3e091df4051e6b0859c2142a0869a415e5968c20edb5e9a60fcd077f7b61be19

Resubmissions

06/02/2025, 18:35

250206-w8pcrasqgx 7

16/01/2025, 14:09

08/01/2025, 00:01

06/01/2025, 13:40

18/12/2024, 13:25

12/12/2024, 19:51

28/03/2024, 18:16

Analysis

max time kernel
1560s
max time network
1561s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
12/12/2024, 19:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Roblox Evon Exploit V4_41257.exe
Size

8.7MB
MD5

98194b1fd3ceea50438976b40ea59d05
SHA1

ed918fbb5765aa91e5c9d2c492ec00667478ac35
SHA256

3e091df4051e6b0859c2142a0869a415e5968c20edb5e9a60fcd077f7b61be19
SHA512

9587acb23ee51e4743c5399b78b64f2a0e87e2413cd56e220df8c08ebe0f352ac0ca83c1826f09718876a6248057e9cbac0f38ee725de83b4ca7de4f805f30bf
SSDEEP

196608:wu6nOE62LOa8ewFCrqNeuUG59Fa9FVDNWXVkHo/ly:MOb2C6wFCrqNZ529PDNs2Ho/k

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2276	setup41257.exe
2656	GenericSetup.exe

Loads dropped DLL 25 IoCs

pid	Process
2520	Roblox Evon Exploit V4_41257.exe
2276	setup41257.exe
2656	GenericSetup.exe
2656	GenericSetup.exe
2656	GenericSetup.exe
2656	GenericSetup.exe
2656	GenericSetup.exe
2656	GenericSetup.exe
2656	GenericSetup.exe
2656	GenericSetup.exe
2656	GenericSetup.exe
2656	GenericSetup.exe
2656	GenericSetup.exe
2656	GenericSetup.exe
2656	GenericSetup.exe
2656	GenericSetup.exe
2656	GenericSetup.exe
2656	GenericSetup.exe
2656	GenericSetup.exe
2656	GenericSetup.exe
2656	GenericSetup.exe
2656	GenericSetup.exe
2656	GenericSetup.exe
2656	GenericSetup.exe
2656	GenericSetup.exe

Checks for any installed AV software in registry 1 TTPs 8 IoCs

Security Software Discovery

T1518.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVG\AV	GenericSetup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast\Version	GenericSetup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast	GenericSetup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast\Version	GenericSetup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast	GenericSetup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVG\AV\Dir	GenericSetup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVG\AV	GenericSetup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVG\AV\Dir	GenericSetup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup41257.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GenericSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Roblox Evon Exploit V4_41257.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
2656	GenericSetup.exe
2656	GenericSetup.exe
2656	GenericSetup.exe
2656	GenericSetup.exe
2656	GenericSetup.exe
2656	GenericSetup.exe
2656	GenericSetup.exe
2656	GenericSetup.exe
2656	GenericSetup.exe
2656	GenericSetup.exe
2656	GenericSetup.exe
2656	GenericSetup.exe
2656	GenericSetup.exe
2656	GenericSetup.exe
892	chrome.exe
892	chrome.exe
2860	chrome.exe
2860	chrome.exe

