lumma | 7cb380bb249c35afb4a56dfe8a8dec9a6a87a76c1dc7301d9a4e62eabd03a3d1

Resubmissions

01-04-2023 02:07

230401-ckct9sfc79 10

01-04-2023 02:03

230401-cgrt1sgf2y 7

01-04-2023 01:57

230401-cc9h9sfc42 10

Analysis

max time kernel
67s
max time network
308s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
01-04-2023 01:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Ghast Setup.exe
Size

47.0MB
MD5

aade6b70530baa03c6f520119161d224
SHA1

ba2d3b60a32e5a4ca5033ceb27ef4bc0613086c8
SHA256

7cb380bb249c35afb4a56dfe8a8dec9a6a87a76c1dc7301d9a4e62eabd03a3d1
SHA512

e8d8f3385efa219368d2a153031e0ef934e8c4e480cca22a54be526297e9093acbd6fe5bc4e6c8353c3712612d2b36f7b6f2312e0d182b73a8bba746b7092296
SSDEEP

786432:F1pKaCrTgJhsBqMCiMz0WSt++sQVOcHJ4ok7icr1TEDgvFGv1XqWHb:F6fWwsnSt++tAwq7icnvm

Score

10^/10

lumma discovery stealer

Malware Config

Signatures

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma
Executes dropped EXE 5 IoCs

Processes:

Ghast Setup.tmpLoader.exeGhast.exeGhast.exeGhast.exe

pid process

1168 Ghast Setup.tmp
2764 Loader.exe
2924 Ghast.exe
2188 Ghast.exe
2412 Ghast.exe

pid	process
1168	Ghast Setup.tmp
2764	Loader.exe
2924	Ghast.exe
2188	Ghast.exe
2412	Ghast.exe

Loads dropped DLL 25 IoCs

Processes:

Ghast Setup.exeGhast Setup.tmpLoader.exeGhast.exeGhast.exeGhast.exe

pid	process
1332	Ghast Setup.exe
1168	Ghast Setup.tmp
1168	Ghast Setup.tmp
1168	Ghast Setup.tmp
2764	Loader.exe
2924	Ghast.exe
2924	Ghast.exe
2924	Ghast.exe
2924	Ghast.exe
2924	Ghast.exe
2924	Ghast.exe
2188	Ghast.exe
2188	Ghast.exe
2188	Ghast.exe
2188	Ghast.exe
2188	Ghast.exe
2188	Ghast.exe
2188	Ghast.exe
2188	Ghast.exe
2188	Ghast.exe
2412	Ghast.exe
2412	Ghast.exe
2412	Ghast.exe
2412	Ghast.exe
2412	Ghast.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

Processes:

Ghast.exeGhast.exe

pid process

2924 Ghast.exe
2188 Ghast.exe
Suspicious use of SetThreadContext 1 IoCs

Processes:

Ghast.exe

description pid process target process

PID 2188 set thread context of 2924 2188 Ghast.exe Ghast.exe

pid	process
2924	Ghast.exe
2188	Ghast.exe

description	pid	process	target process
PID 2188 set thread context of 2924	2188	Ghast.exe	Ghast.exe

Drops file in Program Files directory 4 IoCs

Processes:

Ghast Setup.tmp

description	ioc	process
File created	C:\Program Files (x86)\Ghast\unins000.dat	Ghast Setup.tmp
File created	C:\Program Files (x86)\Ghast\is-3PFH5.tmp	Ghast Setup.tmp
File created	C:\Program Files (x86)\Ghast\unins000.msg	Ghast Setup.tmp
File opened for modification	C:\Program Files (x86)\Ghast\unins000.dat	Ghast Setup.tmp

Drops file in Windows directory 1 IoCs

Processes:

Ghast.exe

description ioc process

File created C:\Windows\Tasks\Ghast on user logon - Admin.job Ghast.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Suspicious behavior: EnumeratesProcesses 9 IoCs

Processes:

Ghast Setup.tmpGhast.exeGhast.exe

pid process

1168 Ghast Setup.tmp
1168 Ghast Setup.tmp
2924 Ghast.exe
2924 Ghast.exe
2924 Ghast.exe
2188 Ghast.exe
2188 Ghast.exe
2188 Ghast.exe
2188 Ghast.exe
Suspicious use of FindShellTrayWindow 3 IoCs

Processes:

Ghast Setup.tmpLoader.exe

pid process

1168 Ghast Setup.tmp
2764 Loader.exe
2764 Loader.exe
Suspicious use of SendNotifyMessage 2 IoCs

Processes:

Loader.exe

pid process

2764 Loader.exe
2764 Loader.exe
Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

Loader.exeGhast.exeGhast.exe

pid process

2764 Loader.exe
2764 Loader.exe
2924 Ghast.exe
2188 Ghast.exe

description	ioc	process
File created	C:\Windows\Tasks\Ghast on user logon - Admin.job	Ghast.exe

pid	process
1168	Ghast Setup.tmp
1168	Ghast Setup.tmp
2924	Ghast.exe
2924	Ghast.exe
2924	Ghast.exe
2188	Ghast.exe
2188	Ghast.exe
2188	Ghast.exe
2188	Ghast.exe

pid	process
1168	Ghast Setup.tmp
2764	Loader.exe
2764	Loader.exe

pid	process
2764	Loader.exe
2764	Loader.exe

pid	process
2764	Loader.exe
2764	Loader.exe
2924	Ghast.exe
2188	Ghast.exe

Suspicious use of WriteProcessMemory 23 IoCs

Processes:

