lumma | ba824398ef5c128a71f5beafbbeab2f151c7aa781ab4e712cf750f1ba94101b2

Analysis

max time kernel
480s
max time network
482s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
21/01/2025, 21:06

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

ValorantExternalCheat-main.zip
Size

276KB
MD5

3553419f94186e4de8152cf0194f8f37
SHA1

23da3d0cac76bd7a458fa25bba716a866a304ace
SHA256

ba824398ef5c128a71f5beafbbeab2f151c7aa781ab4e712cf750f1ba94101b2
SHA512

e2c211f879c16f062c724cedeca672e7dfadeeea13c976bafc6b7c15936a3d01cef168545e251841ed378c059d06c6eeb95ea1ad381b9be9dc894eebfcae4ced
SSDEEP

6144:BfBvW03SUNn/H1VEmtpjDqErPdAaihE2/pI8qj7ZaLP5TkPMB:Bpp3J1OODqIPdAdq2/q97ALRTvB

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

https://undesirabkel.click/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\Software\Microsoft\Internet Explorer\Main	NOTEPAD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000\Software\Microsoft\Internet Explorer\Main\ImageStoreRandomFolder = "qvibpay"	NOTEPAD.EXE

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "217"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133819672187956030"	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\NodeSlot = "4"	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 19002f433a5c000000000000000000000000000000000000000000	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	NOTEPAD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\MRUListEx = 00000000ffffffff	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\MRUListEx = ffffffff	NOTEPAD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Generic"	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Version = "1"	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = 00000000ffffffff	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\MRUListEx = 00000000ffffffff	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0000000001000000ffffffff	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0	NOTEPAD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\MuiCache	BackgroundTransferHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	NOTEPAD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0 = 5a003100000000004759ad601000566964656f4c414e0000420009000400efbe4759ad60355a35a92e000000869f0200000002000000000000000000000000000000f5c30f0156006900640065006f004c0041004e00000018000000	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	NOTEPAD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	NOTEPAD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic"	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4376	chrome.exe
4376	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1880	chrome.exe
1880	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
3996	7zFM.exe
4824	NOTEPAD.EXE

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeRestorePrivilege	3996	7zFM.exe
Token: 35	3996	7zFM.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe

Suspicious use of FindShellTrayWindow 42 IoCs

pid	Process
3996	7zFM.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
3996	7zFM.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe

Suspicious use of SendNotifyMessage 22 IoCs

pid	Process
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe

Suspicious use of SetWindowsHookEx 16 IoCs

pid	Process
1444	OpenWith.exe
4824	NOTEPAD.EXE
4824	NOTEPAD.EXE
4824	NOTEPAD.EXE
4824	NOTEPAD.EXE
4824	NOTEPAD.EXE
4824	NOTEPAD.EXE
4824	NOTEPAD.EXE
4824	NOTEPAD.EXE
4824	NOTEPAD.EXE
4824	NOTEPAD.EXE
4824	NOTEPAD.EXE
4824	NOTEPAD.EXE
4824	NOTEPAD.EXE
4824	NOTEPAD.EXE
4568	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4376 wrote to memory of 2236	4376	chrome.exe	80
PID 4376 wrote to memory of 2236	4376	chrome.exe	80
PID 4376 wrote to memory of 5024	4376	chrome.exe	81
PID 4376 wrote to memory of 5024	4376	chrome.exe	81
PID 4376 wrote to memory of 5024	4376	chrome.exe	81
PID 4376 wrote to memory of 5024	4376	chrome.exe	81
PID 4376 wrote to memory of 5024	4376	chrome.exe	81
PID 4376 wrote to memory of 5024	4376	chrome.exe	81
PID 4376 wrote to memory of 5024	4376	chrome.exe	81
PID 4376 wrote to memory of 5024	4376	chrome.exe	81
PID 4376 wrote to memory of 5024	4376	chrome.exe	81
PID 4376 wrote to memory of 5024	4376	chrome.exe	81
PID 4376 wrote to memory of 5024	4376	chrome.exe	81
PID 4376 wrote to memory of 5024	4376	chrome.exe	81
PID 4376 wrote to memory of 5024	4376	chrome.exe	81
PID 4376 wrote to memory of 5024	4376	chrome.exe	81
PID 4376 wrote to memory of 5024	4376	chrome.exe	81
PID 4376 wrote to memory of 5024	4376	chrome.exe	81
PID 4376 wrote to memory of 5024	4376	chrome.exe	81
PID 4376 wrote to memory of 5024	4376	chrome.exe	81
PID 4376 wrote to memory of 5024	4376	chrome.exe	81
PID 4376 wrote to memory of 5024	4376	chrome.exe	81
PID 4376 wrote to memory of 5024	4376	chrome.exe	81
PID 4376 wrote to memory of 5024	4376	chrome.exe	81
PID 4376 wrote to memory of 5024	4376	chrome.exe	81
PID 4376 wrote to memory of 5024	4376	chrome.exe	81
PID 4376 wrote to memory of 5024	4376	chrome.exe	81
PID 4376 wrote to memory of 5024	4376	chrome.exe	81
PID 4376 wrote to memory of 5024	4376	chrome.exe	81
PID 4376 wrote to memory of 5024	4376	chrome.exe	81
PID 4376 wrote to memory of 5024	4376	chrome.exe	81
PID 4376 wrote to memory of 5024	4376	chrome.exe	81
PID 4376 wrote to memory of 720	4376	chrome.exe	82
PID 4376 wrote to memory of 720	4376	chrome.exe	82
PID 4376 wrote to memory of 2844	4376	chrome.exe	83
PID 4376 wrote to memory of 2844	4376	chrome.exe	83
PID 4376 wrote to memory of 2844	4376	chrome.exe	83
PID 4376 wrote to memory of 2844	4376	chrome.exe	83
PID 4376 wrote to memory of 2844	4376	chrome.exe	83
PID 4376 wrote to memory of 2844	4376	chrome.exe	83
PID 4376 wrote to memory of 2844	4376	chrome.exe	83
PID 4376 wrote to memory of 2844	4376	chrome.exe	83
PID 4376 wrote to memory of 2844	4376	chrome.exe	83
PID 4376 wrote to memory of 2844	4376	chrome.exe	83
PID 4376 wrote to memory of 2844	4376	chrome.exe	83
PID 4376 wrote to memory of 2844	4376	chrome.exe	83
PID 4376 wrote to memory of 2844	4376	chrome.exe	83
PID 4376 wrote to memory of 2844	4376	chrome.exe	83
PID 4376 wrote to memory of 2844	4376	chrome.exe	83
PID 4376 wrote to memory of 2844	4376	chrome.exe	83
PID 4376 wrote to memory of 2844	4376	chrome.exe	83
PID 4376 wrote to memory of 2844	4376	chrome.exe	83
PID 4376 wrote to memory of 2844	4376	chrome.exe	83
PID 4376 wrote to memory of 2844	4376	chrome.exe	83
PID 4376 wrote to memory of 2844	4376	chrome.exe	83
PID 4376 wrote to memory of 2844	4376	chrome.exe	83
PID 4376 wrote to memory of 2844	4376	chrome.exe	83
PID 4376 wrote to memory of 2844	4376	chrome.exe	83
PID 4376 wrote to memory of 2844	4376	chrome.exe	83
PID 4376 wrote to memory of 2844	4376	chrome.exe	83
PID 4376 wrote to memory of 2844	4376	chrome.exe	83
PID 4376 wrote to memory of 2844	4376	chrome.exe	83
PID 4376 wrote to memory of 2844	4376	chrome.exe	83
PID 4376 wrote to memory of 2844	4376	chrome.exe	83

