bbac5731a62721324c168256d0c44273afaa8376eb206c76cdb9aaa4ba76a3ae

Analysis

max time kernel
300s
max time network
306s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19/02/2024, 17:04

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

h8dn5r.html
Size

15KB
MD5

52e43805e32cc39223d842c5ccf1614e
SHA1

b6e79a57fbb350006fb2a57b569890fdef23d2ee
SHA256

bbac5731a62721324c168256d0c44273afaa8376eb206c76cdb9aaa4ba76a3ae
SHA512

a575333ad0b3959835dbd936327560e7b8b14f1e0f29fc4cc47e51afc447e8343d70b7e05eac2aa189a1299977e3efc6a042f89e912724ff0ee97dfe9512a52a
SSDEEP

384:PVieLZdPEISARyiWXTCdXCpuSvg5ZVE1S+IQ/Eq0Ohr+l:YeLZdPEIYlCPSvg5XEchkgOhql

Score

9^/10

evasion themida

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	FRCHEATS.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	FRCHEATS.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	FRCHEATS.exe

Themida packer 7 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral2/memory/3908-563-0x00007FF78C170000-0x00007FF78CA1C000-memory.dmp	themida
behavioral2/memory/3908-574-0x00007FF78C170000-0x00007FF78CA1C000-memory.dmp	themida
behavioral2/memory/3908-575-0x00007FF78C170000-0x00007FF78CA1C000-memory.dmp	themida
behavioral2/memory/3908-576-0x00007FF78C170000-0x00007FF78CA1C000-memory.dmp	themida
behavioral2/memory/3908-577-0x00007FF78C170000-0x00007FF78CA1C000-memory.dmp	themida
behavioral2/memory/3908-578-0x00007FF78C170000-0x00007FF78CA1C000-memory.dmp	themida
behavioral2/memory/3908-818-0x00007FF78C170000-0x00007FF78CA1C000-memory.dmp	themida

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
466	discord.com
464	discord.com

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
3908	FRCHEATS.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133528359456246285"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1815711207-1844170477-3539718864-1000\{57E10AB4-AEC8-4F33-8B13-29F1315655FD}	msedge.exe

Suspicious behavior: EnumeratesProcesses 60 IoCs

pid	Process
724	chrome.exe
724	chrome.exe
5660	chrome.exe
5660	chrome.exe
3908	FRCHEATS.exe
3908	FRCHEATS.exe
3908	FRCHEATS.exe
3908	FRCHEATS.exe
3908	FRCHEATS.exe
3908	FRCHEATS.exe
3908	FRCHEATS.exe
3908	FRCHEATS.exe
3908	FRCHEATS.exe
3908	FRCHEATS.exe
3908	FRCHEATS.exe
3908	FRCHEATS.exe
3908	FRCHEATS.exe
3908	FRCHEATS.exe
3908	FRCHEATS.exe
3908	FRCHEATS.exe
3908	FRCHEATS.exe
3908	FRCHEATS.exe
3908	FRCHEATS.exe
3908	FRCHEATS.exe
3908	FRCHEATS.exe
3908	FRCHEATS.exe
3908	FRCHEATS.exe
3908	FRCHEATS.exe
3908	FRCHEATS.exe
3908	FRCHEATS.exe
3908	FRCHEATS.exe
3908	FRCHEATS.exe
3908	FRCHEATS.exe
3908	FRCHEATS.exe
3908	FRCHEATS.exe
3908	FRCHEATS.exe
3908	FRCHEATS.exe
3908	FRCHEATS.exe
3908	FRCHEATS.exe
3908	FRCHEATS.exe
3908	FRCHEATS.exe
3908	FRCHEATS.exe
3908	FRCHEATS.exe
3908	FRCHEATS.exe
3908	FRCHEATS.exe
3908	FRCHEATS.exe
3908	FRCHEATS.exe
3908	FRCHEATS.exe
3908	FRCHEATS.exe
3908	FRCHEATS.exe
3908	FRCHEATS.exe
3908	FRCHEATS.exe
1664	msedge.exe
1664	msedge.exe
5220	msedge.exe
5220	msedge.exe
6116	msedge.exe
6116	msedge.exe
5888	identity_helper.exe
5888	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 39 IoCs

