redline | hxxps://www[.]youtube[.]com/redirect?event=channel_description&redir_token=QUFFLUhqa1VTclNHSm9jTlVFbmR3QURjQ1FRcXdZQWR3QXxBQ3Jtc0ttTkt0MFJsQVV6QUdpSy1EaWhzYXVvLWxWblpGdG5Sc3ZMSEptVTdXc05DTFkwYURGUnlqWU5NVmVXRkRJZEprUGVldG9lVUN6aERHa2p1c0lFX3pjN0FCNlgwZlJqZ09zVlNEOXdJTGhUWUVWWkRKcw&q=https%3A%2F%2Fsites[.]google[.]com%2Fview%2Fexecutorpc

Analysis

max time kernel
376s
max time network
392s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
24-04-2024 18:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/redirect?event=channel_description&redir_token=QUFFLUhqa1VTclNHSm9jTlVFbmR3QURjQ1FRcXdZQWR3QXxBQ3Jtc0ttTkt0MFJsQVV6QUdpSy1EaWhzYXVvLWxWblpGdG5Sc3ZMSEptVTdXc05DTFkwYURGUnlqWU5NVmVXRkRJZEprUGVldG9lVUN6aERHa2p1c0lFX3pjN0FCNlgwZlJqZ09zVlNEOXdJTGhUWUVWWkRKcw&q=https%3A%2F%2Fsites.google.com%2Fview%2Fexecutorpc

Score

10^/10

redline zgrat discovery infostealer rat spyware stealer

Malware Config

Signatures

Detect ZGRat V1 3 IoCs

Processes:

resource	yara_rule
behavioral1/memory/3244-712-0x0000000000A50000-0x0000000000ABE000-memory.dmp	family_zgrat_v1
behavioral1/memory/3612-713-0x0000000000400000-0x000000000044A000-memory.dmp	family_zgrat_v1
behavioral1/memory/3244-722-0x0000000000A50000-0x0000000000ABE000-memory.dmp	family_zgrat_v1

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 3 IoCs

Processes:

resource	yara_rule
behavioral1/memory/3244-712-0x0000000000A50000-0x0000000000ABE000-memory.dmp	family_redline
behavioral1/memory/3612-713-0x0000000000400000-0x000000000044A000-memory.dmp	family_redline
behavioral1/memory/3244-722-0x0000000000A50000-0x0000000000ABE000-memory.dmp	family_redline

ZGRat
ZGRat is remote access trojan written in C#.
rat zgrat
Executes dropped EXE 1 IoCs

Processes:

Electron V3.exe

pid process

3244 Electron V3.exe
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service
T1102

Processes:

flow ioc

71 sites.google.com
72 sites.google.com
73 sites.google.com
109 drive.google.com
112 drive.google.com
Suspicious use of SetThreadContext 1 IoCs

Processes:

Electron V3.exe

description pid process target process

PID 3244 set thread context of 3612 3244 Electron V3.exe RegAsm.exe
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

5088 3244 WerFault.exe Electron V3.exe

pid	process
3244	Electron V3.exe

flow	ioc
71	sites.google.com
72	sites.google.com
73	sites.google.com
109	drive.google.com
112	drive.google.com

description	pid	process	target process
PID 3244 set thread context of 3612	3244	Electron V3.exe	RegAsm.exe

pid	pid_target	process	target process
5088	3244	WerFault.exe	Electron V3.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133584567844425513"	chrome.exe

Modifies registry class 2 IoCs

Processes:

chrome.exechrome.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-259785868-298165991-4178590326-1000\{1146CB6C-B198-40FF-88D2-149A1AB601E2}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 9 IoCs

Processes:

chrome.exechrome.exeRegAsm.exe

pid process

1420 chrome.exe
1420 chrome.exe
1420 chrome.exe
1420 chrome.exe
5396 chrome.exe
5396 chrome.exe
3612 RegAsm.exe
3612 RegAsm.exe
3612 RegAsm.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

