hxxps://drive[.]google[.]com/file/d/1uK1tpACFZNBWbUUxFsV2rNzuPu-Krdxf/view?usp=sharing

Analysis

max time kernel
545s
max time network
518s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
16-08-2024 17:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1uK1tpACFZNBWbUUxFsV2rNzuPu-Krdxf/view?usp=sharing

Score

7^/10

discovery upx

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
576	samp.exe
2292	Удалить Русификатор SA.exe
2296	samp.exe

Loads dropped DLL 3 IoCs

pid	Process
2292	Удалить Русификатор SA.exe
2292	Удалить Русификатор SA.exe
2292	Удалить Русификатор SA.exe

UPX packed file 12 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x00030000000216fa-4632.dat	upx
behavioral1/memory/576-4642-0x0000000000400000-0x0000000000525000-memory.dmp	upx
behavioral1/memory/576-4643-0x0000000000400000-0x0000000000525000-memory.dmp	upx
behavioral1/memory/576-4645-0x0000000000400000-0x0000000000525000-memory.dmp	upx
behavioral1/memory/576-4647-0x0000000000400000-0x0000000000525000-memory.dmp	upx
behavioral1/memory/576-4648-0x0000000000400000-0x0000000000525000-memory.dmp	upx
behavioral1/memory/2296-4658-0x0000000000400000-0x0000000000525000-memory.dmp	upx
behavioral1/memory/2296-4661-0x0000000000400000-0x0000000000525000-memory.dmp	upx
behavioral1/memory/2296-4664-0x0000000000400000-0x0000000000525000-memory.dmp	upx
behavioral1/memory/2296-4666-0x0000000000400000-0x0000000000525000-memory.dmp	upx
behavioral1/memory/2296-4667-0x0000000000400000-0x0000000000525000-memory.dmp	upx
behavioral1/memory/2296-4670-0x0000000000400000-0x0000000000525000-memory.dmp	upx

Drops desktop.ini file(s) 4 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\modloader\Road\desktop.ini	7zFM.exe
File opened for modification	C:\Users\Admin\Downloads\modloader\Road\desktop.ini	7zFM.exe
File created	C:\Users\Admin\Downloads\modloader\Road\electro map\desktop.ini	7zFM.exe
File opened for modification	C:\Users\Admin\Downloads\modloader\Road\electro map\desktop.ini	7zFM.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
7	drive.google.com
8	drive.google.com
9	drive.google.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Удалить Русификатор SA.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	samp.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	samp.exe

NSIS installer 1 IoCs

installer

resource	yara_rule
behavioral1/files/0x00030000000214f7-4650.dat	nsis_installer_1

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000_Classes\Local Settings	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000_Classes\Local Settings	rundll32.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
968	vlc.exe
3068	vlc.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2100	7zFM.exe