pid	Process
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	724	chrome.exe
Token: SeCreatePagefilePrivilege	724	chrome.exe
Token: SeShutdownPrivilege	724	chrome.exe
Token: SeCreatePagefilePrivilege	724	chrome.exe
Token: SeShutdownPrivilege	724	chrome.exe
Token: SeCreatePagefilePrivilege	724	chrome.exe
Token: SeShutdownPrivilege	724	chrome.exe
Token: SeCreatePagefilePrivilege	724	chrome.exe
Token: SeShutdownPrivilege	724	chrome.exe
Token: SeCreatePagefilePrivilege	724	chrome.exe
Token: SeShutdownPrivilege	724	chrome.exe
Token: SeCreatePagefilePrivilege	724	chrome.exe
Token: SeShutdownPrivilege	724	chrome.exe
Token: SeCreatePagefilePrivilege	724	chrome.exe
Token: SeShutdownPrivilege	724	chrome.exe
Token: SeCreatePagefilePrivilege	724	chrome.exe
Token: SeShutdownPrivilege	724	chrome.exe
Token: SeCreatePagefilePrivilege	724	chrome.exe
Token: SeShutdownPrivilege	724	chrome.exe
Token: SeCreatePagefilePrivilege	724	chrome.exe
Token: SeShutdownPrivilege	724	chrome.exe
Token: SeCreatePagefilePrivilege	724	chrome.exe
Token: SeShutdownPrivilege	724	chrome.exe
Token: SeCreatePagefilePrivilege	724	chrome.exe
Token: SeShutdownPrivilege	724	chrome.exe
Token: SeCreatePagefilePrivilege	724	chrome.exe
Token: SeShutdownPrivilege	724	chrome.exe
Token: SeCreatePagefilePrivilege	724	chrome.exe
Token: SeShutdownPrivilege	724	chrome.exe
Token: SeCreatePagefilePrivilege	724	chrome.exe
Token: SeShutdownPrivilege	724	chrome.exe
Token: SeCreatePagefilePrivilege	724	chrome.exe
Token: SeShutdownPrivilege	724	chrome.exe
Token: SeCreatePagefilePrivilege	724	chrome.exe
Token: SeShutdownPrivilege	724	chrome.exe
Token: SeCreatePagefilePrivilege	724	chrome.exe
Token: SeShutdownPrivilege	724	chrome.exe
Token: SeCreatePagefilePrivilege	724	chrome.exe
Token: SeShutdownPrivilege	724	chrome.exe
Token: SeCreatePagefilePrivilege	724	chrome.exe
Token: SeShutdownPrivilege	724	chrome.exe
Token: SeCreatePagefilePrivilege	724	chrome.exe
Token: SeShutdownPrivilege	724	chrome.exe
Token: SeCreatePagefilePrivilege	724	chrome.exe
Token: SeShutdownPrivilege	724	chrome.exe
Token: SeCreatePagefilePrivilege	724	chrome.exe
Token: SeShutdownPrivilege	724	chrome.exe
Token: SeCreatePagefilePrivilege	724	chrome.exe
Token: SeShutdownPrivilege	724	chrome.exe
Token: SeCreatePagefilePrivilege	724	chrome.exe
Token: SeShutdownPrivilege	724	chrome.exe
Token: SeCreatePagefilePrivilege	724	chrome.exe
Token: SeShutdownPrivilege	724	chrome.exe
Token: SeCreatePagefilePrivilege	724	chrome.exe
Token: SeShutdownPrivilege	724	chrome.exe
Token: SeCreatePagefilePrivilege	724	chrome.exe
Token: SeShutdownPrivilege	724	chrome.exe
Token: SeCreatePagefilePrivilege	724	chrome.exe
Token: SeShutdownPrivilege	724	chrome.exe
Token: SeCreatePagefilePrivilege	724	chrome.exe
Token: SeShutdownPrivilege	724	chrome.exe
Token: SeCreatePagefilePrivilege	724	chrome.exe
Token: SeShutdownPrivilege	724	chrome.exe
Token: SeCreatePagefilePrivilege	724	chrome.exe

