7a1f5019f13ae522f2a8dd656eece0e0e5200d1fa29d7145cf1f5839838570d8

Analysis

max time kernel
113s
max time network
112s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
13/07/2024, 19:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Mod Menu.exe
Size

87.5MB
MD5

31f4b9bc75fca596d7f0a38786665bc4
SHA1

85b6813f398c89e897c2aff0298ea53d030e96ef
SHA256

5e7761b435a3cd803a547332ba35d8c9e98dc7d47a4fcfbbacba179748861b33
SHA512

0cc9fac8625a39c9097f7def1c942be27372aad4b3f4381cd551cbc74f8c66256d5d19618ab8954cdb6c30c2a8e534b74da2899ba1c610444fbbb0deb3583c19
SSDEEP

1572864:VGwoY5r4BqkD9HsJer8JVde430pspkfOhRkkcdR5uRuLE+w7++:ycr4IkD9MJp4430yagRKkl

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 11 IoCs

pid	Process
3116	XModz Mod Menu.exe
1228	XModz Mod Menu.exe
1952	XModz Mod Menu.exe
2988	XModz Mod Menu.exe
4964	XModz Mod Menu.exe
1016	XModz Mod Menu.exe
4044	XModz Mod Menu.exe
804	XModz Mod Menu.exe
4880	XModz Mod Menu.exe
4984	XModz Mod Menu.exe
1228	XModz Mod Menu.exe