Suspicious behavior: GetForegroundWindowSpam 6 IoCs

pid	Process
2184	rundll32.exe
968	vlc.exe
3068	vlc.exe
2100	7zFM.exe
576	samp.exe
2296	samp.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
1784	SndVol.exe
1784	SndVol.exe
1784	SndVol.exe
1784	SndVol.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
968	vlc.exe
3068	vlc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2404 wrote to memory of 2516	2404	chrome.exe	30
PID 2404 wrote to memory of 2516	2404	chrome.exe	30
PID 2404 wrote to memory of 2516	2404	chrome.exe	30
PID 2404 wrote to memory of 2752	2404	chrome.exe	32
PID 2404 wrote to memory of 2752	2404	chrome.exe	32
PID 2404 wrote to memory of 2752	2404	chrome.exe	32
PID 2404 wrote to memory of 2752	2404	chrome.exe	32
PID 2404 wrote to memory of 2752	2404	chrome.exe	32
PID 2404 wrote to memory of 2752	2404	chrome.exe	32
PID 2404 wrote to memory of 2752	2404	chrome.exe	32
PID 2404 wrote to memory of 2752	2404	chrome.exe	32
PID 2404 wrote to memory of 2752	2404	chrome.exe	32
PID 2404 wrote to memory of 2752	2404	chrome.exe	32
PID 2404 wrote to memory of 2752	2404	chrome.exe	32
PID 2404 wrote to memory of 2752	2404	chrome.exe	32
PID 2404 wrote to memory of 2752	2404	chrome.exe	32
PID 2404 wrote to memory of 2752	2404	chrome.exe	32
PID 2404 wrote to memory of 2752	2404	chrome.exe	32
PID 2404 wrote to memory of 2752	2404	chrome.exe	32
PID 2404 wrote to memory of 2752	2404	chrome.exe	32
PID 2404 wrote to memory of 2752	2404	chrome.exe	32
PID 2404 wrote to memory of 2752	2404	chrome.exe	32
PID 2404 wrote to memory of 2752	2404	chrome.exe	32
PID 2404 wrote to memory of 2752	2404	chrome.exe	32
PID 2404 wrote to memory of 2752	2404	chrome.exe	32
PID 2404 wrote to memory of 2752	2404	chrome.exe	32
PID 2404 wrote to memory of 2752	2404	chrome.exe	32
PID 2404 wrote to memory of 2752	2404	chrome.exe	32
PID 2404 wrote to memory of 2752	2404	chrome.exe	32
PID 2404 wrote to memory of 2752	2404	chrome.exe	32
PID 2404 wrote to memory of 2752	2404	chrome.exe	32
PID 2404 wrote to memory of 2752	2404	chrome.exe	32
PID 2404 wrote to memory of 2752	2404	chrome.exe	32
PID 2404 wrote to memory of 2752	2404	chrome.exe	32
PID 2404 wrote to memory of 2752	2404	chrome.exe	32
PID 2404 wrote to memory of 2752	2404	chrome.exe	32
PID 2404 wrote to memory of 2752	2404	chrome.exe	32
PID 2404 wrote to memory of 2752	2404	chrome.exe	32
PID 2404 wrote to memory of 2752	2404	chrome.exe	32
PID 2404 wrote to memory of 2752	2404	chrome.exe	32
PID 2404 wrote to memory of 2752	2404	chrome.exe	32
PID 2404 wrote to memory of 2752	2404	chrome.exe	32
PID 2404 wrote to memory of 2824	2404	chrome.exe	33
PID 2404 wrote to memory of 2824	2404	chrome.exe	33
PID 2404 wrote to memory of 2824	2404	chrome.exe	33
PID 2404 wrote to memory of 2872	2404	chrome.exe	34
PID 2404 wrote to memory of 2872	2404	chrome.exe	34
PID 2404 wrote to memory of 2872	2404	chrome.exe	34
PID 2404 wrote to memory of 2872	2404	chrome.exe	34
PID 2404 wrote to memory of 2872	2404	chrome.exe	34
PID 2404 wrote to memory of 2872	2404	chrome.exe	34
PID 2404 wrote to memory of 2872	2404	chrome.exe	34
PID 2404 wrote to memory of 2872	2404	chrome.exe	34
PID 2404 wrote to memory of 2872	2404	chrome.exe	34
PID 2404 wrote to memory of 2872	2404	chrome.exe	34
PID 2404 wrote to memory of 2872	2404	chrome.exe	34
PID 2404 wrote to memory of 2872	2404	chrome.exe	34
PID 2404 wrote to memory of 2872	2404	chrome.exe	34
PID 2404 wrote to memory of 2872	2404	chrome.exe	34
PID 2404 wrote to memory of 2872	2404	chrome.exe	34
PID 2404 wrote to memory of 2872	2404	chrome.exe	34
PID 2404 wrote to memory of 2872	2404	chrome.exe	34
PID 2404 wrote to memory of 2872	2404	chrome.exe	34
PID 2404 wrote to memory of 2872	2404	chrome.exe	34

