vidar | hxxps://github[.]com/jhmendes2005/aluroni-router/blob/b78334b33c03f53c2bfff0357443eaea0eb99c8b/Fluxus%20V7[.]exe

Analysis

max time kernel
92s
max time network
121s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
27-10-2024 17:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/jhmendes2005/aluroni-router/blob/b78334b33c03f53c2bfff0357443eaea0eb99c8b/Fluxus%20V7.exe

Score

10^/10

vidar 467d1313a0fbcd97b65a6f1d261c288f discovery stealer

Malware Config

Extracted

Family

vidar

Version

11.1

Botnet

467d1313a0fbcd97b65a6f1d261c288f

https://steamcommunity.com/profiles/76561199786602107

https://t.me/lpnjoke

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0

Signatures

Detect Vidar Stealer 24 IoCs

stealer

resource	yara_rule
behavioral1/memory/4980-226-0x0000000000A00000-0x0000000000C76000-memory.dmp	family_vidar_v7
behavioral1/memory/4980-229-0x0000000000A00000-0x0000000000C76000-memory.dmp	family_vidar_v7
behavioral1/memory/4980-233-0x0000000000A00000-0x0000000000C76000-memory.dmp	family_vidar_v7
behavioral1/memory/4980-232-0x0000000000A00000-0x0000000000C76000-memory.dmp	family_vidar_v7
behavioral1/memory/4980-240-0x0000000000A00000-0x0000000000C76000-memory.dmp	family_vidar_v7
behavioral1/memory/4980-273-0x0000000000A00000-0x0000000000C76000-memory.dmp	family_vidar_v7
behavioral1/memory/4980-290-0x0000000000A00000-0x0000000000C76000-memory.dmp	family_vidar_v7
behavioral1/memory/4980-302-0x0000000000A00000-0x0000000000C76000-memory.dmp	family_vidar_v7
behavioral1/memory/4980-303-0x0000000000A00000-0x0000000000C76000-memory.dmp	family_vidar_v7
behavioral1/memory/4980-309-0x0000000000A00000-0x0000000000C76000-memory.dmp	family_vidar_v7
behavioral1/memory/4980-310-0x0000000000A00000-0x0000000000C76000-memory.dmp	family_vidar_v7
behavioral1/memory/4980-311-0x0000000000A00000-0x0000000000C76000-memory.dmp	family_vidar_v7
behavioral1/memory/4980-312-0x0000000000A00000-0x0000000000C76000-memory.dmp	family_vidar_v7
behavioral1/memory/4980-313-0x0000000000A00000-0x0000000000C76000-memory.dmp	family_vidar_v7
behavioral1/memory/4980-314-0x0000000000A00000-0x0000000000C76000-memory.dmp	family_vidar_v7
behavioral1/memory/4980-315-0x0000000000A00000-0x0000000000C76000-memory.dmp	family_vidar_v7
behavioral1/memory/4980-316-0x0000000000A00000-0x0000000000C76000-memory.dmp	family_vidar_v7
behavioral1/memory/2708-319-0x00000000006A0000-0x0000000000916000-memory.dmp	family_vidar_v7
behavioral1/memory/2708-322-0x00000000006A0000-0x0000000000916000-memory.dmp	family_vidar_v7
behavioral1/memory/4992-325-0x0000000000400000-0x0000000000676000-memory.dmp	family_vidar_v7
behavioral1/memory/4980-341-0x0000000000A00000-0x0000000000C76000-memory.dmp	family_vidar_v7
behavioral1/memory/4980-342-0x0000000000A00000-0x0000000000C76000-memory.dmp	family_vidar_v7
behavioral1/memory/4980-343-0x0000000000A00000-0x0000000000C76000-memory.dmp	family_vidar_v7
behavioral1/memory/4980-344-0x0000000000A00000-0x0000000000C76000-memory.dmp	family_vidar_v7

Vidar
Vidar is an infostealer based on Arkei stealer.
stealer vidar
Vidar family
vidar
Downloads MZ/PE file

Executes dropped EXE 3 IoCs

pid	Process
3988	Fluxus V7.exe
4496	Fluxus V7.exe
2584	Fluxus V7.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
39	raw.githubusercontent.com
40	raw.githubusercontent.com
103	bitbucket.org
104	bitbucket.org