Suspicious use of AdjustPrivilegeToken 63 IoCs

description	pid	Process
Token: SeDebugPrivilege	2656	GenericSetup.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2520	Roblox Evon Exploit V4_41257.exe
2656	GenericSetup.exe
2520	Roblox Evon Exploit V4_41257.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2520 wrote to memory of 2276	2520	Roblox Evon Exploit V4_41257.exe	30
PID 2520 wrote to memory of 2276	2520	Roblox Evon Exploit V4_41257.exe	30
PID 2520 wrote to memory of 2276	2520	Roblox Evon Exploit V4_41257.exe	30
PID 2520 wrote to memory of 2276	2520	Roblox Evon Exploit V4_41257.exe	30
PID 2520 wrote to memory of 2276	2520	Roblox Evon Exploit V4_41257.exe	30
PID 2520 wrote to memory of 2276	2520	Roblox Evon Exploit V4_41257.exe	30
PID 2520 wrote to memory of 2276	2520	Roblox Evon Exploit V4_41257.exe	30
PID 2276 wrote to memory of 2656	2276	setup41257.exe	31
PID 2276 wrote to memory of 2656	2276	setup41257.exe	31
PID 2276 wrote to memory of 2656	2276	setup41257.exe	31
PID 2276 wrote to memory of 2656	2276	setup41257.exe	31
PID 2276 wrote to memory of 2656	2276	setup41257.exe	31
PID 2276 wrote to memory of 2656	2276	setup41257.exe	31
PID 2276 wrote to memory of 2656	2276	setup41257.exe	31
PID 892 wrote to memory of 884	892	chrome.exe	35
PID 892 wrote to memory of 884	892	chrome.exe	35
PID 892 wrote to memory of 884	892	chrome.exe	35
PID 892 wrote to memory of 2748	892	chrome.exe	36
PID 892 wrote to memory of 2748	892	chrome.exe	36
PID 892 wrote to memory of 2748	892	chrome.exe	36
PID 892 wrote to memory of 2748	892	chrome.exe	36
PID 892 wrote to memory of 2748	892	chrome.exe	36
PID 892 wrote to memory of 2748	892	chrome.exe	36
PID 892 wrote to memory of 2748	892	chrome.exe	36
PID 892 wrote to memory of 2748	892	chrome.exe	36
PID 892 wrote to memory of 2748	892	chrome.exe	36
PID 892 wrote to memory of 2748	892	chrome.exe	36
PID 892 wrote to memory of 2748	892	chrome.exe	36
PID 892 wrote to memory of 2748	892	chrome.exe	36
PID 892 wrote to memory of 2748	892	chrome.exe	36
PID 892 wrote to memory of 2748	892	chrome.exe	36
PID 892 wrote to memory of 2748	892	chrome.exe	36
PID 892 wrote to memory of 2748	892	chrome.exe	36
PID 892 wrote to memory of 2748	892	chrome.exe	36
PID 892 wrote to memory of 2748	892	chrome.exe	36
PID 892 wrote to memory of 2748	892	chrome.exe	36
PID 892 wrote to memory of 2748	892	chrome.exe	36
PID 892 wrote to memory of 2748	892	chrome.exe	36
PID 892 wrote to memory of 2748	892	chrome.exe	36
PID 892 wrote to memory of 2748	892	chrome.exe	36
PID 892 wrote to memory of 2748	892	chrome.exe	36
PID 892 wrote to memory of 2748	892	chrome.exe	36
PID 892 wrote to memory of 2748	892	chrome.exe	36
PID 892 wrote to memory of 2748	892	chrome.exe	36
PID 892 wrote to memory of 2748	892	chrome.exe	36
PID 892 wrote to memory of 2748	892	chrome.exe	36
PID 892 wrote to memory of 2748	892	chrome.exe	36
PID 892 wrote to memory of 2748	892	chrome.exe	36
PID 892 wrote to memory of 2748	892	chrome.exe	36
PID 892 wrote to memory of 2748	892	chrome.exe	36
PID 892 wrote to memory of 2748	892	chrome.exe	36
PID 892 wrote to memory of 2748	892	chrome.exe	36
PID 892 wrote to memory of 2748	892	chrome.exe	36
PID 892 wrote to memory of 2748	892	chrome.exe	36
PID 892 wrote to memory of 2748	892	chrome.exe	36
PID 892 wrote to memory of 2748	892	chrome.exe	36
PID 892 wrote to memory of 2080	892	chrome.exe	37
PID 892 wrote to memory of 2080	892	chrome.exe	37
PID 892 wrote to memory of 2080	892	chrome.exe	37
PID 892 wrote to memory of 2776	892	chrome.exe	38
PID 892 wrote to memory of 2776	892	chrome.exe	38
PID 892 wrote to memory of 2776	892	chrome.exe	38
PID 892 wrote to memory of 2776	892	chrome.exe	38
PID 892 wrote to memory of 2776	892	chrome.exe	38