Ghast Setup.exeGhast Setup.tmpLoader.exeGhast.exe

description	pid	process	target process
PID 1332 wrote to memory of 1168	1332	Ghast Setup.exe	Ghast Setup.tmp
PID 1332 wrote to memory of 1168	1332	Ghast Setup.exe	Ghast Setup.tmp
PID 1332 wrote to memory of 1168	1332	Ghast Setup.exe	Ghast Setup.tmp
PID 1332 wrote to memory of 1168	1332	Ghast Setup.exe	Ghast Setup.tmp
PID 1332 wrote to memory of 1168	1332	Ghast Setup.exe	Ghast Setup.tmp
PID 1332 wrote to memory of 1168	1332	Ghast Setup.exe	Ghast Setup.tmp
PID 1332 wrote to memory of 1168	1332	Ghast Setup.exe	Ghast Setup.tmp
PID 1168 wrote to memory of 2764	1168	Ghast Setup.tmp	Loader.exe
PID 1168 wrote to memory of 2764	1168	Ghast Setup.tmp	Loader.exe
PID 1168 wrote to memory of 2764	1168	Ghast Setup.tmp	Loader.exe
PID 1168 wrote to memory of 2764	1168	Ghast Setup.tmp	Loader.exe
PID 2764 wrote to memory of 2924	2764	Loader.exe	Ghast.exe
PID 2764 wrote to memory of 2924	2764	Loader.exe	Ghast.exe
PID 2764 wrote to memory of 2924	2764	Loader.exe	Ghast.exe
PID 2764 wrote to memory of 2924	2764	Loader.exe	Ghast.exe
PID 2924 wrote to memory of 2188	2924	Ghast.exe	Ghast.exe
PID 2924 wrote to memory of 2188	2924	Ghast.exe	Ghast.exe
PID 2924 wrote to memory of 2188	2924	Ghast.exe	Ghast.exe
PID 2924 wrote to memory of 2188	2924	Ghast.exe	Ghast.exe
PID 2924 wrote to memory of 2412	2924	Ghast.exe	Ghast.exe
PID 2924 wrote to memory of 2412	2924	Ghast.exe	Ghast.exe
PID 2924 wrote to memory of 2412	2924	Ghast.exe	Ghast.exe
PID 2924 wrote to memory of 2412	2924	Ghast.exe	Ghast.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6c49758,0x7fef6c49768,0x7fef6c49778
1⤵
PID:2004

C:\Users\Admin\AppData\Local\Temp\Ghast Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Ghast Setup.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1332

C:\Users\Admin\AppData\Local\Temp\is-HPO7K.tmp\Ghast Setup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-HPO7K.tmp\Ghast Setup.tmp" /SL5="$F0150,48404993,898048,C:\Users\Admin\AppData\Local\Temp\Ghast Setup.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1168

C:\Users\Admin\AppData\Local\Programs\Ghast\Loader.exe
"C:\Users\Admin\AppData\Local\Programs\Ghast\Loader.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2764

C:\Users\Admin\AppData\Local\Programs\Ghast\Ghast.exe
C:\Users\Admin\AppData\Local\Programs\Ghast\Ghast.exe 9dbec760cb1f6259387d89adf480d75c
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2924

C:\Users\Admin\AppData\Local\Programs\Ghast\Ghast.exe
"C:\Users\Admin\AppData\Local\Programs\Ghast\Ghast.exe" --type=gpu-process --field-trial-handle=1060,4202726426548027541,4764253971232112772,131072 --no-sandbox --log-file="C:\Users\Admin\AppData\Local\Programs\Ghast\debug.log" --log-severity=warning --lang=en-US --disable-gpu disable-software-rasterizer --gpu-preferences=KAAAAAAAAADgAAAwAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --log-file="C:\Users\Admin\AppData\Local\Programs\Ghast\debug.log" --mojo-platform-channel-handle=1072 /prefetch:2
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2188

C:\Users\Admin\AppData\Local\Programs\Ghast\Ghast.exe
"C:\Users\Admin\AppData\Local\Programs\Ghast\Ghast.exe" --type=gpu-process --field-trial-handle=1060,4202726426548027541,4764253971232112772,131072 --no-sandbox --log-file="C:\Users\Admin\AppData\Local\Programs\Ghast\debug.log" --log-severity=warning --lang=en-US --disable-gpu disable-software-rasterizer --gpu-preferences=KAAAAAAAAADgAAAwAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file="C:\Users\Admin\AppData\Local\Programs\Ghast\debug.log" --mojo-platform-channel-handle=1164 /prefetch:2
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2412

C:\Users\Admin\AppData\Local\Programs\Ghast\Ghast.exe
"C:\Users\Admin\AppData\Local\Programs\Ghast\Ghast.exe" --type=utility --field-trial-handle=1060,4202726426548027541,4764253971232112772,131072 --lang=en-US --service-sandbox-type=network --no-sandbox --log-file="C:\Users\Admin\AppData\Local\Programs\Ghast\debug.log" --log-severity=warning --lang=en-US --disable-gpu disable-software-rasterizer --log-file="C:\Users\Admin\AppData\Local\Programs\Ghast\debug.log" --mojo-platform-channel-handle=1340 /prefetch:8
5⤵
PID:2544

C:\Users\Admin\AppData\Local\Programs\Ghast\Ghast.exe
"C:\Users\Admin\AppData\Local\Programs\Ghast\Ghast.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Local\Programs\Ghast\debug.log" --field-trial-handle=1060,4202726426548027541,4764253971232112772,131072 --disable-gpu-compositing --lang=en-US --log-file="C:\Users\Admin\AppData\Local\Programs\Ghast\debug.log" --log-severity=warning --disable-gpu disable-software-rasterizer --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1424 /prefetch:1
5⤵
PID:2564

C:\Users\Admin\AppData\Local\Programs\Ghast\Ghast.exe
"C:\Users\Admin\AppData\Local\Programs\Ghast\Ghast.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Local\Programs\Ghast\debug.log" --field-trial-handle=1060,4202726426548027541,4764253971232112772,131072 --disable-gpu-compositing --lang=en-US --log-file="C:\Users\Admin\AppData\Local\Programs\Ghast\debug.log" --log-severity=warning --disable-gpu disable-software-rasterizer --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1416 /prefetch:1
5⤵
PID:2560

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1136 --field-trial-handle=1232,i,10286716898560276352,1483225338321629536,131072 /prefetch:2
1⤵
PID:1924

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1500 --field-trial-handle=1232,i,10286716898560276352,1483225338321629536,131072 /prefetch:8
1⤵
PID:1776

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1644 --field-trial-handle=1232,i,10286716898560276352,1483225338321629536,131072 /prefetch:8
1⤵
PID:864

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --mojo-platform-channel-handle=2188 --field-trial-handle=1232,i,10286716898560276352,1483225338321629536,131072 /prefetch:1
1⤵
PID:1460

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --mojo-platform-channel-handle=2220 --field-trial-handle=1232,i,10286716898560276352,1483225338321629536,131072 /prefetch:1
1⤵
PID:1948

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1184

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1456 --field-trial-handle=1232,i,10286716898560276352,1483225338321629536,131072 /prefetch:2
1⤵
PID:2060

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --mojo-platform-channel-handle=2732 --field-trial-handle=1232,i,10286716898560276352,1483225338321629536,131072 /prefetch:1
1⤵
PID:2132

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3920 --field-trial-handle=1232,i,10286716898560276352,1483225338321629536,131072 /prefetch:8
1⤵
PID:2148

