discordrat | be449362ee5003c6a1b6f73a7d3ef1b2d5b67c9eb57e317ab672df32fa8cf366

Resubmissions

11-06-2024 20:55

240611-zqvzcs1epj 10

11-06-2024 20:51

240611-zne55a1emh 10

Analysis

max time kernel
1049s
max time network
1015s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
11-06-2024 20:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

rblx hacks REAL/Client-built.exe
Size

78KB
MD5

456bf5de813e40ca39898ca6ba16b1d7
SHA1

4b668377e4f81802f5a975739a2799d140e04d55
SHA256

9ea8612ee8a4e2599a73e99cee7afd8be19faedd655ff2f54b1f06e486021135
SHA512

7f3747235a0f48c774ad084207f43201dfdac9bc3bfd340f645cd7c13b61a853e01227756d1f9f154f5f541914c316b86fcbe1ab9a130aee117f17daab9b3191
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+nPIC:5Zv5PDwbjNrmAE+PIC

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI0OTU3NzU3NDA5MTE5NDQxOQ.GsOG5Z.ZZXzRiXjjatxWtgj6vEvWrUD7fTQVKec_XOUKg
server_id
1177034497322127390

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Executes dropped EXE 2 IoCs

Processes:

Client-built.exeClient-built.exe

pid process

4260 Client-built.exe
1124 Client-built.exe

pid	process
4260	Client-built.exe
1124	Client-built.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133626129912642712"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

1540 chrome.exe
1540 chrome.exe
5068 chrome.exe
5068 chrome.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

7zFM.exe

pid process

3880 7zFM.exe

pid	process
3880	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

Processes:

chrome.exe

pid	process
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

Client-built.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	3140	Client-built.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

Processes:

chrome.exe7zFM.exe

pid	process
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
3880	7zFM.exe
3880	7zFM.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1540 wrote to memory of 2932	1540	chrome.exe	chrome.exe
PID 1540 wrote to memory of 2932	1540	chrome.exe	chrome.exe
PID 1540 wrote to memory of 692	1540	chrome.exe	chrome.exe
PID 1540 wrote to memory of 692	1540	chrome.exe	chrome.exe
PID 1540 wrote to memory of 692	1540	chrome.exe	chrome.exe
PID 1540 wrote to memory of 692	1540	chrome.exe	chrome.exe
PID 1540 wrote to memory of 692	1540	chrome.exe	chrome.exe
PID 1540 wrote to memory of 692	1540	chrome.exe	chrome.exe
PID 1540 wrote to memory of 692	1540	chrome.exe	chrome.exe
PID 1540 wrote to memory of 692	1540	chrome.exe	chrome.exe
PID 1540 wrote to memory of 692	1540	chrome.exe	chrome.exe
PID 1540 wrote to memory of 692	1540	chrome.exe	chrome.exe
PID 1540 wrote to memory of 692	1540	chrome.exe	chrome.exe
PID 1540 wrote to memory of 692	1540	chrome.exe	chrome.exe
PID 1540 wrote to memory of 692	1540	chrome.exe	chrome.exe
PID 1540 wrote to memory of 692	1540	chrome.exe	chrome.exe
PID 1540 wrote to memory of 692	1540	chrome.exe	chrome.exe
PID 1540 wrote to memory of 692	1540	chrome.exe	chrome.exe
PID 1540 wrote to memory of 692	1540	chrome.exe	chrome.exe
PID 1540 wrote to memory of 692	1540	chrome.exe	chrome.exe
PID 1540 wrote to memory of 692	1540	chrome.exe	chrome.exe
PID 1540 wrote to memory of 692	1540	chrome.exe	chrome.exe
PID 1540 wrote to memory of 692	1540	chrome.exe	chrome.exe
PID 1540 wrote to memory of 692	1540	chrome.exe	chrome.exe
PID 1540 wrote to memory of 692	1540	chrome.exe	chrome.exe
PID 1540 wrote to memory of 692	1540	chrome.exe	chrome.exe
PID 1540 wrote to memory of 692	1540	chrome.exe	chrome.exe
PID 1540 wrote to memory of 692	1540	chrome.exe	chrome.exe
PID 1540 wrote to memory of 692	1540	chrome.exe	chrome.exe
PID 1540 wrote to memory of 692	1540	chrome.exe	chrome.exe
PID 1540 wrote to memory of 692	1540	chrome.exe	chrome.exe
PID 1540 wrote to memory of 692	1540	chrome.exe	chrome.exe
PID 1540 wrote to memory of 692	1540	chrome.exe	chrome.exe
PID 1540 wrote to memory of 1536	1540	chrome.exe	chrome.exe
PID 1540 wrote to memory of 1536	1540	chrome.exe	chrome.exe
PID 1540 wrote to memory of 4992	1540	chrome.exe	chrome.exe
PID 1540 wrote to memory of 4992	1540	chrome.exe	chrome.exe
PID 1540 wrote to memory of 4992	1540	chrome.exe	chrome.exe
PID 1540 wrote to memory of 4992	1540	chrome.exe	chrome.exe
PID 1540 wrote to memory of 4992	1540	chrome.exe	chrome.exe
PID 1540 wrote to memory of 4992	1540	chrome.exe	chrome.exe
PID 1540 wrote to memory of 4992	1540	chrome.exe	chrome.exe
PID 1540 wrote to memory of 4992	1540	chrome.exe	chrome.exe
PID 1540 wrote to memory of 4992	1540	chrome.exe	chrome.exe
PID 1540 wrote to memory of 4992	1540	chrome.exe	chrome.exe
PID 1540 wrote to memory of 4992	1540	chrome.exe	chrome.exe
PID 1540 wrote to memory of 4992	1540	chrome.exe	chrome.exe
PID 1540 wrote to memory of 4992	1540	chrome.exe	chrome.exe
PID 1540 wrote to memory of 4992	1540	chrome.exe	chrome.exe
PID 1540 wrote to memory of 4992	1540	chrome.exe	chrome.exe
PID 1540 wrote to memory of 4992	1540	chrome.exe	chrome.exe
PID 1540 wrote to memory of 4992	1540	chrome.exe	chrome.exe
PID 1540 wrote to memory of 4992	1540	chrome.exe	chrome.exe
PID 1540 wrote to memory of 4992	1540	chrome.exe	chrome.exe
PID 1540 wrote to memory of 4992	1540	chrome.exe	chrome.exe
PID 1540 wrote to memory of 4992	1540	chrome.exe	chrome.exe
PID 1540 wrote to memory of 4992	1540	chrome.exe	chrome.exe
PID 1540 wrote to memory of 4992	1540	chrome.exe	chrome.exe
PID 1540 wrote to memory of 4992	1540	chrome.exe	chrome.exe
PID 1540 wrote to memory of 4992	1540	chrome.exe	chrome.exe
PID 1540 wrote to memory of 4992	1540	chrome.exe	chrome.exe
PID 1540 wrote to memory of 4992	1540	chrome.exe	chrome.exe
PID 1540 wrote to memory of 4992	1540	chrome.exe	chrome.exe
PID 1540 wrote to memory of 4992	1540	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\rblx hacks REAL\Client-built.exe
"C:\Users\Admin\AppData\Local\Temp\rblx hacks REAL\Client-built.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3140