Suspicious use of SetThreadContext 3 IoCs

description	pid	Process	procid_target
PID 3988 set thread context of 4980	3988	Fluxus V7.exe	104
PID 2584 set thread context of 2708	2584	Fluxus V7.exe	109
PID 4496 set thread context of 4992	4496	Fluxus V7.exe	108

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Fluxus V7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BitLockerToGo.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Fluxus V7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Fluxus V7.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	BitLockerToGo.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	BitLockerToGo.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133745235291825502"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
4632	chrome.exe
4632	chrome.exe
4980	BitLockerToGo.exe
4980	BitLockerToGo.exe
4980	BitLockerToGo.exe
4980	BitLockerToGo.exe
4980	BitLockerToGo.exe
4980	BitLockerToGo.exe
4980	BitLockerToGo.exe
4980	BitLockerToGo.exe
4980	BitLockerToGo.exe
4980	BitLockerToGo.exe
4980	BitLockerToGo.exe
4980	BitLockerToGo.exe
4980	BitLockerToGo.exe
4980	BitLockerToGo.exe
4980	BitLockerToGo.exe
4980	BitLockerToGo.exe
4980	BitLockerToGo.exe
4980	BitLockerToGo.exe
4980	BitLockerToGo.exe
4980	BitLockerToGo.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4632	chrome.exe
4632	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4632 wrote to memory of 224	4632	chrome.exe	82
PID 4632 wrote to memory of 224	4632	chrome.exe	82
PID 4632 wrote to memory of 4748	4632	chrome.exe	83
PID 4632 wrote to memory of 4748	4632	chrome.exe	83
PID 4632 wrote to memory of 4748	4632	chrome.exe	83
PID 4632 wrote to memory of 4748	4632	chrome.exe	83
PID 4632 wrote to memory of 4748	4632	chrome.exe	83
PID 4632 wrote to memory of 4748	4632	chrome.exe	83
PID 4632 wrote to memory of 4748	4632	chrome.exe	83
PID 4632 wrote to memory of 4748	4632	chrome.exe	83
PID 4632 wrote to memory of 4748	4632	chrome.exe	83
PID 4632 wrote to memory of 4748	4632	chrome.exe	83
PID 4632 wrote to memory of 4748	4632	chrome.exe	83
PID 4632 wrote to memory of 4748	4632	chrome.exe	83
PID 4632 wrote to memory of 4748	4632	chrome.exe	83
PID 4632 wrote to memory of 4748	4632	chrome.exe	83
PID 4632 wrote to memory of 4748	4632	chrome.exe	83
PID 4632 wrote to memory of 4748	4632	chrome.exe	83
PID 4632 wrote to memory of 4748	4632	chrome.exe	83
PID 4632 wrote to memory of 4748	4632	chrome.exe	83
PID 4632 wrote to memory of 4748	4632	chrome.exe	83
PID 4632 wrote to memory of 4748	4632	chrome.exe	83
PID 4632 wrote to memory of 4748	4632	chrome.exe	83
PID 4632 wrote to memory of 4748	4632	chrome.exe	83
PID 4632 wrote to memory of 4748	4632	chrome.exe	83
PID 4632 wrote to memory of 4748	4632	chrome.exe	83
PID 4632 wrote to memory of 4748	4632	chrome.exe	83
PID 4632 wrote to memory of 4748	4632	chrome.exe	83
PID 4632 wrote to memory of 4748	4632	chrome.exe	83
PID 4632 wrote to memory of 4748	4632	chrome.exe	83
PID 4632 wrote to memory of 4748	4632	chrome.exe	83
PID 4632 wrote to memory of 4748	4632	chrome.exe	83
PID 4632 wrote to memory of 2656	4632	chrome.exe	84
PID 4632 wrote to memory of 2656	4632	chrome.exe	84
PID 4632 wrote to memory of 4732	4632	chrome.exe	85
PID 4632 wrote to memory of 4732	4632	chrome.exe	85
PID 4632 wrote to memory of 4732	4632	chrome.exe	85
PID 4632 wrote to memory of 4732	4632	chrome.exe	85
PID 4632 wrote to memory of 4732	4632	chrome.exe	85
PID 4632 wrote to memory of 4732	4632	chrome.exe	85
PID 4632 wrote to memory of 4732	4632	chrome.exe	85
PID 4632 wrote to memory of 4732	4632	chrome.exe	85
PID 4632 wrote to memory of 4732	4632	chrome.exe	85
PID 4632 wrote to memory of 4732	4632	chrome.exe	85
PID 4632 wrote to memory of 4732	4632	chrome.exe	85
PID 4632 wrote to memory of 4732	4632	chrome.exe	85
PID 4632 wrote to memory of 4732	4632	chrome.exe	85
PID 4632 wrote to memory of 4732	4632	chrome.exe	85
PID 4632 wrote to memory of 4732	4632	chrome.exe	85
PID 4632 wrote to memory of 4732	4632	chrome.exe	85
PID 4632 wrote to memory of 4732	4632	chrome.exe	85
PID 4632 wrote to memory of 4732	4632	chrome.exe	85
PID 4632 wrote to memory of 4732	4632	chrome.exe	85
PID 4632 wrote to memory of 4732	4632	chrome.exe	85
PID 4632 wrote to memory of 4732	4632	chrome.exe	85
PID 4632 wrote to memory of 4732	4632	chrome.exe	85
PID 4632 wrote to memory of 4732	4632	chrome.exe	85
PID 4632 wrote to memory of 4732	4632	chrome.exe	85
PID 4632 wrote to memory of 4732	4632	chrome.exe	85
PID 4632 wrote to memory of 4732	4632	chrome.exe	85
PID 4632 wrote to memory of 4732	4632	chrome.exe	85
PID 4632 wrote to memory of 4732	4632	chrome.exe	85
PID 4632 wrote to memory of 4732	4632	chrome.exe	85
PID 4632 wrote to memory of 4732	4632	chrome.exe	85

