discordrat | hxxps://gofile[.]io/d/PB5rs2

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20250313-en
resource tags

arch:x64arch:x86image:win10v2004-20250313-enlocale:en-usos:windows10-2004-x64system
submitted
17/04/2025, 21:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gofile.io/d/PB5rs2

Score

10^/10

discordrat discovery persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTM2MjQ4NDQ3NDg1OTc1MzU3Mg.G6F0XN.VLF6L9woFXrcJqvnK2pSc21C4w5iXBv79eVBjs
server_id
1362170836378845274

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Executes dropped EXE 1 IoCs

pid	Process
4508	Roblox executor.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
14	api.gofile.io
24	api.gofile.io

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133893982575053629"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Documents"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 14002e80922b16d365937a46956b92703aca08af0000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 000000000200000001000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "3"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616193"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Generic"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4116	chrome.exe
4116	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2992	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 29 IoCs

pid	Process
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2244	chrome.exe
2992	chrome.exe
2992	chrome.exe
5472	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4228 wrote to memory of 5460	4228	chrome.exe	84
PID 4228 wrote to memory of 5460	4228	chrome.exe	84
PID 4228 wrote to memory of 5376	4228	chrome.exe	85
PID 4228 wrote to memory of 5376	4228	chrome.exe	85
PID 4228 wrote to memory of 4248	4228	chrome.exe	86
PID 4228 wrote to memory of 4248	4228	chrome.exe	86
PID 4228 wrote to memory of 4248	4228	chrome.exe	86
PID 4228 wrote to memory of 4248	4228	chrome.exe	86
PID 4228 wrote to memory of 4248	4228	chrome.exe	86
PID 4228 wrote to memory of 4248	4228	chrome.exe	86
PID 4228 wrote to memory of 4248	4228	chrome.exe	86
PID 4228 wrote to memory of 4248	4228	chrome.exe	86
PID 4228 wrote to memory of 4248	4228	chrome.exe	86
PID 4228 wrote to memory of 4248	4228	chrome.exe	86
PID 4228 wrote to memory of 4248	4228	chrome.exe	86
PID 4228 wrote to memory of 4248	4228	chrome.exe	86
PID 4228 wrote to memory of 4248	4228	chrome.exe	86
PID 4228 wrote to memory of 4248	4228	chrome.exe	86
PID 4228 wrote to memory of 4248	4228	chrome.exe	86
PID 4228 wrote to memory of 4248	4228	chrome.exe	86
PID 4228 wrote to memory of 4248	4228	chrome.exe	86
PID 4228 wrote to memory of 4248	4228	chrome.exe	86
PID 4228 wrote to memory of 4248	4228	chrome.exe	86
PID 4228 wrote to memory of 4248	4228	chrome.exe	86
PID 4228 wrote to memory of 4248	4228	chrome.exe	86
PID 4228 wrote to memory of 4248	4228	chrome.exe	86
PID 4228 wrote to memory of 4248	4228	chrome.exe	86
PID 4228 wrote to memory of 4248	4228	chrome.exe	86
PID 4228 wrote to memory of 4248	4228	chrome.exe	86
PID 4228 wrote to memory of 4248	4228	chrome.exe	86
PID 4228 wrote to memory of 4248	4228	chrome.exe	86
PID 4228 wrote to memory of 4248	4228	chrome.exe	86
PID 4228 wrote to memory of 4248	4228	chrome.exe	86
PID 4228 wrote to memory of 4248	4228	chrome.exe	86
PID 4228 wrote to memory of 5608	4228	chrome.exe	87
PID 4228 wrote to memory of 5608	4228	chrome.exe	87
PID 4228 wrote to memory of 5608	4228	chrome.exe	87
PID 4228 wrote to memory of 5608	4228	chrome.exe	87
PID 4228 wrote to memory of 5608	4228	chrome.exe	87
PID 4228 wrote to memory of 5608	4228	chrome.exe	87
PID 4228 wrote to memory of 5608	4228	chrome.exe	87
PID 4228 wrote to memory of 5608	4228	chrome.exe	87
PID 4228 wrote to memory of 5608	4228	chrome.exe	87
PID 4228 wrote to memory of 5608	4228	chrome.exe	87
PID 4228 wrote to memory of 5608	4228	chrome.exe	87
PID 4228 wrote to memory of 5608	4228	chrome.exe	87
PID 4228 wrote to memory of 5608	4228	chrome.exe	87
PID 4228 wrote to memory of 5608	4228	chrome.exe	87
PID 4228 wrote to memory of 5608	4228	chrome.exe	87
PID 4228 wrote to memory of 5608	4228	chrome.exe	87
PID 4228 wrote to memory of 5608	4228	chrome.exe	87
PID 4228 wrote to memory of 5608	4228	chrome.exe	87
PID 4228 wrote to memory of 5608	4228	chrome.exe	87
PID 4228 wrote to memory of 5608	4228	chrome.exe	87
PID 4228 wrote to memory of 5608	4228	chrome.exe	87
PID 4228 wrote to memory of 5608	4228	chrome.exe	87
PID 4228 wrote to memory of 5608	4228	chrome.exe	87
PID 4228 wrote to memory of 5608	4228	chrome.exe	87
PID 4228 wrote to memory of 5608	4228	chrome.exe	87
PID 4228 wrote to memory of 5608	4228	chrome.exe	87
PID 4228 wrote to memory of 5608	4228	chrome.exe	87
PID 4228 wrote to memory of 5608	4228	chrome.exe	87
PID 4228 wrote to memory of 5608	4228	chrome.exe	87
PID 4228 wrote to memory of 5608	4228	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://gofile.io/d/PB5rs2
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffee465dcf8,0x7ffee465dd04,0x7ffee465dd10
  2⤵
  PID:5460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1856,i,12206154870722173870,13784865888837480383,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=2024 /prefetch:3
  2⤵
  PID:5376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1984,i,12206154870722173870,13784865888837480383,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=1980 /prefetch:2
  2⤵
  PID:4248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2408,i,12206154870722173870,13784865888837480383,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=2544 /prefetch:8
  2⤵
  PID:5608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3184,i,12206154870722173870,13784865888837480383,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:2164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3200,i,12206154870722173870,13784865888837480383,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:5948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4400,i,12206154870722173870,13784865888837480383,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4412 /prefetch:2
  2⤵
  PID:2124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4692,i,12206154870722173870,13784865888837480383,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4712 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3224,i,12206154870722173870,13784865888837480383,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3572 /prefetch:1
  2⤵
  PID:5324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5392,i,12206154870722173870,13784865888837480383,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5308 /prefetch:8
  2⤵