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1540

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff7ebaab58,0x7fff7ebaab68,0x7fff7ebaab78
2⤵
PID:2932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1788 --field-trial-handle=1944,i,5228683407648101928,18130556357954108106,131072 /prefetch:2
2⤵
PID:692

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1944,i,5228683407648101928,18130556357954108106,131072 /prefetch:8
2⤵
PID:1536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2244 --field-trial-handle=1944,i,5228683407648101928,18130556357954108106,131072 /prefetch:8
2⤵
PID:4992

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3128 --field-trial-handle=1944,i,5228683407648101928,18130556357954108106,131072 /prefetch:1
2⤵
PID:4404

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3160 --field-trial-handle=1944,i,5228683407648101928,18130556357954108106,131072 /prefetch:1
2⤵
PID:3868

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4428 --field-trial-handle=1944,i,5228683407648101928,18130556357954108106,131072 /prefetch:1
2⤵
PID:1756

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4576 --field-trial-handle=1944,i,5228683407648101928,18130556357954108106,131072 /prefetch:8
2⤵
PID:1784

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4612 --field-trial-handle=1944,i,5228683407648101928,18130556357954108106,131072 /prefetch:8
2⤵
PID:4416

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4692 --field-trial-handle=1944,i,5228683407648101928,18130556357954108106,131072 /prefetch:8
2⤵
PID:3748

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4896 --field-trial-handle=1944,i,5228683407648101928,18130556357954108106,131072 /prefetch:8
2⤵
PID:2104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4628 --field-trial-handle=1944,i,5228683407648101928,18130556357954108106,131072 /prefetch:8
2⤵
PID:1452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1744 --field-trial-handle=1944,i,5228683407648101928,18130556357954108106,131072 /prefetch:1
2⤵
PID:4996

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3116 --field-trial-handle=1944,i,5228683407648101928,18130556357954108106,131072 /prefetch:8
2⤵
PID:3408

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3252 --field-trial-handle=1944,i,5228683407648101928,18130556357954108106,131072 /prefetch:1
2⤵
PID:4616

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4448 --field-trial-handle=1944,i,5228683407648101928,18130556357954108106,131072 /prefetch:8
2⤵
PID:4360

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4516 --field-trial-handle=1944,i,5228683407648101928,18130556357954108106,131072 /prefetch:1
2⤵
PID:2756

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2432 --field-trial-handle=1944,i,5228683407648101928,18130556357954108106,131072 /prefetch:1
2⤵
PID:524

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4740 --field-trial-handle=1944,i,5228683407648101928,18130556357954108106,131072 /prefetch:1
2⤵
PID:3508

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5176 --field-trial-handle=1944,i,5228683407648101928,18130556357954108106,131072 /prefetch:1
2⤵
PID:3548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5372 --field-trial-handle=1944,i,5228683407648101928,18130556357954108106,131072 /prefetch:1
2⤵
PID:3336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4948 --field-trial-handle=1944,i,5228683407648101928,18130556357954108106,131072 /prefetch:1
2⤵
PID:3324

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 --field-trial-handle=1944,i,5228683407648101928,18130556357954108106,131072 /prefetch:8
2⤵
PID:2124

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 --field-trial-handle=1944,i,5228683407648101928,18130556357954108106,131072 /prefetch:8
2⤵
PID:1556

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5612 --field-trial-handle=1944,i,5228683407648101928,18130556357954108106,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5068

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3536

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x494 0x1f8
1⤵
PID:396

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1116

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\rblx hacks REAL.rar"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:3880

C:\Users\Admin\Downloads\rblx hacks REAL\Client-built.exe
"C:\Users\Admin\Downloads\rblx hacks REAL\Client-built.exe"
1⤵
- Executes dropped EXE
PID:4260