Loads dropped DLL 18 IoCs

pid	Process
3116	XModz Mod Menu.exe
1228	XModz Mod Menu.exe
1952	XModz Mod Menu.exe
2988	XModz Mod Menu.exe
1228	XModz Mod Menu.exe
1228	XModz Mod Menu.exe
1228	XModz Mod Menu.exe
1228	XModz Mod Menu.exe
4964	XModz Mod Menu.exe
4044	XModz Mod Menu.exe
804	XModz Mod Menu.exe
4880	XModz Mod Menu.exe
4984	XModz Mod Menu.exe
804	XModz Mod Menu.exe
804	XModz Mod Menu.exe
804	XModz Mod Menu.exe
804	XModz Mod Menu.exe
1228	XModz Mod Menu.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2087971895-212656400-463594913-1000\Software\Microsoft\Windows\CurrentVersion\Run\Mod Menu = "C:\\Users\\Admin\\AppData\\Roaming\\Mod Menu\\XModz Mod Menu.exe"	Mod Menu.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies system certificate store 2 TTPs 14 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d4624030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	XModz Mod Menu.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 5c000000010000000400000000080000040000000100000010000000324a4bbbc863699bbe749ac6dd1d4624030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e650190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	XModz Mod Menu.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd67707390b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b660537f000000010000000e000000300c060a2b0601040182370a03047e000000010000000800000000c001b39667d60168000000010000000800000000409120d035d901030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	XModz Mod Menu.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 5c000000010000000400000000080000190000000100000010000000a823b4a20180beb460cab955c24d7e21030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c7e00000001000000080000000000042beb77d5017a000000010000000c000000300a06082b060105050703097f000000010000000c000000300a06082b060105050703091d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c990b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b060105050703080f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d0400000001000000100000003e455215095192e1b75d379fb187298a200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	XModz Mod Menu.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	XModz Mod Menu.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	XModz Mod Menu.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C	XModz Mod Menu.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0400000001000000100000003e455215095192e1b75d379fb187298a0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b9992367f000000010000000c000000300a06082b060105050703097a000000010000000c000000300a06082b060105050703097e00000001000000080000000000042beb77d501030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c190000000100000010000000a823b4a20180beb460cab955c24d7e21200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	XModz Mod Menu.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e260f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a040000000100000010000000324a4bbbc863699bbe749ac6dd1d46242000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	XModz Mod Menu.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	XModz Mod Menu.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A	XModz Mod Menu.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	XModz Mod Menu.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13	XModz Mod Menu.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1368000000010000000800000000409120d035d9017e000000010000000800000000c001b39667d6017f000000010000000e000000300c060a2b0601040182370a03041d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589100b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000006200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	XModz Mod Menu.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1544	msedge.exe
1544	msedge.exe
2408	msedge.exe
2408	msedge.exe
1136	identity_helper.exe
1136	identity_helper.exe
2464	msedge.exe
2464	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3116	XModz Mod Menu.exe
Token: SeCreatePagefilePrivilege	3116	XModz Mod Menu.exe
Token: SeShutdownPrivilege	3116	XModz Mod Menu.exe
Token: SeCreatePagefilePrivilege	3116	XModz Mod Menu.exe
Token: SeShutdownPrivilege	3116	XModz Mod Menu.exe
Token: SeCreatePagefilePrivilege	3116	XModz Mod Menu.exe
Token: SeShutdownPrivilege	3116	XModz Mod Menu.exe
Token: SeCreatePagefilePrivilege	3116	XModz Mod Menu.exe
Token: SeShutdownPrivilege	3116	XModz Mod Menu.exe
Token: SeCreatePagefilePrivilege	3116	XModz Mod Menu.exe
Token: SeShutdownPrivilege	3116	XModz Mod Menu.exe
Token: SeCreatePagefilePrivilege	3116	XModz Mod Menu.exe
Token: SeShutdownPrivilege	3116	XModz Mod Menu.exe
Token: SeCreatePagefilePrivilege	3116	XModz Mod Menu.exe
Token: SeShutdownPrivilege	3116	XModz Mod Menu.exe
Token: SeCreatePagefilePrivilege	3116	XModz Mod Menu.exe
Token: SeShutdownPrivilege	3116	XModz Mod Menu.exe
Token: SeCreatePagefilePrivilege	3116	XModz Mod Menu.exe
Token: SeShutdownPrivilege	3116	XModz Mod Menu.exe
Token: SeCreatePagefilePrivilege	3116	XModz Mod Menu.exe
Token: SeShutdownPrivilege	3116	XModz Mod Menu.exe
Token: SeCreatePagefilePrivilege	3116	XModz Mod Menu.exe
Token: SeShutdownPrivilege	3116	XModz Mod Menu.exe
Token: SeCreatePagefilePrivilege	3116	XModz Mod Menu.exe
Token: SeShutdownPrivilege	3116	XModz Mod Menu.exe
Token: SeCreatePagefilePrivilege	3116	XModz Mod Menu.exe
Token: SeShutdownPrivilege	3116	XModz Mod Menu.exe
Token: SeCreatePagefilePrivilege	3116	XModz Mod Menu.exe
Token: SeShutdownPrivilege	3116	XModz Mod Menu.exe
Token: SeCreatePagefilePrivilege	3116	XModz Mod Menu.exe
Token: SeShutdownPrivilege	3116	XModz Mod Menu.exe
Token: SeCreatePagefilePrivilege	3116	XModz Mod Menu.exe
Token: SeShutdownPrivilege	3116	XModz Mod Menu.exe
Token: SeCreatePagefilePrivilege	3116	XModz Mod Menu.exe
Token: SeShutdownPrivilege	3116	XModz Mod Menu.exe
Token: SeCreatePagefilePrivilege	3116	XModz Mod Menu.exe
Token: SeShutdownPrivilege	3116	XModz Mod Menu.exe
Token: SeCreatePagefilePrivilege	3116	XModz Mod Menu.exe
Token: SeShutdownPrivilege	3116	XModz Mod Menu.exe
Token: SeCreatePagefilePrivilege	3116	XModz Mod Menu.exe
Token: SeShutdownPrivilege	3116	XModz Mod Menu.exe
Token: SeCreatePagefilePrivilege	3116	XModz Mod Menu.exe
Token: SeShutdownPrivilege	3116	XModz Mod Menu.exe
Token: SeCreatePagefilePrivilege	3116	XModz Mod Menu.exe
Token: SeShutdownPrivilege	3116	XModz Mod Menu.exe
Token: SeCreatePagefilePrivilege	3116	XModz Mod Menu.exe
Token: SeShutdownPrivilege	3116	XModz Mod Menu.exe
Token: SeCreatePagefilePrivilege	3116	XModz Mod Menu.exe
Token: SeShutdownPrivilege	3116	XModz Mod Menu.exe
Token: SeCreatePagefilePrivilege	3116	XModz Mod Menu.exe
Token: SeShutdownPrivilege	3116	XModz Mod Menu.exe
Token: SeCreatePagefilePrivilege	3116	XModz Mod Menu.exe
Token: SeShutdownPrivilege	3116	XModz Mod Menu.exe
Token: SeCreatePagefilePrivilege	3116	XModz Mod Menu.exe
Token: SeShutdownPrivilege	3116	XModz Mod Menu.exe
Token: SeCreatePagefilePrivilege	3116	XModz Mod Menu.exe
Token: SeShutdownPrivilege	3116	XModz Mod Menu.exe
Token: SeCreatePagefilePrivilege	3116	XModz Mod Menu.exe
Token: SeShutdownPrivilege	4044	XModz Mod Menu.exe
Token: SeCreatePagefilePrivilege	4044	XModz Mod Menu.exe
Token: SeShutdownPrivilege	4044	XModz Mod Menu.exe
Token: SeCreatePagefilePrivilege	4044	XModz Mod Menu.exe
Token: SeShutdownPrivilege	4044	XModz Mod Menu.exe
Token: SeCreatePagefilePrivilege	4044	XModz Mod Menu.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 860 wrote to memory of 3116	860	Mod Menu.exe	84
PID 860 wrote to memory of 3116	860	Mod Menu.exe	84
PID 3116 wrote to memory of 1228	3116	XModz Mod Menu.exe	85
PID 3116 wrote to memory of 1228	3116	XModz Mod Menu.exe	85
PID 3116 wrote to memory of 1228	3116	XModz Mod Menu.exe	85
PID 3116 wrote to memory of 1228	3116	XModz Mod Menu.exe	85
PID 3116 wrote to memory of 1228	3116	XModz Mod Menu.exe	85
PID 3116 wrote to memory of 1228	3116	XModz Mod Menu.exe	85
PID 3116 wrote to memory of 1228	3116	XModz Mod Menu.exe	85
PID 3116 wrote to memory of 1228	3116	XModz Mod Menu.exe	85
PID 3116 wrote to memory of 1228	3116	XModz Mod Menu.exe	85
PID 3116 wrote to memory of 1228	3116	XModz Mod Menu.exe	85
PID 3116 wrote to memory of 1228	3116	XModz Mod Menu.exe	85
PID 3116 wrote to memory of 1228	3116	XModz Mod Menu.exe	85
PID 3116 wrote to memory of 1228	3116	XModz Mod Menu.exe	85
PID 3116 wrote to memory of 1228	3116	XModz Mod Menu.exe	85
PID 3116 wrote to memory of 1228	3116	XModz Mod Menu.exe	85
PID 3116 wrote to memory of 1228	3116	XModz Mod Menu.exe	85
PID 3116 wrote to memory of 1228	3116	XModz Mod Menu.exe	85
PID 3116 wrote to memory of 1228	3116	XModz Mod Menu.exe	85
PID 3116 wrote to memory of 1228	3116	XModz Mod Menu.exe	85
PID 3116 wrote to memory of 1228	3116	XModz Mod Menu.exe	85
PID 3116 wrote to memory of 1228	3116	XModz Mod Menu.exe	85
PID 3116 wrote to memory of 1228	3116	XModz Mod Menu.exe	85
PID 3116 wrote to memory of 1228	3116	XModz Mod Menu.exe	85
PID 3116 wrote to memory of 1228	3116	XModz Mod Menu.exe	85
PID 3116 wrote to memory of 1228	3116	XModz Mod Menu.exe	85
PID 3116 wrote to memory of 1228	3116	XModz Mod Menu.exe	85
PID 3116 wrote to memory of 1228	3116	XModz Mod Menu.exe	85
PID 3116 wrote to memory of 1228	3116	XModz Mod Menu.exe	85
PID 3116 wrote to memory of 1228	3116	XModz Mod Menu.exe	85
PID 3116 wrote to memory of 1228	3116	XModz Mod Menu.exe	85
PID 3116 wrote to memory of 1228	3116	XModz Mod Menu.exe	85
PID 3116 wrote to memory of 1228	3116	XModz Mod Menu.exe	85
PID 3116 wrote to memory of 1228	3116	XModz Mod Menu.exe	85
PID 3116 wrote to memory of 1228	3116	XModz Mod Menu.exe	85
PID 3116 wrote to memory of 1228	3116	XModz Mod Menu.exe	85
PID 3116 wrote to memory of 1228	3116	XModz Mod Menu.exe	85
PID 3116 wrote to memory of 1228	3116	XModz Mod Menu.exe	85
PID 3116 wrote to memory of 1228	3116	XModz Mod Menu.exe	85
PID 3116 wrote to memory of 1952	3116	XModz Mod Menu.exe	86
PID 3116 wrote to memory of 1952	3116	XModz Mod Menu.exe	86
PID 3116 wrote to memory of 2988	3116	XModz Mod Menu.exe	87
PID 3116 wrote to memory of 2988	3116	XModz Mod Menu.exe	87
PID 3116 wrote to memory of 4964	3116	XModz Mod Menu.exe	88
PID 3116 wrote to memory of 4964	3116	XModz Mod Menu.exe	88
PID 3116 wrote to memory of 4964	3116	XModz Mod Menu.exe	88
PID 3116 wrote to memory of 4964	3116	XModz Mod Menu.exe	88
PID 3116 wrote to memory of 4964	3116	XModz Mod Menu.exe	88
PID 3116 wrote to memory of 4964	3116	XModz Mod Menu.exe	88
PID 3116 wrote to memory of 4964	3116	XModz Mod Menu.exe	88
PID 3116 wrote to memory of 4964	3116	XModz Mod Menu.exe	88
PID 3116 wrote to memory of 4964	3116	XModz Mod Menu.exe	88
PID 3116 wrote to memory of 4964	3116	XModz Mod Menu.exe	88
PID 3116 wrote to memory of 4964	3116	XModz Mod Menu.exe	88
PID 3116 wrote to memory of 4964	3116	XModz Mod Menu.exe	88
PID 3116 wrote to memory of 4964	3116	XModz Mod Menu.exe	88
PID 3116 wrote to memory of 4964	3116	XModz Mod Menu.exe	88
PID 3116 wrote to memory of 4964	3116	XModz Mod Menu.exe	88
PID 3116 wrote to memory of 4964	3116	XModz Mod Menu.exe	88
PID 3116 wrote to memory of 4964	3116	XModz Mod Menu.exe	88
PID 3116 wrote to memory of 4964	3116	XModz Mod Menu.exe	88
PID 3116 wrote to memory of 4964	3116	XModz Mod Menu.exe	88
PID 3116 wrote to memory of 4964	3116	XModz Mod Menu.exe	88