  PID:2380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5692,i,12206154870722173870,13784865888837480383,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:1892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5780,i,12206154870722173870,13784865888837480383,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3244 /prefetch:8
  2⤵
  PID:5432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5864,i,12206154870722173870,13784865888837480383,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5880 /prefetch:1
  2⤵
  PID:6116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6120,i,12206154870722173870,13784865888837480383,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5836 /prefetch:8
  2⤵
  PID:4728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6208,i,12206154870722173870,13784865888837480383,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5812 /prefetch:8
  2⤵
  PID:4684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6164,i,12206154870722173870,13784865888837480383,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=6072 /prefetch:8
  2⤵
  PID:4696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=6264,i,12206154870722173870,13784865888837480383,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=6272 /prefetch:1
  2⤵
  PID:2396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=6288,i,12206154870722173870,13784865888837480383,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=6308 /prefetch:1
  2⤵
  PID:2332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=6024,i,12206154870722173870,13784865888837480383,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=6044 /prefetch:1
  2⤵
  PID:1424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6508,i,12206154870722173870,13784865888837480383,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=6000 /prefetch:8
  2⤵
  PID:4848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6480,i,12206154870722173870,13784865888837480383,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=6468 /prefetch:8
  2⤵
  PID:2352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6712,i,12206154870722173870,13784865888837480383,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=6744 /prefetch:1
  2⤵
  PID:1800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6896,i,12206154870722173870,13784865888837480383,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=6760 /prefetch:1
  2⤵
  PID:6088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=6704,i,12206154870722173870,13784865888837480383,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=7024 /prefetch:1
  2⤵
  PID:1780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=6884,i,12206154870722173870,13784865888837480383,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=7192 /prefetch:1
  2⤵
  PID:5692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=7400,i,12206154870722173870,13784865888837480383,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=7448 /prefetch:1
  2⤵
  PID:544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=7464,i,12206154870722173870,13784865888837480383,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=7476 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:2244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=7524,i,12206154870722173870,13784865888837480383,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=7568 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=7740,i,12206154870722173870,13784865888837480383,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=7756 /prefetch:1
  2⤵
  PID:5632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=7900,i,12206154870722173870,13784865888837480383,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=7912 /prefetch:1
  2⤵
  PID:6076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=7944,i,12206154870722173870,13784865888837480383,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=8040 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=7904,i,12206154870722173870,13784865888837480383,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=7732 /prefetch:1
  2⤵
  PID:4188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=8240,i,12206154870722173870,13784865888837480383,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=7936 /prefetch:1
  2⤵
  PID:528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=8232,i,12206154870722173870,13784865888837480383,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=8200 /prefetch:1
  2⤵
  PID:208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=8264,i,12206154870722173870,13784865888837480383,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=7188 /prefetch:1
  2⤵
  PID:6068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=8296,i,12206154870722173870,13784865888837480383,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=7508 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=8592,i,12206154870722173870,13784865888837480383,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=8624 /prefetch:1
  2⤵
  PID:1692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6880,i,12206154870722173870,13784865888837480383,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=6732 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:2992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=7492,i,12206154870722173870,13784865888837480383,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=8444 /prefetch:1
  2⤵
  PID:4832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6956,i,12206154870722173870,13784865888837480383,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=8736 /prefetch:8
  2⤵
  PID:3116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=8684,i,12206154870722173870,13784865888837480383,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=6780 /prefetch:8
  2⤵
  PID:528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=6780,i,12206154870722173870,13784865888837480383,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=7404 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=6992,i,12206154870722173870,13784865888837480383,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=7884 /prefetch:1
  2⤵
  PID:6104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=7888,i,12206154870722173870,13784865888837480383,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=9048 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=8300,i,12206154870722173870,13784865888837480383,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=6888 /prefetch:1
  2⤵
  PID:3936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=7208,i,12206154870722173870,13784865888837480383,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=7288 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:5472