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/jhmendes2005/aluroni-router/blob/b78334b33c03f53c2bfff0357443eaea0eb99c8b/Fluxus%20V7.exe
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ffab301cc40,0x7ffab301cc4c,0x7ffab301cc58
  2⤵
  PID:224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2036,i,13584718268212193684,1548054872704216530,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2032 /prefetch:2
  2⤵
  PID:4748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1952,i,13584718268212193684,1548054872704216530,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2144 /prefetch:3
  2⤵
  PID:2656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2012,i,13584718268212193684,1548054872704216530,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2292 /prefetch:8
  2⤵
  PID:4732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3152,i,13584718268212193684,1548054872704216530,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:1976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3160,i,13584718268212193684,1548054872704216530,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:1904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4940,i,13584718268212193684,1548054872704216530,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4868 /prefetch:8
  2⤵
  PID:1772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5212,i,13584718268212193684,1548054872704216530,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5164 /prefetch:8
  2⤵
  PID:4216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5368,i,13584718268212193684,1548054872704216530,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5384 /prefetch:8
  2⤵
  PID:2832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5524,i,13584718268212193684,1548054872704216530,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5536 /prefetch:8
  2⤵
  PID:3168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5676,i,13584718268212193684,1548054872704216530,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5688 /prefetch:8
  2⤵
  PID:3884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5696,i,13584718268212193684,1548054872704216530,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5724 /prefetch:8
  2⤵
  PID:2560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4992,i,13584718268212193684,1548054872704216530,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4616 /prefetch:8
  2⤵
  PID:560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3732,i,13584718268212193684,1548054872704216530,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3752 /prefetch:3
  2⤵
  PID:3952

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1004

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4064

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2748

C:\Users\Admin\Downloads\Fluxus V7.exe
"C:\Users\Admin\Downloads\Fluxus V7.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:3988
- C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
  "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Suspicious behavior: EnumeratesProcesses
  PID:4980
- - C:\ProgramData\GIIIECBGDH.exe
    "C:\ProgramData\GIIIECBGDH.exe"
    3⤵
    PID:1912

C:\Users\Admin\Downloads\Fluxus V7.exe
"C:\Users\Admin\Downloads\Fluxus V7.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:4496
- C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
  "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
  2⤵
  PID:4992

C:\Users\Admin\Downloads\Fluxus V7.exe
"C:\Users\Admin\Downloads\Fluxus V7.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:2584
- C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
  "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
  2⤵
  PID:2708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\GIIIECBGDH.exe