C:\Users\Admin\AppData\Local\Temp\Roblox Evon Exploit V4_41257.exe
"C:\Users\Admin\AppData\Local\Temp\Roblox Evon Exploit V4_41257.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2520
- C:\Users\Admin\AppData\Local\setup41257.exe
  C:\Users\Admin\AppData\Local\setup41257.exe hhwnd=196932 hreturntoinstaller hextras=id:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head> <title>404 — Not Found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> <meta name="description" content="Sorry- page not found"/> <style type="text/css"> body {font-size:14px; color:#777777; font-family:arial; text-align:center;} h1 {font-size:180px; color:#99A7AF; margin: 70px 0 0 0;} h2 {color: #DE6C5D; font-family: arial; font-size: 20px; font-weight: bold; letter-spacing: -1px; margin: -3px 0 39px;} p {width:320px; text-align:center; margin-left:auto;margin-right:auto; margin-top: 30px } div {width:320px; text-align:center; margin-left:auto;margin-right:auto;} a:link {color: #34536A;} a:visited {color: #34536A;} a:active {color: #34536A;} a:hover {color: #34536A;} </style> </head> <body> <p><a href="http://dlsft.com/">dlsft.com</a></p> <h1>404</h1> <h2>Page Not Found</h2> <div> It seems that the page you were trying to reach does not exist anymore-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head> <title>404 — Not Found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> <meta name="description" content="Sorry, page not found"/> <style type="text/css"> body {font-size:14px; color:#777777; font-family:arial; text-align:center;} h1 {font-size:180px; color:#99A7AF; margin: 70px 0 0 0;} h2 {color: #DE6C5D; font-family: arial; font-size: 20px; font-weight: bold; letter-spacing: -1px; margin: -3px 0 39px;} p {width:320px; text-align:center; margin-left:auto;margin-right:auto; margin-top: 30px } div {width:320px; text-align:center; margin-left:auto;margin-right:auto;} a:link {color: #34536A;} a:visited {color: #34536A;} a:active {color: #34536A;} a:hover {color: #34536A;} </style> </head> <body> <p><a href="http://dlsft.com/">dlsft.com</a></p> <h1>404</h1> <h2>Page Not Found</h2> <div> It seems that the page you were trying to reach does not exist anymore, or maybe it has just moved. You can start again from the <a href="http://dlsft.com/">home</a> or go back to <a href="javascript:%20history.go(-1)">previous page</a>. </div> </body> </html>
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2276
- - C:\Users\Admin\AppData\Local\Temp\7zS4E8A9D86\GenericSetup.exe
    .\GenericSetup.exe hhwnd=196932 hreturntoinstaller hextras=id:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head> <title>404 — Not Found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> <meta name="description" content="Sorry- page not found"/> <style type="text/css"> body {font-size:14px; color:#777777; font-family:arial; text-align:center;} h1 {font-size:180px; color:#99A7AF; margin: 70px 0 0 0;} h2 {color: #DE6C5D; font-family: arial; font-size: 20px; font-weight: bold; letter-spacing: -1px; margin: -3px 0 39px;} p {width:320px; text-align:center; margin-left:auto;margin-right:auto; margin-top: 30px } div {width:320px; text-align:center; margin-left:auto;margin-right:auto;} a:link {color: #34536A;} a:visited {color: #34536A;} a:active {color: #34536A;} a:hover {color: #34536A;} </style> </head> <body> <p><a href="http://dlsft.com/">dlsft.com</a></p> <h1>404</h1> <h2>Page Not Found</h2> <div> It seems that the page you were trying to reach does not exist anymore-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head> <title>404 — Not Found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> <meta name="description" content="Sorry, page not found"/> <style type="text/css"> body {font-size:14px; color:#777777; font-family:arial; text-align:center;} h1 {font-size:180px; color:#99A7AF; margin: 70px 0 0 0;} h2 {color: #DE6C5D; font-family: arial; font-size: 20px; font-weight: bold; letter-spacing: -1px; margin: -3px 0 39px;} p {width:320px; text-align:center; margin-left:auto;margin-right:auto; margin-top: 30px } div {width:320px; text-align:center; margin-left:auto;margin-right:auto;} a:link {color: #34536A;} a:visited {color: #34536A;} a:active {color: #34536A;} a:hover {color: #34536A;} </style> </head> <body> <p><a href="http://dlsft.com/">dlsft.com</a></p> <h1>404</h1> <h2>Page Not Found</h2> <div> It seems that the page you were trying to reach does not exist anymore, or maybe it has just moved. You can start again from the <a href="http://dlsft.com/">home</a> or go back to <a href="javascript:%20history.go(-1)">previous page</a>. </div> </body> </html>
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks for any installed AV software in registry
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:2656

