lumma | 9a876facaf95ad919234256608032c0f47f9e321b6fdcdbb348477208eedac7f

Analysis

max time kernel
152s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
01-04-2023 07:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

FindTheHidden.exe
Size

49.5MB
MD5

a08654ef7f22bb2862f55463f6fce118
SHA1

9ee3ca739208e339c23812b02fe1d12f5c932742
SHA256

5569baddcfa52b9815c86d40fd4a6b5a691f0a46808fde00c35d6d6fd2975e79
SHA512

363db6cdd1c8500ec79a69c4e713ba011f83913abfad40048e4aa385f1b7351dd7c712277c86ca5ac7d8db91e6d7e5b03500d6662c76bcf5f8164f9f82d49ed6
SSDEEP

786432:LBXEisfPBhJaPz3UqhaqsSZFr9AZoxJdbjxnZ/MIvLPUlRkJqM0QKimbWt62iNv7:1qf32awRMOPbdZ/MIIlR/q8WU7

Score

10^/10

lumma spyware stealer

Malware Config

Signatures

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma
Drops startup file 1 IoCs

Processes:

FindTheHidden.exe

description ioc process

File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Updater.exe FindTheHidden.exe
Executes dropped EXE 3 IoCs

Processes:

FindTheHidden.exeFindTheHidden.exeFindTheHidden.exe

pid process

1960 FindTheHidden.exe
1156 FindTheHidden.exe
2140 FindTheHidden.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Updater.exe	FindTheHidden.exe

pid	process
1960	FindTheHidden.exe
1156	FindTheHidden.exe
2140	FindTheHidden.exe

Loads dropped DLL 13 IoCs

Processes:

FindTheHidden.exeFindTheHidden.exeFindTheHidden.exeFindTheHidden.exe

pid	process
4512	FindTheHidden.exe
4512	FindTheHidden.exe
4512	FindTheHidden.exe
1960	FindTheHidden.exe
1960	FindTheHidden.exe
1960	FindTheHidden.exe
1156	FindTheHidden.exe
1156	FindTheHidden.exe
1156	FindTheHidden.exe
1156	FindTheHidden.exe
1156	FindTheHidden.exe
1156	FindTheHidden.exe
2140	FindTheHidden.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates processes with tasklist 1 TTPs 2 IoCs

Process Discovery
T1057

Processes:

tasklist.exetasklist.exe

pid process

3536 tasklist.exe
4452 tasklist.exe

pid	process
3536	tasklist.exe
4452	tasklist.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Kills process with taskkill 1 IoCs
evasion

Processes:

taskkill.exe

pid process

1404 taskkill.exe

pid	process
1404	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133248164761334679"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

Processes:

firefox.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings firefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

chrome.exeFindTheHidden.exepowershell.exe

pid	process
4472	chrome.exe
4472	chrome.exe
1960	FindTheHidden.exe
1960	FindTheHidden.exe
1960	FindTheHidden.exe
1960	FindTheHidden.exe
1960	FindTheHidden.exe
1960	FindTheHidden.exe
3412	powershell.exe
3412	powershell.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

Processes:

chrome.exe

pid process

4472 chrome.exe
4472 chrome.exe
4472 chrome.exe
4472 chrome.exe
4472 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

FindTheHidden.exechrome.exetasklist.exetaskkill.exeFindTheHidden.exetasklist.exe

description	pid	process
Token: SeSecurityPrivilege	4512	FindTheHidden.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeDebugPrivilege	3536	tasklist.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeDebugPrivilege	1404	taskkill.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	1960	FindTheHidden.exe
Token: SeCreatePagefilePrivilege	1960	FindTheHidden.exe
Token: SeShutdownPrivilege	1960	FindTheHidden.exe
Token: SeCreatePagefilePrivilege	1960	FindTheHidden.exe
Token: SeShutdownPrivilege	1960	FindTheHidden.exe
Token: SeCreatePagefilePrivilege	1960	FindTheHidden.exe
Token: SeShutdownPrivilege	1960	FindTheHidden.exe
Token: SeCreatePagefilePrivilege	1960	FindTheHidden.exe
Token: SeShutdownPrivilege	1960	FindTheHidden.exe
Token: SeCreatePagefilePrivilege	1960	FindTheHidden.exe
Token: SeShutdownPrivilege	1960	FindTheHidden.exe
Token: SeCreatePagefilePrivilege	1960	FindTheHidden.exe
Token: SeShutdownPrivilege	1960	FindTheHidden.exe
Token: SeCreatePagefilePrivilege	1960	FindTheHidden.exe
Token: SeShutdownPrivilege	1960	FindTheHidden.exe
Token: SeCreatePagefilePrivilege	1960	FindTheHidden.exe
Token: SeDebugPrivilege	4452	tasklist.exe
Token: SeShutdownPrivilege	1960	FindTheHidden.exe
Token: SeCreatePagefilePrivilege	1960	FindTheHidden.exe
Token: SeShutdownPrivilege	1960	FindTheHidden.exe
Token: SeCreatePagefilePrivilege	1960	FindTheHidden.exe
Token: SeShutdownPrivilege	1960	FindTheHidden.exe
Token: SeCreatePagefilePrivilege	1960	FindTheHidden.exe