C:\Users\Admin\AppData\Local\Temp\Mod Menu.exe
"C:\Users\Admin\AppData\Local\Temp\Mod Menu.exe"
1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:860
- C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe
  "C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies system certificate store
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:3116
- - C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe
    "C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xmodz-mod-menu-nativefier-e5a4a8" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1600 --field-trial-handle=1664,i,557372454794954867,9875861562283487889,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1228
- - C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe
    "C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\xmodz-mod-menu-nativefier-e5a4a8" --mojo-platform-channel-handle=1956 --field-trial-handle=1664,i,557372454794954867,9875861562283487889,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1952
- - C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe
    "C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\xmodz-mod-menu-nativefier-e5a4a8" --app-user-model-id=xmodz-mod-menu-nativefier-e5a4a8 --app-path="C:\Users\Admin\AppData\Roaming\Mod Menu\resources\app" --no-sandbox --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2176 --field-trial-handle=1664,i,557372454794954867,9875861562283487889,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2988
- - C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe
    "C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\xmodz-mod-menu-nativefier-e5a4a8" --app-user-model-id=xmodz-mod-menu-nativefier-e5a4a8 --app-path="C:\Users\Admin\AppData\Roaming\Mod Menu\resources\app" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3380 --field-trial-handle=1664,i,557372454794954867,9875861562283487889,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4964
- - C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe
    "C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\xmodz-mod-menu-nativefier-e5a4a8" --app-user-model-id=xmodz-mod-menu-nativefier-e5a4a8 --app-path="C:\Users\Admin\AppData\Roaming\Mod Menu\resources\app" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3416 --field-trial-handle=1664,i,557372454794954867,9875861562283487889,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Executes dropped EXE
    PID:1016
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://d1ftkft7iiluq6.cloudfront.net/public/dynamo/lockerClick.php?offer=53473226&offer_position=5&it=3847195&m=0&visitor_id=Vdbc183f2b79a0&cpguid=&hash=d145d931e1adc6dd4eb89764a4a4ebcc
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:2408
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffdf8ae3cb8,0x7ffdf8ae3cc8,0x7ffdf8ae3cd8
      4⤵
      PID:2992
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,17639609961384651885,14687715356631736809,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1900 /prefetch:2
      4⤵
      PID:1424
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1872,17639609961384651885,14687715356631736809,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1544
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1872,17639609961384651885,14687715356631736809,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8
      4⤵
      PID:5116
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,17639609961384651885,14687715356631736809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
      4⤵
      PID:1212
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,17639609961384651885,14687715356631736809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
      4⤵
      PID:3032
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,17639609961384651885,14687715356631736809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
      4⤵
      PID:1712
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,17639609961384651885,14687715356631736809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:1
      4⤵
      PID:2020
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,17639609961384651885,14687715356631736809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
      4⤵
      PID:4716
  - - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1872,17639609961384651885,14687715356631736809,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3408 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1136
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1872,17639609961384651885,14687715356631736809,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3384 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2464