Filesize
5.8MB

MD5
9cbe7679e5e5fe744a5e64e896c60002

SHA1
5da48252fb30fd2b5a30f6da266641fadc9aed39

SHA256
3882603965a76a212d398d0a207038b91371dd86432cca055672f5c202cb4aba

SHA512
11d27d8c2942e43e38887b624ce83175e0ec6a913e0059d444037b73e6db4d4028b34d1bfa3ad36740f03a44e35d7543692d3e15a21e32038b25288ec19acca7

Download Submit
C:\ProgramData\mozglue.dll

Filesize
593KB

MD5
c8fd9be83bc728cc04beffafc2907fe9

SHA1
95ab9f701e0024cedfbd312bcfe4e726744c4f2e

SHA256
ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a

SHA512
fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

Download Submit
C:\ProgramData\nss3.dll

Filesize
2.0MB

MD5
1cc453cdf74f31e4d913ff9c10acdde2

SHA1
6e85eae544d6e965f15fa5c39700fa7202f3aafe

SHA256
ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5

SHA512
dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
278f2d6200df6ca90b1341cb740f1fce

SHA1
77cea1852448287d77dc3053e883046575994a1f

SHA256
aaec781fd0f316cdf8d0999817228f7ad4329205a077cf76a63975d0924e8cb8

SHA512
42c2c561cce872fc39def7fca02d7a275cbc135c3224795b6646fbc30d984c3f5037503e89e32fdd7063fd2d5308a3d1bd0b5c0031ce1fe38811f77e36f20ed1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
0af613a20231a5d012b4b61dd83897eb

SHA1
0a795a8db4852b68ed88c556c72de653b2e61534

SHA256
c59f82bf3c6c9fb8c59f9201544b00031dc9f57fa20ed0a61bf54e69dbe0de88

SHA512
23692ab400059ee1ff3a43db3c5e25e368fd49dddb6b46bd2326834ae4bae90abe7afe101dcee1d603a1398457388559c1191aeb390ab062a6c3c6be40482b88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
949e49f87899b5431798b5fd573c97cb

SHA1
fa319117264a7b8eb5a2654fca7f49854f4a2f28

SHA256
a5a520f8b778b01382a5c0fcf6ff65b2968384ca57443c01b19719f24ed34437

SHA512
52a85b4946e4b1c798cc5a01807b4ec6ccc704c7ea9ec7f8fcdbc92044359649eccfeb2cf789d056a19b1313c8ed3bd0f6b5936e96dcb8c3b224c2d9affc4a76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
9c2e34715848966752d5fb867499e489

SHA1
a66a7a6369ad71172855a18356204064e38691fd

SHA256
463a8e1cc33a9031347a3fc984b05cbf667d8216bc9daaf967df12ec2930616d

SHA512
1f7835f8f1a0fe76b16dbc37cfef2b733ce07cd2d43b7e60a50edf9d8e065fd26b5a128cc05978308424c548bb5eedf5ea3998ec5b5691fe6dbb4c3eeed796a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
34KB

MD5
70d81bbf5a8fee5066e70d9557ac8df7

SHA1
85fc102b29069ab01b0c8f7b7bb3ffc2bf57448c

SHA256
de084741a9e99d227b8046185e51c31d58a8c32f0d5707b1f0fd77ee15d4e5ec

SHA512
16b6f3f295e233067e120f4e6d940f5c1f3bd4e11782d457905680f72784e3fe2554c2a2856db9b283b1943c93719b5937a2a1a5525468797b59b14c8e4b7704

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
37KB

MD5
c130e937317e64edd4335e53b17d55a2

SHA1
51bfff9dee11ab5a8c43198c0d6178799ed9433b

SHA256
46025a134ebdd6c6464ff422818e60938fc41af735f7951f4febe29f57612a49

SHA512
68e5fa69101a7347028ad30d7c004dafabcbd8f8009df90d0471b19a36741075d72da56a2b1693c2067902630584bda5536f0702302db5d69f407424d4a964de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
20KB