Suspicious use of FindShellTrayWindow 30 IoCs

Processes:

chrome.exefirefox.exe

pid	process
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
1064	firefox.exe
1064	firefox.exe
1064	firefox.exe
1064	firefox.exe

Suspicious use of SendNotifyMessage 27 IoCs

Processes:

chrome.exefirefox.exe

pid	process
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
1064	firefox.exe
1064	firefox.exe
1064	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

firefox.exe

pid process

1064 firefox.exe

pid	process
1064	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4472 wrote to memory of 1448	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 1448	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 32	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 32	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 32	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 32	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 32	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 32	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 32	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 32	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 32	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 32	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 32	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 32	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 32	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 32	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 32	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 32	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 32	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 32	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 32	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 32	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 32	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 32	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 32	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 32	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 32	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 32	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 32	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 32	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 32	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 32	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 32	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 32	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 32	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 32	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 32	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 32	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 32	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 32	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 100	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 100	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 4756	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 4756	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 4756	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 4756	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 4756	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 4756	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 4756	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 4756	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 4756	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 4756	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 4756	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 4756	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 4756	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 4756	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 4756	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 4756	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 4756	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 4756	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 4756	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 4756	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 4756	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 4756	4472	chrome.exe	chrome.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\FindTheHidden.exe
"C:\Users\Admin\AppData\Local\Temp\FindTheHidden.exe"
1⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:4512

C:\Users\Admin\AppData\Local\Temp\2NZow9r49Oi1XdSfuAompQVWm7p\FindTheHidden.exe
C:\Users\Admin\AppData\Local\Temp\2NZow9r49Oi1XdSfuAompQVWm7p\FindTheHidden.exe
2⤵
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1960

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
3⤵
PID:2260

C:\Windows\SysWOW64\tasklist.exe
tasklist
4⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:3536

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"
3⤵
PID:2588

C:\Windows\SysWOW64\taskkill.exe
taskkill /IM chrome.exe /F
4⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:1404

C:\Users\Admin\AppData\Local\Temp\2NZow9r49Oi1XdSfuAompQVWm7p\FindTheHidden.exe
"C:\Users\Admin\AppData\Local\Temp\2NZow9r49Oi1XdSfuAompQVWm7p\FindTheHidden.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1944 --field-trial-handle=2016,i,7193097527599857775,16335870461713047683,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1156

C:\Users\Admin\AppData\Local\Temp\2NZow9r49Oi1XdSfuAompQVWm7p\FindTheHidden.exe
"C:\Users\Admin\AppData\Local\Temp\2NZow9r49Oi1XdSfuAompQVWm7p\FindTheHidden.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --mojo-platform-channel-handle=2240 --field-trial-handle=2016,i,7193097527599857775,16335870461713047683,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2140

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
3⤵
PID:3348

C:\Windows\SysWOW64\tasklist.exe
tasklist
4⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:4452

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
3⤵
PID:4812

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:3412

C:\Users\Admin\AppData\Local\Temp\2NZow9r49Oi1XdSfuAompQVWm7p\FindTheHidden.exe
"C:\Users\Admin\AppData\Local\Temp\2NZow9r49Oi1XdSfuAompQVWm7p\FindTheHidden.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2752 --field-trial-handle=2016,i,7193097527599857775,16335870461713047683,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
3⤵
PID:4656

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-Clipboard"
3⤵
PID:5360

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
4⤵
PID:564

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4472

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc9e749758,0x7ffc9e749768,0x7ffc9e749778
2⤵
PID:1448

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1780 --field-trial-handle=1864,i,2660452819036580765,1789826024803805685,131072 /prefetch:2
2⤵
PID:32

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1864,i,2660452819036580765,1789826024803805685,131072 /prefetch:8
2⤵
PID:100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1864,i,2660452819036580765,1789826024803805685,131072 /prefetch:8
2⤵
PID:4756

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3180 --field-trial-handle=1864,i,2660452819036580765,1789826024803805685,131072 /prefetch:1
2⤵
PID:4908

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3316 --field-trial-handle=1864,i,2660452819036580765,1789826024803805685,131072 /prefetch:1
2⤵
PID:3792

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4540 --field-trial-handle=1864,i,2660452819036580765,1789826024803805685,131072 /prefetch:1
2⤵
PID:3588

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4824 --field-trial-handle=1864,i,2660452819036580765,1789826024803805685,131072 /prefetch:8
2⤵
PID:4404

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4532 --field-trial-handle=1864,i,2660452819036580765,1789826024803805685,131072 /prefetch:8
2⤵
PID:2792

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4796 --field-trial-handle=1864,i,2660452819036580765,1789826024803805685,131072 /prefetch:8
2⤵
PID:4316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 --field-trial-handle=1864,i,2660452819036580765,1789826024803805685,131072 /prefetch:8
2⤵
PID:4556

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5052 --field-trial-handle=1864,i,2660452819036580765,1789826024803805685,131072 /prefetch:8
2⤵
PID:4960

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4840 --field-trial-handle=1864,i,2660452819036580765,1789826024803805685,131072 /prefetch:1
2⤵
PID:2784

