lumma | hxxps://youtube[.]com

Resubmissions

16-01-2025 16:52

250116-vdsk9azkbz 4

10-01-2025 23:03

03-01-2025 12:00

31-12-2024 13:41

31-12-2024 13:34

31-12-2024 12:13

30-12-2024 19:05

Analysis

max time kernel
313s
max time network
314s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241211-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
31-12-2024 13:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://youtube.com

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

https://fancywaxxers.shop/api

Extracted

Family

lumma

https://fancywaxxers.shop/api

https://abruptyopsn.shop/api

https://wholersorie.shop/api

https://framekgirus.shop/api

https://tirepublicerj.shop/api

https://noisycuttej.shop/api

https://rabidcowse.shop/api

https://cloudewahsj.shop/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

Executes dropped EXE 1 IoCs

pid	Process
3620	Loader.exe

Loads dropped DLL 1 IoCs

pid	Process
3620	Loader.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3620 set thread context of 936	3620	Loader.exe	135

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3856	3620	WerFault.exe	131

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Loader.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aspnet_regiis.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133801261122167269"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3226857575-536881564-1522996248-1000\{3BF8F253-485D-4334-90E0-66DA153C05CA}	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Generic"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\MRUListEx = ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 020000000100000000000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\NodeSlot = "7"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0 = 68003100000000003959a9901000524f424c4f587e310000500009000400efbe3959a8909f598c6d2e0000009a60040000002c0000000000000000000000000000000f97730052006f0062006c006f00780020004500780065006300750074006f007200000018000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0\MRUListEx = ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\NodeSlot = "5"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\SniffedFolderType = "Generic"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\MRUListEx = ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000100000000000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\SniffedFolderType = "Generic"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe

