hxxps://www[.]mediafire[.]com/folder/66vv7pdfsm5at/gta5

Analysis

max time kernel
141s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
16/11/2023, 00:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/folder/66vv7pdfsm5at/gta5

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3364	modest-menu.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133445691322873388"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3016	chrome.exe
3016	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 40 IoCs

pid	Process
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe

Suspicious use of FindShellTrayWindow 41 IoCs

pid	Process
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
7096	7zFM.exe
7096	7zFM.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3880 wrote to memory of 216	3880	chrome.exe	30
PID 3880 wrote to memory of 216	3880	chrome.exe	30
PID 3880 wrote to memory of 1316	3880	chrome.exe	88
PID 3880 wrote to memory of 1316	3880	chrome.exe	88
PID 3880 wrote to memory of 1316	3880	chrome.exe	88
PID 3880 wrote to memory of 1316	3880	chrome.exe	88
PID 3880 wrote to memory of 1316	3880	chrome.exe	88
PID 3880 wrote to memory of 1316	3880	chrome.exe	88
PID 3880 wrote to memory of 1316	3880	chrome.exe	88
PID 3880 wrote to memory of 1316	3880	chrome.exe	88
PID 3880 wrote to memory of 1316	3880	chrome.exe	88
PID 3880 wrote to memory of 1316	3880	chrome.exe	88
PID 3880 wrote to memory of 1316	3880	chrome.exe	88
PID 3880 wrote to memory of 1316	3880	chrome.exe	88
PID 3880 wrote to memory of 1316	3880	chrome.exe	88
PID 3880 wrote to memory of 1316	3880	chrome.exe	88
PID 3880 wrote to memory of 1316	3880	chrome.exe	88
PID 3880 wrote to memory of 1316	3880	chrome.exe	88
PID 3880 wrote to memory of 1316	3880	chrome.exe	88
PID 3880 wrote to memory of 1316	3880	chrome.exe	88
PID 3880 wrote to memory of 1316	3880	chrome.exe	88
PID 3880 wrote to memory of 1316	3880	chrome.exe	88
PID 3880 wrote to memory of 1316	3880	chrome.exe	88
PID 3880 wrote to memory of 1316	3880	chrome.exe	88
PID 3880 wrote to memory of 1316	3880	chrome.exe	88
PID 3880 wrote to memory of 1316	3880	chrome.exe	88
PID 3880 wrote to memory of 1316	3880	chrome.exe	88
PID 3880 wrote to memory of 1316	3880	chrome.exe	88
PID 3880 wrote to memory of 1316	3880	chrome.exe	88
PID 3880 wrote to memory of 1316	3880	chrome.exe	88
PID 3880 wrote to memory of 1316	3880	chrome.exe	88
PID 3880 wrote to memory of 1316	3880	chrome.exe	88
PID 3880 wrote to memory of 1316	3880	chrome.exe	88
PID 3880 wrote to memory of 1316	3880	chrome.exe	88
PID 3880 wrote to memory of 1316	3880	chrome.exe	88
PID 3880 wrote to memory of 1316	3880	chrome.exe	88
PID 3880 wrote to memory of 1316	3880	chrome.exe	88
PID 3880 wrote to memory of 1316	3880	chrome.exe	88
PID 3880 wrote to memory of 1316	3880	chrome.exe	88
PID 3880 wrote to memory of 1316	3880	chrome.exe	88
PID 3880 wrote to memory of 2240	3880	chrome.exe	89
PID 3880 wrote to memory of 2240	3880	chrome.exe	89
PID 3880 wrote to memory of 4268	3880	chrome.exe	90
PID 3880 wrote to memory of 4268	3880	chrome.exe	90
PID 3880 wrote to memory of 4268	3880	chrome.exe	90
PID 3880 wrote to memory of 4268	3880	chrome.exe	90
PID 3880 wrote to memory of 4268	3880	chrome.exe	90
PID 3880 wrote to memory of 4268	3880	chrome.exe	90
PID 3880 wrote to memory of 4268	3880	chrome.exe	90
PID 3880 wrote to memory of 4268	3880	chrome.exe	90
PID 3880 wrote to memory of 4268	3880	chrome.exe	90
PID 3880 wrote to memory of 4268	3880	chrome.exe	90
PID 3880 wrote to memory of 4268	3880	chrome.exe	90
PID 3880 wrote to memory of 4268	3880	chrome.exe	90
PID 3880 wrote to memory of 4268	3880	chrome.exe	90
PID 3880 wrote to memory of 4268	3880	chrome.exe	90
PID 3880 wrote to memory of 4268	3880	chrome.exe	90
PID 3880 wrote to memory of 4268	3880	chrome.exe	90
PID 3880 wrote to memory of 4268	3880	chrome.exe	90
PID 3880 wrote to memory of 4268	3880	chrome.exe	90
PID 3880 wrote to memory of 4268	3880	chrome.exe	90
PID 3880 wrote to memory of 4268	3880	chrome.exe	90
PID 3880 wrote to memory of 4268	3880	chrome.exe	90
