r77 | 91e508a9f3590798b6bd703c7ed7f8386eeb1f3dbed66cd670732a05f16fcb77

Analysis

max time kernel
110s
max time network
109s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12-01-2025 13:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

batman nigg.jpg
Size

9KB
MD5

6ec3b5cc32ea61d0c1ff1db6be43ab96
SHA1

d7064ce493b9e433524f556896e4ff838629c94b
SHA256

91e508a9f3590798b6bd703c7ed7f8386eeb1f3dbed66cd670732a05f16fcb77
SHA512

bfa0cd76051d6e3c4901682b6b86cb1bf2fba663c909962055621b121124a88596f90ad5aa34273064c57a8bcd28bf539d4296720fc3d27882d5bc6394d26555
SSDEEP

192:7wujtw2wDjeuHfoDYlhKpXX+WcJVbfLBm:7wUsDytaKcWcJVbLo

Score

10^/10

r77 discovery rootkit

Malware Config

Signatures

R77 family
r77
r77
r77 is an open-source, userland rootkit.
rootkit r77

r77 rootkit payload 1 IoCs

Detects the payload of the r77 rootkit.

resource	yara_rule
behavioral1/files/0x00050000000231da-1010.dat	r77_payload

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
2084	Resident Evil 7 Biohazard v1.0-v20220613 Plus 14 Trainer.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133811606888283744"	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2008	chrome.exe
2008	chrome.exe
2084	Resident Evil 7 Biohazard v1.0-v20220613 Plus 14 Trainer.exe
2084	Resident Evil 7 Biohazard v1.0-v20220613 Plus 14 Trainer.exe
2084	Resident Evil 7 Biohazard v1.0-v20220613 Plus 14 Trainer.exe
2084	Resident Evil 7 Biohazard v1.0-v20220613 Plus 14 Trainer.exe
2084	Resident Evil 7 Biohazard v1.0-v20220613 Plus 14 Trainer.exe
2084	Resident Evil 7 Biohazard v1.0-v20220613 Plus 14 Trainer.exe
2084	Resident Evil 7 Biohazard v1.0-v20220613 Plus 14 Trainer.exe
2084	Resident Evil 7 Biohazard v1.0-v20220613 Plus 14 Trainer.exe
2084	Resident Evil 7 Biohazard v1.0-v20220613 Plus 14 Trainer.exe
2084	Resident Evil 7 Biohazard v1.0-v20220613 Plus 14 Trainer.exe
2084	Resident Evil 7 Biohazard v1.0-v20220613 Plus 14 Trainer.exe
2084	Resident Evil 7 Biohazard v1.0-v20220613 Plus 14 Trainer.exe
2084	Resident Evil 7 Biohazard v1.0-v20220613 Plus 14 Trainer.exe
2084	Resident Evil 7 Biohazard v1.0-v20220613 Plus 14 Trainer.exe
2084	Resident Evil 7 Biohazard v1.0-v20220613 Plus 14 Trainer.exe
2084	Resident Evil 7 Biohazard v1.0-v20220613 Plus 14 Trainer.exe
2084	Resident Evil 7 Biohazard v1.0-v20220613 Plus 14 Trainer.exe
2084	Resident Evil 7 Biohazard v1.0-v20220613 Plus 14 Trainer.exe
2084	Resident Evil 7 Biohazard v1.0-v20220613 Plus 14 Trainer.exe
2084	Resident Evil 7 Biohazard v1.0-v20220613 Plus 14 Trainer.exe
2084	Resident Evil 7 Biohazard v1.0-v20220613 Plus 14 Trainer.exe
2084	Resident Evil 7 Biohazard v1.0-v20220613 Plus 14 Trainer.exe
2084	Resident Evil 7 Biohazard v1.0-v20220613 Plus 14 Trainer.exe
2084	Resident Evil 7 Biohazard v1.0-v20220613 Plus 14 Trainer.exe
2084	Resident Evil 7 Biohazard v1.0-v20220613 Plus 14 Trainer.exe
2084	Resident Evil 7 Biohazard v1.0-v20220613 Plus 14 Trainer.exe