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1700

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5040

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4572

C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe
"C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:4044
- C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe
  "C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xmodz-mod-menu-nativefier-e5a4a8" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1352 --field-trial-handle=1636,i,1167509960167006187,5654021161234573691,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:804
- C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe
  "C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\xmodz-mod-menu-nativefier-e5a4a8" --mojo-platform-channel-handle=1988 --field-trial-handle=1636,i,1167509960167006187,5654021161234573691,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4880
- C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe
  "C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\xmodz-mod-menu-nativefier-e5a4a8" --app-user-model-id=xmodz-mod-menu-nativefier-e5a4a8 --app-path="C:\Users\Admin\AppData\Roaming\Mod Menu\resources\app" --no-sandbox --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2284 --field-trial-handle=1636,i,1167509960167006187,5654021161234573691,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4984
- C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe
  "C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\xmodz-mod-menu-nativefier-e5a4a8" --app-user-model-id=xmodz-mod-menu-nativefier-e5a4a8 --app-path="C:\Users\Admin\AppData\Roaming\Mod Menu\resources\app" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3104 --field-trial-handle=1636,i,1167509960167006187,5654021161234573691,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1228

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5478498cbfa587d1d55a9ca5598bf6b9

SHA1
82fedfb941371c42f041f891ea8eb9fe4cf7dcc8

SHA256
a4e82ce07a482da1a3a3ba11fcceee197c6b2b42608320c4f3e67f1c6a6d6606

SHA512
7641a2f3cc7321b1277c58a47dfd71be087f67f8b57dca6e72bd4e1b664f36151cd723e03ea348835581bcb773eb97911f985d5ee770d4d1b8b6f7849ce74b44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bb87c05bdde5672940b661f7cf6c188e

SHA1
476f902e4743e846c500423fb7e195151f22f3b5

SHA256
7b7f02109a9d1f4b5b57ca376fcacd34f894d2c80584630c3733f2a41dddf063

SHA512
c60d8b260d98ced6fe283ca6fed06e5f4640e9de2609bcfbfa176da1d0744b7f68acabfa66f35455e68cad8be1e2cfc9b5046463e13ae5f33bbbf87a005d1e0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
ae30cb805ad987f80eff989b008e1421

SHA1
21362aefa5c7c356c3b022907907012fd18323e9

SHA256
dae8d3b496e210125625fa6526d9cbaa5caf6834606c6a8ad8b0b9b74bad8c23

SHA512
a135daf7efb21660b77b22c2cf4236926568aba3df97058443180f25e250e49e925500fa4373b19915e719dc55817b15f92924dc6735a2c83d74263bc18cf0a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
abfd03b55f34d1ee2087684e2acbc93a

SHA1
24468a79507c86a11b74708d57d9e91e5dc525ab

SHA256
24f0c34b9f4e93f8416709392017120955ee560bddc867228e9b12870aa9ad74

SHA512
db95bdae339fe447f19fb16aa586bd97da071cf6d934a19da9593e169d11a827182f513de40289e21aef1acfd8ffc548ece35b7b2ceef2b53e1626283cfd16f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9607447f697ffdeda6a4d9feb7d67ea6

SHA1
826f1fd65d8e96f1786ac4d4801f7869ae635078

SHA256
34724d8c92c22c1081db3f2b803ea3873e85b767dc8b4398c37cc66430d8343a

SHA512
4cb0b143c2907229ad7e27193e17ef3fda156165cec023197352351aa116b7f64a332d163d7200da80a6ecccb876eecb2ea6b494e8f5dbb2d2a2c3ee6cc524a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c73b01746be39bb479ca56cecea1c29e

SHA1
16a407ec343375aaab9449c9dbd6621cb1dece3d

SHA256
f207fb8700c76c0a83cccb9327435ab0e9cd9f887fec9298bb872a7e46db6b4f

SHA512
fc49bd1bf187f7b54ec1e3f468f21dd51d71fd6c5da259e8426b6d58fd393a70f01db4a7517ff8e4489f4f2a7669f9da67cde531f5f739e029247154a9c0d062

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0b3420f3739264e4b3d56d72ad7203ed

SHA1
e6426feb62bfcc890e11ae8bf136e2e85cbd2066

SHA256
aeeb03da6e3d967291817430ddf9d0a4cbe2ea1e183963a1b8c6b72cff9649b4

SHA512
fa1dd7feb5f4e86e358c24e0af0f239b1821ba1e36d16f5c01ba4cab7436643286f179ea77b53679372ce8dd830a21dc8ec85d42da61471b0cf44c356639d574

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f6ee5e5a1dcf072038bd500d772fdcdf

SHA1
bf20ebb96d07e3f39d56792386941d27140068f7

SHA256
f714efdb5b6f9963d45841e160b0787b1c38d0357c4b356f198cce4d5b3e8d1a

SHA512
93635a801554d4802cb7602c890d7b13d48a436c02d43638cd556dd45dcb777441a1cbf6d8950d52a6cf2aa488409f3fe7aa828426161073ac67ac9d5cd36764

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8c84559ec5f72c3ed871987ca1313413

SHA1
6f242113269c185f8af55e447f00b47dd064f782

SHA256
f62fdc25e906bfa762fb0aae0b7a7ff75e4a23d2bd05eabd6ea1a9a446bfc93a

SHA512
aab05b2269c6325242930c9c8ec3c6d93f1368e80af8adfe89b210c53476fd1984c107c5e2d3367ce8c51321d74772b7fb2c0ddae6b56a824633b7176d1c5128

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Mod Menu\D3DCompiler_47.dll

Filesize
4.7MB

MD5
cb9807f6cf55ad799e920b7e0f97df99

SHA1
bb76012ded5acd103adad49436612d073d159b29

SHA256
5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a

SHA512
f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

Download Submit
C:\Users\Admin\AppData\Roaming\Mod Menu\chrome_100_percent.pak

Filesize
125KB

MD5
0cf9de69dcfd8227665e08c644b9499c

SHA1
a27941acce0101627304e06533ba24f13e650e43

SHA256
d2c299095dbbd3a3cb2b4639e5b3bd389c691397ffd1a681e586f2cfe0e2ab88

SHA512
bb5d340009cef2bcb604ef38fdd7171fed0423c2dc6a01e590f8d15c4f6bc860606547550218db41fba554609e8395c9e3c3508dfa2d8b202e5059e7646bdcef