C:\Users\Admin\Downloads\rblx hacks REAL\Client-built.exe
"C:\Users\Admin\Downloads\rblx hacks REAL\Client-built.exe"
1⤵
- Executes dropped EXE
PID:1124

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002e
Filesize
1024KB

MD5
c002fe07e975bca1075e2e2e719be6a8

SHA1
f17cf36cca17a882be579ffbcaf84adddac72b8d

SHA256
3ecd142663d05d0680e339434c6cf43e433d621ae08de71b935b8a37eb2af9b1

SHA512
3e1d6833d9bee0bcd1cda6c783cd16c3f765f8544732d07b819c575672719f42ee7158018841309d3e69339a0fc8fc8fb89b7407ff6e2df5afe93b79a4f01172

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002f
Filesize
1024KB

MD5
52d6460dbee7386b959b00b5379d3b1c

SHA1
db04c82b78e091992fd9c63df04db0ebfae58861

SHA256
8c074e1831cbcb5584c33102c41173082d2c5f4c82996f0b0a2c34a3e417a9fb

SHA512
a8402c66b07832f1061d4a89e834d120104be6c7c214e2e4e22c1df97d40af69abea40bc764876357f6d1eed250772fd0da2a1a76691f0a1299e1241bf50df0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000032
Filesize
773KB

MD5
d1d1e79c21c57ecf62d4ac32654bed13

SHA1
4bf44c674e45674d3371aae17f132eadd689792a

SHA256
d35280d680e8ef67af60e20c309cc54cf9cc1483e3f947257eff6f2d53e760c3

SHA512
59bbab76d69f6b84d19c8d6ee08e29b847edabcdecc4d295c7d7964bc730b0d690f1e3d4e4a292eea39b8491bafa06d4d5db737397cb34057de60592334e1816

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000033
Filesize
1024KB

MD5
9ae419d3b49e77268db3c6dbdd3b4e6e

SHA1
962e65b9cea0b861f757c31abb69041a71189ea0

SHA256
613c186724489bb8c17d952b3a7bc6dab468f5e5236ecbb4f50e986c7b042b6d

SHA512
4bd96e2ff3ef9cc9c1d1c7291fb7f9c9b6a3160a4f3ec948af910b4eea1c1086026a40ed5eec3fcc6a32ea0dff362410050a82cb0db5c696b5cf5aa25f1dba9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000036
Filesize
78KB

MD5
152d16d8b407d22e5596bd29e3198de1

SHA1
a989c5d50ccbe0346c55feba6b00e8096c7920c5

SHA256
5da70f597eb6d86c559bf3aab9ee262f6036853bb869be2b0ad447555e425358

SHA512
464be1e04024e86d40098119b41d01bdf51d126e6e8baab1b0817eac136007755af37816133b728b57013bbae2393c4d472b3491f37d1e5a3d65babc63e9695c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000037
Filesize
108KB

MD5
ff5f6eb22cad5bfbac357077bc963f07

SHA1
7926b4fc2d292ec4e007bfbfb08b6a1ca93cbdd3

SHA256
aeb909116881e83f54f709a0cdd20f8e70c9d035b76e1e65ffa6f80d739fc523

SHA512
f10efd05b45ef5baca758c2de80c31853b25268264dfddbb0f513d33cb96c91886be7abcf343fbb347318d7df5d437d538821e4bf0ce8d165c9fa7f15840b1a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003a
Filesize
16KB

MD5
01a5168b5249b9c6518157300322042d

SHA1
d9fe3183d341c4ed8f18da0a49bac0f5e76e5f62

SHA256
c2548e614f50f86610238b5729d27b36e49fcd7a832c9ff5493b8a770c44d3b8

SHA512
cdfb3c535257f8ed5d13dd16512a4e9100013674a08f862541c23e09da421da454fec130a003cc91166d6cd366236de5dc8e85100334b21b3c657e0ce60c75fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003b
Filesize
131KB

MD5
0132f66c516a8c23cca529d8b04274ba

SHA1
a46d7692220dc33589ef858f9a78af9f08395aac

SHA256
a98b3d62983722353251784532ef19195cb57d74270a7e5b5521a8f093ba1f14

SHA512
2b09906305a45a4c45a6585394d3e7ead2bae2a2e3b36cef8efefa05dbcffaff753c53b0b82aac2b7009b0c08a3f0dfdaf715e90a3a4d35788f70fee8f05691c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003c
Filesize
495KB

MD5
2b9904c87bd1421b5c77fd11789136b8

SHA1
2f8d760400dbc6f6f74437845588043d29dfb9ed

SHA256
6cf8c52d1b441fbe906c461859ae7c7665776051e31e6d3ba8e34928af4aa1b2

SHA512
c09904b15997daf5d0fe777953b696de45535ba18883a3082c943a068a12b364851d7fae2313041398e75d63e7cfe204829724b836b6866f1dd13cfa9460ee64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003d
Filesize
1.0MB

MD5
c21837f7e385a8489a517f9f36160c41

SHA1
85990e5ddb1144f8d7090acd8516dfccbf0381d9

SHA256
4c19fa371cb9d5cff7d84b5ce25e96740e5c9c37bcf59a3c3099b51b99827ed6

SHA512
d1a67d34d375b2e2f90ffdf65d1e5aac235927a21ced3003dd2ecc2d046525149c7bf6f96f12c43f53b554e8df093ba1ebcc1091e31f2620f751f755892a79e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\79d71aea01fdd91c_0
Filesize
34KB