7zFM.exe

pid process

2836 7zFM.exe

pid	process
2836	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

Processes:

chrome.exe

pid	process
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeCreatePagefilePrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeCreatePagefilePrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeCreatePagefilePrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeCreatePagefilePrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeCreatePagefilePrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeCreatePagefilePrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeCreatePagefilePrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeCreatePagefilePrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeCreatePagefilePrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeCreatePagefilePrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeCreatePagefilePrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeCreatePagefilePrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeCreatePagefilePrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeCreatePagefilePrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeCreatePagefilePrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeCreatePagefilePrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeCreatePagefilePrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeCreatePagefilePrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeCreatePagefilePrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeCreatePagefilePrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeCreatePagefilePrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeCreatePagefilePrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeCreatePagefilePrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeCreatePagefilePrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeCreatePagefilePrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeCreatePagefilePrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeCreatePagefilePrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeCreatePagefilePrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeCreatePagefilePrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeCreatePagefilePrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeCreatePagefilePrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeCreatePagefilePrivilege	1420	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exe

pid	process
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1420 wrote to memory of 4744	1420	chrome.exe	chrome.exe
PID 1420 wrote to memory of 4744	1420	chrome.exe	chrome.exe
PID 1420 wrote to memory of 3508	1420	chrome.exe	chrome.exe
PID 1420 wrote to memory of 3508	1420	chrome.exe	chrome.exe
PID 1420 wrote to memory of 3508	1420	chrome.exe	chrome.exe
PID 1420 wrote to memory of 3508	1420	chrome.exe	chrome.exe
PID 1420 wrote to memory of 3508	1420	chrome.exe	chrome.exe
PID 1420 wrote to memory of 3508	1420	chrome.exe	chrome.exe
PID 1420 wrote to memory of 3508	1420	chrome.exe	chrome.exe
PID 1420 wrote to memory of 3508	1420	chrome.exe	chrome.exe
PID 1420 wrote to memory of 3508	1420	chrome.exe	chrome.exe
PID 1420 wrote to memory of 3508	1420	chrome.exe	chrome.exe
PID 1420 wrote to memory of 3508	1420	chrome.exe	chrome.exe
PID 1420 wrote to memory of 3508	1420	chrome.exe	chrome.exe
PID 1420 wrote to memory of 3508	1420	chrome.exe	chrome.exe
PID 1420 wrote to memory of 3508	1420	chrome.exe	chrome.exe
PID 1420 wrote to memory of 3508	1420	chrome.exe	chrome.exe
PID 1420 wrote to memory of 3508	1420	chrome.exe	chrome.exe
PID 1420 wrote to memory of 3508	1420	chrome.exe	chrome.exe
PID 1420 wrote to memory of 3508	1420	chrome.exe	chrome.exe
PID 1420 wrote to memory of 3508	1420	chrome.exe	chrome.exe
PID 1420 wrote to memory of 3508	1420	chrome.exe	chrome.exe
PID 1420 wrote to memory of 3508	1420	chrome.exe	chrome.exe
PID 1420 wrote to memory of 3508	1420	chrome.exe	chrome.exe
PID 1420 wrote to memory of 3508	1420	chrome.exe	chrome.exe
PID 1420 wrote to memory of 3508	1420	chrome.exe	chrome.exe
PID 1420 wrote to memory of 3508	1420	chrome.exe	chrome.exe
PID 1420 wrote to memory of 3508	1420	chrome.exe	chrome.exe
PID 1420 wrote to memory of 3508	1420	chrome.exe	chrome.exe
PID 1420 wrote to memory of 3508	1420	chrome.exe	chrome.exe
PID 1420 wrote to memory of 3508	1420	chrome.exe	chrome.exe
PID 1420 wrote to memory of 3508	1420	chrome.exe	chrome.exe
PID 1420 wrote to memory of 3508	1420	chrome.exe	chrome.exe
PID 1420 wrote to memory of 2000	1420	chrome.exe	chrome.exe
PID 1420 wrote to memory of 2000	1420	chrome.exe	chrome.exe
PID 1420 wrote to memory of 4760	1420	chrome.exe	chrome.exe
PID 1420 wrote to memory of 4760	1420	chrome.exe	chrome.exe
PID 1420 wrote to memory of 4760	1420	chrome.exe	chrome.exe
PID 1420 wrote to memory of 4760	1420	chrome.exe	chrome.exe
PID 1420 wrote to memory of 4760	1420	chrome.exe	chrome.exe
PID 1420 wrote to memory of 4760	1420	chrome.exe	chrome.exe
PID 1420 wrote to memory of 4760	1420	chrome.exe	chrome.exe
PID 1420 wrote to memory of 4760	1420	chrome.exe	chrome.exe
PID 1420 wrote to memory of 4760	1420	chrome.exe	chrome.exe
PID 1420 wrote to memory of 4760	1420	chrome.exe	chrome.exe
PID 1420 wrote to memory of 4760	1420	chrome.exe	chrome.exe
PID 1420 wrote to memory of 4760	1420	chrome.exe	chrome.exe
PID 1420 wrote to memory of 4760	1420	chrome.exe	chrome.exe
PID 1420 wrote to memory of 4760	1420	chrome.exe	chrome.exe
PID 1420 wrote to memory of 4760	1420	chrome.exe	chrome.exe
PID 1420 wrote to memory of 4760	1420	chrome.exe	chrome.exe
PID 1420 wrote to memory of 4760	1420	chrome.exe	chrome.exe
PID 1420 wrote to memory of 4760	1420	chrome.exe	chrome.exe
PID 1420 wrote to memory of 4760	1420	chrome.exe	chrome.exe
PID 1420 wrote to memory of 4760	1420	chrome.exe	chrome.exe
PID 1420 wrote to memory of 4760	1420	chrome.exe	chrome.exe
PID 1420 wrote to memory of 4760	1420	chrome.exe	chrome.exe
PID 1420 wrote to memory of 4760	1420	chrome.exe	chrome.exe
PID 1420 wrote to memory of 4760	1420	chrome.exe	chrome.exe
PID 1420 wrote to memory of 4760	1420	chrome.exe	chrome.exe
PID 1420 wrote to memory of 4760	1420	chrome.exe	chrome.exe
PID 1420 wrote to memory of 4760	1420	chrome.exe	chrome.exe
PID 1420 wrote to memory of 4760	1420	chrome.exe	chrome.exe
PID 1420 wrote to memory of 4760	1420	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.youtube.com/redirect?event=channel_description&redir_token=QUFFLUhqa1VTclNHSm9jTlVFbmR3QURjQ1FRcXdZQWR3QXxBQ3Jtc0ttTkt0MFJsQVV6QUdpSy1EaWhzYXVvLWxWblpGdG5Sc3ZMSEptVTdXc05DTFkwYURGUnlqWU5NVmVXRkRJZEprUGVldG9lVUN6aERHa2p1c0lFX3pjN0FCNlgwZlJqZ09zVlNEOXdJTGhUWUVWWkRKcw&q=https%3A%2F%2Fsites.google.com%2Fview%2Fexecutorpc
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1420