Suspicious behavior: EnumeratesProcesses 52 IoCs

pid	Process
3136	chrome.exe
3136	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3360	taskmgr.exe
3360	taskmgr.exe
3360	taskmgr.exe
3360	taskmgr.exe
3360	taskmgr.exe
3360	taskmgr.exe
3360	taskmgr.exe
3360	taskmgr.exe
3360	taskmgr.exe
3360	taskmgr.exe
3360	taskmgr.exe
3360	taskmgr.exe
3360	taskmgr.exe
3360	taskmgr.exe
3360	taskmgr.exe
3360	taskmgr.exe
3360	taskmgr.exe
3360	taskmgr.exe
3360	taskmgr.exe
3360	taskmgr.exe
3360	taskmgr.exe
3360	taskmgr.exe
3360	taskmgr.exe
3360	taskmgr.exe
3360	taskmgr.exe
3360	taskmgr.exe
3360	taskmgr.exe
3360	taskmgr.exe
3360	taskmgr.exe
3360	taskmgr.exe
3360	taskmgr.exe
3360	taskmgr.exe
3360	taskmgr.exe
3360	taskmgr.exe
3360	taskmgr.exe
3360	taskmgr.exe
3360	taskmgr.exe
3360	taskmgr.exe
3360	taskmgr.exe
3360	taskmgr.exe
3360	taskmgr.exe
3360	taskmgr.exe
3360	taskmgr.exe
3360	taskmgr.exe
3360	taskmgr.exe
3360	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
1780	chrome.exe
3360	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3136	chrome.exe
Token: SeCreatePagefilePrivilege	3136	chrome.exe
Token: SeShutdownPrivilege	3136	chrome.exe
Token: SeCreatePagefilePrivilege	3136	chrome.exe
Token: SeShutdownPrivilege	3136	chrome.exe
Token: SeCreatePagefilePrivilege	3136	chrome.exe
Token: 33	824	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	824	AUDIODG.EXE
Token: SeShutdownPrivilege	3136	chrome.exe
Token: SeCreatePagefilePrivilege	3136	chrome.exe
Token: SeShutdownPrivilege	3136	chrome.exe
Token: SeCreatePagefilePrivilege	3136	chrome.exe
Token: SeShutdownPrivilege	3136	chrome.exe
Token: SeCreatePagefilePrivilege	3136	chrome.exe
Token: SeShutdownPrivilege	3136	chrome.exe
Token: SeCreatePagefilePrivilege	3136	chrome.exe
Token: SeShutdownPrivilege	3136	chrome.exe
Token: SeCreatePagefilePrivilege	3136	chrome.exe
Token: SeShutdownPrivilege	3136	chrome.exe
Token: SeCreatePagefilePrivilege	3136	chrome.exe
Token: SeShutdownPrivilege	3136	chrome.exe
Token: SeCreatePagefilePrivilege	3136	chrome.exe
Token: SeShutdownPrivilege	3136	chrome.exe
Token: SeCreatePagefilePrivilege	3136	chrome.exe
Token: SeShutdownPrivilege	3136	chrome.exe
Token: SeCreatePagefilePrivilege	3136	chrome.exe
Token: SeShutdownPrivilege	3136	chrome.exe
Token: SeCreatePagefilePrivilege	3136	chrome.exe
Token: SeShutdownPrivilege	3136	chrome.exe
Token: SeCreatePagefilePrivilege	3136	chrome.exe
Token: SeShutdownPrivilege	3136	chrome.exe
Token: SeCreatePagefilePrivilege	3136	chrome.exe
Token: SeShutdownPrivilege	3136	chrome.exe
Token: SeCreatePagefilePrivilege	3136	chrome.exe
Token: SeShutdownPrivilege	3136	chrome.exe
Token: SeCreatePagefilePrivilege	3136	chrome.exe
Token: SeShutdownPrivilege	3136	chrome.exe
Token: SeCreatePagefilePrivilege	3136	chrome.exe
Token: SeShutdownPrivilege	3136	chrome.exe
Token: SeCreatePagefilePrivilege	3136	chrome.exe
Token: SeShutdownPrivilege	3136	chrome.exe
Token: SeCreatePagefilePrivilege	3136	chrome.exe
Token: SeShutdownPrivilege	3136	chrome.exe
Token: SeCreatePagefilePrivilege	3136	chrome.exe
Token: SeShutdownPrivilege	3136	chrome.exe
Token: SeCreatePagefilePrivilege	3136	chrome.exe
Token: SeShutdownPrivilege	3136	chrome.exe
Token: SeCreatePagefilePrivilege	3136	chrome.exe
Token: SeShutdownPrivilege	3136	chrome.exe
Token: SeCreatePagefilePrivilege	3136	chrome.exe
Token: SeShutdownPrivilege	3136	chrome.exe
Token: SeCreatePagefilePrivilege	3136	chrome.exe
Token: SeShutdownPrivilege	3136	chrome.exe
Token: SeCreatePagefilePrivilege	3136	chrome.exe
Token: SeShutdownPrivilege	3136	chrome.exe
Token: SeCreatePagefilePrivilege	3136	chrome.exe
Token: SeShutdownPrivilege	3136	chrome.exe
Token: SeCreatePagefilePrivilege	3136	chrome.exe
Token: SeShutdownPrivilege	3136	chrome.exe
Token: SeCreatePagefilePrivilege	3136	chrome.exe
Token: SeShutdownPrivilege	3136	chrome.exe
Token: SeCreatePagefilePrivilege	3136	chrome.exe
Token: SeShutdownPrivilege	3136	chrome.exe
Token: SeCreatePagefilePrivilege	3136	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3360	taskmgr.exe
3360	taskmgr.exe
3360	taskmgr.exe
3360	taskmgr.exe
3360	taskmgr.exe
3360	taskmgr.exe
3360	taskmgr.exe
3360	taskmgr.exe
3360	taskmgr.exe
3360	taskmgr.exe
3360	taskmgr.exe
3360	taskmgr.exe
3360	taskmgr.exe
3360	taskmgr.exe
3360	taskmgr.exe
3360	taskmgr.exe
3360	taskmgr.exe
3360	taskmgr.exe
3360	taskmgr.exe
3360	taskmgr.exe
3360	taskmgr.exe
3360	taskmgr.exe
3360	taskmgr.exe
3360	taskmgr.exe
3360	taskmgr.exe
3360	taskmgr.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3136	chrome.exe
3360	taskmgr.exe
3360	taskmgr.exe
3360	taskmgr.exe
3360	taskmgr.exe
3360	taskmgr.exe
3360	taskmgr.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
4092	chrome.exe
4720	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3136 wrote to memory of 1976	3136	chrome.exe	81
PID 3136 wrote to memory of 1976	3136	chrome.exe	81
PID 3136 wrote to memory of 4764	3136	chrome.exe	82
PID 3136 wrote to memory of 4764	3136	chrome.exe	82
PID 3136 wrote to memory of 4764	3136	chrome.exe	82
PID 3136 wrote to memory of 4764	3136	chrome.exe	82
PID 3136 wrote to memory of 4764	3136	chrome.exe	82
PID 3136 wrote to memory of 4764	3136	chrome.exe	82
PID 3136 wrote to memory of 4764	3136	chrome.exe	82
PID 3136 wrote to memory of 4764	3136	chrome.exe	82
PID 3136 wrote to memory of 4764	3136	chrome.exe	82
PID 3136 wrote to memory of 4764	3136	chrome.exe	82
PID 3136 wrote to memory of 4764	3136	chrome.exe	82
PID 3136 wrote to memory of 4764	3136	chrome.exe	82
PID 3136 wrote to memory of 4764	3136	chrome.exe	82
PID 3136 wrote to memory of 4764	3136	chrome.exe	82
PID 3136 wrote to memory of 4764	3136	chrome.exe	82
PID 3136 wrote to memory of 4764	3136	chrome.exe	82
PID 3136 wrote to memory of 4764	3136	chrome.exe	82
PID 3136 wrote to memory of 4764	3136	chrome.exe	82
PID 3136 wrote to memory of 4764	3136	chrome.exe	82
PID 3136 wrote to memory of 4764	3136	chrome.exe	82
PID 3136 wrote to memory of 4764	3136	chrome.exe	82
PID 3136 wrote to memory of 4764	3136	chrome.exe	82
PID 3136 wrote to memory of 4764	3136	chrome.exe	82
PID 3136 wrote to memory of 4764	3136	chrome.exe	82
PID 3136 wrote to memory of 4764	3136	chrome.exe	82
PID 3136 wrote to memory of 4764	3136	chrome.exe	82
PID 3136 wrote to memory of 4764	3136	chrome.exe	82
PID 3136 wrote to memory of 4764	3136	chrome.exe	82
PID 3136 wrote to memory of 4764	3136	chrome.exe	82
PID 3136 wrote to memory of 4764	3136	chrome.exe	82
PID 3136 wrote to memory of 1912	3136	chrome.exe	83
PID 3136 wrote to memory of 1912	3136	chrome.exe	83
PID 3136 wrote to memory of 4168	3136	chrome.exe	84
PID 3136 wrote to memory of 4168	3136	chrome.exe	84
PID 3136 wrote to memory of 4168	3136	chrome.exe	84
PID 3136 wrote to memory of 4168	3136	chrome.exe	84
PID 3136 wrote to memory of 4168	3136	chrome.exe	84
PID 3136 wrote to memory of 4168	3136	chrome.exe	84
PID 3136 wrote to memory of 4168	3136	chrome.exe	84
PID 3136 wrote to memory of 4168	3136	chrome.exe	84
PID 3136 wrote to memory of 4168	3136	chrome.exe	84
PID 3136 wrote to memory of 4168	3136	chrome.exe	84
PID 3136 wrote to memory of 4168	3136	chrome.exe	84
PID 3136 wrote to memory of 4168	3136	chrome.exe	84
PID 3136 wrote to memory of 4168	3136	chrome.exe	84
PID 3136 wrote to memory of 4168	3136	chrome.exe	84
PID 3136 wrote to memory of 4168	3136	chrome.exe	84
PID 3136 wrote to memory of 4168	3136	chrome.exe	84
PID 3136 wrote to memory of 4168	3136	chrome.exe	84
PID 3136 wrote to memory of 4168	3136	chrome.exe	84
PID 3136 wrote to memory of 4168	3136	chrome.exe	84
PID 3136 wrote to memory of 4168	3136	chrome.exe	84
PID 3136 wrote to memory of 4168	3136	chrome.exe	84
PID 3136 wrote to memory of 4168	3136	chrome.exe	84
PID 3136 wrote to memory of 4168	3136	chrome.exe	84
PID 3136 wrote to memory of 4168	3136	chrome.exe	84
PID 3136 wrote to memory of 4168	3136	chrome.exe	84
PID 3136 wrote to memory of 4168	3136	chrome.exe	84
PID 3136 wrote to memory of 4168	3136	chrome.exe	84
PID 3136 wrote to memory of 4168	3136	chrome.exe	84
PID 3136 wrote to memory of 4168	3136	chrome.exe	84
PID 3136 wrote to memory of 4168	3136	chrome.exe	84