2084	Resident Evil 7 Biohazard v1.0-v20220613 Plus 14 Trainer.exe
2084	Resident Evil 7 Biohazard v1.0-v20220613 Plus 14 Trainer.exe
2084	Resident Evil 7 Biohazard v1.0-v20220613 Plus 14 Trainer.exe
2084	Resident Evil 7 Biohazard v1.0-v20220613 Plus 14 Trainer.exe
2084	Resident Evil 7 Biohazard v1.0-v20220613 Plus 14 Trainer.exe
2084	Resident Evil 7 Biohazard v1.0-v20220613 Plus 14 Trainer.exe
2084	Resident Evil 7 Biohazard v1.0-v20220613 Plus 14 Trainer.exe
2084	Resident Evil 7 Biohazard v1.0-v20220613 Plus 14 Trainer.exe
2084	Resident Evil 7 Biohazard v1.0-v20220613 Plus 14 Trainer.exe
2084	Resident Evil 7 Biohazard v1.0-v20220613 Plus 14 Trainer.exe
2084	Resident Evil 7 Biohazard v1.0-v20220613 Plus 14 Trainer.exe
2084	Resident Evil 7 Biohazard v1.0-v20220613 Plus 14 Trainer.exe
2084	Resident Evil 7 Biohazard v1.0-v20220613 Plus 14 Trainer.exe
2084	Resident Evil 7 Biohazard v1.0-v20220613 Plus 14 Trainer.exe
2084	Resident Evil 7 Biohazard v1.0-v20220613 Plus 14 Trainer.exe
2084	Resident Evil 7 Biohazard v1.0-v20220613 Plus 14 Trainer.exe
2084	Resident Evil 7 Biohazard v1.0-v20220613 Plus 14 Trainer.exe
2084	Resident Evil 7 Biohazard v1.0-v20220613 Plus 14 Trainer.exe
2084	Resident Evil 7 Biohazard v1.0-v20220613 Plus 14 Trainer.exe
2084	Resident Evil 7 Biohazard v1.0-v20220613 Plus 14 Trainer.exe
2084	Resident Evil 7 Biohazard v1.0-v20220613 Plus 14 Trainer.exe
2084	Resident Evil 7 Biohazard v1.0-v20220613 Plus 14 Trainer.exe
2084	Resident Evil 7 Biohazard v1.0-v20220613 Plus 14 Trainer.exe
2084	Resident Evil 7 Biohazard v1.0-v20220613 Plus 14 Trainer.exe
2084	Resident Evil 7 Biohazard v1.0-v20220613 Plus 14 Trainer.exe
2084	Resident Evil 7 Biohazard v1.0-v20220613 Plus 14 Trainer.exe
2084	Resident Evil 7 Biohazard v1.0-v20220613 Plus 14 Trainer.exe
2084	Resident Evil 7 Biohazard v1.0-v20220613 Plus 14 Trainer.exe
2084	Resident Evil 7 Biohazard v1.0-v20220613 Plus 14 Trainer.exe
2084	Resident Evil 7 Biohazard v1.0-v20220613 Plus 14 Trainer.exe
2084	Resident Evil 7 Biohazard v1.0-v20220613 Plus 14 Trainer.exe
2084	Resident Evil 7 Biohazard v1.0-v20220613 Plus 14 Trainer.exe
2084	Resident Evil 7 Biohazard v1.0-v20220613 Plus 14 Trainer.exe
2084	Resident Evil 7 Biohazard v1.0-v20220613 Plus 14 Trainer.exe
2084	Resident Evil 7 Biohazard v1.0-v20220613 Plus 14 Trainer.exe
2084	Resident Evil 7 Biohazard v1.0-v20220613 Plus 14 Trainer.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2008 wrote to memory of 2888	2008	chrome.exe	89
PID 2008 wrote to memory of 2888	2008	chrome.exe	89
PID 2008 wrote to memory of 436	2008	chrome.exe	90
PID 2008 wrote to memory of 436	2008	chrome.exe	90
PID 2008 wrote to memory of 436	2008	chrome.exe	90
PID 2008 wrote to memory of 436	2008	chrome.exe	90
PID 2008 wrote to memory of 436	2008	chrome.exe	90
PID 2008 wrote to memory of 436	2008	chrome.exe	90