PID 3880 wrote to memory of 4268	3880	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.mediafire.com/folder/66vv7pdfsm5at/gta5
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb06049758,0x7ffb06049768,0x7ffb06049778
  2⤵
  PID:216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 --field-trial-handle=1872,i,18249213207960047493,10939771674618852246,131072 /prefetch:2
  2⤵
  PID:1316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1872,i,18249213207960047493,10939771674618852246,131072 /prefetch:8
  2⤵
  PID:2240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1872,i,18249213207960047493,10939771674618852246,131072 /prefetch:8
  2⤵
  PID:4268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3020 --field-trial-handle=1872,i,18249213207960047493,10939771674618852246,131072 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3028 --field-trial-handle=1872,i,18249213207960047493,10939771674618852246,131072 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5516 --field-trial-handle=1872,i,18249213207960047493,10939771674618852246,131072 /prefetch:1
  2⤵
  PID:852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5256 --field-trial-handle=1872,i,18249213207960047493,10939771674618852246,131072 /prefetch:1
  2⤵
  PID:2160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=5264 --field-trial-handle=1872,i,18249213207960047493,10939771674618852246,131072 /prefetch:1
  2⤵
  PID:1744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5552 --field-trial-handle=1872,i,18249213207960047493,10939771674618852246,131072 /prefetch:1
  2⤵
  PID:1464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5744 --field-trial-handle=1872,i,18249213207960047493,10939771674618852246,131072 /prefetch:1
  2⤵
  PID:1372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=6052 --field-trial-handle=1872,i,18249213207960047493,10939771674618852246,131072 /prefetch:1
  2⤵
  PID:5156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=6212 --field-trial-handle=1872,i,18249213207960047493,10939771674618852246,131072 /prefetch:1
  2⤵
  PID:5164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6204 --field-trial-handle=1872,i,18249213207960047493,10939771674618852246,131072 /prefetch:8
  2⤵
  PID:5568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3900 --field-trial-handle=1872,i,18249213207960047493,10939771674618852246,131072 /prefetch:8
  2⤵
  PID:5632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4844 --field-trial-handle=1872,i,18249213207960047493,10939771674618852246,131072 /prefetch:1
  2⤵
  PID:5724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4904 --field-trial-handle=1872,i,18249213207960047493,10939771674618852246,131072 /prefetch:1
  2⤵
  PID:5752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6620 --field-trial-handle=1872,i,18249213207960047493,10939771674618852246,131072 /prefetch:1
  2⤵
  PID:5828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5136 --field-trial-handle=1872,i,18249213207960047493,10939771674618852246,131072 /prefetch:1
  2⤵
  PID:5904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4616 --field-trial-handle=1872,i,18249213207960047493,10939771674618852246,131072 /prefetch:1
  2⤵
  PID:5912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6388 --field-trial-handle=1872,i,18249213207960047493,10939771674618852246,131072 /prefetch:1
  2⤵
  PID:6064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6956 --field-trial-handle=1872,i,18249213207960047493,10939771674618852246,131072 /prefetch:1
  2⤵
  PID:6140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6992 --field-trial-handle=1872,i,18249213207960047493,10939771674618852246,131072 /prefetch:1
  2⤵
  PID:5440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=996 --field-trial-handle=1872,i,18249213207960047493,10939771674618852246,131072 /prefetch:1
  2⤵
  PID:6128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4828 --field-trial-handle=1872,i,18249213207960047493,10939771674618852246,131072 /prefetch:1
  2⤵