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6899758,0x7fef6899768,0x7fef6899778
  2⤵
  PID:884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1144 --field-trial-handle=1288,i,8271108838828744792,9561561276333818172,131072 /prefetch:2
  2⤵
  PID:2748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1504 --field-trial-handle=1288,i,8271108838828744792,9561561276333818172,131072 /prefetch:8
  2⤵
  PID:2080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1508 --field-trial-handle=1288,i,8271108838828744792,9561561276333818172,131072 /prefetch:8
  2⤵
  PID:2776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2300 --field-trial-handle=1288,i,8271108838828744792,9561561276333818172,131072 /prefetch:1
  2⤵
  PID:2680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2308 --field-trial-handle=1288,i,8271108838828744792,9561561276333818172,131072 /prefetch:1
  2⤵
  PID:2640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1000 --field-trial-handle=1288,i,8271108838828744792,9561561276333818172,131072 /prefetch:2
  2⤵
  PID:2140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1132 --field-trial-handle=1288,i,8271108838828744792,9561561276333818172,131072 /prefetch:1
  2⤵
  PID:2428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3648 --field-trial-handle=1288,i,8271108838828744792,9561561276333818172,131072 /prefetch:8
  2⤵
  PID:1712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3948 --field-trial-handle=1288,i,8271108838828744792,9561561276333818172,131072 /prefetch:1
  2⤵
  PID:2264

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1560

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6899758,0x7fef6899768,0x7fef6899778
  2⤵
  PID:2792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1128 --field-trial-handle=1216,i,7186009349649421944,7175848833126917092,131072 /prefetch:2
  2⤵
  PID:396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1524 --field-trial-handle=1216,i,7186009349649421944,7175848833126917092,131072 /prefetch:8
  2⤵
  PID:2328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1580 --field-trial-handle=1216,i,7186009349649421944,7175848833126917092,131072 /prefetch:8
  2⤵
  PID:2336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2300 --field-trial-handle=1216,i,7186009349649421944,7175848833126917092,131072 /prefetch:1
  2⤵
  PID:296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2308 --field-trial-handle=1216,i,7186009349649421944,7175848833126917092,131072 /prefetch:1
  2⤵
  PID:2460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1208 --field-trial-handle=1216,i,7186009349649421944,7175848833126917092,131072 /prefetch:2
  2⤵
  PID:1388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1108 --field-trial-handle=1216,i,7186009349649421944,7175848833126917092,131072 /prefetch:1
  2⤵
  PID:380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=1396 --field-trial-handle=1216,i,7186009349649421944,7175848833126917092,131072 /prefetch:1
  2⤵
  PID:1592

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

Software Discovery

T1518

Security Software Discovery

T1518.001

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
854B

MD5
e935bc5762068caf3e24a2683b1b8a88

SHA1
82b70eb774c0756837fe8d7acbfeec05ecbf5463

SHA256
a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d

SHA512
bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
84525ac2c52cedf67aa38131b3f41efb