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\ValorantExternalCheat-main.zip"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3996

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff98031cc40,0x7ff98031cc4c,0x7ff98031cc58
  2⤵
  PID:2236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1836,i,242001411111790726,13280206457998444496,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1832 /prefetch:2
  2⤵
  PID:5024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2128,i,242001411111790726,13280206457998444496,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2136 /prefetch:3
  2⤵
  PID:720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2200,i,242001411111790726,13280206457998444496,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2216 /prefetch:8
  2⤵
  PID:2844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,242001411111790726,13280206457998444496,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3176,i,242001411111790726,13280206457998444496,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:1828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4472,i,242001411111790726,13280206457998444496,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4436 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4468,i,242001411111790726,13280206457998444496,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4752 /prefetch:8
  2⤵
  PID:1476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4752,i,242001411111790726,13280206457998444496,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4744 /prefetch:8
  2⤵
  PID:4996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5096,i,242001411111790726,13280206457998444496,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5108 /prefetch:8
  2⤵
  PID:4740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4748,i,242001411111790726,13280206457998444496,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4988 /prefetch:8
  2⤵
  PID:1592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4872,i,242001411111790726,13280206457998444496,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4980 /prefetch:8
  2⤵
  PID:232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4744,i,242001411111790726,13280206457998444496,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4780 /prefetch:8
  2⤵
  PID:4716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5400,i,242001411111790726,13280206457998444496,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5168 /prefetch:2
  2⤵
  PID:2848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5376,i,242001411111790726,13280206457998444496,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4652,i,242001411111790726,13280206457998444496,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5652 /prefetch:1
  2⤵
  PID:2964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3508,i,242001411111790726,13280206457998444496,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:2880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=3320,i,242001411111790726,13280206457998444496,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=4496,i,242001411111790726,13280206457998444496,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:2504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=4548,i,242001411111790726,13280206457998444496,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4592 /prefetch:1
  2⤵
  PID:2612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5776,i,242001411111790726,13280206457998444496,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=6024,i,242001411111790726,13280206457998444496,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5848 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5784,i,242001411111790726,13280206457998444496,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4572 /prefetch:1
  2⤵
  PID:1872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5544,i,242001411111790726,13280206457998444496,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6056 /prefetch:1
  2⤵
  PID:5088

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4432

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2904

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2840

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1444

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\VideoLAN\VLC\NEWS.txt
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4824

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:2232

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:1880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff98031cc40,0x7ff98031cc4c,0x7ff98031cc58
  2⤵
  PID:2960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1756,i,15807246006825950333,13710640789771359871,262144 --variations-seed-version=20250121-050130.881000 --mojo-platform-channel-handle=1744 /prefetch:2
  2⤵
  PID:4400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2116,i,15807246006825950333,13710640789771359871,262144 --variations-seed-version=20250121-050130.881000 --mojo-platform-channel-handle=2124 /prefetch:3
  2⤵
  PID:1932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2192,i,15807246006825950333,13710640789771359871,262144 --variations-seed-version=20250121-050130.881000 --mojo-platform-channel-handle=2200 /prefetch:8
  2⤵
  PID:1680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,15807246006825950333,13710640789771359871,262144 --variations-seed-version=20250121-050130.881000 --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:3008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3088,i,15807246006825950333,13710640789771359871,262144 --variations-seed-version=20250121-050130.881000 --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:3544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4468,i,15807246006825950333,13710640789771359871,262144 --variations-seed-version=20250121-050130.881000 --mojo-platform-channel-handle=4456 /prefetch:1
  2⤵
  PID:732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4852,i,15807246006825950333,13710640789771359871,262144 --variations-seed-version=20250121-050130.881000 --mojo-platform-channel-handle=4928 /prefetch:1
  2⤵
  PID:2540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3324,i,15807246006825950333,13710640789771359871,262144 --variations-seed-version=20250121-050130.881000 --mojo-platform-channel-handle=3312 /prefetch:8
  2⤵
  PID:5024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4408,i,15807246006825950333,13710640789771359871,262144 --variations-seed-version=20250121-050130.881000 --mojo-platform-channel-handle=3312 /prefetch:8
  2⤵
  PID:4316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4656,i,15807246006825950333,13710640789771359871,262144 --variations-seed-version=20250121-050130.881000 --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:2072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3248,i,15807246006825950333,13710640789771359871,262144 --variations-seed-version=20250121-050130.881000 --mojo-platform-channel-handle=3116 /prefetch:1
  2⤵
  PID:3148