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:3276

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:100

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:964

C:\Users\Admin\Downloads\New folder\Roblox executor.exe
"C:\Users\Admin\Downloads\New folder\Roblox executor.exe"
1⤵
- Executes dropped EXE
PID:4508

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\6e52f56f-9cea-4b4a-b6ae-8f1906709e4c.tmp

Filesize
79KB

MD5
c1a1fd3c706a68d4cb5010b7bf0f30db

SHA1
dbc9f4d3dc876232d59d51d3c9541b871f7b3934

SHA256
7751a55e815cfc3676bcbb278958f3e3fd66b36b9cf74b4387cd5d928176b2d6

SHA512
a46472433bd522fa451939e6f47a60bf75589377e914f117c99431e6124d5a1396b7387a9ec45de7145c65bc350df660a1535f50095cfa5d04ddf1e94a10d18b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
414B

MD5
5ac3beccde0231f626ce37f1c043c4ff

SHA1
7931f476bdccee6d66f33719e05e854fbf94d43d

SHA256
2dd6bb4999409d2b78e874d9b2c94c78a29239dd8dd9288c9d0f5fb264a4c44a

SHA512
38ce71d8d73dd7f79ee9da0bd529eb92117130ca273dd390c7a3b8361f6386545c8f305767e27ebed182e32d76ed02f9d506cc5c2ac02965adb10c0603f1ff10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
270KB

MD5
60f64db289e7076c183195a5b35c179c

SHA1
92ed81876bffeda07b81d266cf48735ab3265419

SHA256
cd594cff36c1f00800b4cb0684dab26bc2f442c9302d9e0a7c5cec17fbd1236c

SHA512
3b00b9045c7a70f663d4fac6cf50f0c24b7f5c544f7474512f17877b39021573585fae35eca8fa1c2f157a5080d294437a1261a2afe3ca20b02318077a7e2c60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004d

Filesize
20KB

MD5
2027ffd339109d7090f607d1869b1f6e

SHA1
2e59ccbf6f4481ef28105d709dd42a7a5c5f7077

SHA256
cba403f761fa40eb9294d4bb852d106edfc6f544280f7bea7d5e2395ee959854

SHA512
ab9f96049906fdecd992e93b555bc7682ee5e64a51d19d175c1857ccfe3581c47edce07e75fcedc2453aa6426ec52155828067787d943710192b6bbd353138b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000054

