b621dc1da6fb800a2524ab3ad8bc05c939019eef2aa5a41f847e07d8ee068923

Analysis

max time kernel
299s
max time network
313s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
29/05/2024, 10:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

raldi-2.0.help-me-god.zip
Size

531.1MB
MD5

8cc14a18082a476a9e5a95a7fc90c798
SHA1

8fc14c150e9dbf98687ddb4e2f77fc2c8648eb49
SHA256

b621dc1da6fb800a2524ab3ad8bc05c939019eef2aa5a41f847e07d8ee068923
SHA512

81d558e05937bca2dac2bf2866a780191c30aedf26c46feb49cc293ce8d52f36a46afb97b72eaf22e641b5e4aec1466266229a126f01f3eda3566cb4b0674d12
SSDEEP

12582912:dESM2RDqx/CJnfujAOcLY4tQAbQr+dOiQxCJPaL6UQjkdY8/t8g2HB5Uc7apKFTd:SoHnMcBMr+dOHCJPaL8HB7apKFT//9

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133614534866903644"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
2464	chrome.exe
2464	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: 33	2240	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2240	AUDIODG.EXE
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5208	Raldi's Crackhouse.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4636 wrote to memory of 212	4636	chrome.exe	96
PID 4636 wrote to memory of 212	4636	chrome.exe	96
PID 4636 wrote to memory of 4344	4636	chrome.exe	98
PID 4636 wrote to memory of 4344	4636	chrome.exe	98
PID 4636 wrote to memory of 4344	4636	chrome.exe	98
PID 4636 wrote to memory of 4344	4636	chrome.exe	98
PID 4636 wrote to memory of 4344	4636	chrome.exe	98
PID 4636 wrote to memory of 4344	4636	chrome.exe	98
PID 4636 wrote to memory of 4344	4636	chrome.exe	98
PID 4636 wrote to memory of 4344	4636	chrome.exe	98
PID 4636 wrote to memory of 4344	4636	chrome.exe	98
PID 4636 wrote to memory of 4344	4636	chrome.exe	98
PID 4636 wrote to memory of 4344	4636	chrome.exe	98
PID 4636 wrote to memory of 4344	4636	chrome.exe	98
PID 4636 wrote to memory of 4344	4636	chrome.exe	98
PID 4636 wrote to memory of 4344	4636	chrome.exe	98
PID 4636 wrote to memory of 4344	4636	chrome.exe	98
PID 4636 wrote to memory of 4344	4636	chrome.exe	98
PID 4636 wrote to memory of 4344	4636	chrome.exe	98
PID 4636 wrote to memory of 4344	4636	chrome.exe	98
PID 4636 wrote to memory of 4344	4636	chrome.exe	98
PID 4636 wrote to memory of 4344	4636	chrome.exe	98
PID 4636 wrote to memory of 4344	4636	chrome.exe	98
PID 4636 wrote to memory of 4344	4636	chrome.exe	98
PID 4636 wrote to memory of 4344	4636	chrome.exe	98
PID 4636 wrote to memory of 4344	4636	chrome.exe	98
PID 4636 wrote to memory of 4344	4636	chrome.exe	98
PID 4636 wrote to memory of 4344	4636	chrome.exe	98
PID 4636 wrote to memory of 4344	4636	chrome.exe	98
PID 4636 wrote to memory of 4344	4636	chrome.exe	98
PID 4636 wrote to memory of 4344	4636	chrome.exe	98
PID 4636 wrote to memory of 4344	4636	chrome.exe	98
PID 4636 wrote to memory of 4344	4636	chrome.exe	98
PID 4636 wrote to memory of 3992	4636	chrome.exe	99
PID 4636 wrote to memory of 3992	4636	chrome.exe	99
PID 4636 wrote to memory of 4764	4636	chrome.exe	100
PID 4636 wrote to memory of 4764	4636	chrome.exe	100
PID 4636 wrote to memory of 4764	4636	chrome.exe	100
PID 4636 wrote to memory of 4764	4636	chrome.exe	100
PID 4636 wrote to memory of 4764	4636	chrome.exe	100
PID 4636 wrote to memory of 4764	4636	chrome.exe	100
PID 4636 wrote to memory of 4764	4636	chrome.exe	100
PID 4636 wrote to memory of 4764	4636	chrome.exe	100
PID 4636 wrote to memory of 4764	4636	chrome.exe	100
PID 4636 wrote to memory of 4764	4636	chrome.exe	100
PID 4636 wrote to memory of 4764	4636	chrome.exe	100
PID 4636 wrote to memory of 4764	4636	chrome.exe	100
PID 4636 wrote to memory of 4764	4636	chrome.exe	100
PID 4636 wrote to memory of 4764	4636	chrome.exe	100
PID 4636 wrote to memory of 4764	4636	chrome.exe	100
PID 4636 wrote to memory of 4764	4636	chrome.exe	100
PID 4636 wrote to memory of 4764	4636	chrome.exe	100
PID 4636 wrote to memory of 4764	4636	chrome.exe	100
PID 4636 wrote to memory of 4764	4636	chrome.exe	100
PID 4636 wrote to memory of 4764	4636	chrome.exe	100
PID 4636 wrote to memory of 4764	4636	chrome.exe	100
PID 4636 wrote to memory of 4764	4636	chrome.exe	100
PID 4636 wrote to memory of 4764	4636	chrome.exe	100
PID 4636 wrote to memory of 4764	4636	chrome.exe	100
PID 4636 wrote to memory of 4764	4636	chrome.exe	100
PID 4636 wrote to memory of 4764	4636	chrome.exe	100
PID 4636 wrote to memory of 4764	4636	chrome.exe	100
PID 4636 wrote to memory of 4764	4636	chrome.exe	100
PID 4636 wrote to memory of 4764	4636	chrome.exe	100