  PID:5932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5564 --field-trial-handle=1872,i,18249213207960047493,10939771674618852246,131072 /prefetch:1
  2⤵
  PID:5980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=7504 --field-trial-handle=1872,i,18249213207960047493,10939771674618852246,131072 /prefetch:1
  2⤵
  PID:1776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=7060 --field-trial-handle=1872,i,18249213207960047493,10939771674618852246,131072 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=4784 --field-trial-handle=1872,i,18249213207960047493,10939771674618852246,131072 /prefetch:1
  2⤵
  PID:5548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=7756 --field-trial-handle=1872,i,18249213207960047493,10939771674618852246,131072 /prefetch:1
  2⤵
  PID:5636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=7736 --field-trial-handle=1872,i,18249213207960047493,10939771674618852246,131072 /prefetch:1
  2⤵
  PID:5708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=7032 --field-trial-handle=1872,i,18249213207960047493,10939771674618852246,131072 /prefetch:1
  2⤵
  PID:5804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=6128 --field-trial-handle=1872,i,18249213207960047493,10939771674618852246,131072 /prefetch:1
  2⤵
  PID:6076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=7012 --field-trial-handle=1872,i,18249213207960047493,10939771674618852246,131072 /prefetch:1
  2⤵
  PID:5480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=7588 --field-trial-handle=1872,i,18249213207960047493,10939771674618852246,131072 /prefetch:1
  2⤵
  PID:5236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=5564 --field-trial-handle=1872,i,18249213207960047493,10939771674618852246,131072 /prefetch:1
  2⤵
  PID:5648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=4904 --field-trial-handle=1872,i,18249213207960047493,10939771674618852246,131072 /prefetch:1
  2⤵
  PID:1468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=7464 --field-trial-handle=1872,i,18249213207960047493,10939771674618852246,131072 /prefetch:1
  2⤵
  PID:5352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=884 --field-trial-handle=1872,i,18249213207960047493,10939771674618852246,131072 /prefetch:1
  2⤵
  PID:6432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=6672 --field-trial-handle=1872,i,18249213207960047493,10939771674618852246,131072 /prefetch:1
  2⤵
  PID:6588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=4616 --field-trial-handle=1872,i,18249213207960047493,10939771674618852246,131072 /prefetch:1
  2⤵
  PID:6636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=8184 --field-trial-handle=1872,i,18249213207960047493,10939771674618852246,131072 /prefetch:1
  2⤵
  PID:6736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=7540 --field-trial-handle=1872,i,18249213207960047493,10939771674618852246,131072 /prefetch:1
  2⤵
  PID:6764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=8460 --field-trial-handle=1872,i,18249213207960047493,10939771674618852246,131072 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8716 --field-trial-handle=1872,i,18249213207960047493,10939771674618852246,131072 /prefetch:8
  2⤵
  PID:5408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=8944 --field-trial-handle=1872,i,18249213207960047493,10939771674618852246,131072 /prefetch:1
  2⤵
  PID:6180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=4672 --field-trial-handle=1872,i,18249213207960047493,10939771674618852246,131072 /prefetch:1
  2⤵
  PID:5372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9340 --field-trial-handle=1872,i,18249213207960047493,10939771674618852246,131072 /prefetch:8
  2⤵
  PID:1784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8748 --field-trial-handle=1872,i,18249213207960047493,10939771674618852246,131072 /prefetch:8
  2⤵
  PID:380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 --field-trial-handle=1872,i,18249213207960047493,10939771674618852246,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3016

