023 |
| SHA256 | 5c08e1940a9cc240636f6eb6b7c52707ce2460a5b4f85cdf2287de064015d1fa |
| SHA512 | d4901c47e01c6897e90099c221024b1edf5587455bf3bce2c90277c30a53cb7a154a87c8cbc875774343b10e352fa66859cabac774f0dd068fb40e139eefb428 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e37f17fb134c45126fa154d66cd8667b |
| SHA1 | 17d52eb64e6e53f38067c102ece6d86d55bd8d67 |
| SHA256 | 227e74ef6bd90db977624bbf0a079aee9bb9ae35dc984d3b40a016f3a35bc490 |
| SHA512 | 5fbd12f2812b953c9f78f61c832b2ddadaaa588faee74ab18940b0984540e69f9afd2115d8b21f6261844209217c983cabd2654d9edec2c62b0b12afa1086cda |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ab8a0d09a077ee2eeb22fc15ec46a2e4 |
| SHA1 | db7539d01976958026209ad2cfc4f3248c1d85ef |
| SHA256 | 3b8f5f2975c55adf56b873bba325890696701d6e6e11bba4b0b6633ffa93ae23 |
| SHA512 | b6ce8f76053fda0133413ae13a0cb50429edac7742045ab942d37c5dcd27525d18f35024b48366d9b84501bb422d258b52b044a23d835b0b6657a55bd221b0cf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ac9223c5ec000233a0095dfd4368690e |
| SHA1 | 6ec27cb98ad1d2f6d984e2287ae2180a7cec7270 |
| SHA256 | e95ed5fb8c4d835b9a5211b199c38e7b7522cb1198c101b01d5709469f05d587 |
| SHA512 | d6d75ed49b4ee518f75c59e4aafa39a3dc9d6d99a78a53b57994253d1cc269c582c234bd47c978ecaf289b5195bdae66f1dbb115e1d5fc1b96dce207fff8c5b5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9b43c230eb8a1af82836a82ea15900df |
| SHA1 | 09c9afd3c850ae28283260b997af381981ebe15f |
| SHA256 | 197b3e6beaccc5b71029725c6d816420a856752d7813a77a9b9890ec8d3a09a1 |
| SHA512 | 00c601bd1087942660fc3716afc45aab9925bc908359a750f946ca1fda59f83f5aeee3af83f67d422cb52f4daf0fa1d8475f091848265fe848b420c3157ce0be |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a5389b2251fd1cd38387531ae1c97a12 |
| SHA1 | d33abda78d4424b220c5c2a4f7770f905105a075 |
| SHA256 | 9fd318df4834a8fb74e13946d6ea72d764f44cac027dc1a532f3e0b9dc2eda63 |
| SHA512 | 3021a012f275325732669c60182f0aa567578a49414336c90af7b4f4287a71f886605df208e16a8186dc640c27b0aced7a899954b930aadab522c2cd2afd836c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f848571d5bfc683d363c8f53e1c0b6bf |
| SHA1 | 055af139bfb430b71945b93539c9fe00e5287563 |
| SHA256 | 9ba964c22b6cfd5ca40f49c155a3fc0a43d597dcd4d1daa0d0105c9574a8cdfa |
| SHA512 | 776c3eb2b7a6b0caf460cb2aba8b1093bf3131f83df2779cd4ecdd8ed982b517e2131d992c6c2dcda7d997e4810d28635373bda264c26b20b346e7d7498c8ae0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity~RFf780280.TMP
| MD5 | 24216ed9703653f69d9c1b0b1ba91a80 |
| SHA1 | 5b5be6aeb08f7d94e331f54d48f10358d73320d3 |
| SHA256 | a0e9247a33ee48363cc33bf7a19fe07804d95111c5828eecc230f63e6c2a811a |
| SHA512 | 01826f1385033180290cae23e8652c39439c30bbec922410854c174416a5f83bb57472f9276f22e49233a0bd9be1e15254a63332017e4281edad105cd57bdef6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ddef505a0d88f07e184c67e600f3d537 |
