rhadamanthys | e46d78ad160f9ab85aac4246531fd3dd669006cddb8ed0dc23feec8b4621fb5b

Resubmissions

16/03/2025, 11:13

250316-nbgmmsspw8 5

16/03/2025, 11:03

250316-m5yycayzby 10

Analysis

max time kernel
235s
max time network
236s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
16/03/2025, 11:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Firefox Installer.exe
Size

364KB
MD5

025551325e469abe4a751c806462b07e
SHA1

4a3c205fa140a5b3ed0c969480287331209d818b
SHA256

e46d78ad160f9ab85aac4246531fd3dd669006cddb8ed0dc23feec8b4621fb5b
SHA512

cf9abb7c810535699fcbd395ce4bf7866290737f4af4a117b875304a18ce135baffccea3658fd6b5967de3bc48a38ec96e1f5049acc05ef27c3628fdb792ce53
SSDEEP

6144:qaVWdyzOxeA1DfdwX3MmIO2NtxHjoRpFiX+piFDcCzJdAyzs5lSsZdpqkvfGE6wu:qMROxdDfOnMmXQthj+sJIGs5jZdcPTF

Score

10^/10

rhadamanthys discovery spyware stealer upx

Malware Config

Extracted

Family

rhadamanthys

https://185.125.50.38:3034/739bd3e91cd40ca83/pancake.api

Signatures

Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
stealer rhadamanthys
Rhadamanthys family
rhadamanthys

Suspicious use of NtCreateUserProcessOtherParentProcess 3 IoCs

description	pid	Process	procid_target
PID 5036 created 2604	5036	RubixLauncher.exe	44
PID 5304 created 2604	5304	RubixLauncher.exe	44
PID 5904 created 2604	5904	RubixLauncher.exe	44

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
129	camo.githubusercontent.com
135	camo.githubusercontent.com

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation	winzip76-lan.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation	winzip76-lan.exe

Drops file in System32 directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\secpol.msc	mmc.exe
File opened for modification	C:\Windows\System32\GroupPolicy	mmc.exe
File opened for modification	C:\Windows\System32\GroupPolicy\gpt.ini	mmc.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2372-0-0x0000000000400000-0x0000000000446000-memory.dmp	upx
behavioral1/memory/2372-117-0x0000000000400000-0x0000000000446000-memory.dmp	upx

Drops file in Program Files directory 6 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Mozilla Firefox\nsk5268.tmp	setup-stub.exe
File opened for modification	C:\Program Files\Mozilla Firefox\nsk5269.tmp	setup-stub.exe
File opened for modification	C:\Program Files\Mozilla Firefox\nsk5268.tmp\	setup-stub.exe
File opened for modification	C:\Program Files\Mozilla Firefox\nsk526A.tmp	setup-stub.exe
File opened for modification	C:\Program Files\Mozilla Firefox\nsk526B.tmp	setup-stub.exe
File opened for modification	C:\Program Files\Mozilla Firefox\nsk526A.tmp\	setup-stub.exe

Executes dropped EXE 13 IoCs

pid	Process
1828	setup-stub.exe
4204	winrar-x64-710.exe
2664	winzip76-lan.exe
3552	winzip76-lan.exe
932	winzip76-lan.exe
2480	winzip76-lan.exe
5472	winzip76-lan.exe
4044	winzip76-lan.exe
5400	winzip76-lan.exe
5020	winzip76-lan.exe
5036	RubixLauncher.exe
5304	RubixLauncher.exe
5904	RubixLauncher.exe

Loads dropped DLL 7 IoCs

pid	Process
1828	setup-stub.exe
1828	setup-stub.exe
1828	setup-stub.exe
1828	setup-stub.exe
1828	setup-stub.exe
1828	setup-stub.exe
1828	setup-stub.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 2 IoCs

pid	pid_target	Process	procid_target
5268	1828	WerFault.exe	87
2712	3552	WerFault.exe	136

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

System Location Discovery: System Language Discovery 1 TTPs 16 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Firefox Installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup-stub.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	winzip76-lan.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RubixLauncher.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RubixLauncher.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	winzip76-lan.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	winzip76-lan.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	winzip76-lan.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	winzip76-lan.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dialer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RubixLauncher.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	winzip76-lan.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	winzip76-lan.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	winzip76-lan.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dialer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dialer.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133865966294116677"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Children	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\NodeSlot = "4"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Moniker = "cr.sb.odm3E4D1A088C1F6D498C84F3C86DE73CE49F82A104"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe10000000c48db8fda994db015b077cc9b294db01e6f40b976396db0114000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\DisplayName = "Chrome Sandbox"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000100000000000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\MRUListEx = ffffffff	chrome.exe

Suspicious behavior: EnumeratesProcesses 24 IoCs

pid	Process
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
2008	chrome.exe
2008	chrome.exe
5036	RubixLauncher.exe
5036	RubixLauncher.exe
4488	dialer.exe
4488	dialer.exe
4488	dialer.exe
4488	dialer.exe
5304	RubixLauncher.exe
5304	RubixLauncher.exe
216	dialer.exe
216	dialer.exe
216	dialer.exe
216	dialer.exe
5904	RubixLauncher.exe
5904	RubixLauncher.exe
5160	dialer.exe
5160	dialer.exe
5160	dialer.exe
5160	dialer.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1988	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

pid	Process
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1828	setup-stub.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe