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5072 --field-trial-handle=1864,i,2660452819036580765,1789826024803805685,131072 /prefetch:1
2⤵
PID:4564

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:556

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:3208

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1064

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1064.0.104894050\1114483961" -parentBuildID 20221007134813 -prefsHandle 1840 -prefMapHandle 1832 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a98a10e8-3c38-4e71-ac8b-3fb6a2c083e9} 1064 "\\.\pipe\gecko-crash-server-pipe.1064" 1932 1ece0719858 gpu
3⤵
PID:4640

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1064.1.413386367\1586845381" -parentBuildID 20221007134813 -prefsHandle 2320 -prefMapHandle 2316 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c5cef629-0e26-42c5-943c-2db7c8e04294} 1064 "\\.\pipe\gecko-crash-server-pipe.1064" 2332 1ecd2672858 socket
3⤵
PID:3908

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1064.2.129560594\1921455299" -childID 1 -isForBrowser -prefsHandle 3260 -prefMapHandle 3276 -prefsLen 21074 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2d8e2cd1-dce7-4e58-b029-b5127a08ad9b} 1064 "\\.\pipe\gecko-crash-server-pipe.1064" 3252 1ece3306558 tab
3⤵
PID:3816

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1064.3.94469102\1633338139" -childID 2 -isForBrowser -prefsHandle 1144 -prefMapHandle 3448 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d322a725-ef0c-4809-8d45-63582c02bc84} 1064 "\\.\pipe\gecko-crash-server-pipe.1064" 1436 1ecd2669658 tab
3⤵
PID:4236

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1064.4.901944819\845262151" -childID 3 -isForBrowser -prefsHandle 3952 -prefMapHandle 3948 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {92aa3b2d-808c-4cb9-8a6d-17e86b1f259c} 1064 "\\.\pipe\gecko-crash-server-pipe.1064" 3964 1ece3906258 tab
3⤵
PID:5048

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1064.6.1062886664\800843289" -childID 5 -isForBrowser -prefsHandle 5040 -prefMapHandle 5036 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {21d9b261-1e5f-4abc-b2fd-add3cf69a925} 1064 "\\.\pipe\gecko-crash-server-pipe.1064" 5064 1ece5b2bb58 tab
3⤵
PID:1200

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1064.5.676334843\775009566" -childID 4 -isForBrowser -prefsHandle 5024 -prefMapHandle 5020 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {37710fb9-1db4-40b2-a3d8-9492ed4374bb} 1064 "\\.\pipe\gecko-crash-server-pipe.1064" 5052 1ece5afa558 tab
3⤵
PID:2344

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1064.7.1010214716\945506029" -childID 6 -isForBrowser -prefsHandle 5524 -prefMapHandle 2832 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {88c70b20-63a2-4271-bbe2-46eee8f83fa2} 1064 "\\.\pipe\gecko-crash-server-pipe.1064" 5384 1ece448de58 tab
3⤵
PID:3668

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1064.9.1832609516\806918362" -childID 8 -isForBrowser -prefsHandle 5984 -prefMapHandle 5988 -prefsLen 26834 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {972552f1-5974-4359-964c-cc77566508b4} 1064 "\\.\pipe\gecko-crash-server-pipe.1064" 5976 1ece6aeaa58 tab
3⤵
PID:5584

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1064.8.93927863\1143696084" -childID 7 -isForBrowser -prefsHandle 4472 -prefMapHandle 4912 -prefsLen 26834 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1d0386c3-c451-4220-a1d7-50648d098de7} 1064 "\\.\pipe\gecko-crash-server-pipe.1064" 4688 1ece6deee58 tab
3⤵
PID:5576

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1064.11.1198830794\1484050613" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5136 -prefMapHandle 3536 -prefsLen 26851 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce018b03-5976-4ec8-93bd-73c601059f07} 1064 "\\.\pipe\gecko-crash-server-pipe.1064" 4260 1ecd2672b58 utility
3⤵
PID:1316

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1064.10.247601082\1778116914" -parentBuildID 20221007134813 -prefsHandle 5148 -prefMapHandle 5016 -prefsLen 26851 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3c675fd9-e31b-4830-9514-d28e351ec7ce} 1064 "\\.\pipe\gecko-crash-server-pipe.1064" 3304 1ecd2669058 rdd
3⤵
PID:3736

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

System Information Discovery

T1082

Query Registry

T1012

Process Discovery

T1057

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
539B

MD5
872e67a420f142da60bd69590fa16c4a

SHA1
eb4f6192f061ba7b2c8f6edd7089e07767f26578

SHA256
462f28936f5c4f41e8ddc246302500f4ffab078b56f8857547faa1f3ac0bbdc2

SHA512
303cf54c12042793c2db380dbc5a7dea5acd42809d32d515ca87563f2a8931c0572fe0d076a42cb5d99d5e07b354faeec7192efb8f8c9deb9c2be6dc01dbfd39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
68b149c9d857e3d6947d4bc84b6951da

SHA1
5677163fd68702622ad4211949d478cb17241228

SHA256
c4953308378e0157a6a8342d6d101939eb3e364c79741be5ab73074ba8ebc8c7

SHA512
9c7ba4740f5dfef029620b0f40faedabc0f58c56639adf4dae71869e60a7ad7274e365b0a6c136fe7261af459d7ab432a028ddc6dee8e3b7331826624270f603