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ffa4fd2ab58,0x7ffa4fd2ab68,0x7ffa4fd2ab78
2⤵
PID:4744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1908,i,17779584962800383953,14840858492219508171,131072 /prefetch:2
2⤵
PID:3508

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1908,i,17779584962800383953,14840858492219508171,131072 /prefetch:8
2⤵
PID:2000

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2200 --field-trial-handle=1908,i,17779584962800383953,14840858492219508171,131072 /prefetch:8
2⤵
PID:4760

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3032 --field-trial-handle=1908,i,17779584962800383953,14840858492219508171,131072 /prefetch:1
2⤵
PID:5092

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3040 --field-trial-handle=1908,i,17779584962800383953,14840858492219508171,131072 /prefetch:1
2⤵
PID:5052

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4424 --field-trial-handle=1908,i,17779584962800383953,14840858492219508171,131072 /prefetch:8
2⤵
PID:4192

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4576 --field-trial-handle=1908,i,17779584962800383953,14840858492219508171,131072 /prefetch:8
2⤵
PID:2552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4380 --field-trial-handle=1908,i,17779584962800383953,14840858492219508171,131072 /prefetch:1
2⤵
PID:3952

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3084 --field-trial-handle=1908,i,17779584962800383953,14840858492219508171,131072 /prefetch:1
2⤵
PID:4400

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4184 --field-trial-handle=1908,i,17779584962800383953,14840858492219508171,131072 /prefetch:8
2⤵
PID:4516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4736 --field-trial-handle=1908,i,17779584962800383953,14840858492219508171,131072 /prefetch:8
2⤵
PID:1136

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4876 --field-trial-handle=1908,i,17779584962800383953,14840858492219508171,131072 /prefetch:8
2⤵
PID:3256

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4940 --field-trial-handle=1908,i,17779584962800383953,14840858492219508171,131072 /prefetch:8
2⤵
PID:764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4964 --field-trial-handle=1908,i,17779584962800383953,14840858492219508171,131072 /prefetch:8
2⤵
- Modifies registry class
PID:4932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4948 --field-trial-handle=1908,i,17779584962800383953,14840858492219508171,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5396

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5156 --field-trial-handle=1908,i,17779584962800383953,14840858492219508171,131072 /prefetch:1
2⤵
PID:5792

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4744 --field-trial-handle=1908,i,17779584962800383953,14840858492219508171,131072 /prefetch:1
2⤵
PID:5916

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3272 --field-trial-handle=1908,i,17779584962800383953,14840858492219508171,131072 /prefetch:1
2⤵
PID:6072