PID 2008 wrote to memory of 436	2008	chrome.exe	90
PID 2008 wrote to memory of 436	2008	chrome.exe	90
PID 2008 wrote to memory of 436	2008	chrome.exe	90
PID 2008 wrote to memory of 436	2008	chrome.exe	90
PID 2008 wrote to memory of 436	2008	chrome.exe	90
PID 2008 wrote to memory of 436	2008	chrome.exe	90
PID 2008 wrote to memory of 436	2008	chrome.exe	90
PID 2008 wrote to memory of 436	2008	chrome.exe	90
PID 2008 wrote to memory of 436	2008	chrome.exe	90
PID 2008 wrote to memory of 436	2008	chrome.exe	90
PID 2008 wrote to memory of 436	2008	chrome.exe	90
PID 2008 wrote to memory of 436	2008	chrome.exe	90
PID 2008 wrote to memory of 436	2008	chrome.exe	90
PID 2008 wrote to memory of 436	2008	chrome.exe	90
PID 2008 wrote to memory of 436	2008	chrome.exe	90
PID 2008 wrote to memory of 436	2008	chrome.exe	90
PID 2008 wrote to memory of 436	2008	chrome.exe	90
PID 2008 wrote to memory of 436	2008	chrome.exe	90
PID 2008 wrote to memory of 436	2008	chrome.exe	90
PID 2008 wrote to memory of 436	2008	chrome.exe	90
PID 2008 wrote to memory of 436	2008	chrome.exe	90
PID 2008 wrote to memory of 436	2008	chrome.exe	90
PID 2008 wrote to memory of 436	2008	chrome.exe	90
PID 2008 wrote to memory of 436	2008	chrome.exe	90
PID 2008 wrote to memory of 1208	2008	chrome.exe	91
PID 2008 wrote to memory of 1208	2008	chrome.exe	91
PID 2008 wrote to memory of 1580	2008	chrome.exe	92
PID 2008 wrote to memory of 1580	2008	chrome.exe	92
PID 2008 wrote to memory of 1580	2008	chrome.exe	92
PID 2008 wrote to memory of 1580	2008	chrome.exe	92
PID 2008 wrote to memory of 1580	2008	chrome.exe	92
PID 2008 wrote to memory of 1580	2008	chrome.exe	92
PID 2008 wrote to memory of 1580	2008	chrome.exe	92
PID 2008 wrote to memory of 1580	2008	chrome.exe	92
PID 2008 wrote to memory of 1580	2008	chrome.exe	92
PID 2008 wrote to memory of 1580	2008	chrome.exe	92
PID 2008 wrote to memory of 1580	2008	chrome.exe	92
PID 2008 wrote to memory of 1580	2008	chrome.exe	92
PID 2008 wrote to memory of 1580	2008	chrome.exe	92
PID 2008 wrote to memory of 1580	2008	chrome.exe	92
PID 2008 wrote to memory of 1580	2008	chrome.exe	92
PID 2008 wrote to memory of 1580	2008	chrome.exe	92
PID 2008 wrote to memory of 1580	2008	chrome.exe	92
PID 2008 wrote to memory of 1580	2008	chrome.exe	92
PID 2008 wrote to memory of 1580	2008	chrome.exe	92
PID 2008 wrote to memory of 1580	2008	chrome.exe	92
PID 2008 wrote to memory of 1580	2008	chrome.exe	92
PID 2008 wrote to memory of 1580	2008	chrome.exe	92
PID 2008 wrote to memory of 1580	2008	chrome.exe	92
PID 2008 wrote to memory of 1580	2008	chrome.exe	92
PID 2008 wrote to memory of 1580	2008	chrome.exe	92
PID 2008 wrote to memory of 1580	2008	chrome.exe	92
PID 2008 wrote to memory of 1580	2008	chrome.exe	92
PID 2008 wrote to memory of 1580	2008	chrome.exe	92
PID 2008 wrote to memory of 1580	2008	chrome.exe	92
PID 2008 wrote to memory of 1580	2008	chrome.exe	92