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1012

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:772

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3a37855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:4568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
46b257e2db3a3cab4fe4e8b36a53c612

SHA1
2327a773bca75530bc9bd7c74ef0ec3acbf99adf

SHA256
e7c310337da9c0b11f73414f116c230092a508f82fe7a57d2fb80a16d1d0973f

SHA512
6c9cdbac647aa323073edce54767cff14c7d54ae4b41034980833ccf8567d05985fb9a148772241f9a070622951af71e0cd943dddc1bbf445dc1c217393855e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
a1758544655d223803a2bb0c2e9cfeef

SHA1
611fdf89fe956e40751b24ec869dc17ee2afc2f0

SHA256
36fc642053ae62f3e7c49fca40807b177c5b2e7f88efee319dce2434918fc0df

SHA512
4ef87a7cd17d91832f228838ab7b7b5123a91c684309f7a49460c2167e896aac481bc1c23dee951d3ace7f54ef04bd53a08db95c6bef0bb05ad94b93bd78258d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
ab66f9601e2dc202cb8775d3fd90d068

SHA1
4114253b3a46e8a7729186698207c2c681e5378e

SHA256
cab8eddc133ba1c0606d2e4fb3ff411b55b36e31a190d39082e769a6dced47c5

SHA512
8ba911d06d73e472f0e34209978a6e150911b4dfd60edb3bcbd08193bb23f646d7bd13c16b38b97539b2994d23698c58905876212a36f64e8c65edb5c1f4b82e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
bd5120c22f4d5822a85778124862f71b

SHA1
b161cf865ed920aba99aacbcea41b4a55510d574

SHA256
236d2f87597f1284520151fa1a3cac7a71beaf648753ea2f6a4d7d34ce6b3980

SHA512
7bfab99ffbf06010550ccd682bc5914a1182e8e05a0644c7ee399490f582cc5dff61bd7861c65af175b2133d4d57b5e7d0d525276bd2aac9f435807a0e43ea91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
06bb5e281d034cb487bc276896285a99

SHA1
58f93d862d995366fc4d6662ac12bf9afe191441

SHA256
6e6354ba7195710c1cf5e5d7bc614a655922b149c333fa3e9b178834e8596345

SHA512
12f4a812ed76cda769af0ad6b4ec223f0b1a6e4e3be7490942e8d8c3ff1663ae2a525ad926ec5c54d88835b020b132db71d1354f51d9c404feeb37b00767b912

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
441edd43d857350a546b8bb83fa7039c

SHA1
ce9e7d5a03838df61d1ff5f3b23cdb77d8a051c6

SHA256
414031e2ae3b1e8aa9cf6d290f1bd86ba191b9059403983400b285154cd00f1d

SHA512
cfff7140fd91e5706f9aba75405e968f0c3869c8859502c25aefe5cc287c9d228f5e72477102d76346381b64c06aafd6c5e48bb32b1da0318afa057544be011c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
64KB

MD5
78e6fc13ea317b55ab0bd6dc4849c110

SHA1
d06c767b3837999a8b98426e4eb16ca0a8080880

SHA256
296fafafd41304f7c992079054b8af914dbbd865f32de97c66d0f613b55755d6

SHA512
1ac8ebcedb1139e433a203d15b95c6ad3039f9454e891b960c41a77a5340a7223a6a2222171f038b88f58a21e15a7a5738d62a7a2a6183a06d76f1db7271f60e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
66KB

MD5
cbeb6d2d96eaa268b4b5beb0b46d9632

SHA1
fd8c986a8767d59a36e2d194299466720c916ee2

SHA256
e8b65928f551b17e3d67c3f709721b952c39842d14b00701f9232057fde73608

SHA512
0828401dbc56e8a3343958d9b38d64115de040417f108a10d8ccdb0281ac2dd785eeb634c0affc2e255d291970b70c682a22384ae9a4c45208d560b0813b839a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
32KB

MD5
24d22b6a4e3ef5b28d2831ffe4e994e5

SHA1
a7eb666b4ff326cb5ab3cd0c9909c46a77cd72e5

SHA256
1613e524c56eedac9f917a41bf3eb86da981aa4aef09c61e5bfd4a19d219623b

SHA512
87e5af09f27bbc74015b8516478d2c2f3eb7dd360cb4867e893407e8fbd2cc26adf37570e02c972b4901bda01853909589d15f13fa29c9c39063daf8c9882f7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
51KB

MD5
ced352553fc5d6112e84684d4dc6d6ef

SHA1
c8126a8c71e9207082e8d9c5f970be0eb1531f9b

SHA256
b502852e3cb9a0c47b1b333a22465948942a60a1428701fc4c269cf6794fd330

SHA512
457845ca26c87a95bf98965f56a7c1fd443362d53562a00448ae4c70f6a08dad3e9055b75b7e2fb76c5d1b0563c5965c156efb4e7494679d6676112f6a4818bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
49KB