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\raldi-2.0.help-me-god.zip
1⤵
PID:3904

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7ffa5b76ab58,0x7ffa5b76ab68,0x7ffa5b76ab78
  2⤵
  PID:212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1672 --field-trial-handle=1844,i,4511752108415158937,12097987989224362525,131072 /prefetch:2
  2⤵
  PID:4344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1844,i,4511752108415158937,12097987989224362525,131072 /prefetch:8
  2⤵
  PID:3992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2232 --field-trial-handle=1844,i,4511752108415158937,12097987989224362525,131072 /prefetch:8
  2⤵
  PID:4764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3068 --field-trial-handle=1844,i,4511752108415158937,12097987989224362525,131072 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3084 --field-trial-handle=1844,i,4511752108415158937,12097987989224362525,131072 /prefetch:1
  2⤵
  PID:2860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4284 --field-trial-handle=1844,i,4511752108415158937,12097987989224362525,131072 /prefetch:1
  2⤵
  PID:3952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4428 --field-trial-handle=1844,i,4511752108415158937,12097987989224362525,131072 /prefetch:8
  2⤵
  PID:516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4404 --field-trial-handle=1844,i,4511752108415158937,12097987989224362525,131072 /prefetch:8
  2⤵
  PID:696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4712 --field-trial-handle=1844,i,4511752108415158937,12097987989224362525,131072 /prefetch:8
  2⤵
  PID:5048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4868 --field-trial-handle=1844,i,4511752108415158937,12097987989224362525,131072 /prefetch:8
  2⤵
  PID:4800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4988 --field-trial-handle=1844,i,4511752108415158937,12097987989224362525,131072 /prefetch:8
  2⤵
  PID:4312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4584 --field-trial-handle=1844,i,4511752108415158937,12097987989224362525,131072 /prefetch:8
  2⤵
  PID:4516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4900 --field-trial-handle=1844,i,4511752108415158937,12097987989224362525,131072 /prefetch:8
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4120 --field-trial-handle=1844,i,4511752108415158937,12097987989224362525,131072 /prefetch:1
  2⤵
  PID:3328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3208 --field-trial-handle=1844,i,4511752108415158937,12097987989224362525,131072 /prefetch:1
  2⤵
  PID:3672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4724 --field-trial-handle=1844,i,4511752108415158937,12097987989224362525,131072 /prefetch:1
  2⤵
  PID:3924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4688 --field-trial-handle=1844,i,4511752108415158937,12097987989224362525,131072 /prefetch:1
  2⤵
  PID:3656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4924 --field-trial-handle=1844,i,4511752108415158937,12097987989224362525,131072 /prefetch:8
  2⤵
  PID:1792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4964 --field-trial-handle=1844,i,4511752108415158937,12097987989224362525,131072 /prefetch:1
  2⤵
  PID:1752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4428 --field-trial-handle=1844,i,4511752108415158937,12097987989224362525,131072 /prefetch:1
  2⤵
  PID:2924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 --field-trial-handle=1844,i,4511752108415158937,12097987989224362525,131072 /prefetch:8
  2⤵
  PID:5004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 --field-trial-handle=1844,i,4511752108415158937,12097987989224362525,131072 /prefetch:8
  2⤵
  PID:400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 --field-trial-handle=1844,i,4511752108415158937,12097987989224362525,131072 /prefetch:8
  2⤵
  PID:1448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5440 --field-trial-handle=1844,i,4511752108415158937,12097987989224362525,131072 /prefetch:1
  2⤵
  PID:5224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5312 --field-trial-handle=1844,i,4511752108415158937,12097987989224362525,131072 /prefetch:1
  2⤵
  PID:5464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=2400 --field-trial-handle=1844,i,4511752108415158937,12097987989224362525,131072 /prefetch:1
  2⤵
  PID:5828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=2388 --field-trial-handle=1844,i,4511752108415158937,12097987989224362525,131072 /prefetch:1
  2⤵
  PID:5836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6048 --field-trial-handle=1844,i,4511752108415158937,12097987989224362525,131072 /prefetch:1
  2⤵
  PID:5864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6056 --field-trial-handle=1844,i,4511752108415158937,12097987989224362525,131072 /prefetch:1
  2⤵
  PID:5872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=6232 --field-trial-handle=1844,i,4511752108415158937,12097987989224362525,131072 /prefetch:1
  2⤵
  PID:5880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6648 --field-trial-handle=1844,i,4511752108415158937,12097987989224362525,131072 /prefetch:1
  2⤵
  PID:5288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=6644 --field-trial-handle=1844,i,4511752108415158937,12097987989224362525,131072 /prefetch:1
  2⤵
  PID:5336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=7148 --field-trial-handle=1844,i,4511752108415158937,12097987989224362525,131072 /prefetch:1
  2⤵
  PID:2972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=6920 --field-trial-handle=1844,i,4511752108415158937,12097987989224362525,131072 /prefetch:1
  2⤵
  PID:5784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7380 --field-trial-handle=1844,i,4511752108415158937,12097987989224362525,131072 /prefetch:8
  2⤵
  PID:5596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 --field-trial-handle=1844,i,4511752108415158937,12097987989224362525,131072 /prefetch:8
  2⤵
  PID:5008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7464 --field-trial-handle=1844,i,4511752108415158937,12097987989224362525,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2464