Suspicious use of SendNotifyMessage 56 IoCs

pid	Process
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
1828	setup-stub.exe
1828	setup-stub.exe
4204	winrar-x64-710.exe
4204	winrar-x64-710.exe
4820	mmc.exe
4820	mmc.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2372 wrote to memory of 1828	2372	Firefox Installer.exe	87
PID 2372 wrote to memory of 1828	2372	Firefox Installer.exe	87
PID 2372 wrote to memory of 1828	2372	Firefox Installer.exe	87
PID 1344 wrote to memory of 4596	1344	chrome.exe	92
PID 1344 wrote to memory of 4596	1344	chrome.exe	92
PID 1344 wrote to memory of 2908	1344	chrome.exe	93
PID 1344 wrote to memory of 2908	1344	chrome.exe	93
PID 1344 wrote to memory of 2976	1344	chrome.exe	94
PID 1344 wrote to memory of 2976	1344	chrome.exe	94
PID 1344 wrote to memory of 2908	1344	chrome.exe	93
PID 1344 wrote to memory of 2908	1344	chrome.exe	93
PID 1344 wrote to memory of 2908	1344	chrome.exe	93
PID 1344 wrote to memory of 2908	1344	chrome.exe	93
PID 1344 wrote to memory of 2908	1344	chrome.exe	93
PID 1344 wrote to memory of 2908	1344	chrome.exe	93
PID 1344 wrote to memory of 2908	1344	chrome.exe	93
PID 1344 wrote to memory of 2908	1344	chrome.exe	93
PID 1344 wrote to memory of 2908	1344	chrome.exe	93
PID 1344 wrote to memory of 2908	1344	chrome.exe	93
PID 1344 wrote to memory of 2908	1344	chrome.exe	93
PID 1344 wrote to memory of 2908	1344	chrome.exe	93
PID 1344 wrote to memory of 2908	1344	chrome.exe	93
PID 1344 wrote to memory of 2908	1344	chrome.exe	93
PID 1344 wrote to memory of 2908	1344	chrome.exe	93
PID 1344 wrote to memory of 2908	1344	chrome.exe	93
PID 1344 wrote to memory of 2908	1344	chrome.exe	93
PID 1344 wrote to memory of 2908	1344	chrome.exe	93
PID 1344 wrote to memory of 2908	1344	chrome.exe	93
PID 1344 wrote to memory of 2908	1344	chrome.exe	93
PID 1344 wrote to memory of 2908	1344	chrome.exe	93
PID 1344 wrote to memory of 2908	1344	chrome.exe	93
PID 1344 wrote to memory of 2908	1344	chrome.exe	93
PID 1344 wrote to memory of 2908	1344	chrome.exe	93
PID 1344 wrote to memory of 2908	1344	chrome.exe	93
PID 1344 wrote to memory of 2908	1344	chrome.exe	93
PID 1344 wrote to memory of 2908	1344	chrome.exe	93
PID 1344 wrote to memory of 2908	1344	chrome.exe	93
PID 1344 wrote to memory of 4684	1344	chrome.exe	96
PID 1344 wrote to memory of 4684	1344	chrome.exe	96
PID 1344 wrote to memory of 4684	1344	chrome.exe	96
PID 1344 wrote to memory of 4684	1344	chrome.exe	96
PID 1344 wrote to memory of 4684	1344	chrome.exe	96
PID 1344 wrote to memory of 4684	1344	chrome.exe	96
PID 1344 wrote to memory of 4684	1344	chrome.exe	96
PID 1344 wrote to memory of 4684	1344	chrome.exe	96
PID 1344 wrote to memory of 4684	1344	chrome.exe	96
PID 1344 wrote to memory of 4684	1344	chrome.exe	96
PID 1344 wrote to memory of 4684	1344	chrome.exe	96
PID 1344 wrote to memory of 4684	1344	chrome.exe	96
PID 1344 wrote to memory of 4684	1344	chrome.exe	96
PID 1344 wrote to memory of 4684	1344	chrome.exe	96
PID 1344 wrote to memory of 4684	1344	chrome.exe	96
PID 1344 wrote to memory of 4684	1344	chrome.exe	96
PID 1344 wrote to memory of 4684	1344	chrome.exe	96
PID 1344 wrote to memory of 4684	1344	chrome.exe	96
PID 1344 wrote to memory of 4684	1344	chrome.exe	96
PID 1344 wrote to memory of 4684	1344	chrome.exe	96
PID 1344 wrote to memory of 4684	1344	chrome.exe	96
PID 1344 wrote to memory of 4684	1344	chrome.exe	96
PID 1344 wrote to memory of 4684	1344	chrome.exe	96
PID 1344 wrote to memory of 4684	1344	chrome.exe	96
PID 1344 wrote to memory of 4684	1344	chrome.exe	96
PID 1344 wrote to memory of 4684	1344	chrome.exe	96
PID 1344 wrote to memory of 4684	1344	chrome.exe	96

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:2604
- C:\Windows\SysWOW64\dialer.exe
  "C:\Windows\system32\dialer.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:4488
- C:\Windows\SysWOW64\dialer.exe
  "C:\Windows\system32\dialer.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:216
- C:\Windows\SysWOW64\dialer.exe
  "C:\Windows\system32\dialer.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:5160

C:\Users\Admin\AppData\Local\Temp\Firefox Installer.exe
"C:\Users\Admin\AppData\Local\Temp\Firefox Installer.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2372
- C:\Users\Admin\AppData\Local\Temp\7zS44931477\setup-stub.exe
  .\setup-stub.exe
  2⤵
  - Drops file in Program Files directory
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  PID:1828
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1828 -s 2276
    3⤵
    - Program crash
    PID:5268

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xfc,0x100,0x104,0xd4,0x108,0x7ff9e684dcf8,0x7ff9e684dd04,0x7ff9e684dd10
  2⤵
  PID:4596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2032,i,4808558533841195917,1437276236274976207,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2028 /prefetch:2
  2⤵
  PID:2908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1508,i,4808558533841195917,1437276236274976207,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2412,i,4808558533841195917,1437276236274976207,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2576 /prefetch:8
  2⤵
  PID:4684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3160,i,4808558533841195917,1437276236274976207,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3192,i,4808558533841195917,1437276236274976207,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4316,i,4808558533841195917,1437276236274976207,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4348 /prefetch:2
  2⤵
  PID:5820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4696,i,4808558533841195917,1437276236274976207,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4644 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4900,i,4808558533841195917,1437276236274976207,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4848 /prefetch:1
  2⤵
  PID:2436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5276,i,4808558533841195917,1437276236274976207,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5292 /prefetch:8
  2⤵
  PID:4276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5348,i,4808558533841195917,1437276236274976207,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5592 /prefetch:8
  2⤵
  PID:5580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5600,i,4808558533841195917,1437276236274976207,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:5988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5636,i,4808558533841195917,1437276236274976207,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5320 /prefetch:8
  2⤵
  PID:5400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=208,i,4808558533841195917,1437276236274976207,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5696 /prefetch:8
  2⤵
  PID:5396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5584,i,4808558533841195917,1437276236274976207,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=352 /prefetch:8
  2⤵
  PID:4392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5416,i,4808558533841195917,1437276236274976207,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4472 /prefetch:8
  2⤵
  PID:5204
- C:\Users\Admin\Downloads\winrar-x64-710.exe
  "C:\Users\Admin\Downloads\winrar-x64-710.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5868,i,4808558533841195917,1437276236274976207,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:5280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=6208,i,4808558533841195917,1437276236274976207,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6196 /prefetch:1
  2⤵
  PID:540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=6464,i,4808558533841195917,1437276236274976207,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6360 /prefetch:1
  2⤵
  PID:3884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=6120,i,4808558533841195917,1437276236274976207,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6164 /prefetch:1
  2⤵
  PID:1256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5992,i,4808558533841195917,1437276236274976207,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6104 /prefetch:8
  2⤵
  PID:3936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5172,i,4808558533841195917,1437276236274976207,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6364 /prefetch:1
  2⤵
  PID:5160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6612,i,4808558533841195917,1437276236274976207,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6648 /prefetch:1
  2⤵
  PID:5452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6740,i,4808558533841195917,1437276236274976207,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6772 /prefetch:1
  2⤵
  PID:4036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=6712,i,4808558533841195917,1437276236274976207,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:5748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5460,i,4808558533841195917,1437276236274976207,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6076 /prefetch:1
  2⤵
  PID:5396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=4324,i,4808558533841195917,1437276236274976207,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6904 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=7040,i,4808558533841195917,1437276236274976207,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7076 /prefetch:1
  2⤵
  PID:2252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=7212,i,4808558533841195917,1437276236274976207,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7204 /prefetch:8
  2⤵
  PID:3348
- C:\Users\Admin\Downloads\winzip76-lan.exe
  "C:\Users\Admin\Downloads\winzip76-lan.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2664
- - C:\Users\Admin\AppData\Local\Temp\e58c55e\winzip76-lan.exe
    run=1 shortcut="C:\Users\Admin\Downloads\winzip76-lan.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:3552
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3552 -s 2124
      4⤵
      Program crash
      PID:2712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=7368,i,4808558533841195917,1437276236274976207,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6736 /prefetch:1
  2⤵
  PID:4828
- C:\Users\Admin\Downloads\winzip76-lan.exe
  "C:\Users\Admin\Downloads\winzip76-lan.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:932
- - C:\Users\Admin\AppData\Local\Temp\e59016d\winzip76-lan.exe
    run=1 shortcut="C:\Users\Admin\Downloads\winzip76-lan.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:2480
- C:\Users\Admin\Downloads\winzip76-lan.exe
  "C:\Users\Admin\Downloads\winzip76-lan.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5472
- - C:\Users\Admin\AppData\Local\Temp\e590749\winzip76-lan.exe
    run=1 shortcut="C:\Users\Admin\Downloads\winzip76-lan.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:4044
- C:\Users\Admin\Downloads\winzip76-lan.exe
  "C:\Users\Admin\Downloads\winzip76-lan.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5400
- - C:\Users\Admin\AppData\Local\Temp\e590ae3\winzip76-lan.exe
    run=1 shortcut="C:\Users\Admin\Downloads\winzip76-lan.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:5020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=7244,i,4808558533841195917,1437276236274976207,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7220 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=2356,i,4808558533841195917,1437276236274976207,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7336 /prefetch:8
  2⤵
  PID:5408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=5700,i,4808558533841195917,1437276236274976207,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=1536 /prefetch:1
  2⤵
  PID:5436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=7488,i,4808558533841195917,1437276236274976207,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7472 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=7616,i,4808558533841195917,1437276236274976207,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7628 /prefetch:1
  2⤵
  PID:4468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=7344,i,4808558533841195917,1437276236274976207,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6672 /prefetch:1
  2⤵
  PID:4128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=6652,i,4808558533841195917,1437276236274976207,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6696 /prefetch:1
  2⤵
  PID:5672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=7848,i,4808558533841195917,1437276236274976207,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6632 /prefetch:8
  2⤵
  PID:4068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=7348,i,4808558533841195917,1437276236274976207,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7904 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:1988