MD5
1b826898f22699b82093d2a379eb6925

SHA1
efc22651c035173392cc36e528bcc61b44d713d1

SHA256
d313c1bd2f9c32e1374d9ea3fb688bd7635acc6429e14319ce60fb4d363f1cb0

SHA512
3fe396fdee8d85d94644f438cf12719e7d0be394725058da3611d2cfe2d11e448c9a9b8909d78501b3d57eaeee5fdaa7befd4ccc1ad0fd8e7396e5a98e598bf7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
110KB

MD5
6318da71834c958cc11324c2524d92c7

SHA1
dd3077041e4391cc0f90da10b5ec4fcf379f3c45

SHA256
99ddbbe2f94a5a3847a52d7a6215619a5e302cdf95e0a57c845fe654855ae4e5

SHA512
aaf25db750ad576c2b6c231bd079173f489f2f8f8ae0520b3024d7f8683519cb8c6f6c425b21b58bfb2e69efbef6b956b972891ca517ea91e825ceffaba6261a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
28KB

MD5
1752326ce45c039f4c5e81ea24c27c35

SHA1
4a22a9151c3c94d170cd3d23659e8e1a5a6f0070

SHA256
13dac981c708b9d1c6d7be7666ab5ff34718fe7d1362428217e88c75530774ad

SHA512
7ca5eb8b11184b97b7ecfed373420f7b9926839edcd36ea6bcc37a09190478175c49d7cfdb6dcbf1ecc8f2570feec9a0ac8aae08442fddef7986330043ff2d08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
1588c5fdff14d48bd892c9a70f02872d

SHA1
ce91df30d0452b334b182c6b1d35bf43870eb34a

SHA256
5d3b0de9ab8a2227639c7c8a24e704065694dbf9985c3ee26441d9536e32a570

SHA512
389e8527f504f5b316f680a0fcefa29a415681da8232ec377a60a838cac60ba94508d20b6a85d96fbcd46f1708bc21da2d04aa415d096042b0920d44e6523523

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
447c7197d01935dfd1f594fb0e4ed2e9

SHA1
a52ce1bd7e52182630b91af0575b2fdb0742e445

SHA256
2f2f27d7b3ba8101aaf2dbf7678ec82c0f7a4762b1ca6801b028d9ea903cbced

SHA512
138bafb56d14db6d4bb7102a99f336e477b3f33da7f0f7daa525b9e5484a5edf60553c0e15d0de970cd833635f9a55026621719ebf4e373a9f5de7b1cfa22b81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

Filesize
20KB

MD5
6ec69a629ad0d544f1ac28b54fee53c6

SHA1
ad01aef260133440abacbc95abe20752e5aeba76

SHA256
11f37955aff43d4e4cf40dbb689a1d544ee98b04992c877c49f208f28160f39b

SHA512
c5784034f8c7df2f0a44f0c8baf9261e9fa85d61b368e04b77f39fd4136283fc7da0afa8bb328e8f5d1e7bc7d013c6dde7bc473ad48bc796a965809bb53e07ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
160KB

MD5
5ba0d8f9f547df0c9816dc0cecd20def

SHA1
4a668d58cc65f8dfff5bfa79e66d4eae9d821e58

SHA256
f1fbdf863d917dfcfad3c062695a0917c428a040a044163beef55dd7af2473d2

SHA512
7f2db5ad06e48e35e794bfe2bf6402bc85dacb2398d73b54ec7d460cc6d2556d64123ba35bbc162792361c2297363195fecad2403d6dcfdee95ccc36133a81ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Filesize
20KB

MD5
e4e1f448a99352c5315f430febe2594e

SHA1
4af9eae83c63086dde0e4bc73de374f072c7ee77

SHA256
02a7112fd7d979758102e7ae277caa5fdaeab03c596fe964ce6a4682551b0df4

SHA512
1af024ea41cc436043c17c1c1a12581a16716386b241370f630f23d23425f2d4b7da5490874a9634a484262e151859aef837724498066868f8829bb50b6c2615

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
bc1c1ebecb640851fc7fadba90913386

SHA1
8e2b6f624b1599dabecf9ca6cbdc159a325bc3b1

SHA256
cb54b88a64cf79ac36fa0843e53c5bdd4adf199ef2294a08b8eb22d04ffd05fa

SHA512
55ead41d74a76267ae240867d64b3931d74ccd2e06e883360fd77603e299372825f581fe815416797bb3f07420a326f99c2c7e04174f9e41ed031a8bd19b7003

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
a0c0a4439ed0e33f22644bf259d0d672

SHA1
47ba9289e81f887adae1f9a999e7f35eb6c223c1

SHA256
9558885a9bf234a69493fd09a9fc403fb21ddce181bd454d46c658d31e332415

SHA512
44b19cb0a027ca2ef762da54b15eedbcc44c968bb847e6b814af56b28196504c3edf72c4deaf45be341f0d0ffffa66cac8a5d7a2350c9f20d803d50749b3aefb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
5cf52a012b9fd4ebf55e9018b12ac2c2

SHA1
d74232cf1ca895c77deaae9115e62f2dcf7ac324

SHA256
e952d45a9c124deda3edbf4b89beef3a04198ff494c0851f6b8a19648892a8d7

SHA512
80cf7f8a391bc44398d88e8e5ae16b77d768888e94e922cb6e71bc45ea96f21da1b0904c975d1e633df5d4894cb7bbd74bcb65ecb9ec9c0df268c281d2ff1dfb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
5645628d506513107735e64dcbb09030

SHA1
0216acd681caaffee72e887853a597e65dfd43a6

SHA256
4bd9a6f48f228b6ec99b42f2de5ec424abdc6da41cf5f407983181fed15f9932

SHA512
ac58dfce3c5e3bccf3dab4b8222b9a0b89dd266cda2ddb5c8f5789c614cdf9982bc4e66c4c46501eaf52bf23203fc5841809bfcf63ebffc9daa353e21b352308