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3816

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1856

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\mod mеnu gta 5.rar"
1⤵
- Suspicious use of FindShellTrayWindow
PID:7096

C:\Users\Admin\Downloads\mоd menu gta 5\modest-menu.exe
"C:\Users\Admin\Downloads\mоd menu gta 5\modest-menu.exe"
1⤵
- Executes dropped EXE
PID:3364

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
226222977c175456a902b4b1963b2e0e

SHA1
6e6763fecc7e711768fafdbcfbc05a03ade9f65a

SHA256
43b4790ced93864ac2b364e312bed86e23e7d0e2015b65ec2544d94d1e11f728

SHA512
bc864ffd482b4bb0d49d3ecd0b69580c8faec638ab8eb918467548f97e8d7425298270597ff642559f8991b50ed3495373e4da19e67bc194aeed01aaede2f4d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c32db47fe608fdfce22ee56953faf52c

SHA1
4935117b76bb56be4b196e37cbcc7db5e70389f3

SHA256
8dce62d72ece63f779a9d216433e61f0a86affde76b40abf19938031be57d21f

SHA512
55854403d553888d04c4f1fb8b9743cacaad4ef3d10c75c332daf4996160a12f730787205bf28919037819cc69845db7a74dccc9dccb8410a37cee4500943421

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
8bb5f34f03d772b601ac6fc5b918dd3b

SHA1
4e1a87f2feda1601a8a896c293a7ff69671f76d1

SHA256
72cf0f89b112e0e63af3b82eee8de485a2fdd30f69743fe93d245d97f4ff498e

SHA512
d4ee6c53d1ae31e756a81df444cd0ea942fb79daf065f4f55c7af24c547dc8aed9f8ea5429929ce1c938370e85ef0a48410dab6841534f979e0e9dc992bd7fbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
192KB

MD5
056851917315ef8b43a6b5c3922c86c2

SHA1
8f293730c6326fed964e13e16c8c7754d98e0852

SHA256
2b8d80b125f4d7c697d6b6abab75033460d763dde54b1e748b9b410af7772798

SHA512
accbbbfda8f0047e41804e0dcee58ca9cdfa32698e4c1ea85167bd470bb2806f3e726ca08335eac3da3d00c4d9d8eb681e546ccb3ea37a5332af66bacdffd4d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log

Filesize
5KB

MD5
dc6861ca46889875cb0abbdeac6c550d

SHA1
4dcf6737b000c536bd292a1dd745dc0e728f1fc2

SHA256
8a4ba98c742a6b6f77302c05bb570b8301d6925b2ea1cb05435fbcb31456a6a8

SHA512
e6e80d0ee52f35f8d6ccba535705bfc9267458a3e1354385de1307ffad7acf8aca7059fd64aa252325bd8f523fa77e4e03c4c2e1680b3d8b2fe8150f79c55930

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
329B

MD5
426ab45e78627f1119b6924bc442c28a

SHA1
7ea7f877cd54239f9a269930af8cc542105d3718

SHA256
bd8c318ad395eed5e27eb881e892eb9c2a6e426a3837ed6ddfa01a3a73dc6caa

SHA512
9a690dc4564b5debce5c69596712445b6e1dc30c042c60b8e660ca97a0ed9a98c5b8eae13b29445c987056c742dec3e19a5b59739de8f2c8ed75f6ab684d4b16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\8517ac9e-a671-45bf-a28c-97754cbedfc1.tmp

Filesize
4KB

MD5
376852f1c27a071b6f669d7a6d541386

SHA1
eb06b1b0e1413ea803501d530fde69600b57b8bf

SHA256
f41045c7d0c26f0cf6ca7d9c800da5d7653bbb26d92de54cd39be5de15145ee0

SHA512
c31476dc091b62dabc3e3a227efebfbbeff70bb8a6ab43e47948a09bb2abedc3b2bcadc703fe8dbb25e3047aca68a68a0dfcaa8b4ee392c37822e488dc5ad5ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Filesize
56KB

MD5
fdfb67cbd6a01d20a7469dd970cca0cc

SHA1
e88a5bfb1b4dceac3b43f3199cb3bb45dd94aa96

SHA256
521bbdaf9c44bf55afe345f847aece7bf2bd4ca5d044fce6d2d43a7e90af1aa3

SHA512
f7f20f9a999eb27b9e50cf38c5f2cf56442f0acd019503b778e41c943a77a93c86b8ae2d0345b8b4ebe6d766ed29f58dcf4b8ad02bdb22e4cbd435b57030512f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
15KB

MD5
e8a5f9d3e05c080dbb502f1624e7d4a3

SHA1
6a54371b0d943abc6da9ba275d6b9b2e2d08855b

SHA256
5b574d61338100ba748ce86450cb30257790607af1f89df4c5e2e247885e88fc

SHA512
086af5aec512364ecccd1b5a332ca3d58e0c582b5f41e10f58f06a2837a12aaa41c9226ebdf7fe23c4fea8b13a41c5c0b6a8b218cfe282c70a2aa0535b5b1c7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
4cf8593ce5d2ba40742e275b5ac8aff6