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4784 --field-trial-handle=1908,i,17779584962800383953,14840858492219508171,131072 /prefetch:8
2⤵
PID:2700

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5532 --field-trial-handle=1908,i,17779584962800383953,14840858492219508171,131072 /prefetch:1
2⤵
PID:5632

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5520 --field-trial-handle=1908,i,17779584962800383953,14840858492219508171,131072 /prefetch:1
2⤵
PID:3572

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5664 --field-trial-handle=1908,i,17779584962800383953,14840858492219508171,131072 /prefetch:1
2⤵
PID:5960

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4812 --field-trial-handle=1908,i,17779584962800383953,14840858492219508171,131072 /prefetch:1
2⤵
PID:212

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5568 --field-trial-handle=1908,i,17779584962800383953,14840858492219508171,131072 /prefetch:1
2⤵
PID:5904

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6380 --field-trial-handle=1908,i,17779584962800383953,14840858492219508171,131072 /prefetch:8
2⤵
PID:5240

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6476 --field-trial-handle=1908,i,17779584962800383953,14840858492219508171,131072 /prefetch:1
2⤵
PID:6036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6992 --field-trial-handle=1908,i,17779584962800383953,14840858492219508171,131072 /prefetch:8
2⤵
PID:5208

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6956 --field-trial-handle=1908,i,17779584962800383953,14840858492219508171,131072 /prefetch:8
2⤵
PID:2496

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2932

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3252

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\R B X E L 25.rar"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:2836

C:\Users\Admin\Desktop\R B X E L 25\Electron V3.exe
"C:\Users\Admin\Desktop\R B X E L 25\Electron V3.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:3244

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 356
2⤵
- Program crash
PID:5088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3244 -ip 3244
1⤵
PID:5076

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
432B

MD5
aae042abb7987594ece24c2f725c6d51

SHA1
88e3ffad09d4ebfddb2dd1ca741f2c476ba7514f

SHA256
5123d4888ac45516c6a5cda0ec10f060242949767a30f95a29cff8e47e5eddda

SHA512
af2aaa4ac842b84a06a14e7dd74b293f243169eafa41dfd78c567586b29052d70e1bf58361f0efae8d353ca2afd3db879c661db573d2cdee5b009cf664c29693

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
8f3a22a42256c1c148585e82e013aad7

SHA1
cd804d095f8b4e50135b5bfa7adf765caf9f8af0

SHA256
767fd0404bfedfd22e2249c46eb309df4d0d83084c4bbfe7a4561ad998dad250

SHA512
edaf749220f681b6d9e1ef5284b47ef364bfbf3437ed1aaea1b2c23076317d31c20439308e29046e4b67466c9be0445ada8b7415e5e4fe45cd8b7da782a1464d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
2fe0561010b89734b855d99b18846c50

SHA1
6891cba228df6229410352a269b5f7ce2cd88e8c

SHA256
0f3ce77dd749e4c7bd834d01294809b3e5137d2bab5689cec7f98d40569c2992

SHA512
5461d25961b4a9f66a66e23d35e821fdee1a82ef59dd3b70794d72960cbf0a03ec379b3818278577f8648ed379a36905b117fe9d3fe90346d96b74e7c3bb2e26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000003.log
Filesize
41KB

MD5
740f7750f7da02dbc7fd02567a5f1f79

SHA1
b1e2ead633a8134902469e3470a45d901e2e085f

SHA256
e5b1ed87d62a8b24fab5d732f5b77d3763ab3875ca4466cc7e5615a333d3c37e

SHA512
8ea371f59be6f6533107711b2f8615f479f1472c4a6dfbb6bbdb4e8d6704f316d95023a50e09c39f24a3e73edb6b84e3e64b190e6b7ef2676b58add2d4ca7e41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
Filesize
28KB

MD5
85c6c66ce80f1f8e45e01f25f57755e8

SHA1
aa119b42d40dd366c6db57e74faf39e8271e44df

SHA256
4f9f6d3855322581516b5857c342fe9ee8893aa9500a86afd5f4fd254fa32348

SHA512
af29b078314193d0b4d28b390cdf053559426f28d27cfdc8932d2491707451163ce89cac7d207fbf21037aa22ee19ff5f3c15dc85bf97d36d45f663687538971

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
c3b71bd3bb32107cd58b280fcc1266f0