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:2116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 1828 -ip 1828
1⤵
PID:3232

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5432

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\63dde23263b24d21905f431b3b1a4cdd /t 760 /p 4204
1⤵
PID:3640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 3552 -ip 3552
1⤵
PID:5016

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\8764cea35e014b139a31aeec390131f8 /t 5204 /p 2480
1⤵
PID:2712

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3640

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap5164:80:7zEvent27884
1⤵
PID:468

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Skript.gg\" -spe -an -ai#7zMap16890:80:7zEvent1961
1⤵
PID:5756

C:\Users\Admin\Downloads\Skript.gg\RubixLauncher.exe
"C:\Users\Admin\Downloads\Skript.gg\RubixLauncher.exe"
1⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:5036

C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe" "C:\Windows\system32\secpol.msc" /s
1⤵
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
PID:4820

C:\Users\Admin\Downloads\Skript.gg\RubixLauncher.exe
"C:\Users\Admin\Downloads\Skript.gg\RubixLauncher.exe"
1⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:5304

C:\Users\Admin\Downloads\Skript.gg\RubixLauncher.exe
"C:\Users\Admin\Downloads\Skript.gg\RubixLauncher.exe"
1⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:5904

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\UniqueId\data

Filesize
294B

MD5
998d937531bb43b481fdb4615564cf61

SHA1
802a3ab89b51b61fa0b0eea2e9b2fbb71039e305

SHA256
101129ef733c7ae3c4c636048c03067b76a55357ddd9a12083ed21a47d3966a7

SHA512
4dd5fc522427620a960db60f48e4a9ab7f7f3c708373368daac5396fa022552bb27d2b6a0d44db23861bc6f8a8bb930b99a3d15e31df10bb9254bc15117ababd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
414B

MD5
5eb76109bdcfdc0934f189e3f7aa6dd6

SHA1
63543e103aaa61eab674fbd9bcb3a5cca57bae01

SHA256
481ae0add1926dae2433c344738e03fb6043435a2337b0e2eaee9dfaa015af9c

SHA512
946365ba4c4512cc528d2327ec5d90c3c80dc6521a9562cb1d7f9715ef0988ff965e9061fd6eb6a5ee74389385fe36910008f40f1e3f053537ffcc76b475fb95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
215KB

MD5
d8899b1c0aa7c8e5836708fa76dfb119

SHA1
3ac6fbb49e7350221da7ee4d658efa239f2985eb

SHA256
106b6d9e8fab32613ec95b387848efc1a8b411ae4609237004009bd330e1a67f

SHA512
9f97e9187e145377992ecce519189fac8a3d13ee1c8fcef31b7aa1b2e5d1aacf0275fa031fddd40ab1bdfc855d549053f4dc43b65e6baf985924cad146d2bd2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
24KB

MD5
87c2b09a983584b04a63f3ff44064d64

SHA1
8796d5ef1ad1196309ef582cecef3ab95db27043

SHA256
d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0

SHA512
df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
71KB

MD5
20a5a164ba2dae0410b9b313e866cd90

SHA1
f54a317d3ec70e84cff1adc5539efe4e5d73bcf6

SHA256
9af9b0e7af47ffd8ad17c4eb49c00186b3d8f17991864c9d7d96b776693d6815

SHA512
5694424746d343340350cba7789f42a4ef1d0457a7815aa78fd9f20c541123ee5b525de86390f173963d70a2269cf8efe347f9cb56a80271456288617f62af39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
413KB

MD5
68bf2c72daa7b72108acb41690e69ef0

SHA1
162e7aa1c2caf0f961d9ae5830073b93e5384ec3

SHA256
2825ab5953666aa364107604ab99fcbddb9a4722172e5279c7e3e76a99323288

SHA512
3f9a7e79fab35628f90fdc4f0590ee598618da47630c3d172da3b2961cae7d7d2a9591b3383367c2341191540cc83b668a42ba2f29a57fd0ce4dd637f0aa0b11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
79KB

MD5
551e30b5cc29ef4c6959cc620f2dce4d

SHA1
939ca3c3e75bd739112d2cb05585fca5a534f25e

SHA256
e5dd1850bc36766e359193b1e513ca3e0a5a49ecc764555749eae0a8ce62e777

SHA512
22a1ae270a47612aa7a3e889cd0e4c43bd88e61bb4daf652ab401ee90b3414b7f775cee078243c93d75b1f29dd6013a039e9a3b067dc564fd949ca8150935cd6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
78KB