SHA1
dd6437be81021aeeecc1870ed4aba881fcbf4a2c

SHA256
3b586c01f8ee2659b62a904e983b4c3281d4b999da11668437095a44ceb76ede

SHA512
619baa68301783c695d4be8755d7f7023a0815d57cc323650a2469590202138f4051ad51920b09550b2f900deae746d2a636e36357f6f57ad49b7a84f2464e62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
eb335b2f7d71912dbe1642fbec3e58e6

SHA1
2a82323fd39ecaafe57ab10ff77a46062296bcf7

SHA256
ad4f4bf2419418bda44a428c3b5c98ee135d8f1a2f75d155f608c245fd11e778

SHA512
06b40d2ec3ff792a0bb21e7a9dc433cdac393b345427c075342944a370598db9ce9ae34fbfe6776b55f3eceb77b0ac6e472350e40933bea8c12adc8b22fe670a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
15fd83506fc553918d978c9cff79e353

SHA1
197d11ae8e072b73502a2ae8682ff435d16b6a9b

SHA256
d3c291907958e9381b799286e8cef1ef2711296799fc3dc6473e85a4e478c57e

SHA512
810474c0f1e0fd2226b3aa6c25b76121a608b5beb7383b08b4bfa8daa5e18d5bde17b013e58550ead5ac9402bd9c1165c640343c38584d402a5d485154097340

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\dcaabbd1-398f-4fcb-8498-dd032b6903bd.tmp

Filesize
11KB

MD5
43b8453b5663a1fe738427ceec27bf17

SHA1
ce5b75542f500e1811b11f6fb7f64405ba43dbf5

SHA256
2fc2f6b7137c953ebe634057272da10bfc32205af7b7863df84409d0e7745a2b

SHA512
c8a1add95c4716b58b299244317479fb5bdc15cd191389a1e75407188996cbec70abf9a309961b2b0fb578115968227713438248c45213c27216ca89e4b46f07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
79d0b221e992c2aee986ff33d7301bb2

SHA1
7f89b5f7524ecb37641e1205524d0d51d098d0fd

SHA256
66f0739f44614e39e6582a5ff6431c78aadd875dd0609bcc02b935089b453281

SHA512
f681374a3051df9cf61a0462bb542596ea98aa183eac1ec3ace3aa48c140f04e5f11714da1751247797d17def9df1877eda6a9bccc0638ec5123ce9ce75bfb7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
359a0c36033588676381da6d750d0dc8

SHA1
05700be7000badd4ed8c9d7cb49e40bf7498ea9f

SHA256
6fd80762bc463cf1345d16098d449a791877892e16473981b53fb7a2d9cc4898

SHA512
8aba97bccc3ab229d3f06e7d361526e8f55ab46acfcd440f3be75fc89eb52fe4638a63728cf1733f7709bbca0e3d09ad30ff000f15768dece022b9db33ec75c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
5de634f4b091bb9776b50225322f6c1c

SHA1
14a90837e356badaa86adce1bc4a461e03d10287

SHA256
4e763581c0686a9dd154c9d000720596c6a4a45396539a00c77e2ebe87c2026f

SHA512
2940713e73894ea5c79ac3f471146440fa5edc71facfe1c56c4192e1c5aed4d355e6a180bee182dd6bcb71ba8180b71f0c50f6b0a8912e296587f7b38792f906

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8c9578d08b99e789ac1ee2a00c5092d2

SHA1
49247741ae73730b3d77f360c6479d8514c57808

SHA256
457b3d0e66e3b775610edb333814a6662b3fc9dec8b1065ca14e740c17e74c5b

SHA512
511e047265c86018bcddef7b3c3bed97f56448748fa68bdd46ba894b0ebd44126581d1208c844ea4b83e77f632d4aed21596bb1b9928211dc00782e65123a142

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
6632ddec11743f233d7692eb72a7f27f