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
8292260ef7ee95fc14239ad36082508a

SHA1
9a3fe6e3c4aa0dbdd3375469ed9f256f07bee35d

SHA256
d8f57b0092582729d23941ca9f4345830a60faae1f45f8c64593f13100aea2bc

SHA512
b5e71bf543b39ae03b30c32a932be2b274f28b23b090797eb6198afdbe996fc0c4a984b8d5dfb219ad5a81902c71ed9cc25fde4f9cc829686605b0848727e9ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
173KB

MD5
8e9036ce9a77c8979d3e1ae16ba7e8a7

SHA1
1143ed1031791303a0ce0cdfc8205ad837cd2d93

SHA256
4ea29360be200595a31204bcde55da3be5eee3a70c1d2b251c57f3a3f4a7c53d

SHA512
a6d5b1f1e86542659dee15f344d95e1751219eb1c64d2ac8e352568fcc93d7a37c545e7b31a172c5aadb16935e11db65bcdfba4345a7991c57823014f7abc9fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
173KB

MD5
8e9036ce9a77c8979d3e1ae16ba7e8a7

SHA1
1143ed1031791303a0ce0cdfc8205ad837cd2d93

SHA256
4ea29360be200595a31204bcde55da3be5eee3a70c1d2b251c57f3a3f4a7c53d

SHA512
a6d5b1f1e86542659dee15f344d95e1751219eb1c64d2ac8e352568fcc93d7a37c545e7b31a172c5aadb16935e11db65bcdfba4345a7991c57823014f7abc9fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\activity-stream.discovery_stream.json.tmp
Filesize
154KB

MD5
20fdbc912b8ab130e11d171de37c2a2a

SHA1
3b3935aea765c57004946cb5349a681ff88f1e39

SHA256
a12c12a184aabd770d5d642fb12565cc3b1ce336fac4c61b1f71a1ceae00f486

SHA512
5f04eb4445f52005fcefef8689355c0c3a6a6709e9055939024c7b6d08b0eac558ca9338ebcc976adc8e085ad1e59d5350a32296a2eef2ca3c1e5fdadbc7c3c6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\entries\35114655AB9A5346DA4E7C2CD82D154776313F41
Filesize
41KB

MD5
f8e6747885a74b58118c1e6655fa4e7e

SHA1
b60e7ee808696bf873332daf3c863d8d2a041eb7

SHA256
0adb0294d43477b4153c90e258ed071b770920843ea6243e362f370711435226

SHA512
8037932099d5d083b60405e787b1bb659cd5897407809e99ee10c3a10d561e2f2f002bbd722567af6f6df7e4338b299532b88da8a4435238698b7bb5db2a0fc8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\entries\7AA8C9449CCF7C681D26AED46908F4F61D865C94
Filesize
51KB

MD5
f38d09106d55e30fca866cb4ccb542e8

SHA1
0b6bde9dcea42943026a1a25c70dcb75dcb59e19

SHA256
5ad319848218911ef8a8c4ed9084b6162a8f3806b4beaecede5a2e5752d79255

SHA512
270ed96c8da05fcb6847a6dacd85cadaca0166a8e07088019d843b3ff301964fcd520f79e6ee51a4740396d2552cbbf7cc2972cee2de9273363c8ed4860fd0cf

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\entries\D5594A2648EECD01993B5C42919BA64ADBF56052
Filesize
14KB

MD5
a274a855d69d05f29f3efc653f3375d8

SHA1
abd2bc4b678dbbad14cc99585ae7fd25013acfc4

SHA256
06d1bb28f1f1a9aeefa810485f6f25d0caf8ecb686cb6f596dd38385ba8c205f

SHA512
d4688ce5372c3e404d2a8f8596273ffd47908b4d86cb7e4b62be98fac13b22d0837c3710522609c6e5340f88aab5dc8fa71a279734e180bfc88f6f0636cb3c24

Download Submit
C:\Users\Admin\AppData\Local\Temp\2NZow9r49Oi1XdSfuAompQVWm7p\D3DCompiler_47.dll
Filesize
3.9MB

MD5
ab3be0c427c6e405fad496db1545bd61

SHA1
76012f31db8618624bc8b563698b2669365e49cb

SHA256
827d12e4ed62520b663078bbf26f95dfd106526e66048cf75b5c9612b2fb7ce6

SHA512
d1dc2ec77c770c5da99e688d799f88b1e585f8dcf63e6876e237fe7fce6e23b528e6a5ef94ffc68283c60ae4e465ff19d3fd6f2fae5de4504b5479d68cbc4dba

Download Submit
C:\Users\Admin\AppData\Local\Temp\2NZow9r49Oi1XdSfuAompQVWm7p\FindTheHidden.exe
Filesize
256KB

MD5
c2acccc56c51c1b84492343741d72a6c

SHA1
7d9a48900ec5b58c554e435b3e9174187d3fb4d2

SHA256
8accdea4778823dd85eaa49954d966b93dd37f437674198f9668092d99fc60b9

SHA512
5a197873827d097c9664140cd58531f38d890f1de0ef3e1d60231dbed31a3d91fd5ab364eea6e0fcbcd8d324f8431a1b4ee15c7b4153096862055d2fff478a2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\2NZow9r49Oi1XdSfuAompQVWm7p\FindTheHidden.exe
Filesize
124.3MB