Download Submit
C:\Users\Admin\AppData\Roaming\Mod Menu\chrome_200_percent.pak

Filesize
174KB

MD5
d88936315a5bd83c1550e5b8093eb1e6

SHA1
6445d97ceb89635f6459bc2fb237324d66e6a4ee

SHA256
f49abd81e93a05c1e53c1201a5d3a12f2724f52b6971806c8306b512bf66aa25

SHA512
75142f03df6187fb75f887e4c8b9d5162902ba6aac86351186c85e5f0a2d3825ca312a36cf9f4bd656cdfc23a20cd38d4580ca1b41560d23ebaa0d41e4cf1dd2

Download Submit
C:\Users\Admin\AppData\Roaming\Mod Menu\ffmpeg.dll

Filesize
2.7MB

MD5
b41b5ca7e8cdf2669494ae42bf476eca

SHA1
47fe1078383d1f42b62b96bc2aa73e2dd529c3c4

SHA256
308d47179729e3e06f5153c26621bb67af12fca73a37123987176df5fe9be218

SHA512
98d6822f6a7be5c9b86b6d63140f5e1b653021bf666a8611a18c37202f77947676d8c5c59022d99721423d3799375210b46f25c795e62dc1b258fffcfb3f9d2a

Download Submit
C:\Users\Admin\AppData\Roaming\Mod Menu\icudtl.dat

Filesize
9.9MB

MD5
c6ae43f9d596f3dd0d86fb3e62a5b5de

SHA1
198b3b4abc0f128398d25c66455c531a7af34a6d

SHA256
00f755664926fda5fda14b87af41097f6ea4b20154f90be65d73717580db26ee

SHA512
3c43e2dcdf037726a94319a147a8bc41a4c0fd66e6b18b3c7c95449912bf875382dde5ec0525dcad6a52e8820b0859caf8fa73cb287283334ec8d06eb3227ec4

Download Submit
C:\Users\Admin\AppData\Roaming\Mod Menu\libEGL.dll

Filesize
460KB

MD5
961c060f241a7ae22e962c82d7803ef1

SHA1
0060b167e55db981c1588ca2074b8ca38b9a8153

SHA256
c8e8007d746df73edbf73cdff18c09bb756f43814978c84a28a72f95d0ac5dc9

SHA512
79539e0d0036124b59f94c6fec0c596e64c41626b9994ff7457f2f6b26e8f2648f93f63f6422c444eb3c8b803079f6ef1f52191980ea88de9d25c40b30547599

Download Submit
C:\Users\Admin\AppData\Roaming\Mod Menu\libGLESv2.dll

Filesize
6.8MB

MD5
18d62249e5bd4fa1f66c95a9ee9eb275

SHA1
4ea5d8344a8fc09ed2bda4d3034c3c8410c85e91

SHA256
3299de173b3e5ce2f69476b77d96f6a758b2ccfdf3ad811902e5cd511c6888ff

SHA512
fa29557836e56f981249ee8500a8271a7795cbe2a4afb6abbbd57e4aa26c6b731d151258f093643bbfa18cd9adf706a9e4d532481c62d713b7f1a1045301dc07

Download Submit
C:\Users\Admin\AppData\Roaming\Mod Menu\locales\en-US.pak

Filesize
115KB

MD5
f982582f05ea5adf95d9258aa99c2aa5

SHA1
2f3168b09d812c6b9b6defc54390b7a833009abf

SHA256
4221cf9bae4ebea0edc1b0872c24ec708492d4fe13f051d1f806a77fe84ca94d

SHA512
75636f4d6aa1bcf0a573a061a55077106fbde059e293d095557cddfe73522aa5f55fe55a48158bf2cfc74e9edb74cae776369a8ac9123dc6f1f6afa805d0cc78

Download Submit
C:\Users\Admin\AppData\Roaming\Mod Menu\resources.pak

Filesize
4.9MB

MD5
c7b17b0c9e6e6aad4ffd1d61c9200123

SHA1
63a46fc028304de3920252c0dab5aa0a8095ed7d

SHA256
574c67ecd1d07f863343c2ea2854b2d9b2def23f04ba97b67938e72c67799f66

SHA512
96d72485598a6f104e148a8384739939bf4b65054ddde015dd075d357bcc156130690e70f5f50ec915c22df3d0383b0f2fbac73f5de629d5ff8dab5a7533d12b

Download Submit
C:\Users\Admin\AppData\Roaming\Mod Menu\resources\app\icon.ico

Filesize
10KB

MD5
0d4667904a142548fcff342c3aef5d65

SHA1
57a45bd12bda75de7fc0bf88f572d1d0b3023a35

SHA256
0a45a71d72de1ec29227df617e29c8acd3efb672b23ac8257d43f6deda924e92

SHA512
287b472c47401159d87127b389da0023b2e3052f73fb28f8664dfd4f24dc219035fbd1c042acc0b002a0366b3bc29ff22026a3e7598fcf4e8f470e58d2c36b8a

Download Submit
C:\Users\Admin\AppData\Roaming\Mod Menu\resources\app\lib\main.js

Filesize
496KB

MD5
7327af37c332ad146899073ec665a18a

SHA1
d35b0c9187a674bbe16687dc7c857d65b94a6f36

SHA256
d6d58a6a98a77a3c0cdb45e642d0a5d125ff3d75bb1f42e7803d100a9160dd05

SHA512
39d35e82d355b573e7ad153b2f4a36b226c39127bd19c48f722b670813d86adfc658563afa53c4129289ad397985f801020daf11174f7df850ea622cb0356435

Download Submit
C:\Users\Admin\AppData\Roaming\Mod Menu\resources\app\lib\preload.js