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://youtube.com
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ffc252bcc40,0x7ffc252bcc4c,0x7ffc252bcc58
  2⤵
  PID:1976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=588,i,16913365255242233089,6883807709153142864,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=1800 /prefetch:2
  2⤵
  PID:4764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2152,i,16913365255242233089,6883807709153142864,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  PID:1912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2256,i,16913365255242233089,6883807709153142864,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=2232 /prefetch:8
  2⤵
  PID:4168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,16913365255242233089,6883807709153142864,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3140 /prefetch:1
  2⤵
  PID:1004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3128,i,16913365255242233089,6883807709153142864,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4472,i,16913365255242233089,6883807709153142864,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4420 /prefetch:1
  2⤵
  PID:3440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4708,i,16913365255242233089,6883807709153142864,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4720 /prefetch:8
  2⤵
  PID:2072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4884,i,16913365255242233089,6883807709153142864,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4872 /prefetch:8
  2⤵
  - Modifies registry class
  PID:64
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4992,i,16913365255242233089,6883807709153142864,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4780 /prefetch:8
  2⤵
  PID:1708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5524,i,16913365255242233089,6883807709153142864,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5536 /prefetch:8
  2⤵
  PID:552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=500,i,16913365255242233089,6883807709153142864,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4788,i,16913365255242233089,6883807709153142864,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:4248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4528,i,16913365255242233089,6883807709153142864,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4840 /prefetch:1
  2⤵
  PID:3868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5776,i,16913365255242233089,6883807709153142864,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:3888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4824,i,16913365255242233089,6883807709153142864,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5920 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=6048,i,16913365255242233089,6883807709153142864,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:1716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5920,i,16913365255242233089,6883807709153142864,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=6180 /prefetch:1
  2⤵
  PID:4152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=4504,i,16913365255242233089,6883807709153142864,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5932 /prefetch:1
  2⤵
  PID:2372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5884,i,16913365255242233089,6883807709153142864,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5900,i,16913365255242233089,6883807709153142864,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=6056 /prefetch:1
  2⤵
  PID:700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6296,i,16913365255242233089,6883807709153142864,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=6292 /prefetch:1
  2⤵
  PID:1624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5176,i,16913365255242233089,6883807709153142864,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5168 /prefetch:8
  2⤵
  PID:2112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5108,i,16913365255242233089,6883807709153142864,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=6204 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5760,i,16913365255242233089,6883807709153142864,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:1068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=4572,i,16913365255242233089,6883807709153142864,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=6392 /prefetch:1
  2⤵
  PID:3376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=4548,i,16913365255242233089,6883807709153142864,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:2232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=6288,i,16913365255242233089,6883807709153142864,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=6492 /prefetch:1
  2⤵
  PID:2248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4540,i,16913365255242233089,6883807709153142864,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=6228 /prefetch:8
  2⤵
  PID:3432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6252,i,16913365255242233089,6883807709153142864,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=6696 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:1780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5716,i,16913365255242233089,6883807709153142864,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=6268 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:4092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6616,i,16913365255242233089,6883807709153142864,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=6268 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:4720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=6744,i,16913365255242233089,6883807709153142864,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=6284 /prefetch:1
  2⤵
  PID:4444

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:224

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4c0 0x2d0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:824

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3808

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2580

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Roblox Executor\" -spe -an -ai#7zMap9246:92:7zEvent28512
1⤵
PID:2376

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Roblox Executor\" -spe -an -ai#7zMap551:92:7zEvent9993
1⤵
PID:3244

C:\Users\Admin\Downloads\Roblox Executor\Loader.exe
"C:\Users\Admin\Downloads\Roblox Executor\Loader.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:3620
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:936
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 1180
  2⤵
  - Program crash
  PID:3856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 3620 -ip 3620
1⤵
PID:2368

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
PID:3360

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
82c02f037fd4944b1cf638119b588471

SHA1
d4b4d6d4bf6b648474538d4377f5ec7783313438

SHA256
1121db0c8b9183b65103f85d0f4c6aa62d152fa4cc73fe9700ff4e9a7edb0fff

SHA512
b742c5a933c44bfe45c58c447636acbb75350bf7313a61a1a05b766b2295842c64f5c1ec21a4970f5966334a2777be5ab7f9cb55c3f49e22fd96014b155447cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\7c6ea4b0-7e5b-4ab4-8bfa-d6adf91a244f.tmp

Filesize
12KB

MD5
b7e86aa137ec10b23d6734a86d3bf3aa

SHA1
331dee8cac3932860e84f88d47bc51d65a7468e9

SHA256
56a99511357d8831978d7c6463276dfbfd16673887fa2e183e5bcc90a822147a

SHA512
68c21a3d175ee477a22b98a691291ab0e5a0beab2d3080298112b483582674bbb5be8110fb4dd80634bdec826d8a372c4cd2f6cac3eccfd128cf4fbe3c6a2b70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
a96fba5ca758c43eb5cacdcff3015db4

SHA1
ba27d3357b58ab4cf81155f7d082561aad9929a5

SHA256
cd2a467de7b538206c404243bf7ef3dc009ee7891dbce4e3bf8fa380693223df

SHA512
a3167dcfe748b44f538a25fc94ba863e3a353471d5af34af2497063203c83bfd2ada68d5a3a932ffe406f53b165b9e0cc789af9e5c5a130a6b413ea8026398f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
45KB

MD5
c2cbb38ef5d99970f0f57a980c56c52d

SHA1
96cff3fd944c87a9abfd54fa36c43a6d48dac9cc

SHA256
85369a1cf6e7ff57fe2587323c440ed24488b5ed26d82ba0cd52c86c42eec4a7

SHA512
50371320c29f0a682b9ae3703ef16c08f5c036e84d5056e658f5d9be7607e852adf72c13bf2d0b63fc492f5c26d330bdeb2ba38bfd8b0d4567f0cc6b0c0f7bd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

Filesize
101KB

MD5
5a6a2df3a9c3aca59f59d1ff525c6f5b

SHA1
3a661c82f2c2f24b0e5f0cc9fe704088537200db

SHA256
ba957d1b32194b5863e34b9ef96c023c90ad05b88f8a5fd5522f649e4a60ec94

SHA512
11b8ff8b1385520eea4962a84443b74269ce1635418a0f6edc63f2eb49c843254d1d7cdb909102a35de1cd3f20291d1b83a89188bf9ae5ac984b82a37026a6c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

Filesize
23KB

MD5
e1b3b5908c9cf23dfb2b9c52b9a023ab

SHA1
fcd4136085f2a03481d9958cc6793a5ed98e714c

SHA256
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537

SHA512
b2da7ef768385707afed62ca1f178efc6aa14519762e3f270129b3afee4d3782cb991e6fa66b3b08a2f81ff7caba0b4c34c726d952198b2ac4a784b36eb2a828

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

Filesize
75KB

MD5
af7ae505a9eed503f8b8e6982036873e

SHA1
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c

SHA256
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

SHA512
838fefdbc14901f41edf995a78fdac55764cd4912ccb734b8bea4909194582904d8f2afdf2b6c428667912ce4d65681a1044d045d1bc6de2b14113f0315fc892

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

Filesize
22KB

MD5
de69cf9e514df447d1b0bb16f49d2457

SHA1
2ac78601179c3a63ba3f3f3081556b12ddcaf655

SHA256
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49

SHA512
4aebb7e54d88827d4a02808f04901c0d09b756c518202b056a6c0f664948f5585221d16967f546e064187c6545acef15d59b68d0a7a59897bd899d3e9dda37b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025

Filesize
23KB

MD5
efee2d080d7bebdd2e0aeb2e030813a0

SHA1
f8d38f9f9584e48c2e469877ebd94232265585f1

SHA256
bca1d88ada544d9c80872d4da27133fab6d347361fa26e932b47ec9559088fd0

SHA512
16c55ad46a26e0af340f2b8a89bd98c1ccad5c976b434aafa7d1d8cd5049b40a58c5350fa42029710c9dd8040e7cea05e57979731b941086ca096239169f4f3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