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2692

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3e4 0x468
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2240

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5668

C:\raldi\raldi build folder\Raldi's Crackhouse.exe
"C:\raldi\raldi build folder\Raldi's Crackhouse.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:5208
- C:\raldi\raldi build folder\UnityCrashHandler64.exe
  "C:\raldi\raldi build folder\UnityCrashHandler64.exe" --attach 5208 2027009871872
  2⤵
  PID:1564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000099

Filesize
89KB

MD5
f512fe24c84434aafd1d93f4e9b25abd

SHA1
ccd4d0419c5503d87cbf530336451c43de385c5e

SHA256
6684d6819e1627544c21af4c2fa07cf88c52cd838db69cd1c2c59afd3bc8ae17

SHA512
9f2a601577adb2121fb7ade5a4c9320e504709a559bdc5d5f666973ab854dfa2386c1c37a78641b9371e2502e5108e41bb2d1c5f4031ea4094f963b2ba25dbad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
3574e18fa86e78ec2bb40f9c0cbf1319

SHA1
611490509e22ef002846f9408c09e5ba50fe8242

SHA256
7c8f9733b331e5e9546fe3660256a4fdb24ba818cb74d44b3adbe7f1ba2b59db

SHA512
a8f1078889f7b5caf0840584ef3494dd68cedde55e5f250f072ca75c7440f10ca2c997e91abd1aa64ffbca7e883a47e2de0909820f94a020d440d2636b2144a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
e5097d9ea8f22d10449af2186fa1045e

SHA1
e5a6446f20628a96de954b38fb1a736e2446118d

SHA256
2d2130735ac2d775c1715190a5a7c4785d75b27f3442808737477e16407f9e39

SHA512
83d162a96b8138542df5c3e0c76fd7636a48e4f71ed16084f948778eb0585b0ac73c21b65850709ec2b9053117e903072ba2c8f1d517bce37f895e71271b7665

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
1cf11519a38f8789f7126ee3253ef72f

SHA1
fb30b9392378057757e78e4bc46aebb9644d8815

SHA256
7a3d654891976c12d98c25074c05d217feac9251f86202d95c1900b34f524e17

SHA512
cf308e93a0fb482574e3faed7ef8c475ca189c7adad38fe1a22901752aa5479ea62ec3ff8f5b6349d64f51c7a26f7ae79424c3f73037d4ccdd46dcb216177d66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
e63e4d0c7352e15b3d291febd759ef05