SHA1
080afd23b33aabd0285594d580d21acde7229173

SHA256
ae524d9d757bed48d552b059f951ffd25a7d963ae44a554cb1f3a9641e524080

SHA512
d898b0913b4005bbbf22a5457ad1e86345860868bc2e53187ad8267c07824d592160a27d850978ebfe78392db784fffb80b73e27418d3a71708383d738ea1d57

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
d8e19c5e1517822803ec628090849a66

SHA1
e97f7683ad0b6a5f1370d75a74aced208a1b64cf

SHA256
12895441524ecdbc30ac1bea350ae60a5a0cc402cf8f5352b187531250fd3d61

SHA512
bde523cc09dab5043340d44d2f2d599768cfe9e1f2bfc169d28518c9b029be7bb8763aff4269694e117a5acb12482ae915e97e58cf1d1421fb7db31dcd6d873b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
adc629a23e64134510d8f49c51181fb2

SHA1
622f7e460523398623ffddd45f6a9b07861372f8

SHA256
8d96b6fd058b1101a687afff26dcdf154a5582897db61c81952bf7a1e6243c84

SHA512
d2501e273bcdfeb36f4f7b9fdbe7a2585727fa2e6d75ff23ad48482bc5bc0225b31b65266620ea2c17f5c9a39b49e7c268a5f6cf186bcc0592ad009d51a4ae72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\25a295aa-5762-49e8-bd23-e1c7748b2f08.tmp

Filesize
179KB

MD5
376699d12bd64a1570fc3bd158b3585b

SHA1
7aa738f9dc6fc05e0adefa36cce06df127bca550

SHA256
be08bc30e7d7085948f839aa04ab0b619e5baf0cd7a399685db9fb05ddc0a5a6

SHA512
e3fb8fe1bbf604bda394e4548e90b5cb59c593d1848ccb8d4cfb27211a86f6e70a9f43744717c7f0c23111ce008c35eeac520662210956ede6b4ecee3f8333ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\8bec22fa-8103-405c-8d2b-46e376c718dc.tmp

Filesize
343KB

MD5
4bcea8403dcc68f8fa7988c20b8e5546

SHA1
a35d2dfdb6795a1071db87d107f23e2be3fd88a0

SHA256
a8c35e2abc5e7dea99485745491dcc8b22ef0b3ab17f14bb4b070d3141a4f9db

SHA512
c75ed1cc8c47abea1f5bcefd755823d4e19897ca41270af1823828914cdd3ae02475d281a485473c28af17727d12be287e987cc53a394c85e5f40ac51d171935

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
66b458a927cbc7e3db44b9288dd125cd

SHA1
bca37f9291fdfaf706ea2e91f86936caec472710

SHA256
481bc064a399c309d671b4d25371c9afba388960624d1173221eac16752dea81

SHA512
897fade0ea8f816830aee0e8008868af42619005384e0a89da654ad16102cd5e7a607440bd99f9578cf951390d39f07020054cca74231cdc42a3cffa363d9869

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000009.dbtmp

Filesize
16B

MD5
979c29c2917bed63ccf520ece1d18cda

SHA1
65cd81cdce0be04c74222b54d0881d3fdfe4736c

SHA256
b3524365a633ee6d1fa9953638d2867946c515218c497a5ec2dbef7dc44a7c53

SHA512
e38f694fd6ab9f678ae156528230d7a8bfb7b59a13b227f59f9c38ab5617db11ebb6be1276323a905d09c4066a3fe820cf58077ab48bf201f3c467a98516ee7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

Filesize
20KB

MD5
aad97f9c16af2adf714af0da1d2e6c9f

SHA1
e1d0c55d32e45cb35da11a2b4d88752d2f52e658

SHA256
54a6edf48428b3fadd8d6052de76211e17ab7da8373d8b336af221573e942a40

SHA512
d49366c28aaf3764ce9f454094d4933c76785f138e6229ff3056d1522c6b111b50d54e0bdfb1b72725453c24631944c2c41beaabf4223b4bff083293e16fa1c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
148KB