Filesize
33KB

MD5
fd2b58574f9637ba7ef639267349d848

SHA1
6eda5ea93f549ceb5693f6f1c038893fa56a510d

SHA256
75627d4b97e5e6294a8f88f5eeaf9b616696dc8600db9701c47ef05f067880ec

SHA512
9de7eb0ddaea236cbf912f4b87fa94c424cdea041e756200926c7e28bac860f69e0d9104a790678d1858cdd7101b25d1e25164a89f81a758f35bada3765c6893

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002b

Filesize
73KB

MD5
68d73bf597773d54e196072d2817211b

SHA1
64f80907e44163b2f9a2c8656b6cef62dfa6c1a6

SHA256
10796479fd29f6c8ba9f5b3fcc7ba991a4b26a37a3979bc99ff5506e30b5fd6f

SHA512
2e9b69db47e82a63d66992f75263ffd43acf8212c46c08525337c22a7ff769a2c7610e21b31f53186fc13dbc18750c92d64bbefec4c5a1e763dedecfa16c21c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000053

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000055

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005a

Filesize
41KB

MD5
ca9e4686e278b752e1dec522d6830b1f

SHA1
1129a37b84ee4708492f51323c90804bb0dfed64

SHA256
b36086821f07e11041fc44b05d2cafe3fb756633e72b07da453c28bd4735ed26

SHA512
600e5d6e1df68423976b1dcfa99e56cb8b8f5cd008d52482fefb086546256a9822025d75f5b286996b19ee1c7cd254f476abf4de0cf8c6205d9f7d5e49b80671

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005e

Filesize
27KB

MD5
6b5c5bc3ac6e12eaa80c654e675f72df

SHA1
9e7124ce24650bc44dc734b5dc4356a245763845

SHA256
d1d3f1ebec67cc7dc38ae8a3d46a48f76f39755bf7d78eb1d5f20e0608c40b81

SHA512
66bd618ca40261040b17d36e6ad6611d8180984fd7120ccda0dfe26d18b786dbf018a93576ebafe00d3ce86d1476589c7af314d1d608b843e502cb481a561348

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
1KB

MD5
272afe834f0b8d9f80027303f10997ec

SHA1
b118088e80d8d77bd1b0503947ff08a922daa309

SHA256
41dcc08e7b7d372dfd98bfbbf94f6afa5c4306e3e6821dfc00b0c73c5f049e08

SHA512
bc3bacdac3d019c72075190f3174a2fb91d7d5a26aa356d8d209be899155dc0bb92ba2a5ee21e25c10da1f249cb574dd3c3b0d96692c5ebf2971aaea08ce4b81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
c7894bfa49beee449e9a308f33717029

SHA1
1f54c89040b9a9e5f636ad34742aea565e55fac1

SHA256
81fdc30159f8e51513ff75785106f0b7a3bdb0892a90b926647928e37a138af9

SHA512
b2889aca48172a1b462b579e1af45e25aa366098e06391ee8da6f1a5a190df53bcd175ac9453bf39c6576a8a86373293a1ed650abbcbd898c85557b813bd11ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
ac6c9d24a802e7a4f2ec9ebb8f67b713

SHA1
51318321443c8153fc9ee69c0b4ee7f3b3e6f412

SHA256
5775d789e188b517ebf7c7128153acfd68e34bd8f3282a602e2d8fd8ec0358c1

SHA512
60347622546b6ccfb8591028dd830ee10f77d1f50de99b1984fe701196a8159da6021c74f654ca5a1ec5eff15183b4bfc5908a389d71c61a3c2734e756ffd31f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
74fd12e35543dbb8424b65322e5204d5

SHA1
d27940ff8214e08c61ab3194c9608e30ff6180dc

SHA256
a79cb7138d7c577e97507cd3d1ed427e48b5689022adcf81da999dd5dd77d5f4

SHA512
d9bd9531e3c0954e6fa13b155f167b4446183e2ff2bee030626b2f6f5e79c04f6116709561876ab841076401636179e471c0aae8ebc4fef3676c598f354334ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
a5c4794928089a68fc025e453ed4f832

SHA1
ae66fbb0d11b23006cd088ec4e32f3453f92b545

SHA256
fbd7801bf270b555be5789574bb21c2823e5740bd2714c468f942541f02bd512

SHA512
76a938b32872f675f8405d737279b2691201869b2428bc59dd9bc295e746578f832686d8495ea23208453dcc87f7961f5318f465a1c89a45baf4edd526fc0371

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
3f5c033f28a0c19a0d196e00876ccf4e

SHA1
8c2adf12eddd6f86088ffe21fdeabedb4896c9f6

SHA256
cc84b68d8c62ad8abba9b68c4081fbbe8776ec006ac18df145787338e2836cf1

SHA512
b225f722f5f3af1df46e1fc7fc352d2b5b18a866b0afefa06f53f972f784b74625c681ee581d9310470e8026dc682e5a51748e362aac9f4369ab2c28989cfb06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
1a5c773189d031cd2718c462b6c1f9b4

SHA1
c5aabbfaeb18b9676c5d88076b170c58042f012d

SHA256
3946bba59e62bd7f4a78769747d452ce99ffeda5eb699442a315eb861c51239d

SHA512
187558e093286e8b828a9a689f36710ed913680df239a107753791398098094bf5de6471ca3eacbf0659c5d687abf121520cd80ffe3c1770aa56ff0ff1c7c1a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
0de1210d4c1176f552ac0a068d643469

SHA1
f0542886ad983e400d823a9ac2bf3ade0217d8e7

SHA256
7ee7cc5ad0f287d96fa912a068f42f8afa480d03d54cbc44578565b0b4d28761

SHA512
b313553e6d2efc84629d4e0040b72a7283fa1931a3e07660f3de8cec48d97f82c72a28d0deb9a4ce60e6349530fe671fcec88dfb967c3ccdfe58d1ae28e82dab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
970a7ce1db6d36e3a4399f066a5aed8c

SHA1
df227c334da1bc5d8273f68f71b624166ad24d82

SHA256
8e13f7f64c7a9a33f78390b512f2f69e99857dcafc1cc871d4a54e61eddcab56

SHA512
aad53908dd1cc4c9f3f44bbbaf88f582711ccc0ab971274e12d79f482b38b2be5991c1f4ebc0a72d15aaae2cdaf18f27cb8c671a37817edadff9a496be14ab6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
20KB

MD5
7557311a0a155feab4c5d2177f4ac268

SHA1
3c62114b3a3cd21c2c9e362570c40a7ace96c4e5

SHA256
bcfa791793be7f6e50913bed2f52898bd81a1b4ac3857381b4c6f5507dcad3a6

SHA512
dbc014101cb089f4a35a6cc79192600ec56ae2d4553e4de23c16f9986b1cb57e14c8f3118511fd3bd55ceb38b8613249b01bc6e70362b72a967c0f32468ba11a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
24KB

MD5
c4e77f0d2d208fdc5eec94849f88666a

SHA1
b0f4eace30d7c9cf63f7f2a0269107e2ebaaf21d

SHA256
3f9351d7f87c6977194c6be2dc1fd98a17c5f11b1ad0ffbd268b794ff4b122bc

SHA512
3116f9ee8f212a0ed6010e39e4ec0c97b28d4c5e56986ae7324ff20dea16317a4295cb0c7e5faea0b3352a54ee08d7ac3830d5096f3da67cf80ee58298c00ed5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
b9438941dd831fa94b1e915cca5b687a