MD5
2766b860b167839e5722e40659620a47

SHA1
47766dc72bcace431ee8debed7efcf066dcd2b59

SHA256
725a5e52a501bcd107624aafa44a857c00d02286fde07be774afeac2efed68c3

SHA512
a97f77977518ca755e9460cac34e0b5358ba98b3624c53f0e1ef7b947e62a6f3f99caf2852fb3132c822525d88b67b9c1ed778b3e40083d9df36028c85f73ae8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
19KB

MD5
a65f7f00889531aa44dda3b0bd4f4da2

SHA1
c8be192464c7e60d4d5699f6b3dabf01b3a9d1d3

SHA256
0dcf11ca854f5c350637f7f53cccdaf95492dbbf779b905138e26b1ec1dc91e3

SHA512
6f48f0f7cc1a35a9068c1284579db065e0fd4b2651355d68a8ff5ae9df86090be3f6e5ac4589585166829087c8bd3c37431a7066358eaced0cdb6c5a0d544fae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
37KB

MD5
c67ee59476ed03e32d0aeb3abd3b1d95

SHA1
8b66a81cd4c7100c925e2b70d29b3fdbd50f8d9b

SHA256
2d35ec95c10e30f0bddbfb37173697d6f23cd343398c85a9442c8d946d0660e3

SHA512
421d50524bd743d746071aaad698616e727271fdf21ee28517763a429dcb6839a7ad77f7575b13c6294dc64d255df9b0a64eb09c9d3b2349fef49b883899d931

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
18KB

MD5
2e23d6e099f830cf0b14356b3c3443ce

SHA1
027db4ff48118566db039d6b5f574a8ac73002bc

SHA256
7238196a5bf79e1b83cacb9ed4a82bf40b32cd789c30ef790e4eac0bbf438885

SHA512
165b1de091bfe0dd9deff0f8a3968268113d95edc9fd7a8081b525e0910f4442cfb3b4f5ac58ecfa41991d9dcabe5aa8b69f7f1c77e202cd17dd774931662717

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
38KB

MD5
b376c55a7ba31e51dd8e8255789fe89a

SHA1
439c757d3520f276a8d313f8c337aa90ddbab16b

SHA256
97eab72e32402a938305438fa0682cbaf45b75af692793bd35bf9134782e3bef

SHA512
99b31f6378611df26a3dc827aa24709e0854f2a1595097482530087cc26761db5efd6be323005e49b89563de1169d44d86888c98eed8e9ffe880f516281a9c0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
58KB

MD5
2389054bc92fc6a9b9d21997feabb1cd

SHA1
d46b4bece5021bbb060dceef4273475b879c75de

SHA256
5c38b4d4f6b902a99e4eb9cd922a2a2a37b549388bb4dda0b756bf6d5887d6da

SHA512
5525a4228fe65d25f0084fcde29dce0b97b80126e36875d226549f379e56ae52c0b2ae12752b188fb9715812d14d740f1ebf35f3ebb5c1b4e3b564836ed30b0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
53KB

MD5
cfff8fc00d16fc868cf319409948c243

SHA1
b7e2e2a6656c77a19d9819a7d782a981d9e16d44

SHA256
51266cbe2741a46507d1bb758669d6de3c2246f650829774f7433bc734688a5a

SHA512
9d127abfdf3850998fd0d2fb6bd106b5a40506398eb9c5474933ff5309cdc18c07052592281dbe1f15ea9d6cb245d08ff09873b374777d71bbbc6e0594bde39b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
18KB

MD5
7d5eab356faec5b5f4d54a6aaa773bed

SHA1
25b586f3c878feecf21a0e7456990d9882e818cb

SHA256
0d2392b48ec59632d23269b239b2153ed66943717a0d3711628fc2dd52a2119e

SHA512
7c7649ecbfa3deb35a6f08134ea3703a639f957a254454f228f4ded47b6c5a73f03a34b8368d789a2b92aa7a9a979c9aa1fda64fd5531a404d3b2f8997dc54ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
88KB

MD5
76d82c7d8c864c474936304e74ce3f4c

SHA1
8447bf273d15b973b48937326a90c60baa2903bf

SHA256
3329378951655530764aaa1f820b0db86aa0f00834fd7f51a48ad752610d60c8

SHA512
a0fc55af7f35ad5f8ac24cea6b9688698909a2e1345460d35e7133142a918d9925fc260e08d0015ec6fa7721fbeae90a4457caa97d6ce01b4ff46109f4cd5a46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
99KB