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4036 --field-trial-handle=1232,i,10286716898560276352,1483225338321629536,131072 /prefetch:8
1⤵
PID:2164

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --mojo-platform-channel-handle=4036 --field-trial-handle=1232,i,10286716898560276352,1483225338321629536,131072 /prefetch:1
1⤵
PID:2320

C:\Users\Admin\AppData\Local\Programs\Ghast\Loader.exe
"C:\Users\Admin\AppData\Local\Programs\Ghast\Loader.exe"
1⤵
PID:2640

C:\Users\Admin\AppData\Local\Programs\Ghast\Ghast.exe
C:\Users\Admin\AppData\Local\Programs\Ghast\Ghast.exe 9dbec760cb1f6259387d89adf480d75c
2⤵
PID:2784

C:\Users\Admin\AppData\Local\Programs\Ghast\Ghast.exe
"C:\Users\Admin\AppData\Local\Programs\Ghast\Ghast.exe" --type=gpu-process --field-trial-handle=1016,18162748138193273808,12186215092168364931,131072 --no-sandbox --log-file="C:\Users\Admin\AppData\Local\Programs\Ghast\debug.log" --log-severity=warning --lang=en-US --disable-gpu disable-software-rasterizer --gpu-preferences=KAAAAAAAAADgAAAwAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --log-file="C:\Users\Admin\AppData\Local\Programs\Ghast\debug.log" --mojo-platform-channel-handle=1032 /prefetch:2
3⤵
PID:2768

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2232

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x560
1⤵
PID:2396

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4324 --field-trial-handle=1232,i,10286716898560276352,1483225338321629536,131072 /prefetch:8
1⤵
PID:1592

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --mojo-platform-channel-handle=1880 --field-trial-handle=1232,i,10286716898560276352,1483225338321629536,131072 /prefetch:1
1⤵
PID:2776

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --mojo-platform-channel-handle=2304 --field-trial-handle=1232,i,10286716898560276352,1483225338321629536,131072 /prefetch:1
1⤵
PID:3028

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3760 --field-trial-handle=1232,i,10286716898560276352,1483225338321629536,131072 /prefetch:8
1⤵
PID:1500

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3772 --field-trial-handle=1232,i,10286716898560276352,1483225338321629536,131072 /prefetch:8
1⤵
PID:1328

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Ghast\unins000.exe
Filesize
3.1MB

MD5
161d1bd06392e424ebf8e4f7971db25b

SHA1
e77ded0d21db752db95dee086137cf138701c99a

SHA256
8c5f29f44a196946191e3ef6f6e8b829c9e6123176b4a4223ada06724471437c

SHA512
e3474f14633de67411ca0e3c26f18b0629b60d6e8f330c71bfadf0a6995cbcf356dc0b063eedd6712a764bfae4ada901ffdcc9285a337a02d045aabcdb4135f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013
Filesize
162KB

MD5
b81d6636c3ad72c63e532e5180eaf7f9

SHA1
ddcd059999fff6218e98af62dbe3fa9c885a0de8

SHA256
2fb4351c49b47b7cdaa9516237a8b1e690e4448339d09d70a84c658729e461ef

SHA512
4f0b87bbf60061a8efca4906554f958b7c28cf582452e01a8316d8c5ea8c98beda6c3230afff207f0b92d316c4c2e0ca1b4631e7d7364344b4a76394115af06b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
527B

MD5
e93e97572479577a19efcbd889def85c

SHA1
518a2a5a19ab3b2669c82b49add4b5887ae27304

SHA256
30c816620b4c97965ea615d9c049a0228f40cb78ba62c54da20f671c538eca4f

SHA512
b6e1522150aaddb490d9a60572ddb96f602f27a533812e69c1f61a8afca61dad2dbd0be0e9072ef5671f60854959801323d76fbffb93e2fb53ce5748961182c2

Download Submit
C:\Users\Admin\AppData\Local\Programs\Ghast\Common.dll
Filesize
527KB

MD5
05a1529dde4639e1f4462c4e3742d5a4

SHA1
783c905a4bd544f881dfe6883f24052bccfa4a14

SHA256
3da58f79c1173a4ad547b409b706c48076230c53c51fe9b95d7428d977d8247c

SHA512
e82933b8065e76e3176b3a1f2ecee0c869933558558001d95638075c1a8cc15c439ba26c90aab9dca7cb11ecd56e5cd6ce065d1c1076cee5f910ef2fe75c1ce6

Download Submit
C:\Users\Admin\AppData\Local\Programs\Ghast\D3DCompiler_47.dll
Filesize
4.1MB

MD5
222d020bd33c90170a8296adc1b7036a

SHA1
612e6f443d927330b9b8ac13cc4a2a6b959cee48

SHA256
4432bbd1a390874f3f0a503d45cc48d346abc3a8c0213c289f4b615bf0ee84f3

SHA512
ad8c7ce7f6f353da5e2cf816e1a69f1ec14011612e8041e4f9bb6ebed3e0fa4e4ebc069155a0c66e23811467012c201893b9b3b7a947d089ce2c749d5e8910c6

Download Submit
C:\Users\Admin\AppData\Local\Programs\Ghast\Ghast.exe
Filesize
4.7MB

MD5
5df04392bc93b32d6db17200d665ef55

SHA1
5d862174d83a653db244b3bf39ce3190e2493639

SHA256
214fd3af555d478fc17fef914fcb882f72d4fc0f82f0ca9f662efdbc11304a34

SHA512
7f1b95e3eeb86dceecab42b7616ee135fe79b7e942561a2270b2241793871135dfa8233aeb9956be4ed646585f3969b1ae70b39044593dcdf082419e8095477a

Download Submit
C:\Users\Admin\AppData\Local\Programs\Ghast\Ghast.exe
Filesize
4.7MB

MD5
5df04392bc93b32d6db17200d665ef55

SHA1
5d862174d83a653db244b3bf39ce3190e2493639

SHA256
214fd3af555d478fc17fef914fcb882f72d4fc0f82f0ca9f662efdbc11304a34

SHA512
7f1b95e3eeb86dceecab42b7616ee135fe79b7e942561a2270b2241793871135dfa8233aeb9956be4ed646585f3969b1ae70b39044593dcdf082419e8095477a

Download Submit
C:\Users\Admin\AppData\Local\Programs\Ghast\Ghast.exe
Filesize
4.7MB