MD5
4618958f82d6fe542e5f8249a967d8b6

SHA1
bb5e4112bb6c7bcb13bd0a604ee8e8ad888c38c0

SHA256
573bd088ab614e4007d34f7d363569c05f07d3fe46f67c0fce56070f36959478

SHA512
364d16ac1df2f4af1e66896e1c75fed65b8c5dc640398c2292cfae34e815774a1f02d69dd160dee3439dcab2c676046ed6b2f9ec7838b6a046cd806d3a2b71f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f6abac2938fa5098c4cb9f91b27a9c61

SHA1
6812f4fee281a1b14f1fff5780807c7eb8acae75

SHA256
d37e5acda6e5410cbd1d8a71a9852b06aef81890f0ece2d041835ca41e09000c

SHA512
06de5381b37f0f3658171ec5f7ed8d7a27dd72fca4b081efb067afa5486752563f9de6882c4fe017c88272ca7b924889673330e0f3d9ea2c5d69bce44755d579

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
747ee7dcc35a671cd253418dd0404010

SHA1
f1b7d17bdeee26ee8212bbdc68425763dd021bc4

SHA256
3ebc13ef45386800886bbe84bf339b2a2a93f1613a18fef1c50b8294091aa87b

SHA512
538f21a572989b230d0b0c7fb05c50757f7a2f0af779875f124472ce93f6c65fe7be9f05646120d9996902a056ef6ae4c67c1ce67b6c3e0470e1c1d44c491f86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000008.log

Filesize
72B

MD5
fc2d9fcd384018c5af33650dd2997c86

SHA1
9ffc9905b809a086a7ad1afc3273bee8cda0d899

SHA256
3efde7a365ee315e389bdf3234380485966e09774802818bcf7ba7465672a42a

SHA512
a5535d1b1895be779b25ae0ef645bbb742258b6994f326250f200116dac94d4ec1451f1a298bf45d0d4898a398adbe381c3c948b72366be4e9d35ca08f6eb875

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
136B

MD5
24ace60cbcc0a2295dfa3fe699314045

SHA1
ed46856c1a9534b5059990e4de4288783c015a9b

SHA256
a9b9e0039865074ef413d569f8ca2f8dcb57d64465e3bde0f4cb1455d8652162

SHA512
07f72cb12303a85d99069c714fb334d82918eb17a0257c863710b4c5793b4bfb06e94a0638a72e4805e0fe2c63c6c7345301635213a591f0bfa649207cc1c6c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\MANIFEST-000007

Filesize
107B

MD5
22b937965712bdbc90f3c4e5cd2a8950

SHA1
25a5df32156e12134996410c5f7d9e59b1d6c155

SHA256
cad3bbec41899ea5205612fc1494fa7ba88847fb75437a2def22211a4003e2eb

SHA512
931427ad4609ab4ca12b2ee852d4965680f58602b00c182a2d340acf3163d888be6cfad87ca089f2b47929ddfa66be03ab13a6d24922397334d6997d4c8ede3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

Filesize
128KB

MD5
4ee30a4926341a17763b6fff2b2a95a9

SHA1
d9f467a616bb24e44755e47b98b65377916ac250

SHA256
fb454c680eaf3c660892cc84e7a99fc194be1cdcdc9f59597ed3f3f8c929f3dc

SHA512
a446b98d3e70306ffe617d1a1d7668e2de7e6bbfaad74f39886f313289a86553988e6eda9cfc532c5a4fca5ecc4368b138d70b5e310e47587dd2884790ebdb62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000010.dbtmp

Filesize
16B

MD5
60e3f691077715586b918375dd23c6b0

SHA1
476d3eab15649c40c6aebfb6ac2366db50283d1b

SHA256
e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee

SHA512
d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
343KB

MD5
c20bd1b5a8ea3f6daa653f925597d141

SHA1
fe84d235de64c1e635f42c3180f7116dd25b74ee

SHA256
eaca5abd3870dc26270062f76f0d9f938b1f446d4639575fabf616fd26caf4e1

SHA512
112005347a54a7a0fba04f7cd8df05737686154e95aeb6f20c09cff1f222ba146a4a90b3fa3ad23a5fc254fcd8292fcbd9063d736d23d0b07f55d1df1dc0be73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4E8A9D86\GenericSetup.LastScreen.dll