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\batman nigg.jpg"
1⤵
PID:1904

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x124,0x128,0x12c,0xf4,0x130,0x7ff95b38cc40,0x7ff95b38cc4c,0x7ff95b38cc58
  2⤵
  PID:2888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1860,i,2675398172571541298,18103709893425790147,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1848 /prefetch:2
  2⤵
  PID:436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2072,i,2675398172571541298,18103709893425790147,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  PID:1208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2292,i,2675398172571541298,18103709893425790147,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2652 /prefetch:8
  2⤵
  PID:1580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3148,i,2675398172571541298,18103709893425790147,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3328,i,2675398172571541298,18103709893425790147,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:2392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3712,i,2675398172571541298,18103709893425790147,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4540 /prefetch:1
  2⤵
  PID:536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4860,i,2675398172571541298,18103709893425790147,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4872 /prefetch:8
  2⤵
  PID:3944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4988,i,2675398172571541298,18103709893425790147,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4996 /prefetch:8
  2⤵
  PID:4420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4880,i,2675398172571541298,18103709893425790147,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4872 /prefetch:8
  2⤵
  PID:3584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5080,i,2675398172571541298,18103709893425790147,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5104 /prefetch:8
  2⤵
  PID:1480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5068,i,2675398172571541298,18103709893425790147,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5228 /prefetch:8
  2⤵
  PID:1360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5032,i,2675398172571541298,18103709893425790147,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4768 /prefetch:8
  2⤵
  PID:3528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5092,i,2675398172571541298,18103709893425790147,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4476 /prefetch:2
  2⤵
  PID:392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4812,i,2675398172571541298,18103709893425790147,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3156,i,2675398172571541298,18103709893425790147,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5740,i,2675398172571541298,18103709893425790147,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:2192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5960,i,2675398172571541298,18103709893425790147,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5948 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5684,i,2675398172571541298,18103709893425790147,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5964 /prefetch:1
  2⤵
  PID:4140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=6136,i,2675398172571541298,18103709893425790147,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6120 /prefetch:1
  2⤵
  PID:3144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6100,i,2675398172571541298,18103709893425790147,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5936,i,2675398172571541298,18103709893425790147,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:1472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5464,i,2675398172571541298,18103709893425790147,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:3248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5788,i,2675398172571541298,18103709893425790147,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5704 /prefetch:1
  2⤵
  PID:2392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=6104,i,2675398172571541298,18103709893425790147,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5828 /prefetch:1
  2⤵
  PID:1792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=6036,i,2675398172571541298,18103709893425790147,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3532 /prefetch:1
  2⤵
  PID:3952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6300,i,2675398172571541298,18103709893425790147,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6292 /prefetch:8
  2⤵
  PID:3844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6320,i,2675398172571541298,18103709893425790147,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6304 /prefetch:8
  2⤵
  PID:3900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6472,i,2675398172571541298,18103709893425790147,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6480 /prefetch:8
  2⤵
  PID:4876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6496,i,2675398172571541298,18103709893425790147,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6636 /prefetch:8
  2⤵
  PID:3408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6628,i,2675398172571541298,18103709893425790147,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6884 /prefetch:8
  2⤵
  PID:2956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=7044,i,2675398172571541298,18103709893425790147,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6156 /prefetch:8
  2⤵
  PID:4380
- C:\Users\Admin\Downloads\Resident Evil 7 Biohazard v1.0-v20220613 Plus 14 Trainer.exe
  "C:\Users\Admin\Downloads\Resident Evil 7 Biohazard v1.0-v20220613 Plus 14 Trainer.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:2084

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4444

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3560

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
db5bad126660370f40a32c516ea88917

SHA1
dbb06f78c43966df104445c5c000bfbba7dba299

SHA256
51701568c956f4fdfe93a8d416fcc1b3a5a3ea86ba458f02cb3f29bd56c91531

SHA512
d8d0f0ba0fc4c001683f4e554d09ccec630bfdcc222570b68dc908d7186980a02bcdc96838af78c6269fb3518ee172fa6f2eeea0f423a96feffa4a35e84195e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
95KB