MD5
db43452d2c1b4b7e544c44e9fd59406a

SHA1
88af01dd34bd9ea2e0930efe88ee5e6848cd0ec4

SHA256
b9ac64c121a1be0a056983721d9bd0f3134fd55a9654f93d1e25bc91f7a88408

SHA512
a38954a3d9c1e34de0e83b4577eebe4649c82dc9de9604fd78c90095e70a628c5677baa4bc208c866d7c55a8e28df2f6c7937cdcb0bcf520ad550388af28950c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
228KB

MD5
0f71222aaeab38a1e4ab012c5890b497

SHA1
baf9d82dfb737dbb2300b44d330629dda637b119

SHA256
330753384d1fb0cb7b1d8971a7007d0b3674c5f6fe3032e2c521ff2f4e5f7a9f

SHA512
ad67cbe0555e45a7ee811aaee60dc755535dce3e3c5cf6a7a64400d0f6a8d877d4162eb5cad036127f8bc42c9ace371d336935b0c886722cc14e3d0439e3353d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
197KB

MD5
c8535e48efcced3cc1fe1ff78d28251a

SHA1
962e4d7ff0d8f68e5d8caced19eb636203567784

SHA256
e50247b6afbba4694d5f9e304595922ecff494b237b9a6eac37c2bede5efd964

SHA512
5e4b3ffa9058f3ce4dc4e8c10815f56c221cd8703905c641d6efaeb2a3341478e96bf99b6495759033ce0812d1bfe8cec5a306055fcb0b7b897bb2e1f2319372

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
648B

MD5
f196c6a001946d7ebe1aa24738949cab

SHA1
09e87bde5b10cb549648e4ca1ca024856e9ec080

SHA256
ea0abf42e796c0c68c9527c931b6547d9764b25750c26340c9ee74ade1c3d34c

SHA512
13df376e8f96f1a246b85ca5ff3c7488215e7c45632ff623ef1933c9973cad207e6d8a8e7934a7403344eb76c58a5f17ae5470a309f7a5cca39d44d61c33f776

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
d0b77f7809fd5a6d8b1da0737bffd9cd

SHA1
8ff46fec9b3c5d9a158f51432123fd56dcbaeed8

SHA256
afcc32f0848117b97136af48258b31d11377bb4242a761f694ead25ccaed7d3a

SHA512
5084c8a0ee0f64b4f6fbefe57b38274d721e9393ce3872a8fab6bc95f33212f3a8d9fdc9451e7a863f1c121048eee031431736416a9beb98e2856cba2cc60a5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
1a1b274326710d5d6f652b5f1bebdb9d

SHA1
fef2db4719beb961b3878dfaec8f40303400c6fe

SHA256
c6f7a9a05a280f8bd605331fbfc6df246de76201779722d7057f6f6e6f135f46

SHA512
6740b077606678bfdce9f539f6bad906934f9e3f388b878f33639357a6b5de008bd43f6e61fa971646ab6e4234213477a5f748014fd87bb4dd177b273c48e212

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnWebGPUCache\data_1

Filesize
264KB

MD5
9ade0421e6e9f6008c2bc394cba92138

SHA1
3b846edde7ef6db911cfc53574f09476324dd126

SHA256
372db7a1152debf589f4f3c0b385b3508161ca74c83e795dbefe6e4bafe4668e

SHA512
f698c1077e92db8138e4158d823c4b55f17070ba3831e4d85cb4218e1984024fbca5361e53effb65889596a73d8f18a452a1584920c0b881eac66b9d32882bcf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
806d904d7a277709ce72c6ec1952d29c

SHA1
77b05cf3999fac44351106252279cb0e65b156ad

SHA256
d46c63cddd90ee6b3572835cc5006f1c36c0159441eed4f85dbf0657240c03ee

SHA512
4217fce212237001764866fcf48c1758f26b5b4ca703655a8dd05ec7194ad8661cfdd483705081be7c681ce7c3e8a050510bba1e846e205d4b47d398cfd44b85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
15KB

MD5
e8fb114e20832029256295ba9c2f5b0e

SHA1
8895bb14effa8b535bbf8566be801c2782722168

SHA256
88168068abce1d556a67db48197ace87b58b9d37ad01ed766c46e88541f03047

SHA512
e405522700133d50503602aa8ec748d10c24d62f7f17504ccd6ba7a8400f7ec63e03adaf8b3d2de3f092a8ad65967199d4f7c521c04103051f1af5735670e42a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
11KB

MD5
65661f301599d03f746fa219fcd36b5f

SHA1
ae4a35896c3ceaebd2be3a916fbdbcbb3b316ad6

SHA256
1964a6f0ed051f3a839f37b4a813524c09a3d3234bc7fc6d243da5afd5835f23

SHA512
800b4c604033496ffdc6d73d183cd8ccd69a3df80008746738b6a0969c08ee593fb0dee3f43c0f25aae81f4f2377390dafd6e4cc8d4e2ec8574d4a47a2cee654

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
09eb3d310c4792c88810d1cba47c7bd0

SHA1
62eba35b9bc406d0525ad8af6353b51fb525e4cc

SHA256
781f57bb977c00814b5578780ac00d2ab332758902583be07b9636497f4ab84b

SHA512
2833d00010723e387b082120c22f748823fb9264dda55230ad5df4d1474d35328d5e550d0d90c3ca338ca8a047ad5866cf8ff0189d2528aee44e35e0b0956790

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b1c8534ad0b14ac4f730a05901446cd7

SHA1
1c2c87b6d73bb6b7f50bc69d90edd24a0386abde

SHA256
e0a9a9368557355048f8a435c6691d0883c216a234414e99c3b646e3f978a090

SHA512
c50ff78e032c562ac967d9366ab65bda38b08ff8e71ebfb6ec799e0346db52541abd93588406f92174bdf81e35885a3218c9f33267bad147e2846b04622186f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
8af8adfbd406c289cd8dfa295c637d3d

SHA1
10288697db381fd77b29ab370d9c825853a4fedc

SHA256
247fc1d01a717bfa788863dd2a38c03f23222601ca9dbfbaa42f16810f4d5057

SHA512
f0b626862a62e3f7b7ff4377b9ba92bad11487b9d34d5ff080e9f50675cd453e574db8fb4847779abaccccf8cb911f491a808647366ac0637066318b33f90593

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
6f4d049b243b4eba5ecc9daa9351104c

SHA1
eac4279d94dd7074e97cfc7bcf0b626b5b180128

SHA256
be8ce8a9a204849e473d8ac236e678341cb22aa0eee81b6047e00ca26a3a8036

SHA512
e362cfe43e0fd546252075b67a80124a5051ab57c539a99130830c6c23a26ac04eb33409ecfd0d5358221482170a062c414dc22fbff9a6516b1abcfbe7486f18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
34933bdba42beb272be48d5dfd53b989