SHA1
95f9d815dd0ca640732ece49be5de5a8119ed655

SHA256
e351f8832a59ef7f0ba08aeb9e1a3a8cd628835cae9955b10de9918e9fc03c93

SHA512
4b8f57b6259a48921b080b48f9ea0de4df7c06f0e723384f6ee86d0c07f465ca967b129594b051dee0713eb125ac50e515b6c4a2ee0c51e83ebfefcc8f96d57d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
5KB

MD5
f47b15e6434ec60a94c9cac80434ab6a

SHA1
0299c1d27dd4da329d7c25c2590bb0b1d23c9da6

SHA256
ceaff4f1ecc6717d792d1e650098baa9e53e5305baf3f7399e898f16a6a2b97f

SHA512
6b55b8fc46d9530574d7ff2cf3d90b29cff4e3e015839c9d801b3bd23a3413a639faa3a840a01c29670a877ca6b335a41f113a6f0689035d0ebc0e250a7496b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
10KB

MD5
f888fe0197d91182eb4f5b918f91accf

SHA1
e57c7248c505dde276a9948cd1713f503714674d

SHA256
8394ad65b68517701b9cedd0e6f5a85f0ca3e8e79cf3c949e30481caef692f06

SHA512
23bb8fe2d13c8362ef4544472252ce426823a8874a080dd72fdcfae5263d52382ad11164dd62f1af96487c8e8f5c8bf01345aa08ce3eedf2ea9a0cbdd416b05d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
13KB

MD5
1c5a85ca5e1967fc8e941a00a62f531a

SHA1
7dc007ff3d43fecb520d3330690b9726d89d3f1c

SHA256
4f0fe6224d2d91c388988cfb7b282ce02c9c5bb0a66d47f7d4e56217e6c8abd2

SHA512
0fdbff1287e27da30078b04914c868fb95d373a52f5eefdeec63af09cd54ec943a06a8d3c4b196612d37416b0e24b113595bffbbcf645afb68402507628d3641

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
12KB

MD5
2c142b93e5fca1890d1c84fb466c3575

SHA1
7659f3b4dbc82bc88340bb590f9b5a90588d7848

SHA256
289f8891913252bfda9694bacade7bac9d09ba2f9c8eddd02a1c16f7abb4f77a

SHA512
9dc43a8a5cd77fa7c00ecc64b4ad00db33d040f7e797f65d956d9f8b334c3c16a1cd1f0433e4877148c432a7a37d8dc8e020b3351d0a4f54233501ef87460677

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
524B

MD5
b3b7da1dcb65206334713ae897633c82

SHA1
2eb5e4e237dc4d46254f51438e3ee6c91addd790

SHA256
09c61f0edc92573ab9bfe851ca95f9bca0c16be1b9431550faf59c37f48e43cc

SHA512
fa432ee48a424b5dc2365a5d43940a4a1635bac9173f9a4f7ff8d6063dbb6050e3b2c5c3e0275fe891ab14efcc3069afc8890776ba93fa8f7bddbfd7d963e3d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
66857e92bedd01974cc2ca83a28a654a

SHA1
5a8a251ae5ba92d595e2312062db56e38bd76dbe

SHA256
1cd0922b08fa4f5953c239c75cf6c3ff937fdf332c4d57a0ec440530ea6085d4

SHA512
bc5e5c4a8273b3b4d64900063144d3b28167710ea256dcb291e1c05d563166e3708af053eef5dd1689bbf6490290fc2c3560bd4ab550114a45eca49ad10043c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
a1e034307433afd59bc5be99478455da

SHA1
4796db6432a4931e4508d62e1defe2f576d9dc49

SHA256
93778076ad9cc284db16b0c21351c74a529599c52e742d6b0f6eea658892ed78

SHA512
0b7f1c143cbba422cf50132321d3acec83fa0cdf2da59c9a88e79d92c5ef439c5856073df3d5b24968bc41bd7973cf47affd8a1a28c2baddd4052665e088975b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
860B

MD5
057b1400c4fc0ab29bf62a1a8bb16475

SHA1
7b23906a8bc7d8c86c4bbe2bcc9ca0c8fa6a3d62

SHA256
d788eb8e9853f019b1787eb9a73da3edb65e486226d2018a722a1981793e0950

SHA512
e1244fe8c4058f8226a325aad4a7b25e7cd68f5e718b5cdce49391446a591f4901e4f5db22533f966599f7341d3872ec6378d95246c60b0e46c00ba745810276

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
2fa1e9c3cee1b832e263b2c189f80a6c