MD5
ee74a296e3106da7547921b7a48ac381

SHA1
c4d32c67de557180add5e121c8fe4d336142dcfe

SHA256
ebce86a0b25c924a3f143636a54902ee450f8cf9b3053cb0f46be292cfa65f8c

SHA512
091230cc0e9b447c1cb21e81c77ca939836b7bcbad9c17ec97df9fc6d75a67e2b891391653f5ce0a1ce047a77ec12a12bd6ad8243f051390388d3acaec5d5ce9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

Filesize
52KB

MD5
5a26d9b65e04d155997b64724dabda6c

SHA1
f9624b84e591ad79e8eb7cfa1056c31e56d4ec6a

SHA256
223fc63f230fc14259ec23a503093323b83d339bb775444d1dd8399f88dfac7b

SHA512
f18c764b4f092c72c902eb80c8ce6cfadff03861237a69442c58a6ee63db8eea77eec153accb6ac14017f3cd070ee1d38b4c3e9c9ee7482f098db002b606781d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

Filesize
31KB

MD5
e2ca67afa037addd83ef5c7754a3427b

SHA1
22758665815e2c86d1e4f3ef1461dfed07381934

SHA256
e5fa5c0b518b45e4c1aeb7fba5a2d55afcb62dade85f1268a9c320445f421eb5

SHA512
96a2b8ebff84e258356a55589018ccd89384c1647dd77668c70437391311b8951ccbda27200d0c06a234083eec3720169d701e64e3bcf2179da28ed22349ac78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

Filesize
144KB

MD5
df6b4bba2c92bb7153db54c395ae357c

SHA1
e522c33104ee8965d1191a0cc350b7cfe66dafd8

SHA256
02798ba2c448062b322cc2e0f0a8956213447e04409282cc80e07bdfe2fc923f

SHA512
0dd0215ae97beb91e15faa96f2f0840a9ef0fa909066bc6c03f6e48662e55e22354269069d2ea6ac087a39b2733dbe863952ccd71efc036a274b3633d84d5338

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002d

Filesize
20KB

MD5
70e2253d91237fab5bec0c1b77dacaf2

SHA1
6985182c8994f9b21402ea14022b4ff4aac76e07

SHA256
efbca0c9fc433d97af9dfb85b7e013781a0e4e627f0193771fa998d14b7f0651

SHA512
0ff44e95f1938a6341afa0a897ff37c0859953f36131eff99672039d938d6f38bf28cd262db716b51e871b38c7b26f5c909ef37e91ec0dd5aa595adb6f8a198a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000031

Filesize
20KB

MD5
61aa8b462053d982fd7dcba3537f953f

SHA1
81c782098faad96056b75b115c3b8c53066726c1

SHA256
53c820ca7848acb86a45c299f00a007f160d4f5f8182431be6390e308f0510f8

SHA512
fa34bf0dd074afe1781b5404ef0511ffdcdbe3263d0aaffcc0fa2317a39fba4d3d6d06084a7185586a417fb43727473f84c1260bca78df56becc29c970ac8ff0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
bfa113505cded11fb8c43875b636619f

SHA1
c7f83a2349cc075d4c6e96b58fe72b25c8560846

SHA256
ef8f5b10d7339a3b18b03753841da8ae683865ec9436edc3f08efd37d61793f7

SHA512
fe896a52417aeb94a9f34c298817bfd856366696bc35c592238af47d4f7d15fc6eaaf24c81956720bb0268215e4435916875d4a2db88751435f1ab32a25ab9cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
7727dcada100fd1710855fd1ae64a79c

SHA1
3a21c2e2a64f5738a531c809c8dfffcb46a0f85d

SHA256
93845a599afd60b61b3baa62f077b54fafa5abe1831771b9d678ec1f16936133

SHA512
118033a8597c7bcf44032fadffe3f36e3684396e37ef1a0e8d743b61313cb5cf10780386fa599253828003ed1f1b702ad638681ea7ebfe48a2064434d98502d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
d368e49ba9034042a0f0e698e554ee87