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/file/d/1uK1tpACFZNBWbUUxFsV2rNzuPu-Krdxf/view?usp=sharing
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6ab9758,0x7fef6ab9768,0x7fef6ab9778
  2⤵
  PID:2516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1116 --field-trial-handle=1372,i,1651967854186753290,144437290700620851,131072 /prefetch:2
  2⤵
  PID:2752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1496 --field-trial-handle=1372,i,1651967854186753290,144437290700620851,131072 /prefetch:8
  2⤵
  PID:2824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1604 --field-trial-handle=1372,i,1651967854186753290,144437290700620851,131072 /prefetch:8
  2⤵
  PID:2872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2256 --field-trial-handle=1372,i,1651967854186753290,144437290700620851,131072 /prefetch:1
  2⤵
  PID:1988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2264 --field-trial-handle=1372,i,1651967854186753290,144437290700620851,131072 /prefetch:1
  2⤵
  PID:2592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1540 --field-trial-handle=1372,i,1651967854186753290,144437290700620851,131072 /prefetch:2
  2⤵
  PID:2208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1536 --field-trial-handle=1372,i,1651967854186753290,144437290700620851,131072 /prefetch:1
  2⤵
  PID:2004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3668 --field-trial-handle=1372,i,1651967854186753290,144437290700620851,131072 /prefetch:8
  2⤵
  PID:2072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3564 --field-trial-handle=1372,i,1651967854186753290,144437290700620851,131072 /prefetch:1
  2⤵
  PID:2252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4044 --field-trial-handle=1372,i,1651967854186753290,144437290700620851,131072 /prefetch:8
  2⤵
  PID:2284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=1892 --field-trial-handle=1372,i,1651967854186753290,144437290700620851,131072 /prefetch:1
  2⤵
  PID:2224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=660 --field-trial-handle=1372,i,1651967854186753290,144437290700620851,131072 /prefetch:1
  2⤵
  PID:2908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4260 --field-trial-handle=1372,i,1651967854186753290,144437290700620851,131072 /prefetch:1
  2⤵
  PID:2040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3840 --field-trial-handle=1372,i,1651967854186753290,144437290700620851,131072 /prefetch:8
  2⤵
  PID:1320
- C:\Windows\system32\rundll32.exe
  "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\Downloads\GTA Low 1.0.rar
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  PID:2184
- - C:\Windows\system32\rundll32.exe
    "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\Downloads\GTA Low 1.0.rar
    3⤵
    - Modifies registry class
    PID:776
  - - C:\Program Files\VideoLAN\VLC\vlc.exe
      "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\GTA Low 1.0.rar"
      4⤵
      Suspicious behavior: AddClipboardFormatListener
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious use of SetWindowsHookEx
      PID:968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1048 --field-trial-handle=1372,i,1651967854186753290,144437290700620851,131072 /prefetch:8
  2⤵
  PID:2244

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2784

C:\Windows\system32\SndVol.exe
SndVol.exe -f 45483159 4693
1⤵
- Suspicious use of SendNotifyMessage
PID:1784

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
- System Location Discovery: System Language Discovery
PID:2948

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x1d0
1⤵
PID:2380

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2244

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\GTA Low 1.0.rar"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3068

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:1608

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\GTA Low 1.0.rar"
1⤵
- Drops desktop.ini file(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
PID:2100
- C:\Users\Admin\AppData\Local\Temp\7zO4380CB0C\samp.exe
  "C:\Users\Admin\AppData\Local\Temp\7zO4380CB0C\samp.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: GetForegroundWindowSpam
  PID:576

C:\Users\Admin\Downloads\Удалить Русификатор SA.exe
"C:\Users\Admin\Downloads\Удалить Русификатор SA.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2292

C:\Users\Admin\Downloads\samp.exe
"C:\Users\Admin\Downloads\samp.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
PID:2296

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\8d017685-0f15-4ad7-963d-c7828ced8bd7.tmp

Filesize
155KB

MD5
c147714d174c9a24fd13ad8149331a65

SHA1
0d54f5197f7a8c4bf0eaaf556a619316be307b30

SHA256
2ce5e12138557d4ba112eed8e243a7f70c1b3eca5588d6395ff463a0983201d0

SHA512
f743af8e003538db6a4ab82eb0bcbbc4ae0a95b1cc4be943bf89cdaf20f1a3007b6b3e77b836676927714e05184ed88200d7206fae9274ac9d453dad68df624e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
50277399257d6fc08cbe4b93a812f972

SHA1
623f95b1cd0a5f8a9041144de1bafb9030058050

SHA256
d1a02e6c99b29fc09ff404c9f11bf13830976a3aa55506b268267227da7c8db4

SHA512
4afabd3b94e405d9e99bfc4812a40be2558c14b13739bec42245e7b81b02a9b3b3bf319b67c14edfbecd1435ce548486f733df73449e854166d4bb533044f09d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
f30d6e3d8fcc5749e4ecf881c628d2e4

SHA1
292d676ed1a4d64c9f0f620a7f1fd7073e9b8401

SHA256
6738b3ee17cf5e69d535edffaebe0462d9847105937d1c89afb612dbdfe379c7

SHA512
dd40d98b070a64cc6a2a14fff70171ecef6a4374fc0d0ab50d00842815fc4218cef76f1222a9f2d9b6c3bdd85cc41e538ff8299251cc386aa656b1cec28a2c38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
4a89a1378fb77379a29452bb019aa2b5