Filesize
67KB

MD5
6c50fb64d1d74f2629ab9d206ccfcc22

SHA1
03064b27f694bd3aa8f631c9a3eab299be42207f

SHA256
54cf8f03e1e5e65df09bcc035e17c034a54ac904b5da1eb803ddf5bc21b7c19e

SHA512
85af45c09a43ac7e791f7302ccdfb17da7dfd38310d989c23639e579ab4de9f1e35c74b033654ed83f267ffc7add2d9628db6e2ad8488fe0987c18694a9fbbe5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005a

Filesize
143KB

MD5
ffd664989c5796c4cea84b06fb156175

SHA1
566244b7d4cbabf358006f9f02139d9b99365fab

SHA256
63cd5f13e10022e9bc2878a4f5ba8ea2fdf38c391bcea0140e5c9160a1779ed6

SHA512
b840c79037a8c8da9196590f2809991941b66ed9b56b87cac9bb2d15c679487957218fd9ed25eff1eb1cf68f746825214cfd0b38327a61e90be942768acdfe98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
b58b4425074b4b499daf66be7ac1ab9a

SHA1
8cd43203f6e57d449116a1206313a4da1800ed3d

SHA256
df6d499c82503595a5e3fcee7eac6f84905322889843f7425011897050375614

SHA512
0d4cdd55104f4f4ba028152fe946a9fdf14632aaa1cb78d660283a05d5409fb27248b7fed8c4497767a6ee3f6f8c058e0e1bd468f33a8f907339dc7e4357ef33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
bff3254f9526ae58b18ddf0c7b51beb6

SHA1
a9269415e4370c61c2503162ce10eb84aa951afd

SHA256
2bb91c259cd81b46498bde5c3d5d86daa7b5f9dfe520f5242ac6175ab461128f

SHA512
283a375251c5eb2e9a05c9ef0f8bce94ba214990ab362732a58f8d971c2b5d55dbebbef08554486545bd7059c2e34276b72bca028f2959a0dddfdc421095f088

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
32KB

MD5
0b06e56fe4098398d1324f2f9ab5d555

SHA1
599b3373087ba9dbd8ead8de60aa8fae7e4c681e

SHA256
b7cbbce4fab566e6336acc6a304d7b5f4ad728b2faf87de244146eff9b39b74c

SHA512
36ea2e76f1c9dbb51a963fbb9284fe39ccc59a7f55e4018adee9785c75b594b2a8d3f7d472bb159bd5c278d4cce323089b6c1b7f800a7ce8f2a8ede2efdd0164

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
67287903dae7f74755b8c88ad62c1862

SHA1
8deede40fb650a3595c78c0e8e347c6ccd7c5d6a

SHA256
cb4f36d6a6413cf320b833183db51359ef99260ba6715e2bb4495e4047a347c9

SHA512
6a39ede4227024c46876160d86fd45ddf638bccfc4247b3824dfc5274f672c5acbf0765281a13d6b08d16f815560458a17a70826fca3388da58f90950db29b09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c49d1fb827daa1d359c772c4a0eb512b

SHA1
95af353dc1ba84d32161e2468452c460385114b1

SHA256
683af7940ca60f45462f44d389de44c99d6e7651135ac4e8f56bd12b6cc1be38

SHA512
da8a51a8266cce8d9404de14301de359741bc059c79d4d1bd82e7d5f3e0a42e601b05aba0e0db49408ce3cd1a49e7347c25bc1d8d22e960188bb977c4e83c687

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
ad71c1de8f4b39764fe268670c315cd4

SHA1
cf055d7bf5b9f84ca5b503905b168ee41a76b3d3

SHA256
2bf0f9e19eff2daf805914fef8e89f4c233cebcebc7721a80e0adc3f6ca48afe

SHA512
58caa9a0dfe744e8dfef0f08589e2b8a02288bea4aa211a83c02c85b9e5402b718f9a20e42114e9fba38d292a27c1922fe8a8593e4f534b1e91f8b00f100b195

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
4c3493c177f0ca48354687ed28b48820

SHA1
69362cd97b8c8b146a7f4c68f2fe88fa89377549

SHA256
0e52f549a292391b5a060d73da5f55bd97e2c3b6fe59dcdf59aebad6093fce17

SHA512
9e66c6a9df8b10b3404a7a458ebc696831f4cac48dfbacc34147e750e8312c4c1c084335e914706bcedf6b191c97207d58c1520c215d18c609ec68d3cc024a43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
f9afb195385de043e6a90b3497f9d3a5