Suspicious use of FindShellTrayWindow 62 IoCs

pid	Process
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
724	chrome.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3908	FRCHEATS.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 724 wrote to memory of 4160	724	chrome.exe	84
PID 724 wrote to memory of 4160	724	chrome.exe	84
PID 724 wrote to memory of 1540	724	chrome.exe	86
PID 724 wrote to memory of 1540	724	chrome.exe	86
PID 724 wrote to memory of 1540	724	chrome.exe	86
PID 724 wrote to memory of 1540	724	chrome.exe	86
PID 724 wrote to memory of 1540	724	chrome.exe	86
PID 724 wrote to memory of 1540	724	chrome.exe	86
PID 724 wrote to memory of 1540	724	chrome.exe	86
PID 724 wrote to memory of 1540	724	chrome.exe	86
PID 724 wrote to memory of 1540	724	chrome.exe	86
PID 724 wrote to memory of 1540	724	chrome.exe	86
PID 724 wrote to memory of 1540	724	chrome.exe	86
PID 724 wrote to memory of 1540	724	chrome.exe	86
PID 724 wrote to memory of 1540	724	chrome.exe	86
PID 724 wrote to memory of 1540	724	chrome.exe	86
PID 724 wrote to memory of 1540	724	chrome.exe	86
PID 724 wrote to memory of 1540	724	chrome.exe	86
PID 724 wrote to memory of 1540	724	chrome.exe	86
PID 724 wrote to memory of 1540	724	chrome.exe	86
PID 724 wrote to memory of 1540	724	chrome.exe	86
PID 724 wrote to memory of 1540	724	chrome.exe	86
PID 724 wrote to memory of 1540	724	chrome.exe	86
PID 724 wrote to memory of 1540	724	chrome.exe	86
PID 724 wrote to memory of 1540	724	chrome.exe	86
PID 724 wrote to memory of 1540	724	chrome.exe	86
PID 724 wrote to memory of 1540	724	chrome.exe	86
PID 724 wrote to memory of 1540	724	chrome.exe	86
PID 724 wrote to memory of 1540	724	chrome.exe	86
PID 724 wrote to memory of 1540	724	chrome.exe	86
PID 724 wrote to memory of 1540	724	chrome.exe	86
PID 724 wrote to memory of 1540	724	chrome.exe	86
PID 724 wrote to memory of 1540	724	chrome.exe	86
PID 724 wrote to memory of 1540	724	chrome.exe	86
PID 724 wrote to memory of 1540	724	chrome.exe	86
PID 724 wrote to memory of 1540	724	chrome.exe	86
PID 724 wrote to memory of 1540	724	chrome.exe	86
PID 724 wrote to memory of 1540	724	chrome.exe	86
PID 724 wrote to memory of 1540	724	chrome.exe	86
PID 724 wrote to memory of 1540	724	chrome.exe	86
PID 724 wrote to memory of 548	724	chrome.exe	87
PID 724 wrote to memory of 548	724	chrome.exe	87
PID 724 wrote to memory of 3248	724	chrome.exe	88
PID 724 wrote to memory of 3248	724	chrome.exe	88
PID 724 wrote to memory of 3248	724	chrome.exe	88
PID 724 wrote to memory of 3248	724	chrome.exe	88
PID 724 wrote to memory of 3248	724	chrome.exe	88
PID 724 wrote to memory of 3248	724	chrome.exe	88
PID 724 wrote to memory of 3248	724	chrome.exe	88
PID 724 wrote to memory of 3248	724	chrome.exe	88
PID 724 wrote to memory of 3248	724	chrome.exe	88
PID 724 wrote to memory of 3248	724	chrome.exe	88
PID 724 wrote to memory of 3248	724	chrome.exe	88
PID 724 wrote to memory of 3248	724	chrome.exe	88
PID 724 wrote to memory of 3248	724	chrome.exe	88
PID 724 wrote to memory of 3248	724	chrome.exe	88
PID 724 wrote to memory of 3248	724	chrome.exe	88
PID 724 wrote to memory of 3248	724	chrome.exe	88
PID 724 wrote to memory of 3248	724	chrome.exe	88
PID 724 wrote to memory of 3248	724	chrome.exe	88
PID 724 wrote to memory of 3248	724	chrome.exe	88
PID 724 wrote to memory of 3248	724	chrome.exe	88
PID 724 wrote to memory of 3248	724	chrome.exe	88
PID 724 wrote to memory of 3248	724	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\h8dn5r.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc5af59758,0x7ffc5af59768,0x7ffc5af59778
  2⤵
  PID:4160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1952,i,10683527777973298897,15779743474889361236,131072 /prefetch:2
  2⤵
  PID:1540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1888 --field-trial-handle=1952,i,10683527777973298897,15779743474889361236,131072 /prefetch:8
  2⤵
  PID:548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1888 --field-trial-handle=1952,i,10683527777973298897,15779743474889361236,131072 /prefetch:8
  2⤵
  PID:3248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2780 --field-trial-handle=1952,i,10683527777973298897,15779743474889361236,131072 /prefetch:1
  2⤵
  PID:3944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2788 --field-trial-handle=1952,i,10683527777973298897,15779743474889361236,131072 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=6020 --field-trial-handle=1952,i,10683527777973298897,15779743474889361236,131072 /prefetch:1
  2⤵
  PID:2112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5924 --field-trial-handle=1952,i,10683527777973298897,15779743474889361236,131072 /prefetch:1
  2⤵
  PID:3464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5932 --field-trial-handle=1952,i,10683527777973298897,15779743474889361236,131072 /prefetch:1
  2⤵
  PID:2744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5768 --field-trial-handle=1952,i,10683527777973298897,15779743474889361236,131072 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5480 --field-trial-handle=1952,i,10683527777973298897,15779743474889361236,131072 /prefetch:1
  2⤵
  PID:3688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=6032 --field-trial-handle=1952,i,10683527777973298897,15779743474889361236,131072 /prefetch:1
  2⤵
  PID:784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4068 --field-trial-handle=1952,i,10683527777973298897,15779743474889361236,131072 /prefetch:1
  2⤵
  PID:1292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5724 --field-trial-handle=1952,i,10683527777973298897,15779743474889361236,131072 /prefetch:1
  2⤵
  PID:3624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5308 --field-trial-handle=1952,i,10683527777973298897,15779743474889361236,131072 /prefetch:1
  2⤵
  PID:1684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5896 --field-trial-handle=1952,i,10683527777973298897,15779743474889361236,131072 /prefetch:1
  2⤵
  PID:3508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6580 --field-trial-handle=1952,i,10683527777973298897,15779743474889361236,131072 /prefetch:8
  2⤵
  PID:1264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6196 --field-trial-handle=1952,i,10683527777973298897,15779743474889361236,131072 /prefetch:8
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4564 --field-trial-handle=1952,i,10683527777973298897,15779743474889361236,131072 /prefetch:1
  2⤵
  PID:1464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4676 --field-trial-handle=1952,i,10683527777973298897,15779743474889361236,131072 /prefetch:1
  2⤵
  PID:852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5892 --field-trial-handle=1952,i,10683527777973298897,15779743474889361236,131072 /prefetch:1
  2⤵
  PID:632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6160 --field-trial-handle=1952,i,10683527777973298897,15779743474889361236,131072 /prefetch:1
  2⤵
  PID:568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6588 --field-trial-handle=1952,i,10683527777973298897,15779743474889361236,131072 /prefetch:1
  2⤵
  PID:2652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6324 --field-trial-handle=1952,i,10683527777973298897,15779743474889361236,131072 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4708 --field-trial-handle=1952,i,10683527777973298897,15779743474889361236,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5576 --field-trial-handle=1952,i,10683527777973298897,15779743474889361236,131072 /prefetch:1
  2⤵
  PID:408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6816 --field-trial-handle=1952,i,10683527777973298897,15779743474889361236,131072 /prefetch:1
  2⤵
  PID:4032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6304 --field-trial-handle=1952,i,10683527777973298897,15779743474889361236,131072 /prefetch:1
  2⤵
  PID:5408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=5560 --field-trial-handle=1952,i,10683527777973298897,15779743474889361236,131072 /prefetch:1
  2⤵
  PID:5420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=7000 --field-trial-handle=1952,i,10683527777973298897,15779743474889361236,131072 /prefetch:1
  2⤵
  PID:1164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=3172 --field-trial-handle=1952,i,10683527777973298897,15779743474889361236,131072 /prefetch:1
  2⤵
  PID:5484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=3228 --field-trial-handle=1952,i,10683527777973298897,15779743474889361236,131072 /prefetch:1
  2⤵
  PID:2996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6132 --field-trial-handle=1952,i,10683527777973298897,15779743474889361236,131072 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=3940 --field-trial-handle=1952,i,10683527777973298897,15779743474889361236,131072 /prefetch:1
  2⤵
  PID:332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=5656 --field-trial-handle=1952,i,10683527777973298897,15779743474889361236,131072 /prefetch:1
  2⤵
  PID:4172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=5796 --field-trial-handle=1952,i,10683527777973298897,15779743474889361236,131072 /prefetch:1
  2⤵
  PID:1920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=5636 --field-trial-handle=1952,i,10683527777973298897,15779743474889361236,131072 /prefetch:1
  2⤵
  PID:5720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=6300 --field-trial-handle=1952,i,10683527777973298897,15779743474889361236,131072 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1584 --field-trial-handle=1952,i,10683527777973298897,15779743474889361236,131072 /prefetch:8
  2⤵
  PID:2920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7080 --field-trial-handle=1952,i,10683527777973298897,15779743474889361236,131072 /prefetch:8
  2⤵
  PID:4424