SHA1
4835495186512060aeb905876851321af8b8ca26

SHA256
eaf33da1e926af9f7e59344072113bfca6de222845e9efaa65f9e1556eea4e5c

SHA512
eb13b6f4e133b47eafb3b581d65fb3437e57dd19e1fbf99d12563f4aa1630a86d4afe0a71d64e4d40956d6dd132be358c3a52439e30081f21c5206deffcbbfc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\fcd6ca69-9811-40cc-99ad-e8f645e9f77c.tmp

Filesize
11KB

MD5
ecf2ad24b06684ae2fe8ea559bea5831

SHA1
791923ef5cbd29d32bd3226568546d59bdc547b2

SHA256
591deafc3912089f7613f5636783ccf5ee51668f71bd38f14c562bd15c85e8e8

SHA512
bf3915a34e88d8ad4bb5d79bd22406d9e085f939bcf025411c11208fb87e61cd9d8d0bf179985dab76e616e9c92d8d97044de6df07155b2fe71177dc7712e6b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
dfc0213cbcc710dc4a12c89366bab3b6

SHA1
17a80138b5049478c925478000c891809299b3a5

SHA256
1d982fba6f4c11a9119c934261db1a72c8bd5e1d92186980220c69badbb82d2e

SHA512
6f239548fcdf13866a60304bf431d7bda6e8eee2e7b3131b3e146ce26b82d6082f8aae5982f268949aa03b5709896ba5761400a0b40fe8af4b2d1228f449143c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8afb2e2c29f6f7fcd30cf7d7e57c90b8

SHA1
6336a60eeb7cca3a062ed0c051fc0a6eace828d4

SHA256
40c49988651550e9a9f95d97c7da5d075802e6e2e4be466d20b3a39ba2e2ee45

SHA512
436a26467836c561d0047a804670d40fd6758b7c5aa6c3b28572f2a2aff158cb517048906227600658b513243105dff5c2ea34a3d53914816823e6a5b94d1090

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
66d4701723a76b358f558166bd419e30

SHA1
d47e311bb11ef122d888dcee3428db5bedff1c48

SHA256
e77ed47b8d1ffc714cc0ac0af1d21d07c8f1d7465f43a4017fcf090be4dce51e

SHA512
7389d312dc4ba5be0d556072ffb4ebfdd5c358d963c7b366e0125891b1ab66b500102339908a59a851f67b38ed2fd58a129bbeea0a573dd33a8ce973b871fbda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6cf6ce64f2139949426c525d92f9f477

SHA1
5ac7df812fee6d99c346d75be4dd8cfa31a897b5

SHA256
d9419511740de3f6904e970401cde989dc754c3ebddb27a4201f159406fa7571

SHA512
e6c529a07c8262e9ed1006ca884244dc6cd5d19dfe0ac40555dfddf05c938ad766ce9db84c925a4205ad8a79e3740fe168f075fe784d248deab7fd630b622fda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
47543b44508db3b32d62c7ee2122bff2

SHA1
bab1e1d2000efb64723c3f65deb03dd8acb815c5

SHA256
a3a73381b34bf209fc9054943f264f284e38f057c0d7666469342c838411e891

SHA512
9d919fe1a325100096c9b12e769f998e0d45319bcea03eed66335667ab4cbe88605391d4d08efe68df737c43ad9da8f0cec751e8f40e3356987cd9779968d664

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
aa2b4556748a3de94a630b326082e5d4

SHA1
6bf9075ea6a2488e46acc1b5e24f468a6f8d6386

SHA256
98f99d1fbdd731e67ab88efe9d01253b7871fa2d4141d59cc52d1572c4c0369c

SHA512
d50a5a9222a1463f31fb6241d5f841649fef1cff2580feccc26bf4a290ba9605228676745330a158aa06b2928ada818053b7e27cc32020565e5d213dac166e30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3ec52eb86a1ef5932368fed25c79885f

SHA1
86b6697ef19483c9f9610bec971c22ceb7cad988

SHA256
62f9b27798d4024f231ad89d7dc817470b70dbc937f75bfec04f8edfbbba2d50

SHA512
4536d27be5c5dcf840ebfb8bf08d22535e14f323e9ee0aa6169415173d16c2af926fa28b25652894f30e7de82fb8c640b508ef1e2e9d569234fb759fa06ffa2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
bec427702561ec8fc78c127c818b72bd