MD5
f319b5ecf79459b8091f01a1fd514552

SHA1
ff4a284eacc21dd23dee367816c6c183d9cabc4d

SHA256
7acfade2f264d13beff8d09b44bf6fe45c0a029062dbaa2309653f798ee697ea

SHA512
a2248aeabf684acbd7e25dc47c14488607f213165594fad8c645ff55fe4c8db8c84158d3b9f04ca08766cc504e4cc4134378c32f101448f32d8f2cd78a2e3b02

Download Submit
C:\Users\Admin\AppData\Local\Temp\2NZow9r49Oi1XdSfuAompQVWm7p\FindTheHidden.exe
Filesize
124.3MB

MD5
f319b5ecf79459b8091f01a1fd514552

SHA1
ff4a284eacc21dd23dee367816c6c183d9cabc4d

SHA256
7acfade2f264d13beff8d09b44bf6fe45c0a029062dbaa2309653f798ee697ea

SHA512
a2248aeabf684acbd7e25dc47c14488607f213165594fad8c645ff55fe4c8db8c84158d3b9f04ca08766cc504e4cc4134378c32f101448f32d8f2cd78a2e3b02

Download Submit
C:\Users\Admin\AppData\Local\Temp\2NZow9r49Oi1XdSfuAompQVWm7p\FindTheHidden.exe
Filesize
124.3MB

MD5
f319b5ecf79459b8091f01a1fd514552

SHA1
ff4a284eacc21dd23dee367816c6c183d9cabc4d

SHA256
7acfade2f264d13beff8d09b44bf6fe45c0a029062dbaa2309653f798ee697ea

SHA512
a2248aeabf684acbd7e25dc47c14488607f213165594fad8c645ff55fe4c8db8c84158d3b9f04ca08766cc504e4cc4134378c32f101448f32d8f2cd78a2e3b02

Download Submit
C:\Users\Admin\AppData\Local\Temp\2NZow9r49Oi1XdSfuAompQVWm7p\FindTheHidden.exe
Filesize
124.3MB

MD5
f319b5ecf79459b8091f01a1fd514552

SHA1
ff4a284eacc21dd23dee367816c6c183d9cabc4d

SHA256
7acfade2f264d13beff8d09b44bf6fe45c0a029062dbaa2309653f798ee697ea

SHA512
a2248aeabf684acbd7e25dc47c14488607f213165594fad8c645ff55fe4c8db8c84158d3b9f04ca08766cc504e4cc4134378c32f101448f32d8f2cd78a2e3b02

Download Submit
C:\Users\Admin\AppData\Local\Temp\2NZow9r49Oi1XdSfuAompQVWm7p\chrome_100_percent.pak
Filesize
125KB

MD5
0cf9de69dcfd8227665e08c644b9499c

SHA1
a27941acce0101627304e06533ba24f13e650e43

SHA256
d2c299095dbbd3a3cb2b4639e5b3bd389c691397ffd1a681e586f2cfe0e2ab88

SHA512
bb5d340009cef2bcb604ef38fdd7171fed0423c2dc6a01e590f8d15c4f6bc860606547550218db41fba554609e8395c9e3c3508dfa2d8b202e5059e7646bdcef

Download Submit
C:\Users\Admin\AppData\Local\Temp\2NZow9r49Oi1XdSfuAompQVWm7p\chrome_100_percent.pak
Filesize
125KB

MD5
0cf9de69dcfd8227665e08c644b9499c

SHA1
a27941acce0101627304e06533ba24f13e650e43

SHA256
d2c299095dbbd3a3cb2b4639e5b3bd389c691397ffd1a681e586f2cfe0e2ab88

SHA512
bb5d340009cef2bcb604ef38fdd7171fed0423c2dc6a01e590f8d15c4f6bc860606547550218db41fba554609e8395c9e3c3508dfa2d8b202e5059e7646bdcef

Download Submit
C:\Users\Admin\AppData\Local\Temp\2NZow9r49Oi1XdSfuAompQVWm7p\chrome_200_percent.pak
Filesize
174KB

MD5
d88936315a5bd83c1550e5b8093eb1e6

SHA1
6445d97ceb89635f6459bc2fb237324d66e6a4ee

SHA256
f49abd81e93a05c1e53c1201a5d3a12f2724f52b6971806c8306b512bf66aa25

SHA512
75142f03df6187fb75f887e4c8b9d5162902ba6aac86351186c85e5f0a2d3825ca312a36cf9f4bd656cdfc23a20cd38d4580ca1b41560d23ebaa0d41e4cf1dd2

Download Submit
C:\Users\Admin\AppData\Local\Temp\2NZow9r49Oi1XdSfuAompQVWm7p\d3dcompiler_47.dll
Filesize
3.9MB