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1264

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3944

C:\Users\Admin\Desktop\FRCHEATS.exe
"C:\Users\Admin\Desktop\FRCHEATS.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/@frcheats
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:5220
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc484746f8,0x7ffc48474708,0x7ffc48474718
    3⤵
    PID:5104
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,16884580319041311161,7245638792739866346,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2240 /prefetch:2
    3⤵
    PID:5436
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,16884580319041311161,7245638792739866346,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1664
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,16884580319041311161,7245638792739866346,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
    3⤵
    PID:824
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,16884580319041311161,7245638792739866346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
    3⤵
    PID:2860
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,16884580319041311161,7245638792739866346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
    3⤵
    PID:4496
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,16884580319041311161,7245638792739866346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
    3⤵
    PID:4244
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,16884580319041311161,7245638792739866346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3648 /prefetch:1
    3⤵
    PID:4584
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,16884580319041311161,7245638792739866346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
    3⤵
    PID:3104
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,16884580319041311161,7245638792739866346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
    3⤵
    PID:1164
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2184,16884580319041311161,7245638792739866346,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4968 /prefetch:8
    3⤵
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    PID:6116
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2184,16884580319041311161,7245638792739866346,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4984 /prefetch:8
    3⤵
    PID:5196
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,16884580319041311161,7245638792739866346,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6368 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5888
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,16884580319041311161,7245638792739866346,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6368 /prefetch:8
    3⤵
    PID:2500
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,16884580319041311161,7245638792739866346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
    3⤵
    PID:5664
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,16884580319041311161,7245638792739866346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7160 /prefetch:1
    3⤵
    PID:5948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://frcheats.com.br/index.php
  2⤵
  PID:2480
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc484746f8,0x7ffc48474708,0x7ffc48474718
    3⤵
    PID:4216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/MrMMgaB2Ma
  2⤵
  PID:5192
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffc484746f8,0x7ffc48474708,0x7ffc48474718
    3⤵
    PID:1248

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3920

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751

Filesize
717B

MD5
822467b728b7a66b081c91795373789a

SHA1
d8f2f02e1eef62485a9feffd59ce837511749865

SHA256
af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9

SHA512
bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75511C50EB4AA0B9BA758F270B378E85

Filesize
503B

MD5
95d0e42f9a23b734e934b8a2961b2008

SHA1
d4e5600b0d4936add4306a829cf3fe3e7501e2b1

SHA256
f740ec95b519a49e5db1d5fd42a1eaf569008ba34df745da361b326da8c2e051

SHA512
8696c238a73d28a4fb72f286a84b521ff3b7f231dbe48f8c36af0fd11e09e072354dae2f5df74ec447ea473adcddc56aa91a061d29cc49b2de5771b50c91b419

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751

Filesize
192B

MD5
a6e7c20363a7b3d1c2c7fee65e45c89c

SHA1
e45512b6b964c1eb46299fef007e9ca3f26d6884

SHA256
003759cfedf094875cf753e443af5b71d8382d82bd7a064739e080401c98a712

SHA512
1f64b7ac3a32db381b26edeae6165aa9a159b92ab6ca21d782178d214b68681f4ffcffd53751ed54f09997bd84438cd4689b976a3b93195f7680052a97c15bbc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75511C50EB4AA0B9BA758F270B378E85

Filesize
552B

MD5
0b72b1a1b57323f176f76e732e8cb807

SHA1
5525ca16f22d43268b53b1f48015d28b502257bb

SHA256
7be138c77d4cc64e0cdb24a5f3481758fb5fa926c3e71c491b31ba423090a7ed

SHA512
e4a4e7c0c518b2b4d836e0a1f66b79b23be716202bb3c3f3adfdc829cd4d9363a693ae98d1089551295353e8d57bb2fabb3eb27d29376f31529eda17240b5b56

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
330B

MD5
8dcaf69be56334ca284b262f6eba2317

SHA1
2e7e65b3f79896924d1ba159aa7e6eb8fc12e920

SHA256
0e8eb0e4415346bc7f74a5700b4c3462c2ea6aa0fd3fd982d73f8cae09a52d56

SHA512
1f7db2e9c36455a616a82949e74c8dd962170ac9e3ec5fc2942a82a8c735c959d57b0d717fea61ef2c86d70b755e0ef7f8dc1663a4763c1305ab834a50a6191b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
21KB

MD5
b05c9f9cea02662f5bf844bdca5e7401

SHA1
31ce222d9a723e200c1eae280044e1dfdf267c66

SHA256
db99bdd7dbc4ada42b59a184f8433f43848a01902c5cdb73a0e288e5b5e310a5

SHA512
4525992429ae564765309989df9d706be6eb5c214c8c2f49bbfb106575d1d79857826e40fa7675c6eb17b85514b016a788744d74c6048d5cbe01bb764a6173f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
145KB

MD5
547169a5b09211f991e73893194c8984

SHA1
5baa4dd5122c42ff5278b7206c2c290182d86b0c

SHA256
13be4464a07679161ca05ae18fcc9d9a434a42dd028845b6eef1b84a05ab29c7

SHA512
e082236354834c405604a201b5c5462c047fc32fc8d74a299c929028dd8fed7a867332bb25b4fa67e616f4c88fb29a49e6f135dc98f8c2f6e830539bb39f446d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
108KB