MD5
5df04392bc93b32d6db17200d665ef55

SHA1
5d862174d83a653db244b3bf39ce3190e2493639

SHA256
214fd3af555d478fc17fef914fcb882f72d4fc0f82f0ca9f662efdbc11304a34

SHA512
7f1b95e3eeb86dceecab42b7616ee135fe79b7e942561a2270b2241793871135dfa8233aeb9956be4ed646585f3969b1ae70b39044593dcdf082419e8095477a

Download Submit
C:\Users\Admin\AppData\Local\Programs\Ghast\Ghast.exe
Filesize
4.7MB

MD5
5df04392bc93b32d6db17200d665ef55

SHA1
5d862174d83a653db244b3bf39ce3190e2493639

SHA256
214fd3af555d478fc17fef914fcb882f72d4fc0f82f0ca9f662efdbc11304a34

SHA512
7f1b95e3eeb86dceecab42b7616ee135fe79b7e942561a2270b2241793871135dfa8233aeb9956be4ed646585f3969b1ae70b39044593dcdf082419e8095477a

Download Submit
C:\Users\Admin\AppData\Local\Programs\Ghast\Ghast.exe
Filesize
4.7MB

MD5
5df04392bc93b32d6db17200d665ef55

SHA1
5d862174d83a653db244b3bf39ce3190e2493639

SHA256
214fd3af555d478fc17fef914fcb882f72d4fc0f82f0ca9f662efdbc11304a34

SHA512
7f1b95e3eeb86dceecab42b7616ee135fe79b7e942561a2270b2241793871135dfa8233aeb9956be4ed646585f3969b1ae70b39044593dcdf082419e8095477a

Download Submit
C:\Users\Admin\AppData\Local\Programs\Ghast\Ghast.exe
Filesize
4.7MB

MD5
5df04392bc93b32d6db17200d665ef55

SHA1
5d862174d83a653db244b3bf39ce3190e2493639

SHA256
214fd3af555d478fc17fef914fcb882f72d4fc0f82f0ca9f662efdbc11304a34

SHA512
7f1b95e3eeb86dceecab42b7616ee135fe79b7e942561a2270b2241793871135dfa8233aeb9956be4ed646585f3969b1ae70b39044593dcdf082419e8095477a

Download Submit
C:\Users\Admin\AppData\Local\Programs\Ghast\Loader.exe
Filesize
4.8MB

MD5
9dbec760cb1f6259387d89adf480d75c

SHA1
e855453a2fc08fc529dd647d4d2e2c1444b777bb

SHA256
5b0dc69e9ee9aeb6e9ff56cd793ceb567d9e99dd546a9b16fb24e5fb491d40b5

SHA512
2526da3047677dc20d6c7676152aef7f952120073d36ee22c9f0c9735e6325bc7f456145cb56196baf96326bdbc5d2169ce7c0b099be388e1a71469cfa7a374e

Download Submit
C:\Users\Admin\AppData\Local\Programs\Ghast\Loader.exe
Filesize
4.8MB

MD5
9dbec760cb1f6259387d89adf480d75c

SHA1
e855453a2fc08fc529dd647d4d2e2c1444b777bb

SHA256
5b0dc69e9ee9aeb6e9ff56cd793ceb567d9e99dd546a9b16fb24e5fb491d40b5

SHA512
2526da3047677dc20d6c7676152aef7f952120073d36ee22c9f0c9735e6325bc7f456145cb56196baf96326bdbc5d2169ce7c0b099be388e1a71469cfa7a374e

Download Submit
C:\Users\Admin\AppData\Local\Programs\Ghast\Loader.exe
Filesize
4.8MB

MD5
9dbec760cb1f6259387d89adf480d75c

SHA1
e855453a2fc08fc529dd647d4d2e2c1444b777bb

SHA256
5b0dc69e9ee9aeb6e9ff56cd793ceb567d9e99dd546a9b16fb24e5fb491d40b5

SHA512
2526da3047677dc20d6c7676152aef7f952120073d36ee22c9f0c9735e6325bc7f456145cb56196baf96326bdbc5d2169ce7c0b099be388e1a71469cfa7a374e

Download Submit
C:\Users\Admin\AppData\Local\Programs\Ghast\VCRUNTIME140.dll
Filesize
74KB

MD5
a075828073369628bcca8a80fa225744

SHA1
2d576b316860c141d81ba9916d5915aceb336c7e

SHA256
dbc5559ca8d99f045c5511f56a2c4dd156d2672d189935e242284a835c0d7f92

SHA512
f92bc90a1d75268f2961e8a83268afc1efbf1381c884742658bca135367104b148fdbb8c0d643daa10063a98e032bcd7d4da50daebf4fa96e203814030a2c993

Download Submit
C:\Users\Admin\AppData\Local\Programs\Ghast\cef.pak
Filesize
2.0MB

MD5
fadbeb0dfdcf3e3321b954dccd5f2dc9

SHA1
88a3f6ff673a77d613bca4461949c6f8a1208aed

SHA256
b816b4775ad62cfd9b1b8c27446f39dfe06fb5ce8637ce89c7896a4b0095a835

SHA512
644f6af10f991e02b4613cfcb422520c9f39d5de4d9941fbc480716ce96c141875e8477f9b6844d740e164cd055fc0a0246afa0de2939d6636086112007cb0c9

Download Submit
C:\Users\Admin\AppData\Local\Programs\Ghast\cef_100_percent.pak
Filesize
638KB

MD5
d6537d8bd18bea635651fdec3d152909

SHA1
888bd16bbcead51b8968e706eb57177ffcd57227

SHA256
24bc9d0779ee755518702aa8f62c313feaaeee5f85688d9c17d22d0c3a3f0dbc

SHA512
4f9909cdd0199f37e0c5cd64b9cf943e2f6e479243a31fa02456cce0dcbecf4df7dd469e375fad5f823920e1beb5e18bb534d9bdcf039ef1850a0e2220951ebc

Download Submit
C:\Users\Admin\AppData\Local\Programs\Ghast\cef_200_percent.pak
Filesize
789KB

MD5
bd1ce17f9350ac0ee83a350439099526

SHA1
fd9328c6c2b2fb2cb3b877548bcf86afcc65a6a3

SHA256
bbb4fae64ae9a18a3cd27fde9936d0c79b8df03aca7f25043e51ed6d85455e30

SHA512
4b5d31a10ebf5c0d511d4df2ca661a484f2299af93b2cb3c26f54c6d590c972cb4b01f74595575fb51e0da44627463104808e4f16dc6f02c660309d2c77379b0

Download Submit
C:\Users\Admin\AppData\Local\Programs\Ghast\cef_extensions.pak
Filesize
1.7MB