SHA1
f1f045e0d09f0cf99f63c7d43a3c01638910989d

SHA256
d87daca59ca54cd14a5b3221dcdf9c4ec1eff02834e293c7880f1491e3833035

SHA512
eb649f2d579273e4781d6ecf0176f9edf48feb9d2a04ef2591dd32f84f5c77c80649019934eddb892ab20bf1534f74a7addee4b6523771f913bca10168d82a30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
4ae79e722e14573c14d4500d2c025db5

SHA1
18854a3fd1910ced1b256cff7e36314fccfd621d

SHA256
b21d76608b7ff1cb04a293e04b2b18ab8b8b7c2e643ba3ea70d70be6d4a87f17

SHA512
01c69a0adf00921f7d5704128b9fbd206877b65df807b60c99a9144deb9d904812f56cd6acd8e3fa4b88c033973fcdc28f97c7755f3e32f30727634e4b5be390

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1017B

MD5
586d3717f113b5e3867e633c313fed07

SHA1
fde742f8575f4a8a4863839751ddb4b2fe2fccb0

SHA256
1c4963ea549e4683dbdf5f46478d9bc02a0dd898d9570577953f9656daa89ce5

SHA512
284b3b93e6729d3bf6d36ec141031644e7519ff6d40b76a37e97b014bd7bd28cc7f5733da04ecf33523f489d44479bcd7c75cc78e605a10020ab3543ce9d4405

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4968cd48dc6a9f9c701110f7b6e88f3f

SHA1
d4ac5af026e41fe08c231d2eb4e0434004990d62

SHA256
3b33fd1b9451f7de13bb85633d9c6efd54ef0da93cf91a127031ae39cd6cc4b3

SHA512
21e29316077691914bea706f3cc9ce222a531c4e77c4c06d2dd7577445ce0fc8d3f3fe24414a789022dc07b00b40d2c97212b9dee2369cd6e953eb067442dfcb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
1aae1512b18e99d73249a410eb2df612

SHA1
6c347385221d6c0efe7385193d7fc20f31876539

SHA256
8a17e280c035458283cf950606019f05448fcccee9ae00d192f4509b63466315

SHA512
55c19b6de6744cd509f58b8074914f5925a4109db5c43d3560bb31187b0ed02e49145865e5f47dff3c04a184047a5ed8a34312493eb5c6fec770ed44712bc1cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b6598eea1a1a65203288b4108bd99fbe

SHA1
7234171bd36bf573d47eb2c72d72401328e51b22

SHA256
bdb51129b30435d9e24e09a9add44d0991718392892f885e6f7d9c018d4584b4

SHA512
165aed297f2915d766ab518603dd1f37ea184ae864c365f12fd3b6362a3947ce43ce7f3edd4047ab4acb48d9a01f39c72e6e5a5ffea4401094df7791417610ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4664156a4f1e6e937594903e3f15cbfe

SHA1
31e4bb548b7c2ad674284cba4ecabd4d903d6657

SHA256
4f72110ee1b9dc2f2995497a3a272613efa18ef20c1d724cee103001b4e46a8f

SHA512
3bacbde44a854a14962460f6e83d7b5d544f44be90f203345420ef77a5ca9056df71149d9c94f2e07975508d0f13ff1cab1e1c8d94881ddef7202454aa50e928

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
7954ae5104efbef773e79d49568483df

SHA1
e389745f610c5cd887230d68da124b73953384e0

SHA256
f9be5523b97c9884bd711c6a0495b5cdb52fe08bc905b40f5fed078fc9334eba

SHA512
78326dc9cfd63951f017407959b14af27edbd4c8013ea5d6cc89c4774836e9072dde769b8047bdd55f1e296f235c8c0916eb98b763077407b6fa9e536c603bf0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
571b6eeb39cfed85e113a38fb3021031

SHA1
e26ef3914b0d0d9fbbbe973866dcf900fca61c5d

SHA256
17f36dca7fe063d3a4449d03c09ce0f2df7f96f8b8018a6710c04798e7c0cc5e

SHA512
888915d7aa64077a574236c2f90f0f9aba305fd3139ee31a95394109ad061cc002e55eab1af80220d9b41d2369b6cf2c16332f36cb58bc35e88e851b201c85f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
35e2585f78e66442a04f625e0feeb356