MD5
8292ab50289c61d46006384f6f826e05

SHA1
b53a5b6c27e01f4bdedf99159b4ce95293e77293

SHA256
a1e8cc1caff714202522688f6d2ff3e31c4eb7655d1fd957d2cdd9e8129e09a8

SHA512
624d1d9e2e95853054af60e454fc2d4745800ed9afe203ad6868a79e399dd7a26ee520c313603ad42020932b4efbf0c6d5424c64915e11afd1ee0848e4859bf8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
194KB

MD5
ac84f1282f8542dee07f8a1af421f2a7

SHA1
261885284826281a99ff982428a765be30de9029

SHA256
193b8f571f3fd65b98dc39601431ff6e91ade5f90ee7790bfc1fba8f7580a4b0

SHA512
9f4f58ab43ddadad903cea3454d79b99a750f05e4d850de5f25371d5bec16fc312015a875b8f418154f1124c400ae1c82e2efd862870cd35c3f0961426c8cd82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025

Filesize
134KB

MD5
b12ec9ef3ad4554ffd6f8dcb81d65b58

SHA1
8f1eb1587fae0cdc53a1c4f91871bd1001bae4cb

SHA256
2c9724032875d4207fe17cc79a69c59467b09e3c2e1bd146652a7f41da98241b

SHA512
62e9660cdf1256d8c6ef60f97876ba7958b4cbcfcbcb7e4493be176c62ed7b30ccd16f3a82291b11b1b1aea4db183058e7e98f38d1f5b50b2ff96e7c20e0c27b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

Filesize
30KB

MD5
65162f996ce398fa95636a0793ade83b

SHA1
9566ac2aaa5ae50d6255efeec82d974f8598be9a

SHA256
fb9d7136ea2365dd3f8ed4a35a71327a5bed5a7a7959f6b9dfb0c38414da32da

SHA512
8fd7858e81b88a9e60f00a3c70ccd7534da524c124a88f3fdc47570a59b87a2592434aa27a451a7dee6cf2160d61af24bbd214c35f49104dd5f5754996dd69f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
912B

MD5
bc3cb3871e3009bbf27a1ef907386327

SHA1
0264eb94b507ed7f3bfba03f8c3f18b7856a267b

SHA256
1b5cfa28d57bde91aee4c40ce1c7c7b293aee41607dfaee665421f86a4d02670

SHA512
05639918c36696b3886d31c2c440b6ceaa0032e6d58d44dd5ebd3811520b3750c46f46eb4268b04cbcfbf09fa46a818e4433e75dea20ab4cbb88b7505f4e9072

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
89341bef0ff75fdfbef52f9be0d63f75

SHA1
19c418bec0ee4881e0d1899fb17b9a402e52264e

SHA256
f205bd0f8e784d29e657c3ac67b7350bea2f89a1a003c4cad6db3090965f02ad

SHA512
8e498b2889ee90e0735a7bad725e3bc2445d9ff786c4ca92dadf4bdfa3565618874f7701a5449d474fd2f8bee5217965c0c518ef55a229090505c9b3772e529c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
912B

MD5
930dd766e228b63f7e35713e164ba6bc

SHA1
e23ef08420660174a4448de035e0bb5828bc83a9

SHA256
7b75b65509226da59bf8807e22708bd2b43898c222d22a26aac17497e55bead2

SHA512
6cf0e11d359abd998558292711c6b6677284e38e0e681fa6121bc288617b3a288680975e4c66b35a4b26187c7270a5d498cf55c85605b7bebc58a94e4d2cfd7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
d89d1dd26bfc5ce5c39bef92fb1bd1a8

SHA1
ce59dabd8dc63e286aa5e9990107b19b95446f94

SHA256
e79182b1a67913780621e7eb4b5c1d3ced96bf49219bce5a324083a79b4801bb

SHA512
2a2f55bcd95458541663e79e89d910790659b1e93dd032057e7eec3976ea7ccb235ef7fd6c3d0e748458aa9311a3cee822d7293a8c71c1a1ee00a2ab5ff5ec8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
368e8fdabba3f46270cde17dbf52ceaf

SHA1
e5a8fa847d2d0529547126348478e176267bf954

SHA256
e36f679527037a6b6a1fc3f50e8fd6955e9cd1c8d491115a90a196047b9881a2

SHA512
ec1684cd58806ed314052044b368b0e0319b14ef5764f5e2fc0fd0d7e089bee8db301ed2605774a4346dbf702ecb48797c98c291bd64d1cf0eac2d4bc1d7eeca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
33d6e9cc56d660174acdf7d7fa4233eb

SHA1
c596085d4d6c5cdccf4eb53cfe2e578350fb3d5a

SHA256
0b1ef9cf5c7f30b166c963f602efbc783ee8b250fcf9151c80b7f01b42291839

SHA512
562c0007b0c2fc4f968cd7f5f84e75661a548129360b1f52707ae35be49c2dd79d520ad7ecdd3b803d30713204ab2f128d195e2dc27228e0039176be495e4b58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
a6d1511e0718cc9a4bf119fdb33f69f4

SHA1
da9682d9852740b7824ab8ae21d7782284979e1c

SHA256
9481cc2b6613e14b767d96193c839788534d6164ea382f668d3d3a63f2e2b149

SHA512
c559d354b5981ee52c61694fdbf380527c335ee4c59d3b82f15d9f9fbedf71b3060076b0b00f7e4c50661c0f9e1beeeb34d618835a6ce5705c6d655a3cd82a71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
dd8c84fe99eb2c3121f9746012b77469

SHA1
20f5bb1382504fded14929559e9dcc25870efd9b

SHA256
d8dab96ec2be564f9d638e1620b7b0b6406af1201a101bead507b336345d9121

SHA512
90dc3e688b4a5a2f44c67bb1059602a277f9a040f1440ebb73644830d08aa017143f5eb690d7fef3185acc775c04344737e7dcb5a518e4617b0cc343160f664d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
04a4f27bbda087396922aa22c2654283