SHA1
847b67c030fa7ccc5df4fffe4e723c87b476b986

SHA256
20f4021d0e03c8b2adcfd1bbcfbb1428485e75f55a1bfe306aed17e6b80d565e

SHA512
723ac5ee10599bb1da7e4cff553df4bbd7152bfa59e9b5a4f9fc21b945f29277a852ff5de7ad0baec2cbdd9a68789a9a339c13e20f62999c8719468e5c1737d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
178ca829a801e454e4fb054026141e2e

SHA1
34bfb8a16af3d7079db44ba9fbf213b770f621fa

SHA256
b09c97840f9bb0bdc50da0c0db2e360d927b494fbdaef886b78ea5362f9f3a6f

SHA512
4520c4f22008b102a99baf8b2e9cda31d904870ad47f8e2b9dd9f94bd617bb4610dede9a3d9aef102ebaa4069802621918bd89ee67b1756e8882475c14e5ab3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
9a36b614728dc7a85309bd07ffe6b0ae

SHA1
cd9e118283f427460519f5d9394f8c4bcef49c44

SHA256
2daf1a671f6b6ae081138826b7ab372a9d8a75c7b7a7f1b62bbb070c82093ff1

SHA512
171ce1cf6ad0096995355ae36142499e41cfa3bfb6c4de77522f316d769176a973b9092c94815ef6bc8165a05bf79a0e69bed71815d124ad84b709b5525a6d0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
08263e21dc0120b337f337b34b6353b0

SHA1
3ce8d61f8c8283c145b5de78defcfba3a9064458

SHA256
01dda73ccb32f07fc5696798f9c01d00fe58e2b7be9f7f82840ee657a2784a7f

SHA512
43d98fc392df412facb7361c505701f58ada2875cfe3fccc662696573b91e5c4271e59fd0e8907aba9a25b308e0ffe574e6f969d475ecbb8eef0d37e40c2ad32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
a0083b2410554f55248bf4aac8bd5492

SHA1
3b2a2d8697c68fc9cb73e471cffb91cc53b3635b

SHA256
d72ab5e5559a59129bde34fc6a16e8a04f6d5a62c3c37757c7360ac615e39b87

SHA512
d08f76b688602f395c5c0ea739b0ae7faee4eb8b3d78af79392cdfdc31b4ade13c459929252d6859f2d9a52a67d085fde5f1a9650803d5e3bc99e101d9f0b522

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
a7b02ec8a45e592a6b6000015b0e1b4b

SHA1
e95aaba15c631819260494f272e95ee83efbd554

SHA256
8e73bede4993ccdafd2439f6e72bbd60bbedd88d538b01200ca504bb455e9797

SHA512
a73d66e72eae314604c2f107c0a539d9cafa554a4144f8ecb0b5e73d36391ed3f2d81ab73675424db2e340be2c37a4ab4cb7638b0efbc6f6cf3b0ea78fee7994

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
e237620dc60a4e18f9c4f5c5bd2de844

SHA1
4eaa077423a5884fcbe1f4f4404134a18e51f5cf

SHA256
e22e1b625a96f66488918ff8449a6aa0d9e1ceea483ab79eaf3c3f285db82f8b

SHA512
ba4a4098a807cd99e743add201c4784de8eddc6a9a275dad4bd113df1080e2d7619b7741213318495b1b4ba074a30ab0d0de2fb2b0231c27b19f1d2d29edb26f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57aefd.TMP
Filesize
120B

MD5
0bd2d1dd19d42fd47523835f332be141

SHA1
2a568f0e8afbcfd40bb812b461f6dd2732ec8bec

SHA256
ff542365d0b2bc48826aa1852feebea048a8d8110c2a821d26ac624de6201961

SHA512
ccef2c1575e0acfd49d567e6ac9551145717c686539ea3e33ab3be2ce746a995bdee25f2b4aba4b6a88fca4d4c66575ec3d1c96ac21f005e45d4a63c3aee98f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
128KB

MD5
e2e877cf48d4530a7f8bb81572cd5d5a

SHA1
1c39b4fe8437ab92302d9a81e4c6916e51282bb4

SHA256
e08ee7b9c3afbaed4952b405c413e72747d52fe4ee22ad1dd69f7348fe19621f

SHA512
c03a23acced55a02ada0fd03e3002b860cea2c51e3ae2db33159dae2029fea5d58f635f8a7618031bdd57e31b6aaa71595e7e283b305ca21784a7bb894d6e5be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
129KB

MD5
58ce03ec171a9c0974201db220657e31

SHA1
f626d523ea278d5f18dd2d9ffbcdde31741f1ad7

SHA256
dbffaee7f314fe2291b604eb5be70aebb9a958072b5a9502a91e753a172e2c4b

SHA512
27e735dde93bd6c77583c1f6cdd689e279739d1d942a44b97b2ca3c75d8247cec9ec8ef550304925af5cd6c43b479f7b58efa91f12d584c9098976f92b96d4cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
128KB