SHA1
f0a3584399584157ebb697f55d471f16e946d945

SHA256
5c55e43e8fc4aff0c04e34f206546ff2886f7b9527a57c28676175b8fa338447

SHA512
33c9af0af093f48c95d132dd319270aea99c882898f1bdfb0fe606f9eb3825b3c63f6ce5c5d31d7c8ddd5a6f36a898d8c943695b3271cc381b7b905e6a7c2d36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
cd006222b749728417a0c7f1a18ca3ad

SHA1
bc270d60b81b3e0805961f7befc4fde1f94df155

SHA256
7f7addd694f68aac51230c5a9b8680af2cae5e340709fa5effeec0c7b72f1ed4

SHA512
37251c5da72d1bc357a0cd20fd2abef2c6a29e215bc625849139ea20b946b64f1d5a8c29404196f65e5ac88541252ba9166e6d3d56502876c4713372247c8a05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
15460a8cec60f335c65447b51ced67d3

SHA1
f97f332ead892069ef5b14de2ddcc057c93acfb0

SHA256
6c541386bb3762787f802ab8afffc1011218bb21ebac1695367052c69dd5bcf3

SHA512
3ee38a87c2e94501cd9138bee686a3d3661099ed1dad1283e13a3c356b6677eed8321c4bd478ed0f35dfe0963f968576336db25724d8783ef1a5b10377f4a681

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
56ffef4f54c52834216404c5facb0231

SHA1
abf66192f10d86c06413d6087b73db204dc0ae13

SHA256
cb2f58669adff1a2e1a1a688fdc3f2ef850e1c9fa7cc4b9496227983356cfcd6

SHA512
8ed047d279d3bf63a6a566cd96447bb66542bb92e6659c3c2ed46ba7c93832521450412633a0bc2558b33f6710d8ebbc847bfc983c57ede5012b5d277fb89246

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
425fb2cec7cbeac09a15763852b0a7d8

SHA1
a624c691ee00d0434d82a284efd7f7708a5ccace

SHA256
54cf4f8e6c1012b55b7c438a195481b3d771337cff4fc745ec451f986d16cc34

SHA512
18d13e9f36de59999fce49ad33e14ab4f337f186832b933397c0c5d9c10d68a6d910ac08eb3994871b83b0e8f367789b975b43f4b48be561fad3536427732a48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
6a8f32c091d2bc2b1f4f8b2469ed9525

SHA1
93b7bce44d542b22fb7f3af89d4d8e2c5eb75ce7

SHA256
1e03b9fbe0c897edabe74d44dda06da69d0ce2d22c565d8c35a8f0642e0e4bf2

SHA512
3889839c2edc58c24dd68efa199271f2d07d168521a6d6e7343b425f715c9afef1dbb965a85bac75f7d48c8834e38891c7e56369d92075e93d86f56d77c09d3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
5f04c8a39f1e52b7cc8f344ca76ba9d5

SHA1
d6e5a90a47bca4a772593cb830578229f65d0e0d

SHA256
a8798b482905ed3346b85e2f53592dd20eeb07d5229ca4bb377e849b16a2dc83

SHA512
db836a7078aab68dd47d6aa998c06d723b8ae61339fc118625296e326d7f60764edaa0abbadf447f1c0f27441f0395cd891269b6ccf8aa343c523adebbc51106

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bc1ba77b005e6eafc25f9ead3960691e

SHA1
ab215feec2f3dc1d5adf51e20571483c25e92350

SHA256
d43579545a672352eb8350449e03c0d625b00c747472eb8fad5e054ac09428a8

SHA512
ad1883675d1986aa9d530dd4d826996308ee2b092418c549358b58151ccc69e5d58c8e8bb447c688a7fd06eaf6268e0db4f5e0cfce9e308ed171962a7719700f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
0395142c90d591223f5ec727dd52bc1a

SHA1
35d235b6716b68d26f3e8977d2601f8b38e083d6

SHA256
e9c6bf575972529677afa7c8b8574ed1529195a3d9abb67c40d2226fd7a13ae8

SHA512
acd931086508ceef78a91b6025e909aeb3700a8b93e80e1333669438d6749c23ec757619758352e2328e9ff1b033f5e609c846d7a50365433ee2e5e5bbbd9426

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
e4d75cf2664f220fca55241273834ff1

SHA1
a23f8c857bc17c96266a04872b8d409eb7b12fc5

SHA256
0f3cb9426388155c90f7504804df0e02eeb31eb592e399e475e875e87d2918ed

SHA512
cdc65da361093df09f19d62c2e5f4dc32d52c83485c36a6e0f42ea7974315062ddb6e72b2e839ea2396f16ba51115814c9b77de97d6cbacd7153c6054a3dee78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
546ae6e6751c469ef48894aa79cc3f44

SHA1
de6263fb13cfda2303f5a7b3cb8656ea8c41fcc4

SHA256
171fb806cc04fb14eaae849a1b6c2099491371b43f39751a07670b88fa0a9eb8

SHA512
d568ceaf01c2d2e2e51331c5a99b742753e10d83a7044f4cbbf47ed11da06ed90577064bcb76b882ddcf0a077e1288d97596761d0eda8b2930efef4fdfb92a2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
413dff1466492ab31fb3c7b4cc1b6005

SHA1
5a056cc55236cdfc49b4fe0d5dd98220e6216433

SHA256
bd7e9fd93c5d2ae84d3eb7b5c62014e50ae2dd81571d073417201e05f62ceee6

SHA512
b9c078a03fea49276926ecfdb203d0328662977a1a66ac3f8357fd1c5f339ca9aa07bbd55994ea257c6b18a85a22297b2abadafbbff572c385d362ad14bdc1b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
18d3740f9e5566489623778103a04723

SHA1
ab28b4c37be19b0711d38b12f2f2bc9f579f6af7

SHA256
f08732f44b70fea7cef94a4ce17dda81e7899b6fc342d5cf98abfb89c67dc87a

SHA512
c9dcca4cec53e775d9237bfe92d0bcf4dff24387ef2bdee0c673cab3fe989c679cd88742ac9a66bde0de7edf0101eb4b5bab4df2e8f73244c007e5faad4ee189

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
9b1e45c835adaf4e2221447e6dcdbb8e

SHA1
576623ac121661ebb97b68722f914ca70af0cd30

SHA256
0cfa8ffe80008f15a86b2bc5f4e325b5d749e9a6a3f07d5eb1407e1d28697364

SHA512
84fc236966beebcd0947b213a630d38d59fee4951fc24e589169bd6289d7dcdf88b9ea446f01dd4340f20dc97778c8ddfbe59e033dca40c593f98b81d804acc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8cb99ef33274f15b9d2d98777ab5ff12