SHA1
48a05c150b3f7b7b177bbb1b88f72686a15d3ecc

SHA256
8c06cf9168b80c53f1ceac831ee01edf0f30c776b1561757f646e775045d8d37

SHA512
ba1c8f95ca63b42755e1579c31f63298c8ed220daa7d32efaed2df109c13ea76f937c08ede89525fcdb2781b6bc6f82b298e37a19b08789d92fcde6202e37666

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
15KB

MD5
2528a933bcba6ff7ec7024515fa23464

SHA1
1ab02fd0100985c3b1e6bb38bf34087a18a98ee9

SHA256
fe5b9ab2badc4368751e0ae00dadf16400cc3098acd6fb66f1a8d17aeb28ba9e

SHA512
6907b65458ebd745df78cc6c056be78cd7076721fdd4c0d983acbad574353b6574ca0242a96c0002ffd50c03e58eb94a278509d995663aa63f15a0db632bf1bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
18KB

MD5
24d2cf14e7d55147ca648a8755ca0e83

SHA1
f2d7d0b990ecba1d8a7c42d17559370193d61dc6

SHA256
88f1a1004ccff100cd9adaf02fb84ca10112fbd717998bae30b44ec478aa88c5

SHA512
652eb2beb1aa550f75b5b0e2c03f29b765fbaa002b88e03469270271c721270cadfeffa58d3f55facfa9c36c4dcacf02d3159baee9736b08e85aac99a6556b61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
afbc8780e9aed3ed3f6a8a962d088b33

SHA1
5daba425d2a1e9c8f982dc68d366d6ce7b9696da

SHA256
5aeadeb048bf91a78f0be23431a0ac3f522338ac3f1fd83c62959c87adba24c5

SHA512
87ab2530de66c420e6732d7a271be38f02f1552e14f435dac7e99665a38ef7accaa594ec7a40d21026e0a4e1e7962814ba06ff4e45f2f5ebad7d42d9762a4bed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
0b2753458fe429f2eb490b318465c55f

SHA1
3f91b43b8880e6c33c9d8c5bc5a186db3e64689a

SHA256
64c2146a7b5b8a3937c7e95c96f1fea741144c833d619e1a80e7122518fa3dbc

SHA512
c18739d49bbd89eb44a0c6f4f9efadd86733af446b9e612765f46c0e8d5b4aa3fe0933c8e9ac7eaf7fd371b308fff3daba6e590c52a392884504be855929d12c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
fd08c708cf5af4ff47cb9b6be0427661

SHA1
7a26ea1d66586fd77edc373877bae6dfa8395181

SHA256
4f43b0f2369a0d59b2ade450cf320dc19e1e018c74e18882490f1e49233c31d2

SHA512
940198f4cf128d5767ba871970f42fbd705e4aa6ba54c32053398e5dad3bcc3f5f0f46441a4efeed1195b6df98093095ddb4ae9434f067601f71bf5d650b679d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
def272e6c9af325b5a512f2ee9144c76

SHA1
14a73e2227de6605bbfd98e8fe4ed1c776b5079a

SHA256
5e14631daac15a1d2af2b7bf6f86ba166b9cb6c33594e1575ac2359f3f205da0

SHA512
6cd731c9456e7c72a1d5e69810923263770d1f6657dbf819d61ade1725a066dfd3fe5619fd26f71bd47bb7c46baa970ef06d65c542989d42785181c4be4d694f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
88321dc8500be05476f5c9b59cb74ebc

SHA1
77a8f82d1d1593fc935df354400c621295a7805f

SHA256
dc59dc194e1951024bb67803b6bc53e04437ef9b7b5d158ad64139ede90d93c8

SHA512
b1854ca4423c8d7a061f9b7c1eb9a42ae6366973ce65ff4bbc4026ecfe84a6e6966f8ed4b11390ccf20922a3e5f9a72bb79d7625a7ec800ea126ce4d04a7b746

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
f0bc29aa32806cef85bb1392a5c6b570

SHA1
3a3abc888a017a178913b0c57126ff257dccf9ce

SHA256
bb7a118a4ceec6a8acc3707e6d704c6c669ad6ed9d2a4d691de571294a816b2c

SHA512
5fb9c7684219e4c7049448ae1d05de3e21a7e6b0bd346fd2ab36be121767e8f6eddbe8b778012567242e4a472263f9bfc91dee0afff142a9cb62e76ece8f3c21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
d3b38ee458472d70764786fb762d259c