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
f67407ade7be6d1226b921534bf58967

SHA1
811eac3e9aeeb6c51a383e09fa44dcff83469d95

SHA256
a856ade9b75b0a8e5f66914ecb49cad9f314467cba277edb94180a96a60f0981

SHA512
3101e4ae726bfac2e6ad5dc46143875ced212a693e28d4d1119eff406da5b2aaac18d7f3cf0f86724d92918d02739bc3bb52393b6661250fbb930968f1ae0ae0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

Filesize
36KB

MD5
660e9aea67d879cb620b5db5312b9396

SHA1
617bc999f17d9e08e876b813fe9b07d15b1a9658

SHA256
f223138102f8ccb3de33e243410824429301cb671b6084ec1b10631af6018c9f

SHA512
e72e721f4b476701e6e221a2592efb351fea7b5342fafda88439a6ccf199ca452c9c5979a95fdc14ed3fa7d1078fdc87e93b08f220c8fc0db5c3a72302f04cf0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
521B

MD5
503a65fac2ed4f465ed1074faeb1c1da

SHA1
e42a61dc735fa6c86ff1b02515b611698996aa10

SHA256
0a586202409db9aff63443c19b74075a0ab49375813f84d300c4c38c2681272d

SHA512
14a5595ad644d5cc3dc30ba0b301efd872689771d11db4fbf42f12e76248bd708674ee4d08f435af2922698e40fe08553095411abc599d9e7af094e9d93c57d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
521B

MD5
99f4049ced79c99a4bac1f56fc799acd

SHA1
9b2748c08e9469024d675d0696a80c1029ab3cee

SHA256
c225373fbc28a509a3e7a268ad9e04a450b8c513a32cc1c07f048202e609c079

SHA512
c732cc91420146c90a8ee41d8181ef53a3dd4d678fe00544b2e2ec784338a4afeeca7d22cb76fd4373b6da1cbf2ca4f5d4aa1570f0067d2a559829b258be8360

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
7697881ace5734926e90114a19b4fb62

SHA1
e22928f00a92373dd8e534237460e1601be11177

SHA256
88eb4b8b34b009757c47c893121ff793b496ebd15cfc11995b25d55241a6e536

SHA512
37dc40e36a2fa4f7be8d2cfd1f9aac92f542b2ae4bef9253ae41104d3498e1f4cbdd1a09f1726b4e45e5f5d04538e7e2013257752a72e887cf3524dc9b7ede9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
521B

MD5
eb0571fbe83652daa420bbf0f6d3d72f

SHA1
c1a5a89a9338c1595fa9f836853596ef87d2e0df

SHA256
4c3d67b0d27503574d6f61c9b70fd30aca6bd8434026b56d6c9822163881b13b

SHA512
37af7c954bf0d469ca0a37102851c20bdbbe07051b1c6a75b1d4f9b831caeea318818b38d35d56493fd4cfd11845c26635f3f5e018d9b00885f9ef156b409053

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
519B

MD5
226aae169ef75b3db83455a6ac0b3bd6

SHA1
f9217d80a1b3ae6a027b657ebbc7779d8f413034

SHA256
f1fe00291a3a58eb89b84acb7a2ca8f23c0652beb2b0391323171d4115f5345f

SHA512
171cf4cd238f2b86580dddd44cca6e4a0556ce7eac27fa74955a68ace0711c2e3fe22f66a8a16ebb33fe5a99e86fd827993e24d8b8b201190ec455a9336914ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a4bcd246437d0e3aa3468f9c35759500

SHA1
c43df0b825f85eda95586c76237c3b26b45cf10d

SHA256
a30d239266907063a1ffff69f08c7b0c3b11c82997056cef66047bc3331a05ca

SHA512
690868f57e47735601a455d67e9f797c9985398ce5fff30f396e9fbe67b7c084698e29e120e75825e458395da62885085ab83c479a9b69cc58eaa0ca2f17032d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5092d41dae32749fad413420850c50e4

SHA1
44f8877c567e1b2fb10e33c1b1a0aeb68662df8b

SHA256
6439f2bfd10cf6057390c8fcc4bfa6a4273ceb431870d97b1c9f265d5cc15219

SHA512
f595f0d14baba19a6d0422258fc09ab109c477aa4a24021099c9cdb870870a06456c534608629236bd775e14d4f44de67428649aec29086bd62ebafc3e2e1120

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b5c30b6d21f6270722ca1956a9df35cb

SHA1
7c1dab2721e6c70fdc4b7ed3261970677efc7340

SHA256
43c6ed54419558a3698fa96190d92c9399fa4ff147904cb14064737602170256

SHA512
aaaf481bb2c893f7b85deff1e7cb853ed9551b123d6e18fa880894ec30e83a95e2cafff64900f644113222580680534b0379e64219723be8405a7c9f10143d86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7aacbe9179665a7096891a68de435563

SHA1
9dc99d8a30511616db3235718f9dd018304edb51

SHA256
6ddfa599398563292e8edb142a56b2cd663be6f9a5d4702a7ffb4a3c1f8d0478

SHA512
b34dbe64d4d1d4a7b4a81555a5d835820b7af1e2d7a5f71942c7154832e9e17d40bc86a19ca400c361c71008cf24bd1444861442ce6c983b38d80541937c1fd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e586558749d7849a1fff56ecabc2976e

SHA1
18c8e0ffbdb574bbaa30327685bda4d3c6c769df

SHA256
cdf3816dce9223481aed08a9b5d11940fdab581ac372459dbdfbe339aa6069a2

SHA512
a93577fd95af9fb8b29c537572542913aeaf254fbfd74f0b657cb2337566651ba6f4f21fb95011da57e9b597cb0d1ecb08495cd8262564090d1e315b690e178f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6a69dbcde41bd9a0efd83aeabd34af05