SHA1
e504fe18e0f0cebf386360c079ec9097544fbf0f

SHA256
ae191862b0053b208ce8ba56a4e77dd8851dfc55fa166a6f5f3bf6e00b014678

SHA512
850bfc11762232c9b9b5897f0dde63e79c2b50ff85d2997efa4d3c24d9ffff47af43ca48d6015707d289a429bb23642512b2ba375fc95bc2b8ab7b5cefb0d6f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ba15dbc48c33ad88bd2ae44583ffefdf

SHA1
0ef992fa6034d4ded69a3a74473ef8fc49a04ecc

SHA256
4adfe9905fce69c44471b5cb48093cf09a48850770e6753516d1f2ce2fac9dd0

SHA512
5a7e2d52bb0ca8574eba354137c4f98aca04975c80fbadb3ff932aa1af6b48751ee3401be1bc572764df1c2637e9b05d87b6dc59985ec8fd44bb3a6b049eefd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
27575bf2687a493a088b1bbc66a3e3b0

SHA1
ed41f1f0cd6795e603bf9219fe6cf6ebde8dd914

SHA256
852732ac36a95397bf3fbc78003038f513fff9409d7a81c14d070e5aab88ba06

SHA512
8c2de9dd15d2fcfc7157cb3ba9a77a01b300182b6547853701b21a9b302946f94e1e3d82fe07729e53718faa7b6fe660940ea3f4bac11d893d154ff01e6fb7fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
37eb303ee8aae209a1086cb457324d70

SHA1
1286861c7e55e6fb6ac5bdd06c28eaa5d081c88a

SHA256
8ef816bd6df487ba0a3c9a7e935707d92af71c382ff57145d4673e64f581c838

SHA512
8c957241a2a7a95a3464dcbd59a29f388ed190fb76a56d2c5f04d616a22ede7f4c9b8c5444cc0053209358fbea42600920aeb13f4bc62534db7144726768532b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
08e2893d37d58c394b992c28124c11c5

SHA1
41082a29f0991f9a82e82af66b534219d60134a8

SHA256
35461d5c9095f8ee0a700b343aa1911f71e500a897f9f5150656a2fff4b58fd1

SHA512
f8a96b534aae5b69afb6fb4458e8f9ab97cfcbd7133de682e8875f2848f4bec90d92614a34217742900b6d291b8c4555e85a8a94fc83c8f0ef16e592edca47a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
707a8f03d0a8f6a0c8ec9c5394044b92

SHA1
89d0d5112bba60028d82ef838b5970f88b1a4951

SHA256
2bdd89ab18ca346d2667de80ce197c269cf5b91cd75f1c52314997ce866b7a5d

SHA512
cec4fea85bab3b12c6048797d5909718fcaf806731767aa56b10b0bce0a41b46e3aa0cfe51927f0c974d0e554ec1473e67b7ade04e1732d1c4ebef20562b64c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
4ac5b039407f640f441b6ac610731db8

SHA1
fbe8f5643303186edbb5cc1b3699682a63ea5d06

SHA256
589a8d1f082e29603cae65736b759e4093ae9120b0a58163766505757b5f1502

SHA512
a0829edfc006245c60f0983ba454cb01925f956794ef17e12ecfb80d91fb6dec2e425d8c49085b5f798f5d16031e14f979a6ebe5fad6651e926b88daf04c4d96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
c4db2fc17c5d150b86c5c66af33cb8fe

SHA1
5f3742329016194d006adb56051584fce0d72f3e

SHA256
beb331b9e806eb7e5fadca6932537fe2c876c30f4251cb4dc7c4b47a8152a15b

SHA512
40dff33e14b2fe0f90a91ebf0c0b4879b352af32148c2582305c3806f21e4191392b249d780b633c4138915a8e844419b2a62a7e157240cd345c8e4eff4b0099

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2404f8eb0097f13d3091fb79bae76084

SHA1
00128b648969b03c631cef7e49a5ef4a409ff7f2

SHA256
518bb2ecf841d36dc830a2ed6964b61a162d850fbc5d5c84abe0720e2f073c68

SHA512
de1448ad68bb388806671f6569df198228709ce0157ab4641d26be90f8b7e8aebb54f5edaae4a3cacc82bb5319d24d5cf67c3c69c7f9a16d86c92fc70fc7fffe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2fe9369f896d809625e3b4cece2dee7c

SHA1
f6204bc1bd5e565c31f0bcf837d59e063c73bf3e

SHA256
dad5790dc00038331ea749863500e307d565271c4447b099e92e74ae5664301f

SHA512
d7471029ceae356062932ee4d5ceecd61e79688ad379643cb013d8b4135b01a83d95f98acf5d419bb5db2ddc024f20e90d44465e1593486da2a06b513458c1d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
b111ff43aa29427a26c085a955dfb84f

SHA1
0509efc2e3cc74f8601dab41ec784a013c373538

SHA256
14af900ea56470b3dcabe13406012345cb9f4474ca2667b29652004d3361fab0

SHA512
bac3bb7581ae287f01c3bdf67d6cd3fe09c7b273ad8f338fb8c9f87503b0716661a0e0463c6c7706b0b9e77f4e823ddced4211ade0ab1cfcd852e5f004ba6b82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
3a1bb7d0b4754ccec70e862960087a94

SHA1
b33a3b753f4e53c6f61816daa98610364fb50839

SHA256
b57057232117672f4f5eff3a3905c327c66c73b816d152baf74e9f578de0a581

SHA512
f405591689b27b5e18eaad64892583c68f20acd6ceeefaeba871431d39c5a1aeceadf90f283fcfe3ae19bb7f7465ec17ef9434cf03facab00da2dbe1cc7396be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
e3dfe46ab2f96b1ce5d2bd7d35a5d4bb

SHA1
681cd662f2e9ebd487714c8d6aab46a090563e45

SHA256
5f097d0610882bfb1dc6cc902ac515feb3a87e9c467f215671bf8e4c197c2b23

SHA512
9522de08b9996f2e711b750eedd1e90aa8f98771205216b728cbd372a682685a459394be866d6315a9a35afc2bd05973b40ee4a117c752d5450508416ab421fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ad51031f-36c0-475a-bf96-f02d968b8791\index-dir\the-real-index

Filesize
2KB

MD5
4601025c8b869e47e8ed95ae21f4328c

SHA1
cf89dcdb021287a4997eade57f048343e16ca842

SHA256
d78d7e69fc4da4e8751d7d3bac005de041ac1dd47223fc8c349ec0876a7eff92

SHA512
eabf3439f7cc4478f6025cdf67523f916585b3e385dfbf4acc6720ba2a73d07b5f4b4fec1a063138e504ff3b4978834d70249a341bcaf98ac8404abf5aa3ab9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ad51031f-36c0-475a-bf96-f02d968b8791\index-dir\the-real-index

Filesize
3KB

MD5
9461f48f4060b2849f43ca241e842248

SHA1
a5b7d3d0f30233d46fc35470f16cb79aa35d5dcd

SHA256
7b980d1afe18d961a0f47b5fe50505748c62887ce1fd9bf747b6bcdbcd015c6c

SHA512
da2e50fc480a21a912443497e68c4f3ee4bb12f4ece1569fa6b0e3b6bb396404452ef9963ffe2fc36a434f4e27dd16c49a9f25ad036badc6a147106060de1062