Filesize
31KB

MD5
3319432d3a694a481f5672fa9eb743d0

SHA1
99bff8f4941eb3cee3e0a7cb86b89eda1df07bf9

SHA256
768b4eb487e2dc8bcb8ec6221734ca69dce7f522d7640cc2a547f95296509693

SHA512
7f2a1c6c8d9d135b9e00e04f715c9b6b8ba12cb317f7b78ee3efbe3e426a99afce022306eb5bf02fe51c13857d3943b2b009b10b9cc96683e6bcbca1f9045c7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4E8A9D86\GenericSetup.dll

Filesize
6.8MB

MD5
4d65e6eb25db2ce61f4a7a48d9f6082a

SHA1
130abbae19f227b0ef4f278e90398b3b3c7c2eff

SHA256
1e2e26d769d69f6b06cad2f2fec81a125e4f3d14aee969357784fb533d80b89a

SHA512
b0842b4fc07dd332c53f56f1337b32064dad7a15663397655b73061bf3d61b44ecdd47ed626b92e69383cfaa41a9c70d4a18ece79fdbab2daf1d06adb1be4bfb

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4E8A9D86\GenericSetup.exe.config

Filesize
814B

MD5
fd63ee3928edd99afc5bdf17e4f1e7b6

SHA1
1b40433b064215ea6c001332c2ffa093b1177875

SHA256
2a2ddbdc4600e829ad756fd5e84a79c0401fa846ad4f2f2fb235b410e82434a9

SHA512
1925cde90ee84db1e5c15fa774ee5f10fa368948df7643259b03599ad58cfce9d409fd2cd752ff4cbca60b4bbe92b184ff92a0c6e8b78849c4497d38266bd3b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4E8A9D86\HtmlAgilityPack.dll

Filesize
149KB

MD5
7874850410e21b5f48bfe34174fb318c

SHA1
19522b1b9d932aa89df580c73ef629007ec32b6f

SHA256
c6250da15c349033de9b910c3dc10a156e47d69ec7e2076ce9011af7f3d885d1

SHA512
dad611ca9779b594aad7898261cc7ef0db500850eb81560c04d5d938ae4e2338e786773f63f59aab6564ad13acb4800f1862a2189803cc8cc8ad26a368f25eaa

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4E8A9D86\MyDownloader.Core.dll

Filesize
56KB

MD5
f931e960cc4ed0d2f392376525ff44db

SHA1
1895aaa8f5b8314d8a4c5938d1405775d3837109

SHA256
1c1c5330ea35f518bf85fad69dc2da1a98a4dfeadbf6ac0ba0ac7cc51bbcc870

SHA512
7fa5e582ad1bb094cbbb68b1db301dcf360e180eb58f8d726a112133277ceaa39660c6d4b3248c19a8b5767a4ae09f4597535711d789ca4f9f334a204d87ffe0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4E8A9D86\MyDownloader.Extension.dll

Filesize
168KB

MD5
28f1996059e79df241388bd9f89cf0b1

SHA1
6ad6f7cde374686a42d9c0fcebadaf00adf21c76

SHA256
c3f8a46e81f16bbfc75de44dc95f0d145213c8af0006bb097950ac4d1562f5ce

SHA512
9654d451cb2f184548649aa04b902f5f6aff300c6f03b9261ee3be5405527b4f23862d8988f9811987da22e386813e844e7c5068fd6421c91551f5b33c625f29

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4E8A9D86\Newtonsoft.Json.dll