Filesize
12KB

MD5
cfd7e6489b0d63738319982f68ff935e

SHA1
d05ab48d9dc3a52946511c2c4cf5de0fcb4f1290

SHA256
d50ca2fa212df1c1ff69b5d26ba594bd39bfd86a71b068a650cc577e5dc9a94e

SHA512
9b4c0fb83033163f8e8e35c9da2d33265f7d36eefa22774399abaf867e3d22a3e0cba71f2bb2037fe055e5b9932b25dd98a63b7543c3a15f2667ec40d7bcdf93

Download Submit
C:\Users\Admin\AppData\Roaming\Mod Menu\resources\app\nativefier.json

Filesize
961B

MD5
a1539d246c74bb430dc1f42c5676fc85

SHA1
c3a3b8e76447c130e71e78edda374ff266319362

SHA256
02af588cbb69e4f848b8f0422a060faeef8f7e93792c60d3d2fe13778ff27f92

SHA512
fbf78d3e0b673dbbbf2a7c714c5639d7b893a21fbd23e5455ae843026f7c8c3ac9e1a152abbc8c4bfd5ea332d55f4abbddacdd7ecb0ee89a21b1094f319a61d9

Download Submit
C:\Users\Admin\AppData\Roaming\Mod Menu\resources\app\package.json

Filesize
601B

MD5
ef4fd5584f29488537ccde964c51af9f

SHA1
627d852cd99c47c89520e8e5ff2bf4eb73957502

SHA256
c149af4f587865c053841d92e05ee3b49c1032fb8b2d8cba763840d425851ccf

SHA512
3ffd16e4f874e9a522136b643bbaa321267dcb71ce48f8226fbee461c67d349cee6530bdaed186ee37ef57cf6ef6b917b8e201856fada4a2f726cf00bfe940ab

Download Submit
C:\Users\Admin\AppData\Roaming\Mod Menu\v8_context_snapshot.bin

Filesize
713KB

MD5
1270ddd6641f34d158ea05531a319ec9

SHA1
7d688b21acadb252ad8f175f64f5a3e44b483b0b

SHA256
47a8d799b55ba4c7a55498e0876521ad11cc2fa349665b11c715334a77f72b29

SHA512
710c18ef4e21aa6f666fa4f8d123b388c751e061b2197dae0332091fbef5bd216400c0f3bca8622f89e88733f23c66571a431eb3330dba87de1fc16979589e97

Download Submit
C:\Users\Admin\AppData\Roaming\Mod Menu\vk_swiftshader.dll

Filesize
4.5MB

MD5
fcec6c6fbc34cfd9a449af66364da381

SHA1
f6016b721dec138d75e9d542f3e2210a673ad52b

SHA256
738fe97f7fbafa6524f11cf0cf0999ca3aef752bed44e1179d589aae92937ed2

SHA512
26527975979e58870c3c365b9ab432b4b3af88ed606673971fba009489db4482a5ace0e122b8cf67de075c37174c7c423ee8e219cfb4c9a331be66bb8af9edf9

Download Submit
C:\Users\Admin\AppData\Roaming\xmodz-mod-menu-nativefier-e5a4a8\Cache\Cache_Data\data_0

Filesize
44KB

MD5
9d8907a58016a3e40dfa16c39e0e6839

SHA1
8f0ec5242ab49f55ccd029256af427da24e8b78a

SHA256
bc1528bec29000a4dd7455e4cf738724f19e07a7277bcc721e8b1c602b80099c

SHA512
b8a19075095f948a09eb1189fb8ea2e40b800110c93161789d9a61828e0cfddc4f432c8dc1f7c9b3a60110b9f797922523d7129eb7b32f2e420ec1ca27b934c8

Download Submit
C:\Users\Admin\AppData\Roaming\xmodz-mod-menu-nativefier-e5a4a8\Cache\Cache_Data\data_1

Filesize
264KB

MD5
3d4640ded9176cbba5742e601a4368a7

SHA1
cf4149209e51a3b07dd915fbf2c1d30cd58591c6

SHA256
93f507df216fdfc8b07b9f35803bdb4877eb7fe7b3baf221d7b2376945234ffe

SHA512
f183c172cae7743e27d6ce50dccf1fcc2b4f98b4a7e60d663ad3c99f107fc5e9e4aec9f6e0e93c12275a2f9618819efb8ab0029a0a52dcdb7e7747ea1c88f9e4

Download Submit
C:\Users\Admin\AppData\Roaming\xmodz-mod-menu-nativefier-e5a4a8\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
aab56bf84e6703aec76f611a2244b29f

SHA1
0223c8d596dcd70b96c15e26d6499d1a9a554564

SHA256
60d443ca04754d8588234312c23067e0c53d73168cb01f179ad00ce8c78779e5

SHA512
041010d28b831a17bca88e4e15360409f06b9f66f9aad6980a90804e12d576e2021a1691f6f52ed0404e89de11cb41095e1d58d966f1306786fca706ac519682

Download Submit
C:\Users\Admin\AppData\Roaming\xmodz-mod-menu-nativefier-e5a4a8\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
0b6ac2cf72c2bf0953f0fe97b9982a2d

SHA1
ef9e425e648f2ab450cf02fcdca848ea92255987

SHA256
3ebe9f9b78f761aa25f6701aa2a29562f8c06185156d32566d30fda0e181bf5d

SHA512
4ffaa874215c7caeb4e8dffc2009be543917ab365a92ef60eb0d9da1cded526d17450bd9ad9440ae914497a07a614956588315d63f414c895c9bb91c3f760f49

Download Submit
C:\Users\Admin\AppData\Roaming\xmodz-mod-menu-nativefier-e5a4a8\Cache\Cache_Data\f_000001

Filesize
31KB

MD5
10df84af916a1d4a20a19c7ee8cec455

SHA1
ebaac28cc99a7365e7d6d9a5f075c7ed9abc3ced

SHA256
dc353cdcf312d4c0c7ab99dd3d40852862120b2c347ea9dc52b214c18b261146

SHA512
e8ff7c952028839544eaa71502c00d08ad60f91036a0354bdb0df47e413d67537dcd82641e2fcbf80eb97edfbdbf12f863dd6976fa15493bbfdec397c485e63c