SHA1
9c682c8e0bd383e8c6e20191cecabdc9a82e8580

SHA256
729051eab71dbc041a1ccddd057ac2dbec674be2be52df3cd00ed07698bd9ff4

SHA512
67e54cc1ab83c0b886c5c065ebbd8db1a20eed121c8a7f3c2408cbdd497043c7443078d33ffd1abdc90032868e8370163183f5a64ed774c13b6d590c23d209f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
b69c2dfed19960efc1bd01b0a8e1d2da

SHA1
2672ea4a9948f2b37712f62db0c959efd7d70171

SHA256
c88633deb86f7d4c0fa3c4ef08dd9933048152f0a3757070655ca0dc2fe682c3

SHA512
47e50cd84a990cc0869a32ac2dd3897f3277980a6bb0611f07b30c22557178e06e3bbe34a158da1e47843f77f3f8f5548b678029f4424c9f0aa8393db1c11d36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
29528f15ddb6626ce9a219abdf016ae0

SHA1
3a1181f61e65010ec6db6ac6760852a129bef982

SHA256
a16f581ef24be81e8ff79c8a9b45387958d22a538f4230936c2b9b1caecd9cb1

SHA512
ec28a11eeebc2353e27231dbd86c96aefa54195cb90bd9ce5e5c67a6d9acb22dff89b9237618ad04b3091ea40c78d861b5e03de3a3ef69635b33ea81262cdb72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
bf23d633735bdd80b2d7f3647c7365f6

SHA1
41ba86f8fdbe2e957457214a0b112a8d640146f8

SHA256
aae22cdbd41e12cf1ca9dd393c22c4bd550dd43a61fbd85777d2dcea92305385

SHA512
97a03fd86b517035381ce4320ca7d524db5cabe58391c837c9df936481e8d27bde5b34a66e288ec4021397f2fae98e675dbd324d2ae76fab7bad92ec600a3aeb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
159db9740359682c5b3ccd1058a15cc3

SHA1
f73872ac7be367252589435dc1c7038a1ce2180a

SHA256
60a45b30659fb3deae4ac171902b7f3641ccf352880efe2bca6f124c40257bbb

SHA512
bdabc745803e746ec8a986854d00734848f3044200f4f99731911d8d89a3502abcee315ac02e86a4741c3f57a39216cd3cb193435bb0a6590312560d88f80446

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
fbd7b301c1cc9668809b41dafea6c67f

SHA1
ee7ce46cafbe3e31f9c8e65d4f0111f431cc4ee1

SHA256
c3b856e90a57ca2285f395df1cd8683e185d9bd1fab34761d0f2eb42355d346e

SHA512
6a2887c2f603d94a7f442adec5dc5122e7ce506ec2e239619e2d59bc34b198ef584b4e3fe32d81ba0cd95334ea3f1cb7e3ece43cc8552c69331801b63a90c440

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
76e3996f3f68528f8661d2bae850ce8c

SHA1
aa0de2fed03425aa5cb2019e3edd80be914f96a6

SHA256
0922bbc580a098f8fc87f2fcf0589719f28ae779650f585f4c1fb8144546c54e

SHA512
8db347795a9dbc86222f9c8552954ec14b46c3b2ea61b42a298e824f336e23a8fe636cf9462de83aac8e031876d130ccc96b69fccfbc7c257b3d876ed5d8d73c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
ffeaa3899a872789e9ea74f3461c9860

SHA1
a859b8b85c4e1d6cd886714977722fe348acb8ba

SHA256
be7f25ca28ae0309c2dca6e267eae109bde5947de6dc023e5adf424d8757384e

SHA512
eecacb09ada0eaaf46bdf26658630735bd477abdf1daea884c35870a189706180902b9ff02e6dc993c87690b6c4ff012befc9b312c80160393e7d24d0d3596e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
281KB

MD5
bb03ceb95cd39ed25e203aef74b2b6d1

SHA1
714323dfdb78eecc64efdffb5d42d90a0d968b5b

SHA256
613a815faeb5500761174498f2eeae5e89e15fb817ba86ae41b3a0f122139e8a

SHA512
c54863425f47e1499bf3b2ac4544d4383f85d0947d66b2285d3bf9248e9f95356ad8d03473fbf45d1cd3deaac6389c8a4869a4a092c238aa31a5bbb84ef37612