MD5
968fbcb567ad6a183a11511cd9871086

SHA1
a3f74917fc7a78f9a6cdf7d9f69234605c7eeffa

SHA256
85e4c876c03e997833d0859e8ce28df41de458142c4d02e9651686c426ef5a8d

SHA512
2af6d1d6726279a1f6dfbf3968b20d32c5a77bac8bddf01ed24d20b33c1b027baccf3541bc6db8a6ba848de69fc7affc5bb7e30e4d3c2a0ea02d261190795e8c

Download Submit
C:\Users\Admin\AppData\Local\Programs\Ghast\chrome_elf.dll
Filesize
801KB

MD5
b5705e3ab1c96214e454dfb140654bc3

SHA1
39656b014dd9de7a4a2bf74b7f0defd34a83a8c5

SHA256
f63e2dcdc17c94ffa21fd933d4d67f9a15b6f3164d046a480289953a67640ca3

SHA512
eeb22d741e07c1e4e03d9fd642f328147264b6972b382903b31df3c07e92f8b327e4b87d9d2ac59d95872d9c8da37d5772116f0b94c43f5537ed7bc0fd6d2cfb

Download Submit
C:\Users\Admin\AppData\Local\Programs\Ghast\debug.log
Filesize
661B

MD5
8f8db2456638367bce0ee8ca3c499620

SHA1
09428ae477e947e83e069095849fb2fbafacbe09

SHA256
ca0162c488eedf58c6a8219f41339199b134d4e796d40d97f6347044de518a36

SHA512
319a6f9b994258a205df351ce82440b4795390a48eae0ca3cc0ed512768c4f261829733d04e81fc3132d026e7e7407c6840efd0b89d842dc4a2208e508d7fe57

Download Submit
C:\Users\Admin\AppData\Local\Programs\Ghast\icudtl.dat
Filesize
10.0MB

MD5
3f019441588332ac8b79a3a3901a5449

SHA1
c8930e95b78deef5b7730102acd39f03965d479a

SHA256
594637e10b8f5c97157413528f0cbf5bc65b4ab9e79f5fa34fe268092655ec57

SHA512
ee083ae5e93e70d5bbebe36ec482aa75c47d908df487a43db2b55ddd6b55c291606649175cf7907d6ab64fc81ead7275ec56e3193b631f8f78b10d2c775fd1a9

Download Submit
C:\Users\Admin\AppData\Local\Programs\Ghast\libcef.dll
Filesize
95.8MB

MD5
07f2b060b5e53c8ac3110bcc3b1a3b76

SHA1
8a0f8ad03d6c422383dd90b24fe5cb0e5a661c4f

SHA256
f069bdf29d6834f5fd5971da127a694897afecc6d0cb9a530bbb66aebcda4409

SHA512
59caae84d966e54d7717335aa22d2ef3bc684f5c26d6b05142f4de18d1de8c75b4f55802228d427aa9fb32ff298a228db220166b654baf5f3c19509a1b20502d

Download Submit
C:\Users\Admin\AppData\Local\Programs\Ghast\libegl.dll
Filesize
302KB

MD5
cc32638894d85b05f358795081114b02

SHA1
4f5c9be29429303daef13f90eafb9578970d80fa

SHA256
eb91694ff12b6dcafed54df1d7753301f8ee4f0a74575236a11e4fbe8b17464e

SHA512
c99c1e7f13d1fcda9d5e59cb29e905207ba2aff99b8368826c06e0d49d767a3c6d53d5e1c03365a9fa3a58a7985af5da8e18ab24faec2a6b9f732904f51f1664

Download Submit
C:\Users\Admin\AppData\Local\Programs\Ghast\libglesv2.dll
Filesize
6.6MB

MD5
1d8938ac6713700338823c7c21c971e4

SHA1
4908331fefca06dc4975ffd8bc741d92eda1ce49

SHA256
6ea650ed63f3a301d554ad9bd85958a823f2be6eb07a285edea8b508be5dfd96

SHA512
7880b9b626c1e4ac13aa0601b2c37163f788524a55aec9850f637d8e058c805e590a60c7dcb98e4b4dab4abcc10dff7312c34346f669696badc5fc8c301e7809

Download Submit
C:\Users\Admin\AppData\Local\Programs\Ghast\libsodium.dll
Filesize
328KB

MD5
d07628811c6c2a042d9d5849c5e6d5d3

SHA1
58b9687050a1808e71288241c25c68b82d0e03e6

SHA256
0c91e8be0548203978caeb8dd02a3db31c69e9b4bbfc13f768e39fe2b1486ddf

SHA512
0f489aa068539905bd29a5243d8639297e261111e900955147900a222bbe62f01081edb078626677af828481c88a28fad754018427a2cb1b168c690487976df1

Download Submit
C:\Users\Admin\AppData\Local\Programs\Ghast\locales\en-US.pak
Filesize
201KB

MD5
ca71b35dd44d9949f8d7f1f47f6e274b

SHA1
7614f231538628f56cbde317495d6ffe95f8900a

SHA256
a4a1b7c72a6cf829e9f023a8673ceff385931e22fc5c23c361d8f43448b95ebc

SHA512
000017ebc7fbb3cfbc5837107795130b1c2916e8fcb3f35ebd010352921d3d8eb45a8d3ecf9a395b3409881440497c453efab9edbee0cd886bb9be848698255e

Download Submit
C:\Users\Admin\AppData\Local\Programs\Ghast\v8_context_snapshot.bin
Filesize
541KB

MD5
87e39a722b1469f1f19f456e6b7f93ad

SHA1
4c07e2fcf21a1925049ca34f26c2572daeeba4cb

SHA256
23e7f749ee278ffb21a9f109e860f99a2ded13ad6ffdefd16b069559e8e40cf7

SHA512
086bbd50394b11bf148922a1ac9881328842f3041093f95d6bb1cc57e64d73801c6b5e41deb43dcca3e22f10f65c88388d4300e185c639f28da33f4a0e8b30d6

Download Submit
C:\Users\Admin\AppData\Local\Programs\Ghast\zlib1.dll
Filesize
76KB

MD5
590f948143d93691efdee479d459944e

SHA1
0a93952856d28509793d56cde7b999f4c3502a91

SHA256
ee192eba2020707d56bf9e51c30d878636576d0c4481252a19a6da771841502e

SHA512
75fcc3e37e713f46bbe2abcd6dca8b413353cdffa96595d10b04c01210f3c5b91f98d51ee8aa1920feac2a085eeac144241bd2b639cc266be2a248b9e07c245a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab407B.tmp
Filesize
61KB