Download Submit
C:\Users\Admin\AppData\Roaming\xmodz-mod-menu-nativefier-e5a4a8\Cache\Cache_Data\f_000002

Filesize
30KB

MD5
72994747eacb27cabe3eae5749e4c145

SHA1
3e07e4a3ae1e546ad35d47963e164ead69ca61a4

SHA256
3fec28e0709a04ebfe1a1fd403026e0beca558933fdf252179a59691ebd19e8c

SHA512
40f7d676f333eba9f19597e100fdae4445b4adb38eb780711ce2712d9eb413ae771e8c6bf7ec493ac0b060302008ee3052da3b2584bd5bf49a6a9ebd06ecbc7c

Download Submit
C:\Users\Admin\AppData\Roaming\xmodz-mod-menu-nativefier-e5a4a8\Cache\Cache_Data\f_000003

Filesize
16KB

MD5
d13805c8ddbbff70eec73932559d5622

SHA1
938900a18be3e9051fd7d9a0bed1c8d4b820f2fe

SHA256
98a4be71d56746ecb70f939c3e19fa11bb52d7883aab880dae26721de2471a5f

SHA512
e9be966037be04f5c864ce0821a34c9d867296f2ecb1d4348c38ad124e81c2ae09a1ce74843c9fefd5de477dc0cee97d907bfba44cca0f3679aa56fe57478fec

Download Submit
C:\Users\Admin\AppData\Roaming\xmodz-mod-menu-nativefier-e5a4a8\Cache\Cache_Data\f_000005

Filesize
29KB

MD5
6d973c8b7e2439d958e09c0a1ab9fe50

SHA1
05ae0830200c20b9a2dfd5a825adc400481a60fb

SHA256
f3c122dc227e829ed96b2a754296809201bd78abbad7ba50ef5079654e1cc894

SHA512
058982fecc0a8c10f16fcd8f42a3d25bb6da2c8786d4232bce76640b550b7624395c4dc679507f369eb19101c479700c26d459f232319213647e56385d2c011c

Download Submit
C:\Users\Admin\AppData\Roaming\xmodz-mod-menu-nativefier-e5a4a8\Cache\Cache_Data\f_000006

Filesize
41KB

MD5
0d5682f6b871d0820b20f2045491e3ee

SHA1
15639d51f5ce3f05365883abe454351ce8a879fd

SHA256
2984027b5f568bec5e5442990b02cb536f1cd6d69ca7951627186d7531f35c69

SHA512
5f0cbe6b9613f655491c18e7b3bcec684cfd8ec71855aa7e647d6ddcf08f64f12ff19e6713a7e1092ec594d19bd67374eb7ac33f0ead2fe7a72ce6bf8d768824

Download Submit
C:\Users\Admin\AppData\Roaming\xmodz-mod-menu-nativefier-e5a4a8\Cache\Cache_Data\index

Filesize
256KB

MD5
2eda0ec468f924b01b6c1b11e6a3e9b8

SHA1
4cc79e19c50c953876bbd82a6660736ac19de389

SHA256
13bdd5c8850fdfcc4ade4b9b0d044524116e14b0e539625e43fa127a3a8f5cfe

SHA512
19453ba3aacaf2fb0548ebb73f64061a1785551b80388ba055d84e32520008580ce33edc33cadfca5b9de80aa91350dae557aa6f889f06e2f2a92e1ec68a02c4

Download Submit
C:\Users\Admin\AppData\Roaming\xmodz-mod-menu-nativefier-e5a4a8\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
7ec536c69c4b653455b5291b880c1ea4

SHA1
282e84760e0777a4c5c6d638a3d31bebdd472429

SHA256
f0f89ce93e4b4383a0c674e27b2c2fbba46926e780dfc49b946bb319e82fc7c3

SHA512
a56697a93c5af8743129b219b8f81f54d87399e5235ad4653a1ef1d9a1cb2c66ba0c9c2cff8a750425b7fbe990a8fae23939ddcbe9c13e264dcc6db8f238afcb

Download Submit
C:\Users\Admin\AppData\Roaming\xmodz-mod-menu-nativefier-e5a4a8\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
9b5c817af6470c8281cf05f9afef37f7

SHA1
2daebe7395ff73003f3490225dc728beddff8432

SHA256
9757a2bf3510ef6ed472b59dbb26bd55ff57f8d813f5f508c4db6f9add82e9f1

SHA512
392b79d69baf30d45ed405d4e64672f2b68951dec8349cecc75eab15deec25daad15653cc798a08e5c4d4ad6aabb2c91d2d140e8b7cb1b4e0ffbbf2a44b31d90

Download Submit
C:\Users\Admin\AppData\Roaming\xmodz-mod-menu-nativefier-e5a4a8\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
9a3332d76a6ba9caac276370cc5567f7

SHA1
fe5bdf0aba480e914558a5e8f498c784ad931867

SHA256
152387b459576fb03260586d26828a1d87ef28b9122c47343a95d71501988795

SHA512
4b55ec87671b534d470a0e3780af26495ebb8cacfeb4861213f63c8c6d3a240ed277697c70317147f0e18f98c432c0c5159f27d68b94ce6337ffc9983c00e620

Download Submit
C:\Users\Admin\AppData\Roaming\xmodz-mod-menu-nativefier-e5a4a8\Local State

Filesize
389B

MD5
25eab111033de4587c78ebc208b95474

SHA1
b5da17749989490641f8f4ed4e8f9d735426ea58

SHA256
d96eef2ed52179f5b35440aeaabe4891dcccb80cdb2f235fd54746459a846916

SHA512
d1ed2cc376d8f964c4bdd0abb204fd65ec2eebcfd561e41d77afae1bdcc214b51d93e4c4e9851585ad80c0f17db3fc4a27d9b791f36f03ea1a95f5a33c834095