SHA1
07f95920bc6ba4e807054745dbca63470295c7b8

SHA256
296567c34ffb3a47a99dbef18bb1df9cfc24040cc82a2f8918a98f1ceaf09ccf

SHA512
f6de6a55122162707b6cac976d2774d3d34bd54ce09d771bbc4a60c51b8cd48add070bae9293c8fa70a70a6d4a16d9d8af188cb1fff7e410cd996cd26ebba13d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
37833329f1b3e87413b8a11b56703d1c

SHA1
598c8adcff4524cd5b6fe919bb730f8ee9528cd8

SHA256
901ce09175cfa0e7d822ca7065baa5e3aefa20fe82534dc7f5110c3f3f55627a

SHA512
c6e1b69f46ebac7aebc9770bd7f7eff91732939f5391f54077f22d6c3422174cc51821e11edff502626f982cba43f1ecaca82618e5c3f6866341a2e6e6de94b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
37833329f1b3e87413b8a11b56703d1c

SHA1
598c8adcff4524cd5b6fe919bb730f8ee9528cd8

SHA256
901ce09175cfa0e7d822ca7065baa5e3aefa20fe82534dc7f5110c3f3f55627a

SHA512
c6e1b69f46ebac7aebc9770bd7f7eff91732939f5391f54077f22d6c3422174cc51821e11edff502626f982cba43f1ecaca82618e5c3f6866341a2e6e6de94b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
114KB

MD5
ec1d33099d1e7241f7cb9c6af4a7260f

SHA1
a65f95c9484cf9d8e2ce95b49881885b0b4ea596

SHA256
cdf645f8435c92af9d58edf88a688f4d2096882cfcfeab1f95b893bcb3cf8f38

SHA512
590827b6f8a06c03f42a2c43eefa0ff63008ca642fdecca8fe7038c2647361f56679c95ba15d8db31256bc6375f2210c5c223961bd169d372f317fb9b35c2eaf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58f8f1.TMP

Filesize
104KB

MD5
cf8f9c37fc8675d1d0775f334b5f8ad1

SHA1
d49e0e9f59e4a92af77227d516c1acf9e824526a

SHA256
f6b72788b612a2142ac6962949188fa2455e54ba55bce8493f49d4edafd61ca4

SHA512
ef68310a8fa76d091b1940f90c7ea4b064d5304efbf16eefe0b6da5110682d522bdd823042b4fe02ab59277713d528e81fde7bf460b8c53a0e98c23e96d98606

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\mod mеnu gta 5.rar

Filesize
2.9MB

MD5
787f18265ab9623523970bf471731103

SHA1
66f2542dd7608507872470be9e2a87ca87f5d95f

SHA256
36a75c395b0f061357d251b2f14ffa42d7fec46ea6415e4b322ceae412ee3408

SHA512
b6793290665cc1eba9ac5d07607b2ac38d1cf059edbc9c964d53f7a32f64c096c82d2493e1c9af28084f197ec3cd86934eed0cf051fadc535353f9957ab37d62

Download Submit
C:\Users\Admin\Downloads\mоd menu gta 5\modest-menu.exe

Filesize
150.8MB

MD5
285c0774c8a2fbf2c09f615998012be6

SHA1
04acc2882faf38929186d08a5eed2b5454d3312f

SHA256
b7968c02a5cb379e2f2f3f23f82b08821c378564aa08751956fd22438450c91c

SHA512
632bfa6f374c42470c03ca67a25e383eede1b11b41d5db6d65c1c8f34eda4759755781955e476170cef7cd5daa31efdde674a3eeee9ec2fab824344492ed9c99

Download Submit
C:\Users\Admin\Downloads\mоd menu gta 5\modest-menu.exe

Filesize
148.5MB

MD5
65420a2f440549430364aa3063fa67dd

SHA1
2693751fa8408fa49b9a2915aa13b24c7ca9f057

SHA256
0dd034fe5a6fd0e28430e39d13881309e8611e70deb96cbf80471b9bc60cbc37

SHA512
18ec334452cd99bc6461d705f0e2d47201da98a737a6ce9d5be398895b6e4d0eccd1dfe100577caca105961595f2551b907781201ee039d456497585e3a353d6

Download Submit
memory/3364-453-0x0000000000400000-0x0000000000852000-memory.dmp

Filesize
4.3MB

Download