SHA1
f4993e868f69eecb7953973e34aa63eaa157a5c7

SHA256
fcf89ac34c7e643dc1802cce91dca4a6e24a3743be8633a89c61083e80b0d3e0

SHA512
1b3b988d1d4a4466c7d4907e7a8a70dbc71b1f27a439e1a329a8755e4758234df4aaac1b724678e7f5cbd9cab714984d1d37c359164662c8564bf531b753a3b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
f6297d14e09490f8bf09c83207a0f82a

SHA1
49025c5ae14f43686f185119e6609cb5833c1e53

SHA256
e1db02c72da7bd9427695926c9718b61f79c106a1d7447561c52935403b735c5

SHA512
e850f14d27213af4002e502dd64d98b7e2310651585dbfa3130e11aaa5f07a34fbed9db769c7a468e15c32646bae57d32d3b0bc8e7c5064ebe7d94b465d0cfde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
4580c33ac69956ece32858c053f29ad4

SHA1
361902fc2a0328faa3263c8986fcfa5f6123cabe

SHA256
d7b99ec690b6440b2c1caf53a78dce4188e46b1d0cc6f3c6d8bf57d3cea9d9f4

SHA512
2a6844779199a54370d04592a0dd8987e9ba28c04f78358b712a8e43de7fa00a08390513775ef8d69b62bd3b1415e8010101f59b9417605e4ce878d6cb7ebc4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
779be24d7218975b7dda52b7eebf8d74

SHA1
d9bd26e13bf81c40b4ff05d28b08948a93c01b38

SHA256
ad160fcd263b13fb40f250289ebb683c2507b210169a370c0e8ce1e5456acaa8

SHA512
434e444fe1e878e7ddd1e493001cddf19748c516c9905a87da7cdb4d5625672266bbfd817b8fb11cc84bc09675ac9ddc96515ecb3cd7078a35f21658fd92d330

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
cfa84209f16905f7f209c4a8f38b1ec2

SHA1
26614eabc91ad1a6f123f4720a1b29802f3dd1cf

SHA256
c7650ee14a7f038feefa6423f398da7c70d4266567adaf7ec7cfdf450a3b6eb6

SHA512
fb5892d6d42ced60f244e82c62e94e830132107a4e8ce7c4da160a3981c1e1838b6d93d0a213db787cad795b3243133adf7e8a7a85c6775ea51dd8eee84d282d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
f95df507fa7192c20632092ec4f778d5

SHA1
9964e8545eeafbade27ddcd6a228a78213f686ed

SHA256
410503ed09f131f21492bf1a4041e07f4cbb93bfe54a0adf286cc76d58bdb9e8

SHA512
13db3f858e6cb8b5813b7dae73684ac1e9b96761b7b8015c29125215dd2083c01903a3a0801940a50e8c8d4bb9411bb86e3a502276850ca92aa6d358260436b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
f0551fb5cb02d6a09f2f8fe75a110e13

SHA1
49023a239fdca552434743a7fd24ddea2fe15beb

SHA256
73573b660d831080715d556bda01ecb0ba1acdb805d6981c241801d38216ee29

SHA512
07551bd4bc3ae768b7f9e6cb38d96fb6cf16b6e49e9804ebdc9cb004dd81e2818341dd88219d03f807c67763f418464f5b9538cfec9f5bf6ecc2286f4d857e64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
a984b7e5f0e8791a3b5095b37ee18275

SHA1
c07a70684a16e32b5d299a23d19c1ea785ca436f

SHA256
235eb3d9d9093c909db73d87627d7c9dfdc198d4a9cb35afbf04ca2bea56fdc1

SHA512
6c55a89423abb5d78eec402b075afffdbc0886945147a3a4e1f23ed36178f878604fc9d12c6482045728ad4e6e98272991c58f8bd70a603bf25aa465b1e353b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
1a734b8a78c498a247b50f2ad82f0bc2

SHA1
f304af7309eefbf2a04e0adbac33735a6f1ec513

SHA256
045de3c1f49259c0fb300b5c41a598bbac98057a23c25c2107964a9523054f3d

SHA512
f880378a044d2aec56df193649870497b2c3b21b06cec6ed98f77e543f54a63c13be563c61655c9d47c6a53b3f77fb548b822ffd951f369fb6bdb29305140857

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
eea49400ec8a604f3b40d84998b9b5f2

SHA1
fad9c6810afec05b8bdc85a7476f2fb646db4753

SHA256
f20053a7b45cc1fb6608762708afeb2e4e5ec59a30a5b281e772011268d03f3f

SHA512
eab63a09744fae44c4010539b92bd0451adf6ef88274eae520baf8eba6d389aba795b3b4bf8d5b71f83a72aa459d1784f784a3f83ad53ff6e80fddbfa570282d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57a96f.TMP

Filesize
48B

MD5
1085b85f41477e4093f2a3390b462f8b

SHA1
6ad6d9a532e1600cf481d404e4c7b342780780d4

SHA256
b15de3dea8d35b225967b0f0063871388db1106881b7b0b01147897df81700bf

SHA512
7dd5e979c984f6e53edc2accf2078cf7a0959ac32dc4daf67d8b3df59e788588111ce83719fb401883adba61aa18a3b3c9dfce9a37d7f4658edf77c42d8300b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
76B

MD5
a7a2f6dbe4e14a9267f786d0d5e06097

SHA1
5513aebb0bda58551acacbfc338d903316851a7b

SHA256
dd9045ea2f3beaf0282320db70fdf395854071bf212ad747e8765837ec390cbc

SHA512
aa5d81e7ee3a646afec55aee5435dc84fe06d84d3e7e1c45c934f258292c0c4dc2f2853a13d2f2b37a98fe2f1dcc7639eacf51b09e7dcccb2e29c2cbd3ba1835

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
140B

MD5
55f6fe20fa0659c20e6667d94cce68a9

SHA1
6d652a148265fb5b61204b79eb0c6240c1358e2b

SHA256
f184924bbd96bc809904e10ba05ab37394f9a294fad74638e2dac206f8c467d4

SHA512
c6bd9d0989e2bc6da3b11f1a61ba183e53ed6bccb34b5104cab1d2e00559fb8b4e41afd1dfce1847bc720abbbde7f420d52f523eb3f8f43dfcbbb3e07610e8ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe58a013.TMP

Filesize
140B

MD5
6ae3601894e15546ead6b609e704e7a2

SHA1
4299d484c963eea71719151fa80c97a9baf42426

SHA256
ae0411ad50695492b24bbd1d454262deaff1dfb13937898a05ace0a59d9ffbec

SHA512
40b25d940c7cceff42588efbdbe58b6a04f39712d6c77cb6bf6f4dc443d62b8c44f662e7105ed457b1e72c7d9e1f5efd2200ca3913bec699ea12f0a2dabbb82c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
156KB