MD5
e23a3656c0b246f33edec1de5ca15501

SHA1
f6261bfe26d5cf92eb1ad439ccc2e9519a622237

SHA256
ec349235d5a34acc5fa583ff27027933e926a5cc2ca2a8c5a18386d5dbe45e62

SHA512
7262f98784564e70cfd927a0f5c407f2d4bf38ca2e1b4de9fd5702f571b1189502a287d559438d3ad8a93a578e15a56b9d1eb45ac5e7daea77d836973157e4ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
128KB

MD5
faad1d9289194a6bcfd72a48341d8ac9

SHA1
5f92d2099df6841953eb8cfe680246630e7e51f0

SHA256
3c85457c2110a70c40d5fd8dc9f4b671f68c8cc138a535050cd64e6a6f1542f6

SHA512
6f48b340f33e8e36f8f35c0d92e050ba925a9e93187a50f9691768d162df10825c2b9c717aebc135cdc6c025246adcc062cc2077c9279c31fd5755000d7a4f48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
128KB

MD5
108dbd6842caed18d37d7406b24a24b5

SHA1
dea867901679c5a51eb3eecedf4bce8b6377c1fb

SHA256
3aa08d470b2ed97e81c126c49eaeb731e2ff5cf6f9d6a6ce741046a760f3ebc3

SHA512
61c5c309b023e3e6f3facac7c73631dab86886e8589bdfa3d8df77d368c5462205e73bab0be29569be864e6090b9fa7b782a922450fd35c11b67d9ad74cfef94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
156KB

MD5
cab79b818f20e24a05ef188ba4f37872

SHA1
45da108db98635974089fb25fd4af03d947ed569

SHA256
61961cdefe9cf95c391eb6ff752a5483ad885aa83e6ba9a20e7d8147a1462971

SHA512
54d04f274437a853940ba38834fe9c0cd3fbc49d870e763fc0b6c5895956d60b1fb14dc04ffa6f7757d65d9326fe16cc88387a64e35764077b8b56cc3138ffc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
148KB

MD5
1430ad99f6bf91accf418a6affd59369

SHA1
a8d7f7e3fb684086b72ea051ee1e8add0ae476ec

SHA256
66c308e3393233e53314615dcefaaca2cb4fa340c38b2da4020179b60e006c53

SHA512
5cf27a56c757a3fb65c8df92cb625065062d8fa78f7a4480de33e38511b69722f72777aceb6d74b0f885da89584cc9268304a7722d1e3d97cbeb110b4ed1095d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
129KB

MD5
35687d7854819573ed562c5a442830e6

SHA1
fd0c688df05cf164bb11e2d43bfd71696ac7d606

SHA256
8e8bc0f8c83fd9d2b2d56f1ad7a6ce94b4b712ebddb77b7257fe42db344f83f2

SHA512
bd5c8aa695f98bb2869750ca4c8d8792ce80f0239c51b83b549b23f4d6f255b50c5e54f9ccc670762e0e15ded9c502de143bf74f7f5be83437ba58bd947eaefe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
104KB

MD5
1d4a6bb106e2848ec613b0c561bf3770

SHA1
a10e8ad20936817322ff13c989473df17145b3ef

SHA256
4c6a6fdcbf4467d88230a9e77403cc359ef68abcab5b463aa9c906db7e2d4da3

SHA512
519072dbb98e03e49814f3cc292c9de989f71972ca8d4e6b9f6e7e861901d3b3dab380e4c6c7968ca9c4ed2846c7ba21816211323a95a18d6fc28757e228029e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
100KB

MD5
77e2db2d311b537cd112c0960b26af51

SHA1
5a305e686038e8ea5dfaeb5428a960a6a8242cf0

SHA256
f9a603a810bc933eb6b1bebf87be661ecafe4149b007d9fcbe49c1eb66858e40

SHA512
5e66af0c39fc445ee3f127fc6e587ca3b94290e594465fdbc63c2ced0d0546b0c7e2a970ebde2ca0c7630dd715dfe58a2a6fc506ed0199541f19f5fea9682a3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
97KB