MD5
d850018ff4248b4d1b2529fdd6b7f948

SHA1
2d6ea20722540f046f5ddb1f844b349f12d7fa8c

SHA256
231422c06972018194058188cd87ad14eaf9e1a6628a2e02d92eeab575218769

SHA512
85aa3837052a5a76e1fe7435c295db762c272029c978610fa4bd1cd4e5a634b6d885a7c1e0e132b6cbb770ef5ccf80f778b28dbee9124dfbdb551535d367a037

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9ae01db7bdde946e_0
Filesize
269B

MD5
fbb345dd473e2d73d7714f6a85ef0124

SHA1
23cabf8501a71c1bc991f25053ba0e9fff5fd240

SHA256
d658373e5586b0244d0a8db93219ab6e1a68d9f189f108a6b892c36e2feab993

SHA512
64bcc9152a97ab4b9bad39281b3df7bc84d3f2139ebbae1d4e5a4ce8e5f0bece08a471629ed234867494037ebb18e1a4b7024e35f09f3012dbec07bea19f04cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b2b72c6660afe643_0
Filesize
294B

MD5
51ba389da85e0ea2ef36318274e087af

SHA1
35fac972c33296600dfd77ade1bdf172671e1a2f

SHA256
25582c420ead75baf03a3f8b8850cdb91ce19c2966657d8764e8eebf451d39e1

SHA512
a4d7e9e77fc273f27c30fa45588f72d15517f46fab85456f6bb8c570c488d0cc0305453f006cb40d7fd598832a8ab2a22752b325883b0fb31b7574f774a05f93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d3eb8fba256e5cbd_0
Filesize
414KB

MD5
3799d8338470270ee9363fe3c9f6edd6

SHA1
5ca60c2564b6b5f1f05f9a97bb45a35dc4a9c45d

SHA256
7e74a0666936ae244fb691a33a20870ea1954e7b75955d0ba46b53ae9314ec76

SHA512
5667ef886053437b61add744e3f33e82407937f014504dbd3e45a3224f780eecaaee600a99ddb2ecc8ade4fd320d496957dfe1a7523c576556416dd05480b9d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index
Filesize
1KB

MD5
374640e2cc9770dad72c78bc169aa580

SHA1
a7592c02d6b7c36b45f0f2e5da76691525cc53a7

SHA256
04da161dd1a47693ee761ffd36f2ca38b443b53f091c125d1a3070cffc263a08

SHA512
e10c492f090e111097ffbd6281285b25f3be9b009fcb8258eecb340a9445fbe09bb71d32fa0c90e64fa07b49bf14eda3f1b28d338157530ffdb9aad086e2a514

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
b6809af9374a5ea940ea6d03fc299ea0

SHA1
a9a96e4b9cb7d0f81fdd43971e0d9e579545999a

SHA256
bd1ec2b43d02ad01dfc536a9f0ce9000d2ea155465dc9bc81ce8440c87f0197e

SHA512
0d298e59f3f1e0b927c1dc624a5c02afbaa32e01948e9f9b9741ef1a7fd7963a2863bb01b3bf5a1957758ad73d3ac5cfa42ed486ac8a9db4afca6b2ccd2a55fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
9e5fa034d7816b7cf0884b9f6352aca7

SHA1
6a19b949154c52717a7ffb42a5ae174f04556826

SHA256
88c190532a8456a0f40b9ba8ce7d65ebbf3bf222c54d53388a34aedf2e4e1151

SHA512
5238e8704108c5d4a07cc682d345e29d3092ae94ecc022f7c1633b51cb3bc25ff3f3dbf0ce35433ecf7a898173d1f1dc14eb7d4965ce0b51a655895cb4458d75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
1f871dcd8b633c3661f3b91c6af888f8

SHA1
1585b13e9b606dad252b526a16ee0bbcde502f63

SHA256
0fc2f8e1003d4895603fc521535fb21a9fb1e3c48de06e19b2e66d5ecc4adb82

SHA512
396c228bdd9eaf2b743591bd5c23c5783b784cedc3fa653802f113caa79cf15552bd59a636bc07aeb4036165e91199374bf63cd28d7177bb043f1b95353e69a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
932f9324ac15855832f59c008c964dac

SHA1
19d523482392169ac0a08862e2b22671a789a2a8

SHA256
55d4a3a6c23893d3fca9d9f9f348836a47c6ba749b862514c2969ac9686d94e9

SHA512
c81a4e22f3e90e2aafd5c8a52f6da8fa43059c7d5c2cbf8b89afeca282ec0697e5cddc1e1bbbf639c67520ffcde58c5cb2c7e7ee2828ee98386f95eb4051b459

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
5e8c7dacdff893a13c17ff5a118cd304

SHA1
b99e155938b568deee8dac2d3b620ee8e529e54f

SHA256
72ab994dbb47d2cd1ffcf36545bfca32a929ebd4ffcad0bcfd713321dbf3e920

SHA512
70ef3d95aa5368831d1a7e78b219b367075c592c0c31ce3bab53b59aa656559d20daa9dc1db09936f761e76242460cc45bee86cae1e872991efc92c85b910263

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
464954776635cc892a3b8df99c77bdfe