MD5
fc4666cbca561e864e7fdf883a9e6661

SHA1
2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

SHA256
10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

SHA512
c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-HPO7K.tmp\Ghast Setup.tmp
Filesize
3.1MB

MD5
161d1bd06392e424ebf8e4f7971db25b

SHA1
e77ded0d21db752db95dee086137cf138701c99a

SHA256
8c5f29f44a196946191e3ef6f6e8b829c9e6123176b4a4223ada06724471437c

SHA512
e3474f14633de67411ca0e3c26f18b0629b60d6e8f330c71bfadf0a6995cbcf356dc0b063eedd6712a764bfae4ada901ffdcc9285a337a02d045aabcdb4135f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-HPO7K.tmp\Ghast Setup.tmp
Filesize
3.1MB

MD5
161d1bd06392e424ebf8e4f7971db25b

SHA1
e77ded0d21db752db95dee086137cf138701c99a

SHA256
8c5f29f44a196946191e3ef6f6e8b829c9e6123176b4a4223ada06724471437c

SHA512
e3474f14633de67411ca0e3c26f18b0629b60d6e8f330c71bfadf0a6995cbcf356dc0b063eedd6712a764bfae4ada901ffdcc9285a337a02d045aabcdb4135f6

Download Submit
\??\pipe\crashpad_2040_SJDVCOGOCZTSTOTV
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\Program Files (x86)\Ghast\unins000.exe
Filesize
3.1MB

MD5
161d1bd06392e424ebf8e4f7971db25b

SHA1
e77ded0d21db752db95dee086137cf138701c99a

SHA256
8c5f29f44a196946191e3ef6f6e8b829c9e6123176b4a4223ada06724471437c

SHA512
e3474f14633de67411ca0e3c26f18b0629b60d6e8f330c71bfadf0a6995cbcf356dc0b063eedd6712a764bfae4ada901ffdcc9285a337a02d045aabcdb4135f6

Download Submit
\Users\Admin\AppData\Local\Programs\Ghast\Common.dll
Filesize
527KB

MD5
05a1529dde4639e1f4462c4e3742d5a4

SHA1
783c905a4bd544f881dfe6883f24052bccfa4a14

SHA256
3da58f79c1173a4ad547b409b706c48076230c53c51fe9b95d7428d977d8247c

SHA512
e82933b8065e76e3176b3a1f2ecee0c869933558558001d95638075c1a8cc15c439ba26c90aab9dca7cb11ecd56e5cd6ce065d1c1076cee5f910ef2fe75c1ce6

Download Submit
\Users\Admin\AppData\Local\Programs\Ghast\Common.dll
Filesize
527KB

MD5
05a1529dde4639e1f4462c4e3742d5a4

SHA1
783c905a4bd544f881dfe6883f24052bccfa4a14

SHA256
3da58f79c1173a4ad547b409b706c48076230c53c51fe9b95d7428d977d8247c

SHA512
e82933b8065e76e3176b3a1f2ecee0c869933558558001d95638075c1a8cc15c439ba26c90aab9dca7cb11ecd56e5cd6ce065d1c1076cee5f910ef2fe75c1ce6

Download Submit
\Users\Admin\AppData\Local\Programs\Ghast\Common.dll
Filesize
527KB

MD5
05a1529dde4639e1f4462c4e3742d5a4

SHA1
783c905a4bd544f881dfe6883f24052bccfa4a14

SHA256
3da58f79c1173a4ad547b409b706c48076230c53c51fe9b95d7428d977d8247c

SHA512
e82933b8065e76e3176b3a1f2ecee0c869933558558001d95638075c1a8cc15c439ba26c90aab9dca7cb11ecd56e5cd6ce065d1c1076cee5f910ef2fe75c1ce6

Download Submit
\Users\Admin\AppData\Local\Programs\Ghast\Ghast.exe
Filesize
4.7MB

MD5
5df04392bc93b32d6db17200d665ef55

SHA1
5d862174d83a653db244b3bf39ce3190e2493639

SHA256
214fd3af555d478fc17fef914fcb882f72d4fc0f82f0ca9f662efdbc11304a34

SHA512
7f1b95e3eeb86dceecab42b7616ee135fe79b7e942561a2270b2241793871135dfa8233aeb9956be4ed646585f3969b1ae70b39044593dcdf082419e8095477a

Download Submit
\Users\Admin\AppData\Local\Programs\Ghast\Loader.exe
Filesize
4.8MB

MD5
9dbec760cb1f6259387d89adf480d75c

SHA1
e855453a2fc08fc529dd647d4d2e2c1444b777bb

SHA256
5b0dc69e9ee9aeb6e9ff56cd793ceb567d9e99dd546a9b16fb24e5fb491d40b5

SHA512
2526da3047677dc20d6c7676152aef7f952120073d36ee22c9f0c9735e6325bc7f456145cb56196baf96326bdbc5d2169ce7c0b099be388e1a71469cfa7a374e

Download Submit
\Users\Admin\AppData\Local\Programs\Ghast\Loader.exe
Filesize
4.8MB

MD5
9dbec760cb1f6259387d89adf480d75c

SHA1
e855453a2fc08fc529dd647d4d2e2c1444b777bb

SHA256
5b0dc69e9ee9aeb6e9ff56cd793ceb567d9e99dd546a9b16fb24e5fb491d40b5

SHA512
2526da3047677dc20d6c7676152aef7f952120073d36ee22c9f0c9735e6325bc7f456145cb56196baf96326bdbc5d2169ce7c0b099be388e1a71469cfa7a374e

Download Submit
\Users\Admin\AppData\Local\Programs\Ghast\chrome_elf.dll
Filesize
801KB

MD5
b5705e3ab1c96214e454dfb140654bc3

SHA1
39656b014dd9de7a4a2bf74b7f0defd34a83a8c5

SHA256
f63e2dcdc17c94ffa21fd933d4d67f9a15b6f3164d046a480289953a67640ca3

SHA512
eeb22d741e07c1e4e03d9fd642f328147264b6972b382903b31df3c07e92f8b327e4b87d9d2ac59d95872d9c8da37d5772116f0b94c43f5537ed7bc0fd6d2cfb

Download Submit
\Users\Admin\AppData\Local\Programs\Ghast\chrome_elf.dll
Filesize
801KB