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ad51031f-36c0-475a-bf96-f02d968b8791\index-dir\the-real-index~RFe584f82.TMP

Filesize
48B

MD5
34860ae7e99c69e085c030e25a2265e4

SHA1
45d9b66297f66012e8c748b4afa21e8309737387

SHA256
a253adaa262e4df77a4dd88f02a59b0e93170c500c58ea3d6d3698a27b1caa10

SHA512
77aba34f1fc12a8f26cdd6a107c61174ee093a81b6d595113347cfc9e21999fcf4db222ad6d978b7e246f960fdf84e48e3084d10c4933435ad1e2f504bde98ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
b37d289cf9a2deb60e88a25d358c367a

SHA1
e497a8a300cb955fa9ba0213d2e3d70942153b46

SHA256
477bc7fb314c24f0cb37334ee835425794ca6d2dcb2b1c2f23c80dad008459e7

SHA512
c9ec1284b47f871ca69a8e1af03e44e052b738e678409fc531174d9821118600348e1cb428c77bbf8fab80611992d37c8c0d5f323b9223121fcc8d138e6c2c83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
bef5983124d759bab8e2032bccc9b6c6

SHA1
abb71505768705def6965adde8f8edc47f18e99f

SHA256
3c1a1f0b045c03cc566d20a6dbf4e964be8148659ff8785c24ca347f7a707638

SHA512
b78b663561b9cf24317a1edb45517c64fb934b0c639f49c442030bc58a864842f68cc00897bc6c9ef0070ff19e2b5a317d603b413ca76d549dccce5f2bd239c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
4a650b9407f2ec085250b2d244a5bd8b

SHA1
1a318bb4b5e6b19557f6f7fd145b727ecc851adb

SHA256
521dcddf89ce6e9868aacc05f5a5e23340810b33e647037b07a4750b3fd1c5e6

SHA512
9b6769d0ceae473bf18a57c70d2a67014e5f7b639505b1eee6e643739bc3c3baf68ac3dbd284fbc1513d472f9d0cc4bcd5e3b896def1b8b21dad9d4ea1d4991c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
7a864cf7c1cba309648b4299c8bc2711

SHA1
ec16b7b2ac8dda4a3e0ae59b262bf891352f6ad0

SHA256
d2ddd2652a70ee9e45bbe7b3d4305f31a50d39b463ba3b7581922824e997f633

SHA512
cb678e9b307ec1e946e940b361a36bd091f297c575fda7f7a2cf0c0aab513cd0392ee0f1793a86cd44284526931007ece93d42fe0c5cec9c74e3cbe559f050d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe579fab.TMP

Filesize
119B

MD5
6f7ecd39cdf5ce5d74235225c344472a

SHA1
9519385b568669f74cc0d9e49831b869ee6386ad

SHA256
e1187f4e0e5ccabba0c2ba053a839ad01403dc620c64f8bff328c0a1d7b9e498

SHA512
b2fc76fe3450cf0c4d22f18232f0cdcb146a3c32743962a50af90d37a7beb311d23be58c265c58515d6d7d61e51f0e7f7ea0987cc608a94476cc4d1a345591a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
03e255107ded6864e498934d71b93ae8

SHA1
ba7e36029e88e7ba2c9751779d225433d166af49

SHA256
54b041e3b02484317262f74a3ee86f388ce5e5d1bc6845034eceb1999c0c46a4

SHA512
bc682fce66476b246436a40b26057f8fee93a8788609eb87a841c2185d117dbebef8874c7224a5c40e7fe0baf10d6cd6c141f27aabb35f0fb4d498963b7e5cc6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
cb6a883d785572a25457d3a1ce968188

SHA1
9ed3901b70130b62d47e6c1f3b053911b8a22bd5

SHA256
77410683fba6777e3bf2ca05fbc360c0d23314e46406edbbbd4c116d2babb9dc

SHA512
67e8931328dfdcb6020214599b1a2a62019c98e46034b8328c3fb0e36ca3d4f472634e72f657281878e2c87b3ec09de8a2a01d70aeae469632ca8c5c606324d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir3136_1516442904\Shortcuts Menu Icons\0\512.png

Filesize
2KB

MD5
206fd9669027c437a36fbf7d73657db7

SHA1
8dee68de4deac72e86bbb28b8e5a915df3b5f3a5

SHA256
0d17a989f42bc129aca8e755871a7025acb6292ce06ca2437e95bedbc328fa18

SHA512
2c89878ec8466edf1f214d918aefc6a9b3de46d06ffacff4fdb85566560e94068601b1e4377d9d2eabefdc1c7f09eb46b00cf4545e377cc84a69edf8e57e48b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir3136_1516442904\Shortcuts Menu Icons\1\512.png

Filesize
10KB

MD5
529a0ad2f85dff6370e98e206ecb6ef9

SHA1
7a4ff97f02962afeca94f1815168f41ba54b0691

SHA256
31db550eb9c0d9afd316dc85cdfd832510e2c48e7d37d4a610c175667a4599c6

SHA512
d00e2d741a0a6321c92a4aab632f8f3bafd33c0e2875f37868e195ed5e7200a647b4c83358edcef5fc7acbc5c57f70410903f39eac76e23e88a342ac5c9c21cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
de462b0f2b4787fd8fb6828631557f41

SHA1
17535495c2b87caa713ae35644293507f62ad59e

SHA256
d22140a315eb9e51f4bba3d3de9691c6ba69fc4bc9976257efa28547c04def96

SHA512
a1c2a32571c76c297b14fdc30f4b4317399d2bb9d70f061d5e6e60ecd87fdd3dfeb782c22be316343350314223859fe8c112a214b25a5f05928dbd43fa6bb46c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
47005961a888b4d2fbb86656d34459a6

SHA1
7617b0e1f6d7de0aef4048e9449b30cbde9ecac1

SHA256
d6525b185e43be59e072a7c1bff4b1c55b8183f84d62dc57e5104be7027bbb7c

SHA512
8c0c667d0e8ddd719a4280cb1b2898a28aeae6cc228171f2a7a5be5a9ae8bab179bd1d72d11024ceb272c0fd8a114de0aca260ffac7fbaf6f8d6a2d98059dbc4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
5a3b62fbe5acf4fbaef3e725dd462e37

SHA1
ddf457391a9e9e2cce9631b1108b6116b4e384b3

SHA256
649420ed4ace7bc374255dfdf77057ba38cf2aa23a0494c1f224323074680350

SHA512
77f83b433c1877d71b5f8c3802c64007a85ad7138dde7fba3f8bc663f8476f9f1d408a655cf3685e48a9902c86865ff0ee80497c0341d6ff4107e8a2fc8cb379

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
86f73efad58da58d5faa406ed5349ef4