SHA1
5a15599504de1535010f08a339d3d0ba5ff6295a

SHA256
0b836b45efb2ffa2a2952a3a62b9b0924e3ed45cf0e23fb3ed97f5fada35f977

SHA512
5c3758a8ef5496f15038daca1b298a9836c1ba206c0c84ea92cc817dd73cd1e07277cbf9a81e363c59d49856bbeae137c8997a54ae0db1906f48c485c0c249c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
055434a6f881819587280142ec837517

SHA1
ab126fab2a3d856d300c278700e7c2dbfe889974

SHA256
5527bd5601a48f4dfcf98963011e43d1f5ba51ddc0140c580164eed91afaad57

SHA512
b46301aaf46b6b49e2bc2001e0dea6050484c777b09dd3ee0bcda3f651b393259d798be715b13e8c0ca53a2c3bd99905e1e1d2d71c19e364781f935b13891c4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
c364ca7ab3ef6331386c0ab95d621979

SHA1
b48823c3696087f8d88d132f08a83d7264f0467f

SHA256
22a10e4d10b4e5baeb755dd46c11487d807dc9e09e06ee7094fd4275e14b5e0d

SHA512
5e69389c2052c42da4f48a90b193e4b04587a7103a82670f67a03bdf2a5dcf80a8d7b8d553dfecee418c85372c3e78ab5e4976b1d0013175aa4765fb0b7f65f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
d1b14952e711af6f87c456434ac7f2c8

SHA1
60b9b30a20bdb179040ded47479345935c740d97

SHA256
3daee42ebc4d4c4fb6815cfab75605de05744634882be6fbe5667bbaf4482140

SHA512
80c1b1ce4026ee12e4041a14b61bf304710e3945fb9179c1cd3a2696b6a847c90fcdc92f51ebe529d51d8c09323861f3e03d5365bed2ea57a65a496bec1cabb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
fea465b3c7af5e91bf8d39c2e28461c0

SHA1
469125478dd4eb1f4c66bb3552f72356ec53fed9

SHA256
4c628000f2233ec20a22a333ef7cb7b386a9fcb77a4b490de96c8066ad2e3e0a

SHA512
8751f21d23ad6c67e3f8e82c6e9851b261a2dcb1fe638b0092b32258123a80ee4da008461f08719c404e3a921f209c26fe47d3cbd82692e0698ff139cc5b6ec0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
aeddb0ab5a048670dbd4b2011bec9d3b

SHA1
5c33c420d1f7e0d9ecdef152cdb8e73ef4a84c13

SHA256
50a2d363db59115d04e412129538304676a368b27d797a95f3f6dcb50817a283

SHA512
4469d03caaaf3b1e6085c1675208c24baa394a2e38e1b2edfea61a410a75cde3eb591718986d3f5e6d7ec4b5c2c7a14bb6ce66c25ce7b41795ded841bb392a2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_backgrounds.wetransfer.net_0.indexeddb.leveldb\MANIFEST-000001
Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
7KB

MD5
f5e6da90471e3c0bedae9e31a45f6cb8

SHA1
94ae03a2b914624821c5d11d397f10a90c5a33e1

SHA256
2fb8d8203d192563acf4ad15370f943feca1b70ed671ea803c8a2716e8a42362

SHA512
19891a45f9992d7f0fbcff79e9b34d8b3b965850f486762e2d5a5dd0901c371dff47e77bedaa6c3b3ff7bbd7a1786841260d58ce1d4bed85e6c06be4f9662a27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
7KB

MD5
c512b441b935c46d4281af425742c566

SHA1
2cb4cc66e77797fbed7a3f0c272ce2980886336a

SHA256
31697617916350f336f1531a57cbedd1421093eda2745cb8eedafc687b0b6ed2

SHA512
809ff7948b18875b2ce17898d59b0d7889eb1fa669e56223c46c8547ee6ad7fa5c955926bef2fcb3aa3ac9081c455b399e8da463745d2535d065825de386cf1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
547d495cb63473e1593097dee72006a9

SHA1
f42854a67f3e330ae2697b8b517a4564972fe1fd

SHA256
9209c007aadb9adb656a8b46f938f2be9b20279072ea8551f6d489e9a42898b3

SHA512
fd2d08c3d740032d964b1ca3ff1ad2672f0666521f86e785dffaa2eb3b4e31ceae92f7fed5006f040cd498ccc8a6ca57cdc9ad70e2af5dd125ba39decd47ca76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
8KB

MD5
55574d271574e69b37275375ff210322

SHA1
41ccf1f555d5d2ee0beba6d2850f336b9a676988

SHA256
aeb851abd8cad6fd73530c5c42aeec0560c0d3607d85563cef71e121dd1f4c31

SHA512
293ad3def39e05c53625b93290da971b8afb57775d7f3a493d6e29c7a302b298e92035d346dea427f38b046fb7f94c5b76e71acb5501b2948abfff07fcfd3587

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
7KB

MD5
11a5d6d20c96e4080c583ac2a705a9a6

SHA1
8df960c4b9d5177a26ba5097973f7faeafdedf8b

SHA256
b0804ea87dce3b3c881e2a3a31d8c3f9596aaf8152fbf385d69dda34a8b7e180

SHA512
563918f045202652cae61ba728c7fd661b42e763476a4064c04a3e5c3a57e408d2a37ee948ff6f176586c2b1d282e37e8cecd17341b2e1f858cabb5b4507832e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
2a62f51a3c456f8262887b5582f11b09