| SHA1 | 3a93060b1cc1fdde24f2f900860682e2b887af3c |
| SHA256 | e5cbd22e33a78f9f17da5856d7b83c40dcd6b501181f89500d6e08ef4796c925 |
| SHA512 | ae81eecf678ed71a682dd918a49c8e18b197e87852b11f0a7903ef368e1d15983c8ca67ce28aebe9fd85d086d5b9ddab0641b07042323d74610994ef129398dd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d87100a6153c349e8824ccf3883b134b |
| SHA1 | aeb9b2aee28b0779068cbad8ff53549e56a1032e |
| SHA256 | 2fbacca6e2cef3d348909344311feb1924d3fae73fb84c5f938e8603a64e4743 |
| SHA512 | 183557e4fc7fbc68c767685a1bd4c34dfb23a415a89f52ed04ab63097c7669906ede4e321e6ac982c12da926b3bec0356dfce64542a6042b62880f196b73067d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3c286a2ff855247aca60993f1397c170 |
| SHA1 | bf1e08e0b6a531ddd293cddfef155f13af11b012 |
| SHA256 | 3065040de6abe69af85ff40f0dc19450c5ab5e039369347d354b5df63e87523c |
| SHA512 | 179a6415a51b51c6d442716db0f0ff9df77e28e757671c3dd263d2203ba3a17b8105f84ef990a17037d9d9ba923b5d9e9dd5802cfe6967808f3e95ee52153ce0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\CURRENT~RFf78671c.TMP
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c223cbc5947c5fd96f617f89fc46a926 |
| SHA1 | aad1f022d720a04355de038cb5e3141d9808ada9 |
| SHA256 | 84e190c6c442d11828d0011dbe3a8b8b75f491cc083e4ba87a2f4a37d31967af |
| SHA512 | 807191158756dcb0115c26de52232c49ba980327fce064a828d591f9e49ba3d537f01feec227d5cc81254e934c1347f0d7a8812af715c9b4b597159c5abac165 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2ab41721cd4b80555245b07fbc4d08c7 |
| SHA1 | 55e100354efbd263977c64b97e82e8b32f96ac94 |
| SHA256 | 9371fd31bb6ae60b60f4ecc8faa81a0470a2a854847e4734d7bc2116a6c9b6bd |
| SHA512 | d6653a187029f3f67acfe172f638d25b91df4a628ddb61d65e1e75ebe445b1c4afee1b80218d85601188dce971d2b429262519c96dd7e6ecaf4561b8eadde046 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8d0de967b03b41393cc501438d669f42 |
| SHA1 | 6f37e512c0783844cfd439a9478c7a96435c3a18 |
| SHA256 | c946b17a548a0cddb6311466722540cf4e6202aef2e88dd9ccc4f3ddf57d5f72 |
| SHA512 | 93913b551b70f5f259b8337ed898b193b8d8527f8d1701c056b4475813534276ba185dd743dfd1043c0157ab21401fe614d22c6deeb71829d7a25dfcf601e7e0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f61367a27bef6e06ccdcc3db54f4fa4d |
| SHA1 | 35a257e3f8f8380b9a40f9a3fec71fef7b1cc5d3 |
| SHA256 | 072dedbd29a88ccad20e22943abca5300c79f77e1c49f37cd6b1e3040feb8037 |
| SHA512 | 5859c20652ca2cb5d7929f5d0584c5e4ae5d933187692b3d4af62344d7cef8006f2c4b082083a36d2664cb84fcebcff3f827ae9cec58fc3e42c8dfcaa0d57530 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f61367a27bef6e06ccdcc3db54f4fa4d |
| SHA1 | 35a257e3f8f8380b9a40f9a3fec71fef7b1cc5d3 |
| SHA256 | 072dedbd29a88ccad20e22943abca5300c79f77e1c49f37cd6b1e3040feb8037 |