MD5
ab3be0c427c6e405fad496db1545bd61

SHA1
76012f31db8618624bc8b563698b2669365e49cb

SHA256
827d12e4ed62520b663078bbf26f95dfd106526e66048cf75b5c9612b2fb7ce6

SHA512
d1dc2ec77c770c5da99e688d799f88b1e585f8dcf63e6876e237fe7fce6e23b528e6a5ef94ffc68283c60ae4e465ff19d3fd6f2fae5de4504b5479d68cbc4dba

Download Submit
C:\Users\Admin\AppData\Local\Temp\2NZow9r49Oi1XdSfuAompQVWm7p\ffmpeg.dll
Filesize
256KB

MD5
186c2718ae62245444f6f0e19020d8b2

SHA1
2b8f13fd78a8a4b959fdd2017a505441450fe480

SHA256
0eeeacf4e03bf5b19dd9f32cb346df572876e0752c028608d4a9e7196a747970

SHA512
ec2d23ed9462bf11780aa309284e4d47e436ffdae48ab0112983eb8b5c78a15170299f97bb822f4436b7e2d4b2fb6206e31d2b3692277cb45ebc638900b0e13e

Download Submit
C:\Users\Admin\AppData\Local\Temp\2NZow9r49Oi1XdSfuAompQVWm7p\ffmpeg.dll
Filesize
2.5MB

MD5
6fa845139be73ae78dc4c939cafb761d

SHA1
26d427a3b35a09d78667d20de2a64e03bd22cb23

SHA256
d46473cb06cb8c8ba66659cdea497727c2880e8eeb73cb5ee4255b7fb671d043

SHA512
decc0fc52227165651dfedb56b877ace262823a211c21358f8ce7026c81e758ab131c7b9c56e09d07654d0973872ddd8b8c0db221ba4b6d81160ab24f66a0624

Download Submit
C:\Users\Admin\AppData\Local\Temp\2NZow9r49Oi1XdSfuAompQVWm7p\ffmpeg.dll
Filesize
2.5MB

MD5
6fa845139be73ae78dc4c939cafb761d

SHA1
26d427a3b35a09d78667d20de2a64e03bd22cb23

SHA256
d46473cb06cb8c8ba66659cdea497727c2880e8eeb73cb5ee4255b7fb671d043

SHA512
decc0fc52227165651dfedb56b877ace262823a211c21358f8ce7026c81e758ab131c7b9c56e09d07654d0973872ddd8b8c0db221ba4b6d81160ab24f66a0624

Download Submit
C:\Users\Admin\AppData\Local\Temp\2NZow9r49Oi1XdSfuAompQVWm7p\ffmpeg.dll
Filesize
2.5MB

MD5
6fa845139be73ae78dc4c939cafb761d

SHA1
26d427a3b35a09d78667d20de2a64e03bd22cb23

SHA256
d46473cb06cb8c8ba66659cdea497727c2880e8eeb73cb5ee4255b7fb671d043

SHA512
decc0fc52227165651dfedb56b877ace262823a211c21358f8ce7026c81e758ab131c7b9c56e09d07654d0973872ddd8b8c0db221ba4b6d81160ab24f66a0624

Download Submit
C:\Users\Admin\AppData\Local\Temp\2NZow9r49Oi1XdSfuAompQVWm7p\ffmpeg.dll
Filesize
2.5MB

MD5
6fa845139be73ae78dc4c939cafb761d

SHA1
26d427a3b35a09d78667d20de2a64e03bd22cb23

SHA256
d46473cb06cb8c8ba66659cdea497727c2880e8eeb73cb5ee4255b7fb671d043

SHA512
decc0fc52227165651dfedb56b877ace262823a211c21358f8ce7026c81e758ab131c7b9c56e09d07654d0973872ddd8b8c0db221ba4b6d81160ab24f66a0624

Download Submit
C:\Users\Admin\AppData\Local\Temp\2NZow9r49Oi1XdSfuAompQVWm7p\icudtl.dat
Filesize
9.9MB

MD5
c6ae43f9d596f3dd0d86fb3e62a5b5de

SHA1
198b3b4abc0f128398d25c66455c531a7af34a6d

SHA256
00f755664926fda5fda14b87af41097f6ea4b20154f90be65d73717580db26ee

SHA512
3c43e2dcdf037726a94319a147a8bc41a4c0fd66e6b18b3c7c95449912bf875382dde5ec0525dcad6a52e8820b0859caf8fa73cb287283334ec8d06eb3227ec4

Download Submit
C:\Users\Admin\AppData\Local\Temp\2NZow9r49Oi1XdSfuAompQVWm7p\libEGL.dll
Filesize
364KB

MD5
596c3217f870d63a9feb190305b45790

SHA1
a65bdf045c38e2580f724e1cc4e460c46a0ea9fc

SHA256
1679ccf85c0fab467a3d12dc63248eb4d34e7345d6e6399740ffc7f78e4e927b

SHA512
1aae19270de9cc0768543ae0f691da4ea6c7d350d54f8accc02f5eb94e03f6b1671f8aa31f9370b9758827ad42870c9e264c3fea65e2074717ab24f9c0872d86

Download Submit
C:\Users\Admin\AppData\Local\Temp\2NZow9r49Oi1XdSfuAompQVWm7p\libGLESv2.dll
Filesize
6.1MB