SHA1
83caf150b2ad4ae294c29912362fef587eaebd40

SHA256
178a83cb5b64fb122f311f346aa89252baee6a48abbdede5d2b890494556ab51

SHA512
17c40ec3b74b69cad660770af07c4046ed52dc7e12074b9a969f9c062f597898f61657977f64cd9e89133540097457e9582d03bf3e3034a5923cc5aa0cc80604

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
34b7b143d94eeb40cb42066da69f6283

SHA1
1049bb91dd449afc2554b429a95f61005e7d97dc

SHA256
aad278018a049183185057a8fae087e1f16c329563c2ec90f9ea1d0044ef2cf8

SHA512
c7b1522ac41e377e3e9c3c8ce2907de07c6652d2a44f8fb5c0f2cba9dd1a547bf027be0b4dee56d1bbf4076ee3cceb37b357f61e3755a497ac1e404fd8cff468

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
73a13fa3add8162ef0551ec63ae769a5

SHA1
a1a105566eb91145fa07c59fdd6b4f7d3e3a51d0

SHA256
4cf639da12a2a25cfa458fa2c0f0be6c008ba00f66aec7399b9a9445339b6d5f

SHA512
d0d5aa0007ea0ea2521781631939c99e7d7490b6194f23c8cd10825716bbfe11ba53a16b112639d8b347f0f2ddbe5571a991c6c2fddded2c8918aa86507b5e2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
6b247d9dae6136ac990279454e14a61c

SHA1
78d4c66cac530e9d6ec2f87175e59cb1ab622c3b

SHA256
a5768b1f7c146804a058df75c2f305599f3752a940a2ae4f1df59914dc422f0d

SHA512
8c2a86f18f30e8d33727711910ef828cda0083ace112e495a86a9a97a495fd871cd2edd6c760671e7be88810c528ce00444965a215b91d270bf45c50a68fcf04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
24dc268f0e7bb186358737668ee96e54

SHA1
706e92ff9b04c666caabad446ff72451d55a3280

SHA256
235a418a9b060b49a8dc7fef8d86a9b1fbcd18d36c145ab347942e25040f18a0

SHA512
262e32053705cf4f020a0bfeb68cfdb1b8b40ec508d0bbd74c65f1022b35f420b9bf140ed7a935c2fa8bda3d7452a9ef0d0c58044f8b7ee4fbf64a30797eb3e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
17ec537cb7af11f96e7d3eff16dfe47d

SHA1
03d78ee4c323a5dd2f40d4e11c073655b4352712

SHA256
8cc6a7a08eae0bd6302d3a060244b6df8f2ad398599c52599e89e04d9c87f2fe

SHA512
c66275086a10a75497321acc37fe193df6c1897b2ca05acf673e5137e52dbb71a9ebe52246ac4fa013d494ddabbbd4a70d89613a69494933aba0250663eb2b69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
994c03cc1a472b3c7e56e6dbaf921816

SHA1
d9236844b4f59790e3686f26418abd73651d14e1

SHA256
3ace023c36d35fdacf3903e2cc2d808db38413cf7ae27e7e8d65d254413f899d

SHA512
ec5b3425e5aa8d3aaf14225757e469c7bff530631b8524dd76e2e2c747b8b6fd7cbb90c7bfad566c92519a8649cf81448b73b9ff5f71b384cc0019b91be46ddd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f5f39a10e76eac70e789740974ca0fbe

SHA1
a6abf5976ac642638c4b4d950228b1a55f737e28

SHA256
722cea2205dc2f6fc8555943b1a1eb9a8d34b794a3ecfc89c545d01550be057f

SHA512
7862834f20851b25298f484f945cc6f4d17319cd9ee03df713447d573df5a8c0f297f0cbb4adb7915b406301289ec0db986cc4d63b6a8582cbb4551b989db0d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c992519230bc7c6a78c24f8d5dec30b3

SHA1
4581d0d7b87d48cd6a8c4766587496308ef07106

SHA256
0c7c6b79aaaec551f6a85cb5032d73599f1ac1627d8c011adc9047076836402e

SHA512
1eddafbc829e7d2eaedbab78dee05d0ed29e3d2a39b8b917330856f05438b3771e75abba0c976f69e5c36db3fc912f9ec6a7581a7357fbf19a9a00a80254a17b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3dca6a540e43e53144ac4df28a88f7f9

SHA1
8a93c0ed9aa19999e946db3be9c5ac68c7d23456

SHA256
588ce0366c7a8b4e74a1c6eaf8fb8782d2cf9f4a2053f719db91a9e509d00e87

SHA512
37ae879b54f372805f1524d37abc1b0c757a57d6748aa9fa8b62d498de6fbe79f4bd33eaa9c002ad0c16bd3bb38cebeaa9f82b030c8fd5d8991ea1aec1e9ad79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
1734e4569fac100d05510ff8485c2563

SHA1
af8a4a15504964be19cd2bae9c0497c33a5ac5c6

SHA256
0fca96963b3d7a5f353dda4cbaa7f17fe4c082fa5f763d0b4ce8c8cbe6fc8cc5

SHA512
c35576513143bebf1be100cddd7b6f028921f8789bf17543e0a5ea2a537a02ec349551629248d7cd8d73e48893fc035aa567b1d5e9c843087da2ef8b807b6599

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
7fff26caa44d5243c9e3c8a6691aa552

SHA1
3e4d7637a48f6b74a626f191ad38f1c6cfc42e9f

SHA256
c46f2748f5dc347d5b0441453a13d872e2ae7230e656d92196e4c291cbe335a6

SHA512
64327c73b2eccc2f98700a23c5da87182a82addfbc5888b24c847df8ad405f31049ce331f0298481fe8a71e239d444389aec32d3a661a5c157b82312097b1295