SHA1
18dfbe7052683d6e32fe44e72f6ea77e6c2b8677

SHA256
e860d423ed079e744807c373b86e4547927bd3d4600ccd8898afe516824d1bf2

SHA512
6f6ce0fa24740d8b8a45028707215f7726009089720bf11a011c77b203824418b375c6009f08bf5756f1fdbebd41b71f29c80c2726db0c3d55910cc7025af0dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ca2c6b00ed5f35a27dbb529c5e9569ee

SHA1
5b8b22a9cea10b8de839ea40e5bb8f9bc88566c3

SHA256
6c38f63d14eaa051c075cbe71d1cfa97b313e34f7e435453102719ff4a34256c

SHA512
78a3325d11a0865ffed11083d07bf5a9b609ee5fa222ae823f9c80d119a7e6af015235abdaee032e44b96b49f8ed81ee3c3a2aee47806a79972b475dd67c8dd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
80140ea9e7b0e31b554df2777ff191de

SHA1
e6d1c76c7ef18f4929eb59bafc43e50eb319a5ce

SHA256
a0b222c2527857fe6dc47795b13b180126ba503e48ed1297d7a7a122ae96a2c3

SHA512
d210b24c9fe7e59ebc2ed387836526bb350d57ddb58546f2a93601444c052218f2a75a13aec411840ed1438516d73f81909703a38c994a64d7d6098a2092a3cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9598e7bee2aeb5aee410ae67c508d3fd

SHA1
f508a47e1e24ffe541b3e55b41489d95a3dc1478

SHA256
f90cc0fe6276c029477e101f623f06debac8d1ffb8d9b48c2c6aa0d5c3549364

SHA512
c98a2386f10c14ad1a0ba4e7184a49387b673d95d6bf7ef6ed22d399d5e1fb97fee7f47e7236f83c5992c78294e6ce60927f0f7b89432d28be0a149108e4c4ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fc0808be03a9b4266f5be0ae9f9ebad7

SHA1
d4f9c11d99bba0e1f9ccf050033a7f147c009e98

SHA256
43c79426b75e51089a1d89d2c2e3d9c4104bab89a6de12887519b33096a0fde0

SHA512
72b46bf9101a8662c045e5c4284f22db56d67d05ff4257505cf667e7d1be6b90c903bc25066d8b60f33a6a3974029036fc4b6404a947bf51315f21d554884703

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d5081bd508ecbdcf0f5024f39f3ca7e2

SHA1
79cfa5101f2b6a6d00b2b18ce36ebbf3c8f00459

SHA256
a9552cb7952ce9770ec5d8ec8366deb81008120097f3429b00c417ea87e281fb

SHA512
d5bdc05accc2a1459b2699101ee38cfb96c6a209198297f03b9647ccf68a6ea63970aeaa59187157270f2cf5b02f5aa57a19311c99dde0117a4f9b106683b40b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e9cc0421f22e4fa1016cb19aa63e2686

SHA1
431fb1b34ed68f6549613aa0c96202c6c7794f8f

SHA256
fb0f4cb6194b8800a974a6809ef9d64bd40db7fb92e7e5e767add373ed94eb86

SHA512
6dd1c3cb2453cb7da52b142b644cf310bcb83027e1cd1d0bd2fd439d0df1de72a8c1da29be3d3e179c5b7f3266ee0e721b4002f85d842f83845355c6d6ccf130

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ac25ddd30f758f6b9f2f743891c21611

SHA1
dfdd873f05564ebeeaba61a8a7ce4bda03904a5b

SHA256
e09db63c0b642a7b56d57cbe7f2d21105583c82dfeba02fc3879ae91d09ebabb

SHA512
a9fdedd4137fbd817633c586516d9146468c19a13f913dd7f9570fb8d6ae3011144f6f688abe4a5040b9debca710d2090d406d362bd93aa0ba927332077aace5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
eab5a37b41b566c3bf83a97e74e5c351

SHA1
bed5cbedc52afe749d48852129f03cf6fbba78b3

SHA256
e133769d6d9b6213e06ca2e59f2414a00238a8adf4faee030a21d0464ac42d2c

SHA512
bd4ae80b5f682f7552937579e68a40918fa3703209f2109770c389142a8087d96431682070112419d6ccef638396ad4e75585a044ef1512efeb93dcc9fed827e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
81d40c41483dbad1868ec52af758a6f2

SHA1
f4a89861b43d22356cf9dc116b5ac8a0a482d5c5

SHA256
7de18eab9d826c36d550be1a1edc42effe54354faeaa724eef183d521efb4c4a

SHA512
37cf34ef032397e2c5315d09cb43a204e84131b6c0b520328abbcb82f7e1c6349d9b8d6affb2563c3f6bac2e35ee6bf4c1e770515a82840774cbf599ca3c0645

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
02c62d2a5b340bd2aeccee3c6be82473

SHA1
6bfd340da08bc91da02143079a9c9982cb955103

SHA256
246c7f9a1db8222807367dd10ac1334ed8db6f90aee042b3d1cd98171e9d1baf

SHA512
0c685ca0ef32d360d7a1a686a26bc89419a0681225d884dc0c0c54a27e8bc57a8d6e6c91bb92c1562fb6e443b299412c65f3c294b776e49a42f497d076ce2034

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
8b34a4b15db9028876b3217a5df9e9be