SHA1
5e913b405ded3f699f5dd0382ac65e785e342150

SHA256
9b138a0828bfc58bada87372aa6b356d20eafab84d54477661a0a8b157e1687e

SHA512
be76ac40bac8d6b299c924679011e4a1076d4d5a401a95d3e332f6011e05665230640b7380a81d34c8c918be4a12f0c9f05823352aa8e34c360dcc4d8b7d0a1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
d1877cfcd85b3cf1a21ae0bfe327a51f

SHA1
ae0dbf792f032f8b8d95c08e3b0955a7069e3fd1

SHA256
e7b0565d61760d6650e6cc9146fb59201cdae6021c06884e17b06dba97750820

SHA512
fb4af61f96018549ba0fb6e182fb9935468f4dd76d64597c80a5ce6c4f6f8bd6f1558c3acf3aff374690b2007480a7e0e921682b410a8440413fd4c70067d94b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
523B

MD5
5dadba19aada81bf940e47f0df0f6bd9

SHA1
041af6835e953c1981c833de4a3e73db747ad5da

SHA256
c3eb63730192807dd4f5b2ad3d70336892fdaa4e26ae3910baec1fb8b9db7828

SHA512
0f7ea28d8cf71debe60049b8c1eea0548b18a2ed005e4b0341782ed26de0a80514d77524997aa64f4267f903842e01f9352b1675c1717fe0bd68ea51228fa5ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
1b646c04447edc46a4a948524309cf87

SHA1
e979a8c8ee592f6204a510d2a52730acc742e6c8

SHA256
93e2973c4edd9bd8a330c82056b7a6f6cdd86c02040dbba527a6d804b8085311

SHA512
34e9959cf485487aec91129b1579b173193417a92ea9f6929ca7464bbe2ae5870378435ab393f344586901e3f062ad0eb29088006e9771ffc44452bee9118a07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
350ade9c7fd8113d295d331e87bab075

SHA1
a748ab15710c744e45a2bda1d26b4b55c8d96969

SHA256
8d72435add0df3eba564d2b88b7982e0ed0e33f9621b0aabeaaaabd9feab8eb6

SHA512
24badc508e7209c023880adcf7ce87efff119feac6fea8ab909f303f0371f330468fbc30ecc3d28ddb229e335c4130d9aecda40e031c620af2b15e6602fd0768

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
77ec21480b2134b12f93223758568e14

SHA1
cce4465bc55a979b122bd659261f932709c8f3d3

SHA256
f757a7ef957210d41d3c72801a901dbca68dade2f8b0761e9634827edf62547a

SHA512
3831d3d918491d2ee570f2e2e5c0e8d9a8ae797f33904df17557f392dcef316eaba512f12d875823d6f403bef73761e44a7ac5cdebbf67d45555b3687b27059e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
026d0a71676cff6f9f70a9271c5458b1

SHA1
62e6bdf6a4a03f03d6a31cfcbb40e139279353f3

SHA256
0ca4a3e30450b7ae9530fce68359c7ed39384900a4404759276b0acf2c0f4193

SHA512
adf1beb6882ad75c00a8b53f0af25b20fc093d5b9c97a14b72fdb89f8ec261c8b1f9f0c3e88a1746ab73418822e4da7210ac22d5a144cc99a8f26e1e8e9e0fd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
3b989eb471d6f2ebe5819a9fd1e0bb20

SHA1
a75ba9f93049db0034e0d7157c26308aeef1c46a

SHA256
50d7fd9745078922727cd60d84d4d01fbd671e00c6830e14389a6648141a8dad

SHA512
aede72f1754f052a689b8cc3e151883e4fe14684b20b6fb3f0a8956c300b47466e82b0ef8530458dbbffe44c5e3ec41ff28b50791c9ce802188eec1bb6adbadc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
04ac79e72b621e3ba68555e6bb390ae2

SHA1
a67a1f8f5d0b41a9aba4f96c7856c8d965ec7e5d

SHA256
8eefa0df1525bfff6028bbba393dbadb2ab76db03c30f96e9b28abd4c7113029

SHA512
9a0df69a2ed6241a1f9391e322840e05b7cf598a0895f342ff2fabaad2e81cfbba9c8d94407bdafd98a6f888d95274da87e5e1bf9a00a15801807a50445e8467

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
59867d1fb120ecad10b92415f9decf68

SHA1
a8f06fde0622dc25beacce38045673eebc7ead2f

SHA256
df5551ac82af8bd0a956f3c340b7b045884cca03b0fced0e69ac50a84bb660c2

SHA512
92653b18bfa565cb18c14f3ffa8648921cae50b9a7e5e2a3606ba81900d1fb3137a91fcbd20025a65a1addf41a69c5b3beb55f9fde97130b2d866176132a46e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
c5d06c15f20416d7eb916d371e2284e5

SHA1
67829934712a49023fa1bf0727986d5ec07efee9

SHA256
0f2c4bd9251894a33117e01c160995ffc6eb91752a4110bdf4dfeb759a3e58d9

SHA512
f48cc0c533c65e77a87e94a2c4dd6d91c5924af17a075b1cd10e795c6af9675dfbe3b9016ed22a0c62c7c304d2aa537da170914ad592f03a31b389d531a63c8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
14642f0113e9f0a45e5e11440858414c

SHA1
4f5cdea65594a35d576a2e14d5296089b7e702ae

SHA256
1d362818628bf86993b9d98dfb056c6c323cf86ba123599ea0eb5925e4d3f71c

SHA512
a2f6584ad2fb06ed3c2afc687c1ef5255d2e4254eaa9b911d2835d112f55ad1efdd06dc423bab0bcfce631c54c6847d1847b03327716c27952d642aec85a34f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
992f3827bde526742e3ec652781d7863