Download Submit
C:\Users\Admin\AppData\Roaming\xmodz-mod-menu-nativefier-e5a4a8\Local Storage\leveldb\LOG

Filesize
295B

MD5
ef7576bb858f10d6f71aec1f8c89f2b8

SHA1
d993455b4e5e108c3120d13e783b4e2581ed0ffe

SHA256
fef25082fe455f8738415a12d522b621a59240dd4655781baafe07c3446e084b

SHA512
175ecefc53b94cee9dac993a8ccbeaf777e0ecfb583ffde081684aee4b838175c5fc058b95ed5ec44acdc7bbe4462908a1f616beb2202c651f3aa2fc2be02101

Download Submit
C:\Users\Admin\AppData\Roaming\xmodz-mod-menu-nativefier-e5a4a8\Network\Cookies

Filesize
20KB

MD5
a5b55ef875a290f8739655274b5cfae6

SHA1
18e4b908037bacfad929980a55c866526140ee4b

SHA256
3c6e069a7df07ee5eca265821545bd9b5a0be65dca21805d42b10133d12916cf

SHA512
58a6c9a5a09599fd6aace62805be2fbafb18c2de395c4f3f02653e2efa2217c96e6f177f681d53a779cef9d097e3745897c2247be8fd527f838cc4940d565c67

Download Submit
C:\Users\Admin\AppData\Roaming\xmodz-mod-menu-nativefier-e5a4a8\Network\Network Persistent State

Filesize
1KB

MD5
9b07a84b69954199ac5101687e379606

SHA1
83bd6c011d3c79ec43b7422f2e558237af8a170c

SHA256
8d137c1759c4f724114235e58c7572cdc201b5a205e7bdf822a64746291df4db

SHA512
d3bbad978874f3b88f0d9175c1a0e3f80d813a926f8121a9c6b3a1cdbd352ad5cb2e6b7c554aeaec70fee352cb0c05c4c0cbd590421a4a0df741a1336e5ef897

Download Submit
C:\Users\Admin\AppData\Roaming\xmodz-mod-menu-nativefier-e5a4a8\Network\Network Persistent State~RFe586ee2.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\xmodz-mod-menu-nativefier-e5a4a8\Network\TransportSecurity

Filesize
539B

MD5
1579f6289424564e100d284f58f8c32a

SHA1
8ac85f67fb34bc2e0e34f92faec572727c1e22b1

SHA256
7b027df7fce6ff22dd654050918103b1720edfd0f3ac0fedb5db0523ffd33b9f

SHA512
a22fcc40cc48f7d91e4231c62377f99419c898dae5dbf4cb7955308be041439941c0acba39dbfba9457c9dc84f0207ee7facd033e18f5d0b2db312e733d34176

Download Submit
C:\Users\Admin\AppData\Roaming\xmodz-mod-menu-nativefier-e5a4a8\Preferences

Filesize
86B

MD5
d11dedf80b85d8d9be3fec6bb292f64b

SHA1
aab8783454819cd66ddf7871e887abdba138aef3

SHA256
8029940de92ae596278912bbbd6387d65f4e849d3c136287a1233f525d189c67

SHA512
6b7ec1ca5189124e0d136f561ca7f12a4653633e2d9452d290e658dfe545acf6600cc9496794757a43f95c91705e9549ef681d4cc9e035738b03a18bdc2e25f0

Download Submit
C:\Users\Admin\AppData\Roaming\xmodz-mod-menu-nativefier-e5a4a8\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\xmodz-mod-menu-nativefier-e5a4a8\window-state.json

Filesize
137B

MD5
b08b821d07c408945ef69eb82f6ecb02

SHA1
4cdb1cef82943dda4ac879dcef3878262b1f8c06

SHA256
4f83c5b859b2e6cab10c44eab1b96a5a703a6ef31c7e221b5a918f91b1eb14c4

SHA512
f799ca807583df8a696b12de56ac3ce8ceed5dd3a7e1d248a0cf46f0c6b1dd3773fd644cd7a90f1fdcf35b1a8398eecfe0350580678597042f1956d26d5b72c4

Download Submit
C:\Users\Admin\Desktop\Mod Menu.lnk

Filesize
1013B

MD5
2349858b30665eeb973981e65fdc3889

SHA1
d9985caad07c172856a73f9a3f65c868b2dd81dd

SHA256
0ba49e6c21eae18d9df4a7e4dd9ba133669752e2c26384d461c208e3c18e307f

SHA512
95ca04cb71daf6e5a73f0a3845e25bf86a389be7bc96035b54473de2f3508e893a8ae170b75a7607198616b49f6076c0987ac39c6a34ea99186580cc00ce8e0d

Download Submit
memory/860-174-0x0000000000B40000-0x0000000000E21000-memory.dmp

Filesize
2.9MB

Download
memory/860-192-0x0000000000B40000-0x0000000000E21000-memory.dmp

Filesize
2.9MB

Download
memory/860-203-0x0000000000B40000-0x0000000000E21000-memory.dmp

Filesize
2.9MB

Download
memory/860-0-0x0000000003670000-0x0000000003671000-memory.dmp

Filesize
4KB

Download
memory/1228-218-0x00007FFE1A0B0000-0x00007FFE1A0B1000-memory.dmp

Filesize
4KB

Download
memory/1228-690-0x0000027A35B70000-0x0000027A35C13000-memory.dmp

Filesize
652KB

Download
memory/1228-691-0x0000027A36200000-0x0000027A369AE000-memory.dmp

Filesize
7.7MB

Download
memory/4964-364-0x000002A594AC0000-0x000002A59526E000-memory.dmp

Filesize
7.7MB

Download
memory/4964-363-0x000002A594410000-0x000002A5944B3000-memory.dmp

Filesize
652KB

Download
memory/4964-307-0x00007FFE1AAD0000-0x00007FFE1AAD1000-memory.dmp

Filesize
4KB

Download
memory/4964-308-0x00007FFE19100000-0x00007FFE19101000-memory.dmp

Filesize
4KB

Download