MD5
2940076ef5b451648e126653123622ea

SHA1
46adb402ebad36dc277bc281d15b4b9643c4cb6e

SHA256
2766045315b53c22ce78b0c83624a7f52000765c55061a9deae19ca67897d664

SHA512
f695bdf186be90f1df6d303bf5beb5bec9c71a069978fb6adb23b68c893ef7ca0c5da2cdc32d39cdc9a8f0bbcf0050abeb3cc02c75a2861d9434591ac8680922

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
63KB

MD5
b470641c453d5e71c3d924ab3b79a455

SHA1
927594c292bb654e40f1154a40c9948647a9b9dd

SHA256
ab60625b7a253e84b7631e65c2a5fb70563f9e60f2c9faf93af5ccdaf38cf8e8

SHA512
b8173c986ef7bf4b2890aa9bb5a8c4c099dee5f47bdd1ab361a13a1ac47d97cdb26b711ebf8dcf469fb9da777e7bf4e3710a0730b7328c8d74ab3062ebd770dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
19KB

MD5
9f35ba270e9ea92ab439941460109ef9

SHA1
699dd11d06d2d5925cc91c2df7e4fca4acab56b2

SHA256
344f84869c6a5fea3a0ba409a9716b2d5e83b27bd295603d72bdfd6f8af98f24

SHA512
8660fcca9cf7ca63ccedd93e9606b5362babb0d2b7525248d2530a1656043aaddfbd71d4e21cefbc1669f97efc2e54f6f5e60a2da51084997dcc56f02ef4e750

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
44aa1243210c5bf62fed84d11bfd7e83

SHA1
9f5cd06b03b40aac43b88ea9d87f7f5250d67141

SHA256
aed5a8e65f214314fc3cf1ff5aa602e101e23679fea19d0acf2dff0bcaf607da

SHA512
c6c422a95d95babc9a6615dcab5a1bc62c4fcbb1920c0797c16caecc64c2491b74c21bcfff93419d2b0c0b0cb8fc5157c7bf146b9798a49fa2ffab1b54bd3105

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
160KB

MD5
815c4b8bfaadb3ccf3ab5ab574dbbcf6

SHA1
d7e242ae72d3220007db638c144804f026068390

SHA256
2866f9f7b424f3e190ea6f23d93bd46b3fd15db61957875fe844ad9730ec8f90

SHA512
908de063fb80ddefd7c31ce28461ab535882e2e24908c09094210e4359716867225aee829272265e2447a35dd13360f591185cd20da8e210c22433d66082c313

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Filesize
20KB

MD5
ff7241cc8eca77db7ba595a06fed5fda

SHA1
c262eb511ab9769cad997651a161642f62929d8e

SHA256
645e630ad7e29e8eb12864ca046623babd8e308a0a10b811f7cec32c386f87f2

SHA512
23113696997f9e068327aa65483b9e3e6b58503f926a564c5a797c882a90be534ff601e848fc4ebafd4e7f55314a931b5a0cd6f03af0ae4af79b3f6e424a7a72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
735dbc0090cfa8d296cf36074c4c3979

SHA1
9ff620eab3e97eed73dc9ab0e5d1e2dffa4df2d8

SHA256
03a67a8478e288ee9bb35f32be608d36c0049c693d65788c324cf519d51f5002

SHA512
a53e09f01fb7b997968704ef69fa520a68af3e26b400eee1bba7221b35e50a2d4d042d79fe2e47081714d36910303409a972b3eb31b8bc047abf1ea5e24e1e37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6f8ca613bb755a96995cc60a91a933a3

SHA1
7e807f69513b4050c39c6572ee72c8dac27473d7

SHA256
13cc86218dafe47e73c511eb4bd44fe45d5c02d4eb05f02bbca453ec23cad808

SHA512
fdaa152251bff006e011b1daa96408df43faee43987ed16889dcda0ce1cb0b26bd0fb1c439da01049b6cc032898dbf65ca76d2045ca8773a294aadcb37b50cac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
77d9e320216eaebe31768b4fd75c4694