MD5
8f8a3729bd94fa0e8ad4df418187e5db

SHA1
4f3ea161cc6600c82f591390ec9cc4c74a28d5fe

SHA256
187873f6ae8e9a75fd7ee53ac39e5a5f6ccdac74781a67880b6a3eada2926933

SHA512
1734a85e4f9517d78aaaeda4bd55118dc310038cef4850dac5ce7e1a1163217f0fdf04349004c1fe94abc9f3535a3262510dad527a2bd728002f27890a6d2fbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
91KB

MD5
bbd8ce6142efcc74ed2a30d12fc605d9

SHA1
1290416d72676ad17bbe4bb1bee1c1a161f3c580

SHA256
f393bf7bd1883f88881964ff592a2c7aa526e764f8dc8842cd077c31e31c3838

SHA512
ecf5c807874ea3279ecb16d601748ae04fa4644a39a834b213ec33cfb939c83aa483c785d9f0b08fa4d33f09107e21dee5ccdb5f5296567242eac6f45c1a7e51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57d726.TMP
Filesize
88KB

MD5
65f6103cc20bba9b07b549cac788b508

SHA1
3c0360897fc228494a1044e076bdce62c1aaeac1

SHA256
e830b86d69b9bc4599803008e764c53823d3814a95150e7345a41a29b5b207b8

SHA512
ccf5e897095df1d6dc8ec00414b05359b773ce22556afe0f590557d4b9ec14dcc117d40e878e2112b7b4eafbfd2b3360df05f3bb987b8deed2c214ea64357a6c

Download Submit
C:\Users\Admin\Desktop\R B X E L 25\Electron V3.exe
Filesize
435KB

MD5
6e29fdb2867bd6f340c3dfda20bdced2

SHA1
be22e33e21b133c2190992e212f6dd4d5c98cfad

SHA256
11713ffa61b5b7b1541a9ecf6ea55115fd4ba01e63c88a019ee1d3269df68748

SHA512
30f3220b41ea29d6fadb646cc8730c46b6382400a3b0d73cb53706197d63b7adc4cb2313fc8fec4559d3f671feb822ded94f17cf2b08517c104ebb2c23e6a00b

Download Submit
C:\Users\Admin\Downloads\R B X E L 25.rar
Filesize
9.7MB

MD5
1a3f0f3897b999f90276b655f423de77

SHA1
a52641193133d7ca1ecb90c3e7a12e1f0e7a0555

SHA256
30492d305961d7e4131179849c5e6e244397cc1321187aae27cca35cf119487c

SHA512
ccad70d4d04064c2382c8316183feefaf6567c0994dabb49171453fb4c0c63e63b83858f44655aecd8fe63c6ce3032822d515f81475a98f63ce5ef2447e10e59

Download Submit
memory/3244-722-0x0000000000A50000-0x0000000000ABE000-memory.dmp

Filesize
440KB

Download
memory/3244-712-0x0000000000A50000-0x0000000000ABE000-memory.dmp

Filesize
440KB

Download
memory/3612-723-0x00000000065E0000-0x000000000661C000-memory.dmp

Filesize
240KB

Download
memory/3612-714-0x0000000074120000-0x00000000748D0000-memory.dmp

Filesize
7.7MB

Download
memory/3612-718-0x00000000054C0000-0x00000000054CA000-memory.dmp

Filesize
40KB

Download
memory/3612-719-0x0000000006AE0000-0x00000000070F8000-memory.dmp

Filesize
6.1MB

Download
memory/3612-724-0x0000000006760000-0x00000000067AC000-memory.dmp

Filesize
304KB

Download
memory/3612-721-0x0000000006580000-0x0000000006592000-memory.dmp

Filesize
72KB

Download
memory/3612-717-0x0000000005620000-0x0000000005630000-memory.dmp

Filesize
64KB

Download
memory/3612-715-0x0000000005A90000-0x0000000006034000-memory.dmp

Filesize
5.6MB

Download
memory/3612-720-0x0000000006650000-0x000000000675A000-memory.dmp

Filesize
1.0MB

Download
memory/3612-725-0x00000000068E0000-0x0000000006946000-memory.dmp

Filesize
408KB

Download
memory/3612-726-0x0000000007200000-0x0000000007276000-memory.dmp

Filesize
472KB

Download
memory/3612-727-0x0000000006A50000-0x0000000006A6E000-memory.dmp

Filesize
120KB

Download
memory/3612-729-0x0000000008810000-0x00000000089D2000-memory.dmp

Filesize
1.8MB

Download
memory/3612-730-0x0000000008F10000-0x000000000943C000-memory.dmp

Filesize
5.2MB

Download
memory/3612-713-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/3612-716-0x00000000054E0000-0x0000000005572000-memory.dmp

Filesize
584KB

Download