SHA1
76e90662aac68db9544f787f67554312360b585f

SHA256
a35497c0bf7722798db4594353cd0a526fe3fcc38cb737d5593391fb22d490e4

SHA512
01095c10a57da736752b410aaf09f4d9c9f76c3aa3907ec9b3afa245fce3de1bd4dec89f06e485bd06d77d6ad97be63db2d7b9bf0c19d1a7433e03c5ef1353ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\e2e47fe5-a88e-4331-a5ae-8c85e99b121e.tmp

Filesize
7KB

MD5
41b08b170365d97d79b7aefe7499274f

SHA1
7b2f37ed0e115e012a3523ffb0aa1691c7670c8e

SHA256
304ffb1ab2540bfd1c45931cbf675977b06a7349b1a4e9e3b77b5d0c980fd9e0

SHA512
d183c330aa705e90dc69fe41670866f0e5387cf54e0967297712019842143a70f9d026cdf4c774ecaac2d5f8453817c7e86809befcd2f223d7f9ab41e7d1cc45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
d47b3893cd06578e50a967b38784d52e

SHA1
f43f35db935437cb4783180d87c9533c264fc043

SHA256
4cb199e3c6805f1452311c92d514a1faafd01ece10d3dd8b07742133d8c7d9be

SHA512
250d478de359aa2396d6a0cc241487ac8565a8c255854ce3870d73e05a39ff55a6b64646b07ab1b819b879b58fa46e8111885d75b31274954d3c99a1a2c3e356

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
8ede790b069e5eb810604e4145a5161f

SHA1
a3702f52c1c92e1d6ba7f1da5b5d69d4fa5038f6

SHA256
5e4a26adb7667d29bc55acd4e7920e66ab525c160bf57cdd5f66c05d3ebfb743

SHA512
21eddd90a4354475e244ca49ba3a30ae489064cfb24af6b9a3465d2b5616b23fb8e8e1a17df6d18ffa2a7236448999d70d96f6ae6373dfefd3dbdd7f00ca2525

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
b78a3664e66a1776f53ac8d9e9844260

SHA1
5babf84590910b67bc7dc6680023691c959d3181

SHA256
0d0e7fc9c1591cd9312ad2aab5cf21cbc3c7e3451038d0f0e23b42c9efd66480

SHA512
9669b9863341d2b9985ce7a8ed8d2d1ea24b3d4d1e783ec149b429f2dae4c8de39ac65a7bde8c0590671ad352f1e6046a3e105dd4d6e4b6593da24ed090be447

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
e0af6cf81e88e5480e36f66f596dbb20

SHA1
e36d1a851d76deee2cb11df2e6f2292d9f7d43fc

SHA256
1ef8e81c00d5346dec1c093cd2bc7a5e1071ab218b04c7c4d8f585d777ab7edc

SHA512
285a0f66390cf9d7f1a39e7067d734254053d00b56ca057fb771068efebd2342f0931602a7cde5c77a72527fec72b66ae02c6561d80a75ff681f1dcfb5511378

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
78KB

MD5
5ff38923305bdf17b62f29a2cecef40b

SHA1
8f23742d68427b34938bfd3ff667403d6c13481e

SHA256
4b7314f84943d2622dd90494f19b8f17b8069733ab21f17ae4214c67341d005b

SHA512
ebfb45dd19c44a0cded58ef014b370074999be2e72bccec2e808b9553f2e0e2cc1b645e1b49b871e9a4917750a6c69e877863798da5e9f2bb9d36398af527009

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO4380CB0C\samp.exe

Filesize
403KB

MD5
c1aedd9f2dac8a7f79ed40d264b4df6d

SHA1
6faebb34ab3dc53565a53affda48a7f7a2faf3ff

SHA256
f7c4372c8545121938230ae0c9f1d9bd297836e8ad37afa710ee93f2c4791ade

SHA512
d7ed34e9e97be609387b367463d559037f4c69ffa6d3a25943536d98f6a8f4cbe6353d838c47a9d7ee7d43c875d18a08ce19c36428cf37fc5b8a723ff34ecb36