SHA1
8549c5336712092aad43a1d657ec9192211ad632

SHA256
3159f381ee9c7b14a7d6f8f1d98bc2d964226e362d571149f2e44870562e9940

SHA512
1a5318dbb6d41853b6656b14365161beaed3a88742cf55d5ef53d060b684da2d3ae2cc24471a6f54f2276179b9827d075acf478a18e726bda8167af44e761423

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
4c946f599b554097562af1c1cb1b5866

SHA1
6bb73a7a70dbda3da7ba4307638003d47fcee1f9

SHA256
b978aae49affdb5d26fafeeffa741bf148e948c90c84782b79c571d138c69f06

SHA512
0c8991df3ba888a0e9b482191e50c0a750044279ff217f927ddd0a9249a9fffcaaecd1a2a91250d4d0d7bc64116cbba9d2cfd98ba25ab39018f86228205d1182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
450ef175d00e52a2bfb41211ac23f46d

SHA1
cf9bb8200f8e7191a1bd7091705d715b95662a4a

SHA256
a347e802a83264f1e81ca8d3904c433c3c24279407dd36aabb660f674e2d5bc2

SHA512
0565b1ae8a841ce7c28e2003148f89892ef8e9726aeccc92fde5936b6e2ccbe963a292f77a33fef98ff0e8aeca5bd32e0390d317e0dfb0559c653b55bce8575d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
9ebfa31439045156af3aab5f49b7f682

SHA1
3e7c35d309200784e134e22a3d5648fb178c65a1

SHA256
3846cc1ecda095e5af752235cf344cbbf14bb22fd8a907b1791c1ce31174aa37

SHA512
24073503b2aa576a2c6850bf31f1ba08d0eb5a853140864641fbfe858be539295374b8ccf1498a78748159f3d9ee316d78654a096c1ce622554f0781ea3f705c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
97b4e3b4c097a4d7d53065465287e999

SHA1
5eab66ef06022333523167e70e5ee8c1cfb5e379

SHA256
da14ed1c8bd93d94ddc50aa624ca6652544eff80809ef71361ca8c225ea89adf

SHA512
1f7baf019891675cc8b43b20fe9ef50b758ec867330a51fdd47b95eae7f56882a585ab9aca8d91783d00df985ac710c0f9a315dedcb8c1c1faf4ab40d7dab6b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
6e8c577f7aa52b538c4dded9164fdfae

SHA1
7d724b00572f74d187df47f4ceb6f773e1bee904

SHA256
375f7ff14eb2a3e07eecbf757cd87b2ee82a148378754e81e8b7ecc745620d19

SHA512
f5d892ed085c283c150e224c6e0567aa3140930172efb32700c074f983682cd43e370a0123385b2bcf0fad503321bdc1ab3630b65ffc9cf72819139b43a9ea97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
eb51e57b13ad0ce2834182212a270eff

SHA1
9682de66ffa098379428b0d19520657955a89f16

SHA256
9b8666343d6ced29c6169139354043bf1672ae1182e3b84aa800fc69a70cb824

SHA512
10b41cf206a02e1c108e9be2ba8f5bbfe398102ce768d869ba6a272017f947c15400a2e5c7d7b7f6526bfafba47887097f7e08cad288c05ec8a676dd6ee338be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
3fdd7c96c02a0fcbfbafcd72a5a852dc

SHA1
a863a9aa8b2b6d0b3cd49c17e201e9fe51c3e9c7

SHA256
6b194be195ade8dfccce2c5ae8373e98ee802891961eee65744c0af22026ae42

SHA512
aa9d129abb764eb126efae1b47dc933920cf23e590dfed0fb503c820f2f674a8878355aa153b48fb113c5c7a9d61074634f18a80b1a532b2815ce0b263b76215

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
becb5865c2ddca0f5f9ed4916d890545

SHA1
edf72cc8e261ce68f77021f42cdc025c50cf181a

SHA256
f0a28ef2918b5bd818aa5b4a792c9c7f2cc4ce28447059f3e4faac8aadc34ca9

SHA512
92ebe40e92d815632cf58709e04f9f25622f36f1cd9abc954ee01310afa2989d13612c3e30e7521b76c3c28ae941f743f7cf66d1925cebff92831fc6029d01bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
1d3532b125b79a2562b2a5c77c1554bb

SHA1
63dd6a4dba03151683d167fccda363149bf5e1a0

SHA256
54614da88aa7420754ca3ddb91c347345e40a55e6df96340dcd7c1b8bba17663

SHA512
c49fe6892bfd689eae69fc4fe288d730f057242077b50d9dc636f0584db6c7165ae2350fd264b7174de021eaba345f359aadf198dd2241bb85c06be030093685

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
8a141c580ce80a6e856f0d68fee91da1

SHA1
dee5468c5ca33bd4a21c3420b3788bb66cedad35

SHA256
2ffc66bb3dde456f4c48f1bec46ad31e9d6ec07b09ea1b8d01bb5ce3570b03ee

SHA512
0b7cc778ed57b761480a13c579cacfdf8588563353d88a5663b04cb1093e3faffc6f3154c94ee9d54747cbb539a157c7ac1c8a3371b75b8e4456f323692785fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
dbb33a33f9eadabce641629a422480c8