MD5
b5705e3ab1c96214e454dfb140654bc3

SHA1
39656b014dd9de7a4a2bf74b7f0defd34a83a8c5

SHA256
f63e2dcdc17c94ffa21fd933d4d67f9a15b6f3164d046a480289953a67640ca3

SHA512
eeb22d741e07c1e4e03d9fd642f328147264b6972b382903b31df3c07e92f8b327e4b87d9d2ac59d95872d9c8da37d5772116f0b94c43f5537ed7bc0fd6d2cfb

Download Submit
\Users\Admin\AppData\Local\Programs\Ghast\chrome_elf.dll
Filesize
801KB

MD5
b5705e3ab1c96214e454dfb140654bc3

SHA1
39656b014dd9de7a4a2bf74b7f0defd34a83a8c5

SHA256
f63e2dcdc17c94ffa21fd933d4d67f9a15b6f3164d046a480289953a67640ca3

SHA512
eeb22d741e07c1e4e03d9fd642f328147264b6972b382903b31df3c07e92f8b327e4b87d9d2ac59d95872d9c8da37d5772116f0b94c43f5537ed7bc0fd6d2cfb

Download Submit
\Users\Admin\AppData\Local\Programs\Ghast\d3dcompiler_47.dll
Filesize
4.1MB

MD5
222d020bd33c90170a8296adc1b7036a

SHA1
612e6f443d927330b9b8ac13cc4a2a6b959cee48

SHA256
4432bbd1a390874f3f0a503d45cc48d346abc3a8c0213c289f4b615bf0ee84f3

SHA512
ad8c7ce7f6f353da5e2cf816e1a69f1ec14011612e8041e4f9bb6ebed3e0fa4e4ebc069155a0c66e23811467012c201893b9b3b7a947d089ce2c749d5e8910c6

Download Submit
\Users\Admin\AppData\Local\Programs\Ghast\d3dcompiler_47.dll
Filesize
4.1MB

MD5
222d020bd33c90170a8296adc1b7036a

SHA1
612e6f443d927330b9b8ac13cc4a2a6b959cee48

SHA256
4432bbd1a390874f3f0a503d45cc48d346abc3a8c0213c289f4b615bf0ee84f3

SHA512
ad8c7ce7f6f353da5e2cf816e1a69f1ec14011612e8041e4f9bb6ebed3e0fa4e4ebc069155a0c66e23811467012c201893b9b3b7a947d089ce2c749d5e8910c6

Download Submit
\Users\Admin\AppData\Local\Programs\Ghast\libEGL.dll
Filesize
302KB

MD5
cc32638894d85b05f358795081114b02

SHA1
4f5c9be29429303daef13f90eafb9578970d80fa

SHA256
eb91694ff12b6dcafed54df1d7753301f8ee4f0a74575236a11e4fbe8b17464e

SHA512
c99c1e7f13d1fcda9d5e59cb29e905207ba2aff99b8368826c06e0d49d767a3c6d53d5e1c03365a9fa3a58a7985af5da8e18ab24faec2a6b9f732904f51f1664

Download Submit
\Users\Admin\AppData\Local\Programs\Ghast\libGLESv2.dll
Filesize
6.6MB

MD5
1d8938ac6713700338823c7c21c971e4

SHA1
4908331fefca06dc4975ffd8bc741d92eda1ce49

SHA256
6ea650ed63f3a301d554ad9bd85958a823f2be6eb07a285edea8b508be5dfd96

SHA512
7880b9b626c1e4ac13aa0601b2c37163f788524a55aec9850f637d8e058c805e590a60c7dcb98e4b4dab4abcc10dff7312c34346f669696badc5fc8c301e7809

Download Submit
\Users\Admin\AppData\Local\Programs\Ghast\libcef.dll
Filesize
95.8MB

MD5
07f2b060b5e53c8ac3110bcc3b1a3b76

SHA1
8a0f8ad03d6c422383dd90b24fe5cb0e5a661c4f

SHA256
f069bdf29d6834f5fd5971da127a694897afecc6d0cb9a530bbb66aebcda4409

SHA512
59caae84d966e54d7717335aa22d2ef3bc684f5c26d6b05142f4de18d1de8c75b4f55802228d427aa9fb32ff298a228db220166b654baf5f3c19509a1b20502d

Download Submit
\Users\Admin\AppData\Local\Programs\Ghast\libcef.dll
Filesize
95.8MB

MD5
07f2b060b5e53c8ac3110bcc3b1a3b76

SHA1
8a0f8ad03d6c422383dd90b24fe5cb0e5a661c4f

SHA256
f069bdf29d6834f5fd5971da127a694897afecc6d0cb9a530bbb66aebcda4409

SHA512
59caae84d966e54d7717335aa22d2ef3bc684f5c26d6b05142f4de18d1de8c75b4f55802228d427aa9fb32ff298a228db220166b654baf5f3c19509a1b20502d

Download Submit
\Users\Admin\AppData\Local\Programs\Ghast\libcef.dll
Filesize
95.8MB

MD5
07f2b060b5e53c8ac3110bcc3b1a3b76

SHA1
8a0f8ad03d6c422383dd90b24fe5cb0e5a661c4f

SHA256
f069bdf29d6834f5fd5971da127a694897afecc6d0cb9a530bbb66aebcda4409

SHA512
59caae84d966e54d7717335aa22d2ef3bc684f5c26d6b05142f4de18d1de8c75b4f55802228d427aa9fb32ff298a228db220166b654baf5f3c19509a1b20502d

Download Submit
\Users\Admin\AppData\Local\Programs\Ghast\libcef.dll
Filesize
95.8MB

MD5
07f2b060b5e53c8ac3110bcc3b1a3b76

SHA1
8a0f8ad03d6c422383dd90b24fe5cb0e5a661c4f

SHA256
f069bdf29d6834f5fd5971da127a694897afecc6d0cb9a530bbb66aebcda4409

SHA512
59caae84d966e54d7717335aa22d2ef3bc684f5c26d6b05142f4de18d1de8c75b4f55802228d427aa9fb32ff298a228db220166b654baf5f3c19509a1b20502d

Download Submit
\Users\Admin\AppData\Local\Programs\Ghast\libcef.dll
Filesize
95.8MB

MD5
07f2b060b5e53c8ac3110bcc3b1a3b76

SHA1
8a0f8ad03d6c422383dd90b24fe5cb0e5a661c4f

SHA256
f069bdf29d6834f5fd5971da127a694897afecc6d0cb9a530bbb66aebcda4409

SHA512
59caae84d966e54d7717335aa22d2ef3bc684f5c26d6b05142f4de18d1de8c75b4f55802228d427aa9fb32ff298a228db220166b654baf5f3c19509a1b20502d