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\ml.xspf

Filesize
304B

MD5
781602441469750c3219c8c38b515ed4

SHA1
e885acd1cbd0b897ebcedbb145bef1c330f80595

SHA256
81970dbe581373d14fbd451ac4b3f96e5f69b79645f1ee1ca715cff3af0bf20d

SHA512
2b0a1717d96edb47bdf0ffeb250a5ec11f7d0638d3e0a62fbe48c064379b473ca88ffbececb32a72129d06c040b107834f1004ccda5f0f35b8c3588034786461

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

Filesize
537B

MD5
a4ab56cfa3d1b380f96fe76af5f197e8

SHA1
80d0958e78375eadd0df13b14d0218f98d42e428

SHA256
b3eee8102727ed9dcdc9c9bbc39fec64d1e8018197858f3161ef94b700a95100

SHA512
e6e876f473fd863586e3e4368a612be6e45176c5b0f72b0271f4522ec5b8daa04d9f0e3a188179cae88b91f55349794992510c12c82e8ba01f4d5f3a43a32282

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

Filesize
537B

MD5
64127b7a3141e0f2ded89c7648700cc7

SHA1
9d19c0a8ebb88c4d17c7d80c364bd39d95914f04

SHA256
e0b27ed6855f53705c93542541b9bfb669d739e9cb0340fad37220e01e3ee9b8

SHA512
1023d537d5864d00f2e7260426ed3e1111c596581eb51343878fe03ef7c009997742b380ddebd8afe046f4b2235c5230f38fec292df8479271f899d2c2202958

Download Submit
C:\Users\Admin\Downloads\data\Decision\m_weak.ped

Filesize
2KB

MD5
cf979d9712f478d0deb92fbb11c6ff2e

SHA1
b8023f8c1a39705db456a79dd917b745ed46dcec

SHA256
26fc955b2ff4f0fbc83ba75ddbd14b5ec347775ce2088e7066a389ea2e409d41

SHA512
85f73cc169b6eccad41126e48297e63a82b859efe74e330814d5317badb117fe2ccc3f4ca8a3016d70a738bc41c571ee0972fa8d72c3a3cf76507051ae259016

Download Submit
C:\Users\Admin\Downloads\data\Icons\saicon3.ICN

Filesize
64KB

MD5
ffcc3a0d32517475bc83f08331169ada

SHA1
e6627a0eef7f631bb03ad79b977a2e9fdc137933

SHA256
9b94c7f077ead920a87071ea51822b4c3c43c90ba46ea8bfe3647bed909661e5

SHA512
423e25ee0bf6a6e5aeb47447700afbebd41d771a42fd256a3755ce5c34ae493180d5d0ee4424cc552c6bbed1f0bbea410dcbbb667d2bb700dab6e7b831ff9609

Download Submit
C:\Users\Admin\Downloads\models\grass\grass1_3.dff

Filesize
1KB

MD5
84e3cdac0050a7ea9a87395728b99ac3

SHA1
9efc70003517fb180d4341125c382f826598353b

SHA256
ae0d950738f9abb5d327c413a62a76479a1d686b090d7ba84e51542cc98e264c

SHA512
413d5aa56330adff1576350c9b2fffd6fe35823b31f71e0b65f1ace36430ec66d3b60424834e95d9b7b40078e53216e9e2af693536004351fe6ae6ce3abe4d53

Download Submit
C:\Users\Admin\Downloads\modloader\Skins\sfpd1.dff

Filesize
316KB

MD5
6815a6ac2690a3394892503f45766a90

SHA1
183b61d5026ffde09ab90136627956065e974185

SHA256
fece4e2e399eef274f9725f8ed54e97cb220d236498b657604118dedf0164914

SHA512
af0b7ee758cce72838013db42578b098f5c2027d281f9ff34d46e7f8127d1b6e179c55facf797563ff8f18663773b7d48aceca852a25de98743d713a7406e162

Download Submit
C:\Users\Admin\Downloads\modloader\Sounds\GENRL\Bank_114\sound_002.wav

Filesize
239KB

MD5
ed3c0b1c164aa8b56ea95c13728d2aba

SHA1
38e2d9e40db5e796c5bbf2604945f484a97823dc

SHA256
ddf544b737c04cebdfae103f78bf661794c52bc876873515382ab38609f6c725

SHA512
b10b1f164c2efc6effb59c25719657c8eac02318c8f75ca9c029e8d2a23dc537495669d40e486fa48bebf4396d8bfdc4e12bba2c4d259a47d5c0dd39e1b044ff

Download Submit
C:\Users\Admin\Downloads\modloader\Sounds\GENRL\Bank_120\sound_001.wav