Filesize
476KB

MD5
3c4d2f6fd240dc804e10bbb5f16c6182

SHA1
30d66e6a1ead9541133bad2c715c1971ae943196

SHA256
1f7a328eb4fa73df5d2996202f5dab02530b0339458137774c72731b9f85ca2e

SHA512
0657f0ab1d7fc9730d4bf6b8c8373f512d57a34063bcfa1f93a803b0afe2a93219da5dc679414dd155956bd696cb7547fc09663f8891eb9b03d9c93b3c1fe95d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4E8A9D86\Ninject.dll

Filesize
133KB

MD5
ce80365e2602b7cff0222e0db395428c

SHA1
50c9625eda1d156c9d7a672839e9faaea1dffdbd

SHA256
3475dd6f1612e984573276529d8147029d6bfa55d41bef2577b3aa601d2fbbe5

SHA512
5ea1de091a108143bb74fccdb4f0553f72613e58d8551fff51ce1aab34636c856758719dfa1a0e4cc833acb8e75729793dede65c4562e1aa3f68ec50463d36f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabB2AC.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB2BF.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
\Users\Admin\AppData\Local\Temp\7zS4E8A9D86\GenericSetup.exe

Filesize
25KB

MD5
85b0a721491803f8f0208a1856241562

SHA1
90beb8d419b83bd76924826725a14c03b3e6533f

SHA256
18be33f7c9f28b0a514f3f40983f452f476470691b1be4f2aba5ba5e06c6a345

SHA512
8ff86e4b4d9cb5e2e88826a822457cb863262e3b73645c0c3309f13fb496997e53005ebe1825c6f92463c6642ec9abc6bbe359b35410b0621649b8d3aaf66c71

Download Submit
\Users\Admin\AppData\Local\Temp\GenericSetup.exe_1734033121\sciter32.dll

Filesize
5.6MB

MD5
b431083586e39d018e19880ad1a5ce8f

SHA1
3bbf957ab534d845d485a8698accc0a40b63cedd

SHA256
b525fdcc32c5a359a7f5738a30eff0c6390734d8a2c987c62e14c619f99d406b

SHA512
7805a3464fcc3ac4ea1258e2412180c52f2af40a79b540348486c830a20c2bbed337bbf5f4a8926b3ef98c63c87747014f5b43c35f7ec4e7a3693b9dbd0ae67b

Download Submit
\Users\Admin\AppData\Local\setup41257.exe

Filesize
3.1MB

MD5
369acf60d8b5ed6168c74955ee04654f

SHA1
1753fff63efa6ed5ad30ede6b959261ac67dd13e

SHA256
3ff8ec8f9f27a27f414a90bfed5b7f5a3c118b33cf0f80aeb7026e0a53e26632

SHA512
2582b3b4525321fece978710403e4bd4dd6e9f0869de1fec784e4e79ac98e8c6498a601c9db45d5af4f1b99e3a2cc07b9e3ec18144e18ce82b41eb64ce4eb643

Download Submit
memory/2656-77-0x00000000008E0000-0x0000000000908000-memory.dmp

Filesize
160KB

Download
memory/2656-83-0x0000000001F50000-0x0000000001F7C000-memory.dmp

Filesize
176KB

Download
memory/2656-73-0x0000000004E40000-0x000000000551A000-memory.dmp

Filesize
6.9MB

Download
memory/2656-69-0x0000000000620000-0x000000000062C000-memory.dmp

Filesize
48KB

Download
memory/2656-91-0x0000000004660000-0x0000000004672000-memory.dmp

Filesize
72KB

Download
memory/2656-328-0x0000000072C8E000-0x0000000072C8F000-memory.dmp

Filesize
4KB

Download
memory/2656-65-0x0000000000B40000-0x0000000000B4A000-memory.dmp

Filesize
40KB

Download
memory/2656-63-0x0000000072C8E000-0x0000000072C8F000-memory.dmp

Filesize
4KB

Download
memory/2656-220-0x0000000005580000-0x00000000055FC000-memory.dmp

Filesize
496KB

Download
memory/2656-245-0x0000000005CB0000-0x0000000005CDE000-memory.dmp

Filesize
184KB

Download