MD5
1baf13b30d409e0df85ac538d8883e3f

SHA1
e61c3231a330e806edebd04520b827b43820a268

SHA256
4a51e8a30804dd766dd01da3d574caeca459542f9aed255eca2bcc8e2ed9b893

SHA512
67fe5baa4948cacb2925710f68de3f7a226a9c26150d84b1a78d9d8d6aa097ae3055a557c4354eb545a314d9112702dec60c20fde2de5a4a025dce74f54e0bd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\2NZow9r49Oi1XdSfuAompQVWm7p\libegl.dll
Filesize
364KB

MD5
596c3217f870d63a9feb190305b45790

SHA1
a65bdf045c38e2580f724e1cc4e460c46a0ea9fc

SHA256
1679ccf85c0fab467a3d12dc63248eb4d34e7345d6e6399740ffc7f78e4e927b

SHA512
1aae19270de9cc0768543ae0f691da4ea6c7d350d54f8accc02f5eb94e03f6b1671f8aa31f9370b9758827ad42870c9e264c3fea65e2074717ab24f9c0872d86

Download Submit
C:\Users\Admin\AppData\Local\Temp\2NZow9r49Oi1XdSfuAompQVWm7p\libglesv2.dll
Filesize
6.1MB

MD5
1baf13b30d409e0df85ac538d8883e3f

SHA1
e61c3231a330e806edebd04520b827b43820a268

SHA256
4a51e8a30804dd766dd01da3d574caeca459542f9aed255eca2bcc8e2ed9b893

SHA512
67fe5baa4948cacb2925710f68de3f7a226a9c26150d84b1a78d9d8d6aa097ae3055a557c4354eb545a314d9112702dec60c20fde2de5a4a025dce74f54e0bd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\2NZow9r49Oi1XdSfuAompQVWm7p\resources\app.asar
Filesize
39.1MB

MD5
83b291a44efe8769f4bb5cdf5da392d6

SHA1
a54f89bae800074a1ed2959c3a2ec75d2096baa7

SHA256
3d6cdc5eec92ce1d12e393de9ec20d254ccdc30d2ec246e484bcbee09480c5e0

SHA512
7e2fbe901c5b3d3777a9039dc32670c19df2f061ee9da0e3c1d4b835647bdd65adc2bc73d668a26af442cdfc0afa7ec6195bd012305585d3de8a9e7f193881cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\2NZow9r49Oi1XdSfuAompQVWm7p\v8_context_snapshot.bin
Filesize
596KB

MD5
5d9b4473dd8705940bbb4a4036e395d0

SHA1
af35aa3374200dd2b9102f6767e53413e4e09e20

SHA256
ca2245da2a4aa7e4c9dcbf810c90048f73a9a96f6432f7895f3e6fe0c21e48f1

SHA512
bcc78b845a2aac96e46162c6a81dd1a914a6e8ed6d9753f648ae125958042a76ab49f1fefc8615891a1e007f0d0b63980517953ee088e29d46ba9d258f130192

Download Submit
C:\Users\Admin\AppData\Local\Temp\2NZow9r49Oi1XdSfuAompQVWm7p\vk_swiftshader.dll
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\2NZow9r49Oi1XdSfuAompQVWm7p\vk_swiftshader.dll
Filesize
4.0MB

MD5
f6f3a64471f6a9738456259d09e617c4

SHA1
47cf0831fa4fb561c045e38f5edb5aa45a01324a

SHA256
0e7950569c56123708e5f9b934c3d2abfe787c3e275af3fab9fb0517329783be

SHA512
7eb35f7283475471e8e8ba77fb276bb7348c4c5b2ee552edf3b23f94b3eeb92d54ed09c8930faa059733532a33861e3af5f261e36e288237b611864e7b272118

Download Submit
C:\Users\Admin\AppData\Local\Temp\2NZow9r49Oi1XdSfuAompQVWm7p\vk_swiftshader.dll
Filesize
4.0MB

MD5
f6f3a64471f6a9738456259d09e617c4

SHA1
47cf0831fa4fb561c045e38f5edb5aa45a01324a

SHA256
0e7950569c56123708e5f9b934c3d2abfe787c3e275af3fab9fb0517329783be

SHA512
7eb35f7283475471e8e8ba77fb276bb7348c4c5b2ee552edf3b23f94b3eeb92d54ed09c8930faa059733532a33861e3af5f261e36e288237b611864e7b272118

Download Submit
C:\Users\Admin\AppData\Local\Temp\2NZow9r49Oi1XdSfuAompQVWm7p\vk_swiftshader_icd.json
Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Local\Temp\2NZow9r49Oi1XdSfuAompQVWm7p\vulkan-1.dll
Filesize
743KB

MD5
eafcefd44884880bb202cfac8f2576ad

SHA1
9936e5fed1328e72d34a8a6239101f1264290879

SHA256
1e7851e7828d9b99745fdb9f13793147df3248a6550ae81af99177c168aad5b2

SHA512
c7745839afbe953f030e54cec75db50ccd1277ce59c7c3cf05004b15d1476ae0ef27bb7de7be3c7beccc2946c43c422a48adba82d47dddc7fa58a9db6ed1325a