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
113KB

MD5
84663c1d4952bfe3a1cdfd2e4c7f514b

SHA1
5387431acb994d73bb54e8694aac6cae6d3efe12

SHA256
c8f27862bfd5228c584e4cbd5a5a8769068dbab9b34bddcd32e21983a758ed4c

SHA512
f12b53f21fd02bd3d3af2cdb7f86b9fb615b99a68774ee60fe756b31d8a36d9562e1208b0143dce2166e1d064f31f63f4a07e6e134a7d039c500ed5083a7e2ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5a4d27.TMP

Filesize
104KB

MD5
bd117c54294d75049fa155c2d6fb56f0

SHA1
205792f2632fc0e33c53742bebe7fc0c2636fd92

SHA256
3b2981e444fe43edecf86cc7e6d415e1f585a9ac190da638d3b511f06a0d4548

SHA512
f26689e829ec9ea0abd82ff4ee8e4f9424e05329fefe6f38cd0566f433dbf1c0cb1d4757a3dbb3719bf809b5dad5fcd85a25425b24c23ee2dc9bc5e5c41e2cea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d5564ccbd62bac229941d2812fc4bfba

SHA1
0483f8496225a0f2ca0d2151fab40e8f4f61ab6d

SHA256
d259ff04090cbde3b87a54554d6e2b8a33ba81e9483acbbe3e6bad15cbde4921

SHA512
300cda7933e8af577bdc1b20e6d4279d1e418cdb0571c928b1568bfea3c231ba632ccb67313ae73ddeae5586d85db95caffaedd23e973d437f8496a8c5a15025

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
4f15260615efd454daa1a0c382d1e897

SHA1
8045d89a99a1aa5611d681b31d4ecd125ab46539

SHA256
44dd1ef3f844d2432a6a49843ede6ccc10b35b7c91879fc9051e8dcd5060acad

SHA512
a0a874e769543a19e38615f8db23e7aab58df492531b19a44d494f358022ed4eef10715ebb18cf978676dd3ae8f9e969aadf40c0c1cd68cc5d97c3d991cc9891

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
727d8a1b533c6930f27b31da8c89b11e

SHA1
835d288c634902e5e338fda7c646af3a07c5dfbb

SHA256
d056c2a1518cf4c2f67decf45ad4122982252bea1799f08829955acfe73264b0

SHA512
8eeabe775652d05fa5aff315a7115e7d8ed85ed13c91cf83f54135043859837b5e137efe598c517093f470508b546a03ee1aef95c92844de0849c9836df4c1ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
da7ddb2b885d8d77eb25cd5802480186

SHA1
919e27879082be15ba4899a6b44a9370c757c784

SHA256
1d92f607d5f2d947222d3fb1d19c48fb139718addaefdbf3abf2fafea05923e5

SHA512
21d003a91a90c7499363ea15bbe048e4900b15b413ecd429c8353b68194edffed26e44751c9443719d0fc5d18bc0d7e1d7df986a8422241bf3e9462b1a277e0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5fe3b422910c50324ff93ce4e312efba

SHA1
eab00ad066b98710464b60fd655f90075120a708

SHA256
02d8af9fda215b4e680a389b46ba888520c6b396f236198942a34009c33dc8c2

SHA512
bdc324e5fd1649dc12c7cb447290e809d335a10d32b388f7d89453f996d33941726738490ca2fe86a3742480965a83cd552ccc1179a850ec23511b12ef118986

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
48c2e379fa7cee987b5b338982b17014

SHA1
0b9bb1b7eaf805560eeec2a89bee4e5db5bb8372

SHA256
3a759e4cff9f9480232208f3abe23ee3081e7160dff49b6111937b61cb1602de

SHA512
52ecc00b1da42165713f04f4a52799b4206e0eb34831ddd8c993fee2476ac53256bea25b9cd1fd527b38b5dde021417f00ccdd2f4b274004099e0bd2e7c0ddcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
1d1c7c7f0b54eb8ba4177f9e91af9dce

SHA1
2b0f0ceb9a374fec8258679c2a039fbce4aff396

SHA256
555c13933eae4e0b0e992713ed8118e2980442f89fbdfb06d3914b607edbbb18

SHA512
4c8930fe2c805c54c0076408aba3fbfb08c24566fba9f6a409b5b1308d39c7b26c96717d43223632f1f71d2e9e68a01b43a60031be8f1ca7a541fe0f56f4d9f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\6a07620edb2bc37abfb5f962f287354d2cfc54ac\f49a1291-9044-47f5-91b9-c336e144c813\index-dir\the-real-index

Filesize
72B

MD5
57523d4f1309921703fefead6bbf758a

SHA1
811b4cbafc25381a187a692c71474fff9947d59c

SHA256
621f9214e3d359170f693db34b67ee53985dca23bd454e4372b1826e22de37fd

SHA512
06bb1d1ca64ac6caac349f03e29bbd6eeac40761299d311471b97d9dacb2965f0d4e688961b24f279fc47b47d4eea593df767f4cd4fd51a7d7c5477fa4b606c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\6a07620edb2bc37abfb5f962f287354d2cfc54ac\f49a1291-9044-47f5-91b9-c336e144c813\index-dir\the-real-index~RFe5aaefe.TMP

Filesize
48B

MD5
32c16084833c6ad349b107f4a2b6d6eb

SHA1
138b0b4217677d86fd3ce4f8f730bbfcd5490af5

SHA256
314e8d42b1d9a0dfba3f047ad39cc4d99e3c5343cc61bf6847465f451a95f25b

SHA512
6c49836e5f2c63b965ac39fe8d07b85e805ed039084ee0fabd75335c52a16344b671dc4006d1ca3e4f10af7b402c1375ae67614ce6e599adfafb24456316278e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\6a07620edb2bc37abfb5f962f287354d2cfc54ac\index.txt