SHA1
b799352499cb36bf8029314c688e61c85293deaa

SHA256
6c5e7d863d1d4bf384d068e0d0aaeb6266916e65e4094f8ff144b15c8e485ef7

SHA512
e5c7c984aeefad286eaabc406f3e716459ec1acd8f8f66658723589eb878b70f7b0605d079830d75bff273087d21214486210207a125cfa5fdb822987bd9c7ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3579b370a9171d3e71dc1f3dcda4e790

SHA1
81a1498f6a61b2c4e024d3586c5994b70e0afa50

SHA256
ff184857c5253836672ef355f2e20f6aff9bc376536a9ad13a4eb33451a04b48

SHA512
d7b621534c1884183b8e8a2bc272552469150b48bdce0b8334b386f3efb25e547fd0c688f0eb1cc29b1cafba4fe26e79c494ecb7a5c02e8726e217889d9c0f6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4f85908eec91de4e9dc95d88d949607c

SHA1
a31c401d59cedf5fccab52155764e8a4eb842dbd

SHA256
bdfeb58a5965434c465bd27601b308baa433c3bd487cb98d479eedec0a13d190

SHA512
71bd2ccfc7157f36194d490539c8e93538315eca588f9c50f0d7d563c51ded971b87ff6d911c0a4eecb1770dfcf7c5befcf8ce85d9787529794bddf203faff3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1b760d7be28793df5d1bc7e0e0e1024b

SHA1
b7cf812986c3b8358761f2e19097fd68cc996630

SHA256
36a9903a8ce789fc6dcb1d3cf959ceda49002fc423f33ad813f23ad632499210

SHA512
009515c939f95092ff2c74e39be719143de147880784847046153194ed2b03dacd7ddf5a4cfcac84efb645f847a6ab6c4ca51cdba5700f3a719365920f7e6d68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7269c70655edbc6c50fdf0ea01d19956

SHA1
f60082a70936a64d1aeaa2f3aadb98ae7fd5dd8d

SHA256
5b40fb9b1f00d4d94c963d13acf5edde8222a0433af5591dbc0421c0e527161f

SHA512
d7c99c51d14f13d59b3f61911b09463d464d061f195cf5a8f35b699f2694d9603645514e12130a91d37cd577fdc0387a7bd686d252a76594a7f96356c2b61dd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
41acb96eb15947ca3fa3dbb1068dae3d

SHA1
216a3068348010faa91e7956ca38b95ce71852bf

SHA256
1153d1a49caa9691eba6a0438c15495b712745c2039663aedb067a80ebd19966

SHA512
37a0196d37fd6c0ead32aebd5d1ca933c1f46d289e193a774f6772763c5fe94b091bd54a96a5888941a0d9b0e33849fbdadf7fbbd1b9968265fbcf4ee41334fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
34ba47aa2cd90255b27309dde29ec16b

SHA1
dcdb1ee6f7bfc20cc61017927eb67f695ccee874

SHA256
e18acdb3f5cbc1741567c75202da6d480804b6acca04ae02016d9d724713b9d2

SHA512
22db4a4ca93cb0a94ee6b49735c144b6608567469edfc2ddd4feb187dcc08800aa179653e33dd03a31b3f4b54f9c7a6f29b4433a3a5c4ae6ab19bd85f2aa706a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0cd73440a897c1b3a215d48a2e541f63

SHA1
880f67c88945f183fc7c541a4c47ca13f2a4ebe6

SHA256
af5916197d64b209aa99405beb5869fe609b96f56814b8b0fef6d690b7574f7b

SHA512
3c4bb31caeca39571aa563dd020f929c67675f12cd56ed968ce51a987930f339a53cf401a08c9eb38fd4b4790f0a923ce58860f2c9c3f0302398dad29c72c19c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
d31cb0d888b493c65208618efc95bbe6

SHA1
f7fe525436301ba62f4e6ef5dead8059653e0108

SHA256
af0572751ac60b5d7327159b6777465afded9ad34187abfe65d42bb351d6d735

SHA512
f851455eaff37add4e5e7b8a4ef73971037d565b11371b0a6d25eaf65803b687d2fde84c4fe3c83503fcc96f7f35e99224ba37adfb56c95df47cff6a6cdd1444

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
b95872771da70761447cad13e7c48964