| SHA512 | 5859c20652ca2cb5d7929f5d0584c5e4ae5d933187692b3d4af62344d7cef8006f2c4b082083a36d2664cb84fcebcff3f827ae9cec58fc3e42c8dfcaa0d57530 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f076276392fe6040cc98282d48c8af0c |
| SHA1 | b24c4293ae7562650e15f45aa1d499d358d0fb39 |
| SHA256 | 510f51f192b859050dee47bd1e1eb222f672df7f10641b504b60325c46c2cfaa |
| SHA512 | c894a667ce51726a282d3a949eb8b28350a9eec9bc5f00eb2d0cae8f5027778d7083e38f06536b53f8814bbe6fe93bafdb3d9466943dad364cd2c409b04add9c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c197ae70faabf46fc3a75737918cc658 |
| SHA1 | 8d8b7dcefd99fe6593ace4b1804cc78ba23784d0 |
| SHA256 | cf545246d58e5e766c714a4df572c66fa388d6681736949bfe1ed8d5bd8d2421 |
| SHA512 | eb2e407a42960ce3190f8ebb573fbeca7f1103dc09a795c4dd0bf4f9cdf5aa5c4b83ea37098ff13abf844811d1b1d37110cf88048b132485f662b58cf4d0f741 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 21c7ad407aa42aa7d3947a09e4de91e4 |
| SHA1 | 9a29ba0aebd9475ce4f4e6cbe28f31d4188a1221 |
| SHA256 | bbe73e92fbb85089b1cbfa393b68db36862c856c5400875e8a4bf2e7f3d25a6a |
| SHA512 | c3c2e718975d6014643cc65d61e2e00c0e6856aa27e0afa663d8a3fc005a848129552a9b8ecb6236ee330888c9b0389d38205971935298044e6138c142eb78ee |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 5b4d7af629222de2eb104b888603824d |
| SHA1 | 6b65fa055a51343c7960a236881159537ca84e2f |
| SHA256 | 5d1ce0bd500aef4783089a6ba4a577b9025faf7ed316f0205821ff91f66ff5ea |
| SHA512 | 6452775d41a44a706f1dbb003c8fe37d14610e0978cb7f8f323f036276b405ab1ad165fcddb6c071eb6c6c95b5c6fe61e5fcc6a1e034c06b6180c956b1a9914e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\000004.dbtmp
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0ff333cd2672e1778026d7c457831b46 |
| SHA1 | 3d618633445e9cb9f5fa56d9a3102ad843ece453 |
| SHA256 | db6a6b853ff76bd218f807fc4d34f1d90bc04e6b563229f0389afcb9655f54f4 |
| SHA512 | 0980ad20b02128ab77e6123b958267c5dd88d3ac08dda4a71fecd3c11d5cdbf7aacd659a0aa2f39407a93d1fba146fc3ad6630da0d475f2960b1c4e3162e5c3d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 23a04f805e07cf78666af8e5fa49da60 |
| SHA1 | c70a4c9fc23bc1b963feb6f42a01cc87af7ff61e |
| SHA256 | 464a0dcbb21a9339da3a8ed4d58796e3adb7d5b545d6a00ef9d643a7c8569925 |
| SHA512 | f6e484efe1d1c522b64e2ef248b8faf67481eb40aee37d6d6532a491641c57e26833f1ca59b9053a5225fefeca0485ba084880115b0567b67bed96a017f96923 |
Analysis: behavioral2
Detonation Overview
Submitted
2023-09-24 20:44
Reported
2023-09-24 20:47
Platform
win10v2004-20230915-en
Max time kernel
34s
Max time network
144s
Command Line
Signatures
Enumerates physical storage devices
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Monogram-EM-Logo-by-Greenlines-Studios.jpg
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.211.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.202.248.87.in-addr.arpa | udp |