Filesize
18KB

MD5
984bf64d92e92bee74fcb61c3b3d9339

SHA1
8247fc002ce5e87a5d8760057764223cc404b1ff

SHA256
72cc6bb993243388cbe6e068f73e5ff024cca395349cba9a3c96184cb9ca5b25

SHA512
2bcc7378705d6154ecec787df434c1ee6e658e47c294072936475333c5bf89eb07929acd7639f3bc02341364c938e0f61268badbffeac2ce9b6d7f492b1c2bf6

Download Submit
C:\Users\Admin\Downloads\modloader\Sounds\GENRL\Bank_120\sound_002.wav

Filesize
7KB

MD5
5e0b4db297f04dd4099e2faa58db0fc3

SHA1
787b5b7c55c16bd1ab3efb96d05c7d66d6d3327e

SHA256
142cbaa7967b57a1bd6ad0ab9179c60b0d3d909fb48c18158da1442b0f3dad24

SHA512
4ae143ee7e34fe77ac7be1bf5efee508e94d0528de4d534ea9a83870c1a775803c7776f61d39b070f90c6a54110cf1db73330212e4a7428960cb79d573fb94cf

Download Submit
C:\Users\Admin\Downloads\modloader\Sounds\GENRL\Bank_121\sound_003.wav

Filesize
20KB

MD5
ffe8b842e65b39e4cacfaef6aec122bf

SHA1
374f294347aeebcdfd40ec0cd399e3c81a75a32f

SHA256
2bd6c11e8bd815ec3c11f9ed82f353defe17ec76f057169051860e2654a55dc2

SHA512
6dc8c71da8486fb9da0d468c57d9d3e2090997a9754fbef08581c8750324678074d327630240a790ee5a7f731475ac2934f4f14d017ee366195fab730b64921a

Download Submit
C:\Users\Admin\Downloads\modloader\Sounds\GENRL\Bank_129\sound_001.wav

Filesize
302KB

MD5
613f7bbbfefd5b6d687bd9b02e490a8a

SHA1
618b31a4a7d90f414c223fce8625b4c35fb83037

SHA256
cad10d2f3414c6aac0e418bb399e79c39b0bec9fe29793ccd897c056d2114eeb

SHA512
78b9a2a5890e273b5b1236b7e763b673d54e5c27c5bdb4e0babdb3c328d88b8bce44195f983c32e954e799b52d8367c61b276de394a68929be06c15355021c2d

Download Submit
C:\Users\Admin\Downloads\modloader\Sounds\GENRL\Bank_132\sound_036.wav

Filesize
19KB

MD5
724fad7ba340ee4f134ee352c5e0290b

SHA1
27f47df84486e0d429a944ec8505043d3239350e

SHA256
2ec42a5adf6e1d3931747c155f1e10d966bc6ed2b3036c57675c384a37792ef7

SHA512
47228a391904977839e84bb26f1a026e6202eb529cf029ed9f4c1101666916a7e2546bc6c3c0d337caf423cdee7390f23942697d9127a03bc8a6d29148584a6c

Download Submit
C:\Users\Admin\Downloads\modloader\Sounds\GENRL\bank_099\sound_011.wav

Filesize
6KB

MD5
7ab6977c832e7f3eca49891119ec2173

SHA1
031e95e6c3dd2257cc03348933d0c50df1b82325

SHA256
e71aeb66b24dc07e84c9ae4fc77d7d676bc32e0f32cf3ca7aefbaf8feb104bb0

SHA512
18067c0fc7f16a77c3d1b2aa4fd41c5e8dab14985489e7a9007271098a5f7b15a5cbe2064e7196227d95379410283627ad7e20dd50320920007f781cbbbfdf3f

Download Submit
C:\Users\Admin\Downloads\modloader\Sounds\GENRL\bank_099\sound_015.wav

Filesize
40KB

MD5
afcb6bd71b92995674b807b7cbff0f91

SHA1
0266712d8f577b6931f4a4759555127fa92f3088

SHA256
d9fa62ce7caf3860737d70d343423a3ed81e640fc265569002a5cc2bad05461e

SHA512
96af86ed8b9517721b37a772bf11c6dca7c6b35c68329fe5b4d8d713e36a86c199e2d7bad8bc3fd9c389bc494e07237cd6373f098e6636f01bce290d6a50e113