SHA1
513b83a41c3883b8cbe69d4a08252372bf3e4987

SHA256
df4c7722f042fc827422f4d01b466844d42d7c942ee8c1c5073518338bd153d5

SHA512
c1fb9d1b9e2fef7f5bdc099f87187ca3a545256fd89dadac3914e878d14f01624c2b1bc024434069fb7e66531cc08fbf3287a6e2d5ce168181f9bf5f52b58695

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
c49067fd90c53c08f781a2f053995a3a

SHA1
64f22de6dd3a22c3bcb978752c48ff112e495fc6

SHA256
38ec4b5623efc671acb1c7573f6dca89b6c92aaee6b77f4cebef8c798ffa518b

SHA512
f73166fc04c715257df26dd9cd2c19a876727ff2c9638af2f4df6304b1adeaafdc8ecaa444daa99f39d392a5e57ceb87abe45254ad23f842dff1db12bcfc2d61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
8edb0c0a8d9ad83a3e0cc71704922b05

SHA1
35290b53a579efc1f372e8af69df270ce554e70d

SHA256
4e01b732143935d1be9b0c8004e6cd8f880b8dbb458873bf54e761e8a20afe03

SHA512
5b12d5d4043cf929b78a54f0729405ba36201ffee77bbf080ffe312efb9296dfb39c60e308076fcc83f02b4314cad5f5939e6529448a8b478d8aa56a3a8dc662

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
30978c9f4f58dfe0d07b797cd7dd1367

SHA1
8012ffd05665ad0573c6eaf08bbf6388bc93ce6f

SHA256
4668e4603a9e25d9da2bb72a61cbc891c468dc396887c7c9437171d3f7271d00

SHA512
836347a6de04d4225085aaa183f8bef36a59c7ee67d8fbb06141c0a1567b3bd4789ad47cfc5a9187a07f3bb414c090df47762a34390087cdc1d7487d6af6bb00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
f4f1c7349dc5a8ab992f8bf5341b99f5

SHA1
d95c5fa2b3bdbfe645bbf2086176b42efa81c023

SHA256
4649834f2b0edd7b2685a21084d9a1097951d063d7c67b3e4207d801a48289ac

SHA512
1db3de3ca9ca46ef348eaa2d799a22c3f8755d0b0b37f72a4bf150f3b7d1bf2f4f392f0397e610dfdc4dfc74325c32e43f3582db786c2899fbf02f05c6542427

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
61333cf429b086243bae79e51783a08f

SHA1
44fb9f3b7ebd590852cfbde61a4d61a5c6bbb709

SHA256
4762a26232b0131693e0156b84455c2ffc63d20ed449cfebf4b689704c9ccf7d

SHA512
102358d1fe09a113e37d935e9f1b36c582214a620943fbefe7acf96613dbf2c0785cf8862c3e7175fa4619965b6420a1b7ba45c52f25c8f1f634115568db29f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57d8bc.TMP

Filesize
48B

MD5
7b7ceed725b1d52d9fc04913c1928926

SHA1
eb8d747837b21c2120e081ae44805aeaf6b1e144

SHA256
9ad889abade19602223cd2b75d46a8ac0bb96d5437e9200184007bc662a52207

SHA512
9020c3294311ed5074514fa2554dff00bfb4012a5ee78fb81493f66d87498f588e727d8eb07dbbb4787deada3c4945d4aa5b273e7ef86e201da7fd535feb1f50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary\cache\7ae97c941ccda82f_0

Filesize
63KB

MD5
10fea2ac610e543b03b5e746157ba564

SHA1
83dee88286c7e23bd8103d356bfc4f6d29a2eb7d

SHA256
7fa9dbddb18101fdc1076cc90b5a35e610a084d62a6d77641eaf1e59e73907e2

SHA512
215d636335612c701f030b7011368c6dc1f6b626856c978b79f65f8710630237bd81dff53fce02125b9e28e14ba071044b5eba6f1a0bc6ef436578bc937f8c74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary\cache\index-dir\the-real-index

Filesize
72B

MD5
a272e50f6264671a3ceb9dc92b6091a0

SHA1
b7cb39323f100b4ed0e82fa3545f3a3b1bc4627c

SHA256
ef523bf6ef939e01ddbb685c6ca3c586f89f7ea5bd94f0887ba3dcbd646092b6

SHA512
3e55444a4bd36942a76bb8eb4a9b6db7757f3a1ce5eb2a7a6cae969b36b399cf2929ebbea8b484b0ad79a43b13625097fa09a28fbb36f877cce36f09aa33ffb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
76B