Download Submit
\Users\Admin\AppData\Local\Programs\Ghast\libsodium.dll
Filesize
328KB

MD5
d07628811c6c2a042d9d5849c5e6d5d3

SHA1
58b9687050a1808e71288241c25c68b82d0e03e6

SHA256
0c91e8be0548203978caeb8dd02a3db31c69e9b4bbfc13f768e39fe2b1486ddf

SHA512
0f489aa068539905bd29a5243d8639297e261111e900955147900a222bbe62f01081edb078626677af828481c88a28fad754018427a2cb1b168c690487976df1

Download Submit
\Users\Admin\AppData\Local\Programs\Ghast\libsodium.dll
Filesize
328KB

MD5
d07628811c6c2a042d9d5849c5e6d5d3

SHA1
58b9687050a1808e71288241c25c68b82d0e03e6

SHA256
0c91e8be0548203978caeb8dd02a3db31c69e9b4bbfc13f768e39fe2b1486ddf

SHA512
0f489aa068539905bd29a5243d8639297e261111e900955147900a222bbe62f01081edb078626677af828481c88a28fad754018427a2cb1b168c690487976df1

Download Submit
\Users\Admin\AppData\Local\Programs\Ghast\libsodium.dll
Filesize
328KB

MD5
d07628811c6c2a042d9d5849c5e6d5d3

SHA1
58b9687050a1808e71288241c25c68b82d0e03e6

SHA256
0c91e8be0548203978caeb8dd02a3db31c69e9b4bbfc13f768e39fe2b1486ddf

SHA512
0f489aa068539905bd29a5243d8639297e261111e900955147900a222bbe62f01081edb078626677af828481c88a28fad754018427a2cb1b168c690487976df1

Download Submit
\Users\Admin\AppData\Local\Programs\Ghast\vcruntime140.dll
Filesize
74KB

MD5
a075828073369628bcca8a80fa225744

SHA1
2d576b316860c141d81ba9916d5915aceb336c7e

SHA256
dbc5559ca8d99f045c5511f56a2c4dd156d2672d189935e242284a835c0d7f92

SHA512
f92bc90a1d75268f2961e8a83268afc1efbf1381c884742658bca135367104b148fdbb8c0d643daa10063a98e032bcd7d4da50daebf4fa96e203814030a2c993

Download Submit
\Users\Admin\AppData\Local\Programs\Ghast\vcruntime140.dll
Filesize
74KB

MD5
a075828073369628bcca8a80fa225744

SHA1
2d576b316860c141d81ba9916d5915aceb336c7e

SHA256
dbc5559ca8d99f045c5511f56a2c4dd156d2672d189935e242284a835c0d7f92

SHA512
f92bc90a1d75268f2961e8a83268afc1efbf1381c884742658bca135367104b148fdbb8c0d643daa10063a98e032bcd7d4da50daebf4fa96e203814030a2c993

Download Submit
\Users\Admin\AppData\Local\Programs\Ghast\vcruntime140.dll
Filesize
74KB

MD5
a075828073369628bcca8a80fa225744

SHA1
2d576b316860c141d81ba9916d5915aceb336c7e

SHA256
dbc5559ca8d99f045c5511f56a2c4dd156d2672d189935e242284a835c0d7f92

SHA512
f92bc90a1d75268f2961e8a83268afc1efbf1381c884742658bca135367104b148fdbb8c0d643daa10063a98e032bcd7d4da50daebf4fa96e203814030a2c993

Download Submit
\Users\Admin\AppData\Local\Programs\Ghast\zlib1.dll
Filesize
76KB

MD5
590f948143d93691efdee479d459944e

SHA1
0a93952856d28509793d56cde7b999f4c3502a91

SHA256
ee192eba2020707d56bf9e51c30d878636576d0c4481252a19a6da771841502e

SHA512
75fcc3e37e713f46bbe2abcd6dca8b413353cdffa96595d10b04c01210f3c5b91f98d51ee8aa1920feac2a085eeac144241bd2b639cc266be2a248b9e07c245a

Download Submit
\Users\Admin\AppData\Local\Programs\Ghast\zlib1.dll
Filesize
76KB

MD5
590f948143d93691efdee479d459944e

SHA1
0a93952856d28509793d56cde7b999f4c3502a91

SHA256
ee192eba2020707d56bf9e51c30d878636576d0c4481252a19a6da771841502e

SHA512
75fcc3e37e713f46bbe2abcd6dca8b413353cdffa96595d10b04c01210f3c5b91f98d51ee8aa1920feac2a085eeac144241bd2b639cc266be2a248b9e07c245a

Download Submit
\Users\Admin\AppData\Local\Programs\Ghast\zlib1.dll
Filesize
76KB

MD5
590f948143d93691efdee479d459944e

SHA1
0a93952856d28509793d56cde7b999f4c3502a91

SHA256
ee192eba2020707d56bf9e51c30d878636576d0c4481252a19a6da771841502e

SHA512
75fcc3e37e713f46bbe2abcd6dca8b413353cdffa96595d10b04c01210f3c5b91f98d51ee8aa1920feac2a085eeac144241bd2b639cc266be2a248b9e07c245a

Download Submit
\Users\Admin\AppData\Local\Temp\is-HPO7K.tmp\Ghast Setup.tmp
Filesize
3.1MB

MD5
161d1bd06392e424ebf8e4f7971db25b

SHA1
e77ded0d21db752db95dee086137cf138701c99a

SHA256
8c5f29f44a196946191e3ef6f6e8b829c9e6123176b4a4223ada06724471437c

SHA512
e3474f14633de67411ca0e3c26f18b0629b60d6e8f330c71bfadf0a6995cbcf356dc0b063eedd6712a764bfae4ada901ffdcc9285a337a02d045aabcdb4135f6

Download Submit
memory/1168-62-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/1168-74-0x0000000000400000-0x0000000000723000-memory.dmp

Filesize
3.1MB

Download
memory/1168-85-0x0000000000400000-0x0000000000723000-memory.dmp

Filesize
3.1MB

Download
memory/1168-146-0x0000000000400000-0x0000000000723000-memory.dmp

Filesize
3.1MB

Download
memory/1168-148-0x0000000000400000-0x0000000000723000-memory.dmp

Filesize
3.1MB

Download
memory/1168-65-0x0000000000400000-0x0000000000723000-memory.dmp

Filesize
3.1MB

Download
memory/1168-66-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/1332-64-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/1332-149-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/1332-54-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/2924-216-0x0000000002790000-0x0000000002791000-memory.dmp

Filesize
4KB

Download