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
262KB

MD5
54b5bc7366e8428ddc26f8703600de38

SHA1
2329e7bffd567956fb05007cdf8fb31d71cf8eca

SHA256
d786a21f692c95046e7c9bce7c7dcc18f48446296407a10c6cb3b8b954ef103e

SHA512
ca5572c453dce97ad65663d06b32a32ccc8215d55343618d516f8b8c899d5eee271f0a7732c72e88a3b4231e146b3aceb68e455bc6656815e7e671f642b5a522

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
83cb8ecebeb7d7f1c019d1a0fcb73e5f

SHA1
4e14f90212ccba33bf541185266d4159acf42031

SHA256
812e422acdd5e58d963bbf28198013e5c702904bce9993dbbf732d502b8045d6

SHA512
0168fd4fe96e79790b44639bcc0c1dc206f33b073f80ddaf142e7654296b391d98da2f08551ae723c94b4e2ffca71a601aa63b7ff3df8c4858b24c08131ffe7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
261KB

MD5
bcdf24ff2ad768b3db1c4962e31fbeb1

SHA1
aadb29186feb33b405be952b111f93b836b2c434

SHA256
45a259d4a36f871098585e748ca19e1d4e2c745a26c30e1e0988397ff990024b

SHA512
8f35fba55625250ab8967f4703ea332b1e60ca746ac94a23600a0f19b4f7e52d936b93a88becbc9947028a4cb00b259bc7f1a092edd5004f8f875489e650b1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
275KB

MD5
9a75c251866baded5db5f585af42ec61

SHA1
e8641a44860003d34d38db5304726bd2467c089b

SHA256
0a92f48ba71b0ec8113a489731b4ca7fc09bacee4beb6c7ad3c1fb672a6e7ecf

SHA512
769c1eb42a4f63d1666b5948e4f044d9f1ccd0b1e0dbc4302d090494747f3c2af90abd1c927204e9f9439278ab2975e54b386e5a841dcd1f1dd94b05e48a9fa0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
262KB

MD5
b664bb57c174634dd86131635862833b

SHA1
a7a86aba0e3d6f4af61f1bb468e5370be199d283

SHA256
ebcf3e64c9e6beb065edfb014b3eb6d905498d0de23ae10bd1b9d3765ea93d47

SHA512
1afda7136cc07a63b74180352564799d8b752fac2cc17fff32c2bfa84b1f4df949db103fc851bed865328a5bf19cee4e84a3fb853f87048448f45e12718337a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
104KB

MD5
2850f7ed0c2dc22aecb1f6d2bc50b739

SHA1
b6e470daa4cba46999b378b5318b94c5ea8a1c3a

SHA256
ecc6acf65f2761db65f708955e73b84717a9d1582c1c91093aedd45d578988e7

SHA512
98a76d832582ccb52da3a5510b3b9ca1b2b44d0813524da2074261dde194329c4b87a58d8ea479afd0190019167a0f72fbb6250d19dee78ac09bb7ad02bb9601

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe587a4c.TMP

Filesize
88KB

MD5
beb46da5bb5bb1263a60e2befcfd4560

SHA1
f5a4ef7baf9ae92a46fcd5b7f598ec4367f83198

SHA256
d27442f935d55aaadcba5ff6f132febad88639315d9a7faebdaec01cf331d47f

SHA512
10de1e263b65273ef6fdafb89b13971250d27746f9e3a9003ecdc50a41b89d69828ce10eddfa97830d99d9f1f57c595b59cd3fd6cf3ec8fe2013a882541bda59

Download Submit
C:\Users\Admin\AppData\Roaming\RaldiSaves\0.raldi

Filesize
1KB

MD5
0d7680179682a67d3efe960db32d7f67

SHA1
8285b108258ba9f9b71f9e7939e91ddaad2463ff

SHA256
10c80248ec7f542c8381ffc56e7e04de6f327c343601daa4c06ab9fed2f9707f

SHA512
e285fc36f5380937b5f3af993c5f027a507595d0524a2bb7dd9b964bf97cb696c95c32395987eba6ccf8975fcc7627a9d017a485b8b38e447c12af9ab3cb0343

Download Submit
memory/5208-1064-0x0000000061CC0000-0x0000000061CFA000-memory.dmp

Filesize
232KB

Download
memory/5208-1063-0x00000000685C0000-0x00000000686D0000-memory.dmp

Filesize
1.1MB

Download
memory/5208-1062-0x0000000065C40000-0x0000000065C65000-memory.dmp

Filesize
148KB

Download