Download Submit
C:\Users\Admin\Downloads\moonloader\config\ADEV.Addon\NoteFiles\CODE3.txt

Filesize
397B

MD5
418e84d71666e822bf0cc9205193703a

SHA1
9b805598862d61008020b8a4870e84dabf3b9416

SHA256
7e672c3307ea8587746a9b6c67fdb415dd677daab2984257b11586a90dbb1225

SHA512
93aeb43b0e971435cb54ba1346dc803b865b6641f69cba02e15aa3a34f7c33e1d1827d60130c65c6e12fe19b08e6516bab934f219e094261f5bb377dae207c28

Download Submit
C:\Users\Admin\Downloads\moonloader\lib\lockbox\cipher\aes256.lua

Filesize
17KB

MD5
99bf0daaa25ecd20f2f1e00dcfa4df88

SHA1
0a7a936d9744fd0babec4a4595610730205b22b3

SHA256
f348aab3da77b69ca7db28a07112096e83291bac935e85c021b7934207938007

SHA512
a6b306aea6d5f5d1005657600ce35c7a6b6ae5d1b9fa99fa40057d7ce4feb884cdae5f54a2b9d8f5cee41541404fda41cae7a2aba488a98c37fb1d918703527c

Download Submit
C:\Users\Admin\Downloads\Удалить Русификатор SA.exe

Filesize
79KB

MD5
e45b118a387d6d8232cb070d9c07ccc9

SHA1
4e9295b2c65fed4c38801606f38b313d93efa0ee

SHA256
820d77fcd846a294c0b651121f27424a0dcae122e93df35c02d8c51c614fa0ef

SHA512
c5f765c441634dcb3617739b2f04edab279d77d7a76efa0053c1b3c93282555d90768a4beb2da52b7221980cf741f7f972855e32b82e792c36566549b34c35bd

Download Submit
memory/576-4645-0x0000000000400000-0x0000000000525000-memory.dmp

Filesize
1.1MB

Download
memory/576-4642-0x0000000000400000-0x0000000000525000-memory.dmp

Filesize
1.1MB

Download
memory/576-4648-0x0000000000400000-0x0000000000525000-memory.dmp

Filesize
1.1MB

Download
memory/576-4647-0x0000000000400000-0x0000000000525000-memory.dmp

Filesize
1.1MB

Download
memory/576-4643-0x0000000000400000-0x0000000000525000-memory.dmp

Filesize
1.1MB

Download
memory/968-293-0x000007FEEDF70000-0x000007FEEF020000-memory.dmp

Filesize
16.7MB

Download
memory/968-290-0x000000013F110000-0x000000013F208000-memory.dmp

Filesize
992KB

Download
memory/968-291-0x000007FEF6FE0000-0x000007FEF7014000-memory.dmp

Filesize
208KB

Download
memory/968-292-0x000007FEF3890000-0x000007FEF3B46000-memory.dmp

Filesize
2.7MB

Download
memory/1784-231-0x0000000000110000-0x0000000000111000-memory.dmp

Filesize
4KB

Download
memory/2296-4661-0x0000000000400000-0x0000000000525000-memory.dmp

Filesize
1.1MB

Download
memory/2296-4670-0x0000000000400000-0x0000000000525000-memory.dmp

Filesize
1.1MB

Download
memory/2296-4667-0x0000000000400000-0x0000000000525000-memory.dmp

Filesize
1.1MB

Download
memory/2296-4666-0x0000000000400000-0x0000000000525000-memory.dmp

Filesize
1.1MB

Download
memory/2296-4664-0x0000000000400000-0x0000000000525000-memory.dmp

Filesize
1.1MB

Download
memory/2296-4658-0x0000000000400000-0x0000000000525000-memory.dmp

Filesize
1.1MB

Download
memory/3068-415-0x000000013F180000-0x000000013F278000-memory.dmp

Filesize
992KB

Download
memory/3068-416-0x000007FEFAA60000-0x000007FEFAA94000-memory.dmp

Filesize
208KB

Download
memory/3068-417-0x000007FEF5F80000-0x000007FEF6236000-memory.dmp

Filesize
2.7MB

Download
memory/3068-418-0x000007FEF5390000-0x000007FEF549E000-memory.dmp

Filesize
1.1MB

Download
memory/3068-419-0x000007FEECEC0000-0x000007FEEDF70000-memory.dmp

Filesize
16.7MB

Download