SHA1
26633812cdb82bdc852f61389227f405f85c10ea

SHA256
15e7def1371f4b44a7f517e679077dbc541d6c763dbb3d3e67ff4f2765d6f87e

SHA512
69e2bbe41e6381f024f211e68c3c5273dc8d864ed92fd4bd0500af41deea067126a7ae5b02de4e5b778cfb50ee452f81ce17b2e8e7ae09c68eb678f053053df2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000003.log

Filesize
3KB

MD5
1cd04d65f1e44dcfe69c537458b28ce3

SHA1
313fe1f653a742db31fa44aa4389422b28b85034

SHA256
253de2b730fafa7cc5b609d6b1498726a0683d22bbe726886e4999875e6a6906

SHA512
6bf8a5d4a7cd7aed8c06801041c6cbd89adca79a2d3644021a10091d8076e6fe5ad64aeb415164a05292afa1233798b042ccedf71f7cb41a48f8e9dc4258e44e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG

Filesize
336B

MD5
401648a068ccf77319e9a40c483464e7

SHA1
afca6d736491f21b101f740c04dbff59739ffaca

SHA256
60f8d234b4622b27db5dbd739eb9e5619e9fcba8e14ad46be75739898f034e2d

SHA512
4c7ff374182c8f2aa3e796956b5bba81995116d6c40a2539ac1c0342aa069d4814f503e41b91a5c4d46f6d9bc57e90fcda9e767eb0aa53cb1510eb6ea93bb52b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
b9ae550a51a745ea552a1564581a27f4

SHA1
0f313efd15f49c263252666a3e77116b569e992a

SHA256
6edca394a0687bb92e626b15967c4c39601f520f86958fde0a709cfcb00a57aa

SHA512
833c3ed01a7960592cc714ee2a7916030bef4a138da0f5b28b72d7dd6f434ac7e6c805387852aa0f5525650d88a583eb844800f01ed921cd08b90773b0a835e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
324B

MD5
bb8ed43d8cea6fc1e43bc4475e5f228d

SHA1
d37387c9bd072879f083f575eacc2000fe087a2d

SHA256
53f65e91b60f38ca01b764ec0721db9d3d2952764cd24a4253ba20994da89a58

SHA512
5914be32cf10766642d6fbd75762b45495a63a198e7211fabf93b1442f14bbc663e66dfd2f836b2d6c09f75030d4b656c659eec404d9cf89e858ddd105831ad9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

Filesize
128KB

MD5
b359351738daacf8fa0414945d94b0e8

SHA1
8b5a787cefd0d3dde8c4e355175d70b3fd37aec6

SHA256
4a8109a273d296d30464c0626400bd9d49b6e8c4bcb417a0e79f6657f1f2aa84

SHA512
b91fa1ed6a2c4dfca4baed9d59c304ad5e793ba3318a8efcad7389e507a5e2af4834e3474d4073f1f0fe4b67fdf2fdbe120fa5a52ea0c0bffcf194ccfc3e8986

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\f013f195-a281-44ea-b390-adeb8a95984d.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
ef48733031b712ca7027624fff3ab208

SHA1
da4f3812e6afc4b90d2185f4709dfbb6b47714fa

SHA256
c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99

SHA512
ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
6b12106bdde2a5f8e0e8ce3206c64f5d

SHA1
80e08f2a283e61a8c9366b74d3752e94dde949aa

SHA256
afbc2d36be853f0c0de1914d39654b3008a3c3f91790c0a4a59865fab77fa538

SHA512
002a722f625736fc0c436f4415ff37dd761df8c11ab897435368f30bfa820a6523325cc9ed16a4c9844a4400bc2ff5725eead332b0b294b6477f34ede17f87d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
f20514a0109798877c8795e019a0edcc

SHA1
feab10f9afdfc71e3866ef1602dfd42bb24f132c

SHA256
ab290d368c72357de83de94d2d988ac777ae4fc7f56e321c5073a9a23153210d

SHA512
41116afdbb17b23a7e21f3e6a87823fc09c21d46f59898381d3d4b3b51331083b531225ba37b8441421cde8223a922326e935c774d0eea68619b66685495595a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
119KB

MD5
9c0154c6e8408bd20ec7fc379a53b065

SHA1
76246b3a5de0756a1353d4dec1b8fcc120a3963b

SHA256
327ff3741005d82a24c24e7afc9bcd550e281c603a987a6246d52caa6567b90f

SHA512
112e753041c818eaf680e5dec39b6ee83bde8654b6b6c2289ee01e045808784bd8a125c3ac0a7d169caab3b69a6199536ecde7ca33d8113d35670ebdd6ed8303

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
119KB

MD5
b699c7f5697fbb78148a42b2a508b8c3

SHA1
749cdd7034161c3b11542afc09f58f752c3579e1

SHA256
ce038c140de7e6e5faa00671f872a8ddd26b5b45306f3ac2799de84847dffac9

SHA512
642057ac87b445e9565a34e6a0734e35be9757d96a642f899cdc9dcc301352e9a0e065e0fb717d6a8818381a76965e648f155aa31fb957c8c8925366178749f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
e2af0d5870e10e10f12eb03a078f2070

SHA1
ec670b35dc30b9d73da8373ff30ecf92eba26bc1

SHA256
51c933d92ef47319af4cfbae940b165b25bfb117bcbb8c1f7c3823a923b913a3

SHA512
4ae78c64a794c117c7783c2ab1b0c28c5b8819cbf1642ee236d79c0af4cd8c84bd25b50c915a68c11d5c075d075570c6df53e4d72230440a195a1d237b45083e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
83fd92de56aa404811cc7ffd91e581f7

SHA1
0db832b30b90b86a5473204bcf164cc0871942bf

SHA256
9fbb4bfd3115ce2bc5ca6a97755a1e7cd8ff9ca85daf011b134b8331cc12de99

SHA512
f535cc5a3c8ec93b97098bba05360638c4a632290c1e8b697a316a567134df7eb991e7ba9023c64891c80cbc47dde0e4048be3949ad0e09c5dc2895d0e02b8ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
3d68ca2af69c8b5b9ea83168b7f8892e