MD5
a74de0483498f6d5af8c093874df7e5e

SHA1
ee04eb9080f69a42fd2bc007c5022537859ce05c

SHA256
1b7d3299f09d446528826ca20be7f48077ebcb64bc90afd1bbae4b27979d3e1c

SHA512
7dcf38fb93421f289d1bc6c3a1e7707973e00677953e0a9d1a4b7be569a09ef6a0d2ab86bf8314b64b705ba72fe9e1c85c381b51db40fbfe582b688f6287b8e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
157KB

MD5
4ddffd81e2961deff4d14788a5c41324

SHA1
7205822129e68911c097a40a23f70082b13ba0bc

SHA256
603480308f4d202d58d362d190821c0ee1f1d9d503360ccb2c7a1367b0b14146

SHA512
de641d056f45f32b9907ed83129e27f732a16a87eca53359a0add2c043c6bd7e0fd0f1b9520adf4a04baf6d5f3540fd325603e0d18bcbbe4a1c6d56dc47ffdc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
156KB

MD5
3bf618329263a87eb134831c4509d89c

SHA1
d0a60e8bce3ef857d42921be01a2fd5e48453a42

SHA256
b5c8970649ecd525a8dffab9853c3f7265b2ab8bfe9a0d926580b04f0f22b349

SHA512
6be5f9d2e60387948fb9a915d9b680973d4de272ed868ff829acc1d52b17da36cb2fbd5cf99455fd7e9a0aff138ad7a8919ec889969e77aa00fc445ef84ad54a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
bcaf380266c99c2789890208171b07a4

SHA1
56489a391d230dfbbaa81ac4b2abb51f2521f1d9

SHA256
094df75775a9184b21841e4044088de9d97a8f23174a51e10575e386f1f99117

SHA512
aa494265d49929136c8e2bd0a9b0d4753918a99784eec2665f71bf4fd94ebb095be8eae5a770e3bc0de76345452e2be5d468ad569467a3bdd512661cc92622b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
212KB

MD5
15ce15ba2c20edd7574c376f1e05b4da

SHA1
ddf6c83f05aea3e4d57741a5869d87ff34a034b4

SHA256
32d46aaf4ea82bb1d42211a08f606e56b802d99321443c0d353736b18b970a85

SHA512
49efef0fb2c7fe4db954b2dc7a8b26c3e363242ddc5ebbdd47e84e7b8e3fd83328d9094d47c419365736338f98be2fd738a179c0946cac4e45d6d64c2947d9e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS44931477\setup-stub.exe

Filesize
631KB

MD5
e31b811102ad5e3766d3fc267c1563fe

SHA1
ef1299cd381b6cfe98518f98be1fb037fe0732d4

SHA256
7554d258449d00e5a375eca19e98ea2d1ffb75610caeca680d2fe327a2d89d15

SHA512
2c936a6ac51c5c246dc9ec14618dcc504b01ed54df1a3e594369368187d2deaf6e79d8a0dfca1cd9b7fa3539464fd3772aaba77f73b2c69515093684376c6974

Download Submit
C:\Users\Admin\AppData\Local\Temp\e58c714\Load.html

Filesize
2KB

MD5
1757c2d0841f85052f85d8d3cd03a827

SHA1
801b085330505bad85e7a5af69e6d15d962a7c3a

SHA256
3cf5674efaaf74beccd16d1b9bcf3ffb35c174d6d93375bc532b46d9b4b4ed35

SHA512
4a12a55aac846f137c18849302e74d34df70ea5aaff78d57fce05b4776bedcde9e1b1032734e29650bcbac3e6932dfef75d97931443446a23e21cf5b3072dd9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\e58c714\common\js\common.js

Filesize
45KB

MD5
87daf84c22986fa441a388490e2ed220

SHA1
4eede8fb28a52e124261d8f3b10e6a40e89e5543

SHA256
787f5c13eac01bd8bbce329cc32d2f03073512e606b158e3fff07de814ea7f23

SHA512
af72a1d3757bd7731fa7dc3f820c0619e42634169643d786da5cce0c9b0d4babd4f7f57b12371180204a42fec6140a2cff0c13b37d183c9d6bbaeb8f5ce25e5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\e58c714\common\js\external.js

Filesize
36B

MD5
140918feded87fe0a5563a4080071258

SHA1
9a45488c130eba3a9279393d27d4a81080d9b96a

SHA256
25df7ab9509d4e8760f1fdc99684e0e72aac6e885cbdd3396febc405ea77e7f6

SHA512
56f5771db6f0f750ae60a1bb04e187a75fbee1210e1381831dcc2d9d0d4669ef4e58858945c1d5935e1f2d2f2e02fe4d2f08dd2ab27a14be10280b2dd4d8a7c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\e58c714\common\js\jquery-1.11.2.min.js

Filesize
93KB

MD5
9aecea3830b65ecad103ee84bd5fe294

SHA1
47ecdf62eb3cf45ba4867846cb61afa70369d23a

SHA256
a271a3f9e3cae897ced669d6652699e947928ef095e56384c4f9dd04bbb942ec

SHA512
754c25b5fc6a3e5d2027326c6814f229f9131396ea026a407dd16d092da6116bb0ee8971417463ba68268098dedc182b6fa10060ddda6ce063a5eca94be3c152

Download Submit
C:\Users\Admin\AppData\Local\Temp\e58c714\config\config.js

Filesize
5KB

MD5
34f8eb4ea7d667d961dccfa7cfd8d194

SHA1
80ca002efed52a92daeed1477f40c437a6541a07

SHA256
30c3d0e8bb3620fe243a75a10f23d83436ff4b15acb65f4f016258314581b73d

SHA512
b773b49c0bbd904f9f87b0b488ed38c23fc64b0bdd51ab78375a444ea656d929b3976808e715a62962503b0d579d791f9a21c45a53038ed7ae8263bd63bc0d50

Download Submit
C:\Users\Admin\AppData\Local\Temp\e58c714\config\installerlist.js

Filesize
2KB

MD5
f90f74ad5b513b0c863f2a5d1c381c0b

SHA1
7ef91f2c0a7383bd4e76fd38c8dd2467abb41db7

SHA256
df2f68a1db705dc49b25faf1c04d69e84e214142389898110f6abb821a980dcc

SHA512
4e95032c4d3dbd5c5531d96a0e4c4688c4205255566a775679c5187422762a17cbca3e4b0068918dbf5e9bf148fc8594f8b747930e0634d10cc710bea9e6ff5d

Download Submit
C:\Users\Admin\AppData\Local\Temp\e58c714\config\installparams.js

Filesize
567B

MD5
6936e2d1a3dcb8330dbc319fb4fb1bd7

SHA1
f0c7da92469f5483d577f3fc550cb08cdb146929

SHA256
eaf79c2f332e22ac76ac08e5eeaa6405a662c5a7d900ca5a8aa35703f1048602

SHA512
a729736df7f15b2d854519a1adf6f9a107a9fde87f4241771c29cba0031afc00c2a02f9353d1a8a6341be2bacdbb593683513b4f6c1d9832e584d5bf6405212a