MD5
c2ceb28f1d38dc3f495c3d924de5574d

SHA1
ab138d888caced2dd36bf4bbec8f364a605c7d23

SHA256
c0f4f96d6f3649d14aada67f45cc4c76234189c282de7e7a7a2b3340f23e664e

SHA512
618c1c8b67b5df4c2935ae9cbfb2650b01c2db5b168b59c2e6a2b139dd7defd15bccf1db7d7a2ca03b1d6480591542a9b46b1c380628d30e6e24f94796485aec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe58cb0b.TMP

Filesize
140B

MD5
d9e405b215c1ec65a39dc0a402287d08

SHA1
3ce2e0211832803cd20b011f52505789248513e6

SHA256
ed35673ee4fc090c8d0310a5d6462f49a0c21a3727a565c1f03d003d79c81de9

SHA512
37839df54c311f99c9ee83b17fb5d0bf3d72d46670ec615cc004b7515ad360738154dace91bf9f97c07fae836662c22c6754179e6895d7aa6f7b72e09f05861d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
4c88828ba06f4e8e636d82a98c76ba25

SHA1
f0f1422fea6868bc1463b04dcb46a144b186fdfb

SHA256
3333bc33685ecc7d14e2146f02fd2bd8162de6e8645fff74e7475b4bb0d4a315

SHA512
e2e236abc075e4adb41459100e8db8ba7512f6eeec7fe1fc2c57a7712e4943fea8947eba7c263816ee601113225e96cea11b1eef751596c5204f55a70e976e52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
51c46eeb6a1b1ef5275f22e8db2f5010

SHA1
482c7c6909e3d24eef39fb8a6e3c591ecf34ed15

SHA256
18049ffa94480291be4270176488887264aa4317d33b38a089c94955c505d914

SHA512
5dbe6d11ce5f9e3bd97930f4836825fd721b352f6acbb96573b5b0449476b21cb008165e5b8cb7a756246aaa94cd3bfc7452ac92cfe9816bf853659c971166bf

Download Submit
C:\Users\Admin\Downloads\New folder\Roblox executor.exe

Filesize
78KB

MD5
d4492c91b127b304f924edabe3213cec

SHA1
33569c0c910c1738873bea8cdb2652aa4335ac43

SHA256
f975182341f7800acdb358b504cf753c9bb54d9055b22e7a423ce04a7e583a98

SHA512
b25d18814f69098d70a9d6532f41b2e108821281aff4466a2b9e1bab533a13dd21a3cb168688a905425c19cfe5d3994d5bc14d6c7345ddb53c8c9ab7496948c2

Download Submit
C:\Users\Admin\Downloads\luna executor.rar.crdownload

Filesize
28KB

MD5
a65062bf1044221314634aa9fafebc6b

SHA1
fdcb807290b57f0ebbb9a3bc12792b8a65c1053b

SHA256
a000d5b242c287ec8b1897e4e6dda734cc4615e2b7ff3a50440c753d78ce47bc

SHA512
074edd1b97d056586eece291c767a10305416059b8e4eadae7172fc16b8e12f692a83cfd5d8e99b6e3e078a6fc46e74732d7d5f4e7d89fcd2f9a1db3f5ae4bcd

Download Submit
memory/4508-654-0x00007FFEBF643000-0x00007FFEBF645000-memory.dmp

Filesize
8KB

Download
memory/4508-655-0x000001DCF4D80000-0x000001DCF4D98000-memory.dmp

Filesize
96KB

Download
memory/4508-656-0x000001DCF73B0000-0x000001DCF7572000-memory.dmp

Filesize
1.8MB

Download
memory/4508-658-0x00007FFEBF640000-0x00007FFEC0101000-memory.dmp

Filesize
10.8MB

Download
memory/4508-675-0x000001DCF7BB0000-0x000001DCF80D8000-memory.dmp

Filesize
5.2MB

Download
memory/4508-742-0x00007FFEBF643000-0x00007FFEBF645000-memory.dmp

Filesize
8KB

Download
memory/4508-766-0x00007FFEBF640000-0x00007FFEC0101000-memory.dmp

Filesize
10.8MB

Download