SHA1
eeb7e5d2dd4f2ddfdd2e1dde8ad83ef29050f15d

SHA256
ecb7cc6e75d1b8552b087985446f2f0a1659ac90cb18a64d68ff65672d9e1c24

SHA512
2e498c9c319e5dd024a44492f2844ab6ea9ad4e2a47fc8fca1c7201a383670ee833492706bf4e3c7ec4d33229787b866e274c119c70bfc319b832a185592d47e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\segmentation_platform\ukm_db

Filesize
28KB

MD5
dcf210f6146eff7c074185ccd12c9ab7

SHA1
383822b4a40bc18bd51f6c25317235269ee3a08c

SHA256
73a5b7d2735193d9a6a94e0e3018559a3c77969e22ad8313be4474919fad52f4

SHA512
f1076532ff37c09ec17cb08c46b972d73428e49d121cca75a7deba03edc3f8343b69691974fb60afa6d5fb2269f1ce9a80617973bc538e3f577fcec8457723a7

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\8cb1ce6a-c8db-49a9-acf7-add5e38ea5e1.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4376_8871449\1b66987a-df9b-4b27-8971-502af8d29f68.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4376_8871449\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\Downloads\ValorantExternalCheat-main\Aimbot.hpp

Filesize
11KB

MD5
c03b9c70434216e9114ab5f899131e92

SHA1
58cbb7141ae22ca387d5b24a6add55cd6ec40891

SHA256
ed54909602142b450bb79ee3a03efd4cee0ed4249cd01b3043ae818e14919195

SHA512
65cdcd559ce0b31a0a00878b9c3616423308ed7c807bdb1bba51ba80a0ed434e276a943f870156d0b1653d3271b6a92f38dbb884621aa4e9350cd72eee21e80d

Download Submit
C:\Users\Admin\Downloads\ValorantExternalCheat-main\Core.cpp

Filesize
8KB

MD5
290fa5f6a5b71fa1318bdb51ffee8d26

SHA1
020c958f3ea286d7e41de39e6ef5fbfaa0f50c79

SHA256
6ba824ad991fee0e7337d88b3dca5f1f71c10dba4023b65ce37da58bc4dcc8f2

SHA512
692785c68998b67c910724d407e73cb58373f05c8aec34bb98ecad5e47562d51ca050c2a477241a7345f678eb09e74f9e8bb2a24d9c3c280c6edd272acee0e44

Download Submit
C:\Users\Admin\Downloads\ValorantExternalCheat-main\Core.hpp

Filesize
78B

MD5
585d19f617e00a77e66d75d0bb4cdc69

SHA1
b96ce86722c3ec4834df2f2855714114102565c0

SHA256
828f867c968fe7daf1163d1f607bed3d6095b183888b5d41f2d1213c71c3eb89

SHA512
2e7138507ed345f553f8d8f2cffab8e29d4a57f716d969f5b9672e06ba7f8d01971041e70bd395a8a9fd88c7e2ebc7706a41c3c1e6a41d534dac2420d4e78761

Download Submit
C:\Users\Admin\Downloads\ValorantExternalCheat-main\Loader.exe

Filesize
489KB

MD5
d685ae29670dbc00b6665b5511bda6cb

SHA1
2f49b83a6d7a5f9e5151c6f7f1b3fa9e6f4b25a9

SHA256
0518c095cc948ab003cd4d12a1f95f0579c52c17f9102976b5799cd0bd85e6a2

SHA512
d7705fcd8751a49cc17962ac9b6e228f55ef74aab066cabdd5de74518686feaea951487a042683ea3e055ce04e0b971b528572aac920f325fcf64d34167450de

Download Submit
C:\Users\Admin\Downloads\ValorantExternalCheat-main\auth.hpp

Filesize
1KB

MD5
68ca7e05166eb5e3d6de4fc6e52749ba

SHA1
343e9a636141ee4cf970765bd707fd56a7f2bd02

SHA256
3414a4cb52b4efadfb3c86d451542adbfddd02f6b988c0855052ec287b308222

SHA512
1608ea43f38ec60d3a059279994c3db91be1e3de183bd5aa0464fb22f2f231a604b905e419ac730553f8f20b9206e7e096b12dda7794f7cd2fedb6b20a112bb1

Download Submit
C:\Users\Admin\Downloads\ValorantExternalCheat-main\d3d_Hook.hpp

Filesize
480B

MD5
dc9c03ce97ed34f5df7ed6a12b9bdf20

SHA1
445b14f7bd53c638f85981e1c9864291def57f4a

SHA256
33c8b94e133540c737622cc6ad29065a0f2e7f76ac505374b753e201391671b0

SHA512
9e18c3e2204442375efa1f12893d0df321fa01c1a3dfbde5bfdefbf5034c00aebdbc962c96d061093b78eec028ae9d75c707f995f07d4f3567a84c07ea0fda9b

Download Submit
C:\Users\Admin\Downloads\ValorantExternalCheat-main\dllmain.cpp

Filesize
5KB

MD5
59eb0a57e183701dbb510e4dec7cd51c

SHA1
7cf0453bedb1458188c0593fe7cf0dc7aa5a2790

SHA256
0cf70b9bda1c28740f76ca9f46dd81064e5da84410f9b80e34a6b576fba41a2e

SHA512
af3ad24da22324bd004797de3200bc83f60c28f870e53dddf071b5d8600a53b1df928f14bbc5ddc65247b8f3e668ca1270c5aa24e111275405c5a426b4d5f2df

Download Submit