Download Submit
C:\Users\Admin\AppData\Local\Temp\e58c714\config\stubparams.js

Filesize
37KB

MD5
91f6304d426d676ec9365c3e1ff249d5

SHA1
05a3456160862fbaf5b4a96aeb43c722e0a148da

SHA256
823f4f8dfe55d3ce894308122d6101fed1b8ef1eb8e93101945836655b2aed1b

SHA512
530f4fad6af5a0e600b037fcd094596652d2e3bf2f6d2ce465aae697ea90a361a0ffcc770c118102a0dd9bf12ab830ac6b459e57a268f435c88c049c127491f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\e58c714\pages\Initialization\features.js

Filesize
506B

MD5
7e20d80564b5d02568a8c9f00868b863

SHA1
15391f96e1b003f3c790a460965ebce9fce40b8a

SHA256
cba5152c525188a27394b48761362a9e119ef3d79761358a1e42c879c2fe08cc

SHA512
74d333f518cabb97a84aab98fbc72da9ce07dd74d8aab877e749815c17c1b836db63061b7ac5928dc0bb3ffd54f9a1d14b8be7ed3a1ba7b86ee1776f82ba78e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\e58c714\pages\Initialization\page.html

Filesize
2KB

MD5
b23411777957312ec2a28cf8da6bcb4a

SHA1
6dd3bdf8be0abb5cb8bf63a35de95c8304f5e7c7

SHA256
4d0bdf44125e8be91eecaba44c9b965be9b0d2cb8897f3f35e94f2a74912f074

SHA512
e520b4096949a6d7648c197a57f8ce5462adb2cc260ccac712e5b939e7d259f1eee0dfc782959f3ea689befce99cddf38b56a2cc140566870b045114e9b240dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\e58c714\pages\Initialization\page.js

Filesize
2KB

MD5
50c3c85a9b0a5a57c534c48763f9d17e

SHA1
0455f60e056146082fd36d4aafe24fdbb61e2611

SHA256
0135163476d0eb025e0b26e9d6b673730b76b61d3fd7c8ffcd064fc2c0c0682a

SHA512
01fb800963516fd5b9f59a73e397f80daba1065c3d7186891523162b08559e93abf936f154fc84191bbadec0fa947d54b5b74c6981cebc987c8e90f83ddf22c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\e590258\common\css\common.css

Filesize
2KB

MD5
33b1c68fff898cbf19c44e486c856282

SHA1
4bcae82469404701498583903ccad307c64e2aa5

SHA256
265d280bad44060c22a6caef0140bb8085b994cdd8d76789f3a43a6e7f2a16ea

SHA512
e8ee2691c3b5c6542873e804f6ba7b13b9230de0bd28944a18bc25c529afe1a11d452988387aa3edddfd2bf65b02e293e549415b0a6a961285d50b3cd2d46a7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\e590258\pages\Initialization\page.css

Filesize
66B

MD5
ec8deaebe3216ee6e101d73981db11f7

SHA1
217c2e5e81447b70388883d8c1c77e3dfc00e6fa

SHA256
cd804f5b34e9f8d0a7b085a0d9337b864e83d286b1408210343997f029fcc628

SHA512
370d6ab807b175973165f1de8b682c7c111d38c25cba5abf11aad73eea4312f0b1f33304b276edde5e290553900e0b701e41097bc96a07d8dfd3e6164dec4042

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz5228.tmp\CityHash.dll

Filesize
53KB

MD5
2021acc65fa998daa98131e20c4605be

SHA1
2e8407cfe3b1a9d839ea391cfc423e8df8d8a390

SHA256
c299a0a71bf57eb241868158b4fcfe839d15d5ba607e1bdc5499fdf67b334a14

SHA512
cb96d3547bab778cbe94076be6765ed2ae07e183e4888d6c380f240b8c6708662a3b2b6b2294e38c48bc91bf2cc5fc7cfcd3afe63775151ba2fe34b06ce38948

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz5228.tmp\InetBgDL.dll

Filesize
95KB

MD5
af9e2d138cf17b8ff4d4b8df7fddaefa

SHA1
539afa302bc5cae7022896048cb7a0f3f2ab6907

SHA256
3921dec014fadd1de7f3a36606ac95882a17cb96df38a5424e58531a169f825b

SHA512
631ad8bbb9eea42b230f2729714874c921677c4be91ac0b35ab9e7751613045eb249f8a0dd1d5ce06bf2cd544507795836dcbf42be79f01a71333570ea27c840

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz5228.tmp\System.dll

Filesize
22KB

MD5
b361682fa5e6a1906e754cfa08aa8d90

SHA1
c6701aee0c866565de1b7c1f81fd88da56b395d3

SHA256
b711c4f17690421c9dc8ddb9ed5a9ddc539b3a28f11e19c851e25dcfc7701c04

SHA512
2778f91c9bcf83277d26c71118a1ccb0fb3ce50e89729f14f4915bc65dd48503a77b1e5118ce774dea72f5ce3cc8681eb9ca3c55cf90e9f61a177101ba192ae9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz5228.tmp\UAC.dll

Filesize
28KB

MD5
d23b256e9c12fe37d984bae5017c5f8c

SHA1
fd698b58a563816b2260bbc50d7f864b33523121

SHA256
ec6a56d981892bf251df1439bea425a5f6c7e1c7312d44bedd5e2957f270338c

SHA512
13f284821324ffaeadafd3651f64d896186f47cf9a68735642cf37b37de777dba197067fbccd3a7411b5dc7976e510439253bd24c9be1d36c0a59d924c17ae8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz5228.tmp\UserInfo.dll

Filesize
14KB

MD5
610ad03dec634768cd91c7ed79672d67

SHA1
dc8099d476e2b324c09db95059ec5fd3febe1e1e

SHA256
c6c413108539f141bea3f679e0e2ef705898c51ec7c2607f478a865fc5e2e2df

SHA512
18c3c92be81aadfa73884fe3bdf1fce96ccfbd35057600ef52788a871de293b64f677351ba2885c6e9ce5c3890c22471c92832ffc13ba544e9d0b347c5d33bfd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz5228.tmp\WebBrowser.dll

Filesize
103KB

MD5
b53cd4ad8562a11f3f7c7890a09df27a

SHA1
db66b94670d47c7ee436c2a5481110ed4f013a48

SHA256
281a0dc8b4f644334c2283897963b20df88fa9fd32acca98ed2856b23318e6ec

SHA512
bb45d93ed13df24a2056040c219cdf36ee44c8cddb7e178fdaabcec63ac965e07f679ca1fa42591bba571992af619aa1dc76e819a7901709df79598a2b0cef81

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz5228.tmp\installing.html

Filesize
1KB

MD5
b2f87d34f34f96fb95861eb23cea6aa4

SHA1
34e42eb500a162d694f155b90e9f4f5e518b5081

SHA256
de8e76a2066602c34b4864c0db3aaeb71c11ec368398e00102139eb48b8908d4

SHA512
03332299cdf3a665443a6a41a01e691ae5945662e4cf4acd97a61e2f900807196711dc7af3958e4d8822c32441b5be96f2b735c571eca7b2914f13e0461ffcb2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz5228.tmp\installing.js