SHA1
9f4ef93e2b4854a9044a09a9f78113411a357aaf

SHA256
1fd5f52c0abda4f0733620a9a375f6aefa1892e492bc87d70cf41cec3e35c825

SHA512
239413239a9789fba390ca213b2c4b78775399e36f55c71faa70a1b3071655b0ef4a8e7ccc63946b366e63dc7d7082a27707dfaf263245e11eb8127e741d5993

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
ec066fce8f88b1dc90236be67f71bda4

SHA1
b1ecfb5db6ee7e9b41a6896030dc6bc5292a169c

SHA256
b1f7e9bbf1a5dca4cc1f22d6fd02699347fe42f7933b0bbd5f8a07ab9ff49773

SHA512
221a9719bbb0939fdbd84e0f38cbf29ab09b36fba40772a5b02c0f6dd2620a322c8708d229437ddf110c790b59818a6fd803772a9adb0d61cb0c5f9c957e6d68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
3375edb1d4c0282d75a7b3c47b1472f7

SHA1
5f8da74d5d6835a9a30f26d7cdf0657836053724

SHA256
eb187bf4c79f1e7de1d7bbac21fc064b93c0dbebea753cb0261643cd12793785

SHA512
bde5ea20bb5e06941d8268398a7362dd550aa8c0bc18801a13486dc9f786d020e00b421067c3906755412516937ff9698819ee0ee47e6c2d6c2955e3b501ee92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
fcb82796a0991363488c229fa3d2c7b1

SHA1
86a9a96259d65f0c937be7ef5ad2717583edb3e1

SHA256
eb8a2756b879e60fd7c2cedd85360b8bc919b77af2667c43d170f33c6b6b0d7a

SHA512
92afe0abacc29ae160770271fea4b224072966fb1c5aeb5af2b65fdfd45079b09275e84692fdb6626016ed9d4deab96772e7f4beb97cff28e5c4790dce0e5917

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
8KB

MD5
0d9062aa8bc2fe144aadc78cd421e852

SHA1
abf53307809ccb2cee502a98d1691b9ac275d672

SHA256
cea661fdeac9b7739c244bfb6f1b6329f7d9e057b02f6d7b46bcaea136e3a85d

SHA512
995b8a1a8393183828f06ac9221ba36d6a6e4edbef034b0ba4294f1729366c22f5df305ad5d361fa729a15da0ac600d241a87dfe1adafe460a461f4fa080766e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
10KB

MD5
71ffec33036abadbb6f56cbec0c9d398

SHA1
65407021a1ca4f54d6e08c97608361106ad878ea

SHA256
14e5a71e3551399b2dee37913d7330346f8208a2af9ce626a44ffe49d083ceb2

SHA512
29f0e332fd270e41611ddab5a3f5a2c7979d1bd54d7b646fe48e11d222025fffb1dbf29dafcc9019325e3849ab62dafd427429db0f8fe7749f70eb196caff869

Download Submit
C:\Users\Admin\AppData\Roaming\gdi32.dll

Filesize
421KB

MD5
79d71f72d5a58cbaf74436c8116b3f0d

SHA1
f09cf418c0259a9c14b1e4dc33f3994ffede2b5b

SHA256
5c8d074eab5f3a4abf13f0a555897f2e1a6e11f995b81a27854a97c42892e18e

SHA512
b94486eedbfce6398dbdb043ecd35e1af97bdac3ab64b1d3b365f09cb018a14a6632088c29573ff976815a8aee4be49cc2e4aff13a09672adca233a07e415a3e

Download Submit
C:\Users\Admin\Downloads\Roblox Executor.zip

Filesize
16.7MB

MD5
585b1bd83c3057e244c6ddc0f3116f12

SHA1
7d03d7dd2f2416c84f918fcb9b987e398eaec94e

SHA256
4239fb3069993c1e63adf1b5749411442e83fc06053ac1c5bfb3ccd62db5a55e

SHA512
3191d02da44bfa8ebc245b2c1ff6365b03d7ac2b9561266146d15143ff832cd9e0a0fa3df2032e199ecfd98aecee7b0226bd143dcf634dc4a008b2066956515c

Download Submit
C:\Users\Admin\Downloads\Roblox Executor\Loader.exe

Filesize
733KB

MD5
95142a0d8cf7916d2c5b7259d7845863

SHA1
63d1edbc8bc5b353a8a8f522141f321e4f509103

SHA256
a3b3cfa538fab1fb16feae3fba95e1f4debc5fd5983246506592930d06abc0ca

SHA512
39f8bcdc8a58fe4f41e8e1036622dd935551a8c7092fbef28dd995a3b37a695b3df4b9045d0915b0e292ff7ae3269366bb8701e5a5a5362778765d992ed4a962

Download Submit
C:\Users\Admin\Downloads\Roblox Executor\vcruntime140.dll

Filesize
94KB

MD5
11d9ac94e8cb17bd23dea89f8e757f18

SHA1
d4fb80a512486821ad320c4fd67abcae63005158

SHA256
e1d6f78a72836ea120bd27a33ae89cbdc3f3ca7d9d0231aaa3aac91996d2fa4e

SHA512
aa6afd6bea27f554e3646152d8c4f96f7bcaaa4933f8b7c04346e410f93f23cfa6d29362fd5d51ccbb8b6223e094cd89e351f072ad0517553703f5bf9de28778

Download Submit
memory/936-2088-0x0000000000EF0000-0x0000000000F54000-memory.dmp

Filesize
400KB

Download
memory/936-2092-0x0000000000EF0000-0x0000000000F54000-memory.dmp

Filesize
400KB

Download
memory/936-2089-0x0000000000EF0000-0x0000000000F54000-memory.dmp

Filesize
400KB

Download
memory/3360-2123-0x00000239E9930000-0x00000239E9931000-memory.dmp

Filesize
4KB

Download
memory/3360-2112-0x00000239E9930000-0x00000239E9931000-memory.dmp

Filesize
4KB

Download
memory/3360-2111-0x00000239E9930000-0x00000239E9931000-memory.dmp

Filesize
4KB

Download
memory/3360-2120-0x00000239E9930000-0x00000239E9931000-memory.dmp

Filesize
4KB

Download
memory/3360-2113-0x00000239E9930000-0x00000239E9931000-memory.dmp

Filesize
4KB

Download
memory/3360-2122-0x00000239E9930000-0x00000239E9931000-memory.dmp

Filesize
4KB

Download
memory/3360-2121-0x00000239E9930000-0x00000239E9931000-memory.dmp

Filesize
4KB

Download
memory/3360-2119-0x00000239E9930000-0x00000239E9931000-memory.dmp

Filesize
4KB

Download
memory/3360-2118-0x00000239E9930000-0x00000239E9931000-memory.dmp

Filesize
4KB

Download
memory/3360-2117-0x00000239E9930000-0x00000239E9931000-memory.dmp

Filesize
4KB

Download
memory/3620-2081-0x0000000002F10000-0x0000000002F16000-memory.dmp

Filesize
24KB

Download
memory/3620-2080-0x00000000009D0000-0x0000000000A90000-memory.dmp

Filesize
768KB

Download