SHA1
10dc3649909b638d5026e055c67e8dae100fd104

SHA256
80fdd38a77ee67eeca4f65c2d2704d25d7d0320971e2d3d4c31ecb4ad41c167b

SHA512
bb2f169573fe32580e1345aa7b1ec4a50ed17f3b95790a2cc2f3a063a3ac0260c920ee54969a0ad0f7f480988d65d381dbb1bf442d90560e844fb382777242c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
5f6d29a64ed0898be0c5484696395b19

SHA1
c068c8a89b81f77aeca805438ecfac1d8434f580

SHA256
22f3c662948d05954d73234423d68a760916be0a181e58438f1e12c83d26d155

SHA512
38609cd96db82af71213b02f0c0f5be618010632f30808b09adc0406ac5ac4c2bbde07e42a2e1eedb5df44f21f2d057970ae0087959c2b94fba6941b6ed43924

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
9b01397cdfad96ff263d4d3448837a25

SHA1
a60ef04aa586043e2ca81feb3056e2aa2b3288bf

SHA256
a739d33933dd56de7aecb60631412ac5ec2e88fec38ce62d640d9f26f411b5cb

SHA512
696e9d89a5e0dd626efeb34130a42d367946d917fda22e312ea150d0f0ddd9e71baffd0e5141c5870d78060ed9e900886be46c80974739b637418dd3c8e52549

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
b97d0b0253fee78d98b776d7b16f0e89

SHA1
910c06316d26f8caca59f4a97145fe17b17dc3c1

SHA256
e54c9835e1d81322e15cd0c83c30177dcfa537f1b662aae1adb2c27780bc5ded

SHA512
1c3f7f6fe4c498be811c0fcd2ac0000b31aeabc0db10a2457ee86fa23ddde2d3b1cb0095d92850fbbc41de5f696017a009564bcaf91877597234d304fd7c7103

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
61b0566eeb348c48ab6027c0c5556335

SHA1
b89ccf1122825d9ae2d4194872237319935af99f

SHA256
6c5f92b4a4577808d12c5030069db769732021121db7b2cd6ec5b93423c5f70d

SHA512
1356a241357341baa45ddcf3655892118cb81c2e2f5f717d349eba86444e3196e27cc2f4dd52db0f81d5857f2c38b594ae9b6c48acf53e7456c6c831ae2d9cc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
bbc9e7e992ad382eb860ec79a1949782

SHA1
c0a1ff14e513ccc3cbaf41d869bf8fbd41559ba5

SHA256
3b3adc4b069af35eb5d0e0cd6df2654735330082fa366006032a5d6cd4bd8cc7

SHA512
25081c2233302ee4e26ca7952eda596b2d01f38eaeaea6e0b1250d6f82a67e9a44ec9a009232f72c13e2643dd94e27092f00f6d3f75e089b7c82b9797c4e7c85

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2008_1693108758\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2008_1693108758\e07cd649-0448-44a7-949a-b8edfedbeedd.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\Resident Evil 7 Biohazard v1.0-v20220613 Plus 14 Trainer.exe

Filesize
1.2MB

MD5
17d3f8bea5b7213dd24273b4c9df7073

SHA1
4a8aa865dcc911313dbd503922ebf92728187bd7

SHA256
18c9196e00b0740a26d4925f18ed2944e2700f4cf91cca2c1bad3a769c85753c

SHA512
bbee979c3e7da7c9575a29b9fb9146bb97f76b5690028ad98fb13f8c6540b886fd5c39e7a69092d260516ba3f8a532ccf76936610e836f962749ac2aadf1469f

Download Submit
memory/2084-1021-0x00007FF9478F3000-0x00007FF9478F5000-memory.dmp

Filesize
8KB

Download
memory/2084-1022-0x0000016E4CF70000-0x0000016E4CFB8000-memory.dmp

Filesize
288KB

Download
memory/2084-1059-0x00007FF9478F3000-0x00007FF9478F5000-memory.dmp

Filesize
8KB

Download