Filesize
91B

MD5
c448c4d3441277395b58deb400820ce3

SHA1
ca73cd86d301fdf89c112f09fcd791658970fd4c

SHA256
df8ba928e7544cf0e6439cd141ed95b4d4a3ed05cdbce148349bf1af8dec0467

SHA512
08e32f57e2fc2eb7c71325248caa0bc2fcee7aac6a30fde143eda7d4aa13601cecc1ba45d9cbd5800dee63e0907bf0f0fc2a93e22536f9d94b144478b705418b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\6a07620edb2bc37abfb5f962f287354d2cfc54ac\index.txt

Filesize
85B

MD5
b5eba6fda1c7a9964d050321035be365

SHA1
517cc13e6ef206658741b1e694f2030b52661d6f

SHA256
c6befe0f8c176ece5e9ddff390e75e6a97260718e48ed01d2cb6d9b6c2669236

SHA512
212f2022441ad21f0d314f5b5d756cde1f1c416f841157f8823d3979508a529a824533600917680b150683cde6a289d2dfd4ce816062e309c936de95a7d71574

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
a07affba4e327fe5d5792de668d49e9c

SHA1
038de0b7af6f821aa8bdde121a9d3ca02702dae9

SHA256
d30b1ab1217df303dcac6494650f93f1fe11f7b504ad437a86eafe8730027172

SHA512
f0e91c595c6f1848fe8628541f57ccb8f7ec779a5a474882144593d7c0beddc6d463ba05b57dfb35fddc24c31ea499a98b8f4835ba72eababdc9442c315ec884

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5aaeee.TMP

Filesize
48B

MD5
a525dc875948469bd3703f8cff31b716

SHA1
d4302b52a2769958429b6c6cf791e19728243d86

SHA256
30dac2018df69bb61dc441f2ebfe352eae1ac6dd71eec6a1b09bb69594ed0b5b

SHA512
5c8d7631eb6106a0e810a13dcb8cb46783f8ca2bbf4e0a4c14f57ed991ff0fec5a7dc41b80ce5102d05bf886fa8445041e65071429fb51043a31a1050466cfd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a79d7d19cd69b5eade46c5868dd20a7d

SHA1
0a2d33dfb8f81d4bd44608697b74d37190126d7a

SHA256
d3a1a3ae3926aff98683077e43a43c2746456f405d9dd6d641bc09247ea69a61

SHA512
e0fbc502129fef6e9ca3507bdfa9126cf47be10ce7e9bc20cfab156a7a12a34a97158cbb311c9fda5efcf587a05dcfaf106690746579b2ad5bf82081a865c605

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5ab0b4.TMP

Filesize
706B

MD5
1f77a0c53b824a560fa725ea99091462

SHA1
81cdd880ca4e8f138b94f81216e4372afb9a563e

SHA256
86348d711863cbb2db694641a0ccb30ecbf183767a6208c95c526d3c318a8fee

SHA512
013a13ee56233169a1d568bf79e47454844ac9bdc2efe0f70870146f3703c86bfe48076df94ff79bf0a4bcb7d02064fa219fd1b709567959a727cf4fd535bea0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
907c1931d1fb0f6d4ab9c1792ee7a3d9

SHA1
30ee3e63cbbd457f44fac516be3d762c67533630

SHA256
c1fd94d9adb339de80015a317645800f7bb13dc5ea3c9abd380bc899294ebce6

SHA512
724dbdd1e3ac2d92d1c901a23d3b09a699e1f05084f0619fdcfbb5e570164856b3548fba3b337c6a3ecb1e5412cac11e8d56ed3b83acbc470ebabbae0e2d689b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
94a40def7ea61a9a3195a4dbdb90d71c

SHA1
21f94f4a216df364881d4a62486e7cd060e0068a

SHA256
1f80129e2904a7fc52122f8e38f1eeb79d7152e367aace30ed64b3c252c15bee

SHA512
b56dfcb8c6e9c6e3a2095f540301f8efe43b2536a8be4b46836540f21b9c4e54469ce8b55152bcf8f115d8defb3b434537d22b27cf2ece04b6af17273e020752

Download Submit
C:\Users\Admin\Downloads\FRCHEATS.zip

Filesize
3.1MB

MD5
fe4ca682f3487873171f9450c3570252

SHA1
0f17d3f69007d9f90b638aa354c867489154b767

SHA256
93141a66d74b57f6db568804989471cb6a3327c82bd222bcbb2e06e438403e86

SHA512
89271c8442794903ea2011211d875249d1f1ea6324905035aef7a12557942d5604592c30d3513984f4a6225d02e25eef71d831bb1c0aadfd18f20995d13c3d7a

Download Submit
memory/3908-575-0x00007FF78C170000-0x00007FF78CA1C000-memory.dmp

Filesize
8.7MB

Download
memory/3908-576-0x00007FF78C170000-0x00007FF78CA1C000-memory.dmp

Filesize
8.7MB

Download
memory/3908-574-0x00007FF78C170000-0x00007FF78CA1C000-memory.dmp

Filesize
8.7MB

Download
memory/3908-578-0x00007FF78C170000-0x00007FF78CA1C000-memory.dmp

Filesize
8.7MB

Download
memory/3908-818-0x00007FF78C170000-0x00007FF78CA1C000-memory.dmp

Filesize
8.7MB

Download
memory/3908-564-0x00007FFC695D0000-0x00007FFC697C5000-memory.dmp

Filesize
2.0MB

Download
memory/3908-563-0x00007FF78C170000-0x00007FF78CA1C000-memory.dmp

Filesize
8.7MB

Download
memory/3908-577-0x00007FF78C170000-0x00007FF78CA1C000-memory.dmp

Filesize
8.7MB

Download
memory/3908-1166-0x00007FFC695D0000-0x00007FFC697C5000-memory.dmp

Filesize
2.0MB

Download
memory/3908-1184-0x00007FFC695D0000-0x00007FFC697C5000-memory.dmp

Filesize
2.0MB

Download