SHA1
9ada8e80e22c6cfe089fbc29626d91ccd3e28430

SHA256
1d81d3f884d0b121d245c067e2678659454892adeb9fead9feffdb0dcefa4768

SHA512
496cbf17d0357617a42e2090828031dfe3bb0c1ca4fe3853283cfb8d4ee6f3a138562b3c29f7f95dc4e70d5eb600845e92989291ca044e628c28093c72663bc4

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 381026.crdownload

Filesize
9.1MB

MD5
de40920ceb6061d4a5b62fd03a9438c5

SHA1
eb3d3f46aad57e868b9d4b2c07d24410bfd2ca85

SHA256
959e47ec654acce16b8df4466da97f8479d65b9a69a2c3603c3cb6856ceaecc0

SHA512
fa0ea73440e794092045fdada16fb702ae7e5962a09d2fa62d7873a1c211c9b55037cb34c15477cdaf6052a0d7443ce413cebe35e4785032718666246af712f6

Download Submit
memory/1912-385-0x00007FF734260000-0x00007FF734DE8000-memory.dmp

Filesize
11.5MB

Download
memory/2708-319-0x00000000006A0000-0x0000000000916000-memory.dmp

Filesize
2.5MB

Download
memory/2708-322-0x00000000006A0000-0x0000000000916000-memory.dmp

Filesize
2.5MB

Download
memory/4980-240-0x0000000000A00000-0x0000000000C76000-memory.dmp

Filesize
2.5MB

Download
memory/4980-290-0x0000000000A00000-0x0000000000C76000-memory.dmp

Filesize
2.5MB

Download
memory/4980-302-0x0000000000A00000-0x0000000000C76000-memory.dmp

Filesize
2.5MB

Download
memory/4980-309-0x0000000000A00000-0x0000000000C76000-memory.dmp

Filesize
2.5MB

Download
memory/4980-310-0x0000000000A00000-0x0000000000C76000-memory.dmp

Filesize
2.5MB

Download
memory/4980-311-0x0000000000A00000-0x0000000000C76000-memory.dmp

Filesize
2.5MB

Download
memory/4980-312-0x0000000000A00000-0x0000000000C76000-memory.dmp

Filesize
2.5MB

Download
memory/4980-313-0x0000000000A00000-0x0000000000C76000-memory.dmp

Filesize
2.5MB

Download
memory/4980-314-0x0000000000A00000-0x0000000000C76000-memory.dmp

Filesize
2.5MB

Download
memory/4980-315-0x0000000000A00000-0x0000000000C76000-memory.dmp

Filesize
2.5MB

Download
memory/4980-316-0x0000000000A00000-0x0000000000C76000-memory.dmp

Filesize
2.5MB

Download
memory/4980-303-0x0000000000A00000-0x0000000000C76000-memory.dmp

Filesize
2.5MB

Download
memory/4980-273-0x0000000000A00000-0x0000000000C76000-memory.dmp

Filesize
2.5MB

Download
memory/4980-225-0x0000000000A00000-0x0000000000C76000-memory.dmp

Filesize
2.5MB

Download
memory/4980-242-0x000000001FAB0000-0x000000001FD0F000-memory.dmp

Filesize
2.4MB

Download
memory/4980-232-0x0000000000A00000-0x0000000000C76000-memory.dmp

Filesize
2.5MB

Download
memory/4980-341-0x0000000000A00000-0x0000000000C76000-memory.dmp

Filesize
2.5MB

Download
memory/4980-342-0x0000000000A00000-0x0000000000C76000-memory.dmp

Filesize
2.5MB

Download
memory/4980-343-0x0000000000A00000-0x0000000000C76000-memory.dmp

Filesize
2.5MB

Download
memory/4980-344-0x0000000000A00000-0x0000000000C76000-memory.dmp

Filesize
2.5MB

Download
memory/4980-233-0x0000000000A00000-0x0000000000C76000-memory.dmp

Filesize
2.5MB

Download
memory/4980-229-0x0000000000A00000-0x0000000000C76000-memory.dmp

Filesize
2.5MB

Download
memory/4980-226-0x0000000000A00000-0x0000000000C76000-memory.dmp

Filesize
2.5MB

Download
memory/4992-325-0x0000000000400000-0x0000000000676000-memory.dmp

Filesize
2.5MB

Download