Filesize
2KB

MD5
5d880454577d033215b9153e956ff37b

SHA1
d609bfabf790817e2624e538c1ccae8143731ec7

SHA256
254bd34973522c900b2c480186dd26d8885f448023dfba244af88726998c36c6

SHA512
13b27295b9707b9f0d9f41be3af67dd49b7bcf79b3e58b065e6bc55f7eb59f9c8f79fff2126355748c14a16a9f1a884c2040bb196630e39cb51f9b4d1642ffe3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz5228.tmp\stub_common.js

Filesize
815B

MD5
efce3dce0165b3f6551db47e5c0ac8d6

SHA1
1e15f6bb688e3d645092c1aa5ee3136f8de65312

SHA256
dab39cbae31848cce0b5c43fddd2674fef4dea5b7a3dacdaabdc78a8a931817e

SHA512
cec12da07f52822aaed340b1b751153efa43e5c3d747fa39f03bb2800bf53e9416020d654a818a6088acb2cf5581714433d818537f04af150e6bfb6861c03988

Download Submit
C:\Users\Admin\Downloads\Skript.gg.rar.crdownload

Filesize
237KB

MD5
a48d76e6d43a698cfdab6ef51b8ae57d

SHA1
ae04f60ef5ca250ae39a86b74f436a67d1f29eab

SHA256
837f6441b7784d5f83e3b1d883cfe0d1ee2b97b0a6ed23300206120b9ec42030

SHA512
16aad32e95abf3ef745439d9ba79045a0c0c7e6f6a826cf81380a19c7cbe36c3ad97a8e6d277a481cc40f3fc33a5b160b5ff810bc294fb8cbda24c76b143d418

Download Submit
C:\Users\Admin\Downloads\Skript.gg\RubixLauncher.exe

Filesize
355KB

MD5
8a6f1580a5b9b94d7cd47cc6b1af1b9a

SHA1
e68768afd59e18091d345cb300e859572e8d4c5c

SHA256
bb1464e75c750d90c0c49d148c9e64eefe0c29b2f670d708c8085ddd3104dbfe

SHA512
1663a9e0868b3f5d7e1edd30259024e419c2d190ec8c31e76e66aef0c8a0e02da0c829584214b9e2f76cbd349a53bf77d01d03e9b0e9c8a99eb18021b1d53309

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 622768.crdownload

Filesize
2.8MB

MD5
c3f661bf5febc5fde52706f61b948b8d

SHA1
12dc9c796c48289cb72c4a08124a77a8db07cfc8

SHA256
9291269dce287437abf655bc98c399ef3e9d070ebfc217c51842f17e141d72bf

SHA512
d876a12ebb084448c66b5782def89985bfb8f099aaae5c102cb52296bcc93c93d323e8e46a5312032ad8ea86ccfc285c5798c6ff285eb0f5365dc11058bff9ea

Download Submit
C:\Users\Admin\Downloads\winrar-x64-710.exe

Filesize
3.6MB

MD5
32595caa2a6bbbf58e9cc3c145e2aafe

SHA1
a85f67867e000d7bb3a074bb2b84fa3a143d0663

SHA256
d9fc9e75e174f309efbbb0a4fe13ea27e50c0d1eac65e0ddc858a80a3a4c49a7

SHA512
151748c2c0971d0c9cebc9e4cf3dc0f36e72d9a4f288fff1979729851e6e4ec1ba41e6c4e20f5e13448ac1b9e940a3aa2bc2b097800e9640759f442c95eb4017

Download Submit
memory/216-1318-0x00000000021A0000-0x00000000025A0000-memory.dmp

Filesize
4.0MB

Download
memory/216-1319-0x00007FF9F4B50000-0x00007FF9F4D45000-memory.dmp

Filesize
2.0MB

Download
memory/216-1321-0x0000000076B70000-0x0000000076D85000-memory.dmp

Filesize
2.1MB

Download
memory/2372-117-0x0000000000400000-0x0000000000446000-memory.dmp

Filesize
280KB

Download
memory/2372-0-0x0000000000400000-0x0000000000446000-memory.dmp

Filesize
280KB

Download
memory/4488-1275-0x0000000076B70000-0x0000000076D85000-memory.dmp

Filesize
2.1MB

Download
memory/4488-1272-0x0000000002A10000-0x0000000002E10000-memory.dmp

Filesize
4.0MB

Download
memory/4488-1269-0x0000000000EC0000-0x0000000000EC9000-memory.dmp

Filesize
36KB

Download
memory/4488-1273-0x00007FF9F4B50000-0x00007FF9F4D45000-memory.dmp

Filesize
2.0MB

Download
memory/4820-1288-0x000000001D0D0000-0x000000001D101000-memory.dmp

Filesize
196KB

Download
memory/4820-1289-0x00007FF9D79A0000-0x00007FF9D79D1000-memory.dmp

Filesize
196KB

Download
memory/5036-1264-0x0000000003AE0000-0x0000000003EE0000-memory.dmp

Filesize
4.0MB

Download
memory/5036-1270-0x0000000000860000-0x00000000008CD000-memory.dmp

Filesize
436KB

Download
memory/5036-1262-0x0000000000860000-0x00000000008CD000-memory.dmp

Filesize
436KB

Download
memory/5036-1265-0x0000000003AE0000-0x0000000003EE0000-memory.dmp

Filesize
4.0MB

Download
memory/5036-1266-0x00007FF9F4B50000-0x00007FF9F4D45000-memory.dmp

Filesize
2.0MB

Download
memory/5036-1268-0x0000000076B70000-0x0000000076D85000-memory.dmp

Filesize
2.1MB

Download
memory/5160-1333-0x0000000076B70000-0x0000000076D85000-memory.dmp

Filesize
2.1MB

Download
memory/5160-1331-0x00007FF9F4B50000-0x00007FF9F4D45000-memory.dmp

Filesize
2.0MB

Download
memory/5160-1330-0x0000000002EA0000-0x00000000032A0000-memory.dmp

Filesize
4.0MB

Download
memory/5304-1312-0x00000000032E0000-0x00000000036E0000-memory.dmp

Filesize
4.0MB

Download
memory/5304-1315-0x0000000076B70000-0x0000000076D85000-memory.dmp

Filesize
2.1MB

Download
memory/5304-1313-0x00007FF9F4B50000-0x00007FF9F4D45000-memory.dmp

Filesize
2.0MB

Download
memory/5904-1327-0x0000000076B70000-0x0000000076D85000-memory.dmp

Filesize
2.1MB

Download
memory/5904-1325-0x00007FF9F4B50000-0x00007FF9F4D45000-memory.dmp

Filesize
2.0MB

Download
memory/5904-1324-0x00000000037E0000-0x0000000003BE0000-memory.dmp

Filesize
4.0MB

Download