SHA1
1f3f25172570b3d23c61ca255c9741474f6001f7

SHA256
53f3d2aced9cb082943729508d7e59649ae181d1a0017e3a0a3232aef76199a4

SHA512
586a66990647f6bc4ba8726f83743e78f7494de44336fb11bcf0289636be4caba6404919a08efa91244527c7b5f84db1f09275b88e9422613bb3debe793bc32e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
6b9eb39d0fd6e42e682bea16185efb11

SHA1
bd300e1d2c19ed7aca914e5f80fac71a32c8cd5a

SHA256
770b4513bea47d276f9883d4e754e68f21e1147cbe5de128bd4314416b284468

SHA512
7d9a3a3540c372f6e932e3d4cdb950fe8425d1d34e10697de04ca4a10a70bea17e12b6e8f0a8a396ff3decffffba4105dcb6f0bde03903bbe729fb18aa8d49d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
16KB

MD5
944b3a28243de3f38d9d239768b2c3bf

SHA1
2be72b9fff504edf5a95f7dcd5c6cbb9fd1ce08f

SHA256
10644c335619425793ff8b30890e31a201ee418671a254d64cb0ad59544570c6

SHA512
619f7f002f9cd88e8f71403f98b010a7684c9fe54c952a84e83c6255c3bc5e774d843e2aee692de7704c62df71d2ace85e5eb21a6037acbdbe22a8a18f0a8ba0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
264KB

MD5
d40256c36b98309e10a6ae83b8802580

SHA1
143af689ed499e7c8478920624c5d3fe3314cb5d

SHA256
af67c1fdeaf94642a9f994704c93acc6f936fe5e667a6a035e8874b09439eeb3

SHA512
664d502550b4708e53d5a9f6def521323a7324d6869ee41371d08039069007a1cdd6519f5d31c1a01d856d1cd350dd86edde4238173b2d27542a88fe69f13bc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
91KB

MD5
93c794099cfb3258a498502822e3f8a8

SHA1
624de31411b9a3afc5eac43d638b197f29a142cc

SHA256
b8d21e74648901520a7a94ac17c8279037474c0bc48ae6e487d4042c8c66e4a0

SHA512
048f639cef734196fd5e29dd33a0e80fb528689d5f2812948e631685dad50624f6bdaf3239d6ac1b7bab132c4b8cb6d1b8bc6acbcf60ad4234d8da63f481eb56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
96KB

MD5
d156925d9462ce6239ef25d005798b55

SHA1
89102b4c8c74a1cd2a5ff80ed0efefcc151b16cb

SHA256
0e98bcbc09e19ba20dd34cc2758c8e0178169d2ed2b1828ecc5b8f269832b98a

SHA512
b6aa33e8023fb9bc8edc702bfb71aeefeb19a066d9187903136129c978ff3fbb8c5b4881eec73e5ebc7347336a79015e229f23e196c769bcf8d684fefc987632

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58d5aa.TMP
Filesize
88KB

MD5
dd1247137da790af6303c65d05dbdd99

SHA1
d1b526e4e22f46d94f0d705eb92f283b4eeb3af2

SHA256
2049493d71c012aa1dbe66e6597f1adaa80f7f05e9f6bb6dc0351be098d91f9a

SHA512
7d6d5d3a120767656ffe9facf46dcac9d2192016a414c2f7fa566535618f7722b7667489b8c28c87258c2dab2f9b855592b9e6c90ac6e0d18ed880c57f5afd9d

Download Submit
C:\Users\Admin\Downloads\rblx hacks REAL.rar
Filesize
367KB

MD5
0e9547daeef407dc9fd2be7976d60f8a

SHA1
e5dc59ef908599cbdfaf160d0c852cfd412afb92

SHA256
be449362ee5003c6a1b6f73a7d3ef1b2d5b67c9eb57e317ab672df32fa8cf366

SHA512
fcd410b6b7d8871a768736fbc8d9af9057a4273ccb0a015663002fb16efb6a853b2f0c36f3c2207b7b3efa623181ddad6de89f9e7a64a1ecedde53216fac67d5

Download Submit
C:\Users\Admin\Downloads\rblx hacks REAL\Client-built.exe
Filesize
78KB

MD5
456bf5de813e40ca39898ca6ba16b1d7

SHA1
4b668377e4f81802f5a975739a2799d140e04d55

SHA256
9ea8612ee8a4e2599a73e99cee7afd8be19faedd655ff2f54b1f06e486021135

SHA512
7f3747235a0f48c774ad084207f43201dfdac9bc3bfd340f645cd7c13b61a853e01227756d1f9f154f5f541914c316b86fcbe1ab9a130aee117f17daab9b3191

Download Submit
\??\pipe\crashpad_1540_XIETXFEPGFISJDSS
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/3140-5-0x00007FFF846E0000-0x00007FFF851A1000-memory.dmp

Filesize
10.8MB

Download
memory/3140-4-0x0000023D49090000-0x0000023D495B8000-memory.dmp

Filesize
5.2MB

Download
memory/3140-3-0x00007FFF846E0000-0x00007FFF851A1000-memory.dmp

Filesize
10.8MB

Download
memory/3140-1-0x00007FFF846E3000-0x00007FFF846E5000-memory.dmp

Filesize
8KB

Download
memory/3140-2-0x0000023D48890000-0x0000023D48A52000-memory.dmp

Filesize
1.8MB

Download
memory/3140-0-0x0000023D2E210000-0x0000023D2E228000-memory.dmp

Filesize
96KB

Download