Download Submit
C:\Users\Admin\AppData\Local\Temp\2NZow9r49Oi1XdSfuAompQVWm7p\vulkan-1.dll
Filesize
743KB

MD5
eafcefd44884880bb202cfac8f2576ad

SHA1
9936e5fed1328e72d34a8a6239101f1264290879

SHA256
1e7851e7828d9b99745fdb9f13793147df3248a6550ae81af99177c168aad5b2

SHA512
c7745839afbe953f030e54cec75db50ccd1277ce59c7c3cf05004b15d1476ae0ef27bb7de7be3c7beccc2946c43c422a48adba82d47dddc7fa58a9db6ed1325a

Download Submit
C:\Users\Admin\AppData\Local\Temp\2a971450-074b-44de-ad5c-fe081eec475c.tmp.node
Filesize
2.1MB

MD5
3bc107cac5de2a16c41af09753c17d8a

SHA1
3fc350965383a1850263322b163ea9e7db84aa18

SHA256
2fedc6242d32e83c3959ac2bc6d2d69f2ffbbf537fd9354a5fed31bf3ae75546

SHA512
a688118157fdcf0177b6667217c64c3dccad99c9a909d0aba3ef39861f773b96e30769c34af5a3853333f4c30fb3b1658b713e345677a0b7c46cf835a51a5d4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\380aa90f-03bb-44cf-8434-408f7e130fcb.tmp.node
Filesize
489KB

MD5
035d5df8d2c724878071d9dc1155c6aa

SHA1
3f23f2664cd5a173d98aaf09f0f7142b1c2c9b15

SHA256
a763486d99daf0c7b52cc24337703cfdf6099520f47b183b7658694f767c79ba

SHA512
6cffd4d7e549bba069113839d3f6d7ec89799bcacb60342d65bfcea9539e830b8113bc60d0c2d63ba16d42a00205b262fafabe836ad2a301a28c5d8036cf141c

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_abqrt1h0.azn.ps1
Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz9282.tmp\7z-out\FindTheHidden.exe
Filesize
124.3MB

MD5
f319b5ecf79459b8091f01a1fd514552

SHA1
ff4a284eacc21dd23dee367816c6c183d9cabc4d

SHA256
7acfade2f264d13beff8d09b44bf6fe45c0a029062dbaa2309653f798ee697ea

SHA512
a2248aeabf684acbd7e25dc47c14488607f213165594fad8c645ff55fe4c8db8c84158d3b9f04ca08766cc504e4cc4134378c32f101448f32d8f2cd78a2e3b02

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz9282.tmp\7z-out\chrome_200_percent.pak
Filesize
174KB

MD5
d88936315a5bd83c1550e5b8093eb1e6

SHA1
6445d97ceb89635f6459bc2fb237324d66e6a4ee

SHA256
f49abd81e93a05c1e53c1201a5d3a12f2724f52b6971806c8306b512bf66aa25

SHA512
75142f03df6187fb75f887e4c8b9d5162902ba6aac86351186c85e5f0a2d3825ca312a36cf9f4bd656cdfc23a20cd38d4580ca1b41560d23ebaa0d41e4cf1dd2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz9282.tmp\7z-out\d3dcompiler_47.dll
Filesize
3.9MB

MD5
ab3be0c427c6e405fad496db1545bd61

SHA1
76012f31db8618624bc8b563698b2669365e49cb

SHA256
827d12e4ed62520b663078bbf26f95dfd106526e66048cf75b5c9612b2fb7ce6

SHA512
d1dc2ec77c770c5da99e688d799f88b1e585f8dcf63e6876e237fe7fce6e23b528e6a5ef94ffc68283c60ae4e465ff19d3fd6f2fae5de4504b5479d68cbc4dba

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz9282.tmp\7z-out\ffmpeg.dll
Filesize
2.5MB

MD5
6fa845139be73ae78dc4c939cafb761d

SHA1
26d427a3b35a09d78667d20de2a64e03bd22cb23

SHA256
d46473cb06cb8c8ba66659cdea497727c2880e8eeb73cb5ee4255b7fb671d043

SHA512
decc0fc52227165651dfedb56b877ace262823a211c21358f8ce7026c81e758ab131c7b9c56e09d07654d0973872ddd8b8c0db221ba4b6d81160ab24f66a0624

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz9282.tmp\7z-out\icudtl.dat
Filesize
9.9MB

MD5
c6ae43f9d596f3dd0d86fb3e62a5b5de

SHA1
198b3b4abc0f128398d25c66455c531a7af34a6d

SHA256
00f755664926fda5fda14b87af41097f6ea4b20154f90be65d73717580db26ee

SHA512
3c43e2dcdf037726a94319a147a8bc41a4c0fd66e6b18b3c7c95449912bf875382dde5ec0525dcad6a52e8820b0859caf8fa73cb287283334ec8d06eb3227ec4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz9282.tmp\7z-out\libEGL.dll
Filesize
364KB

MD5
596c3217f870d63a9feb190305b45790

SHA1
a65bdf045c38e2580f724e1cc4e460c46a0ea9fc

SHA256
1679ccf85c0fab467a3d12dc63248eb4d34e7345d6e6399740ffc7f78e4e927b

SHA512
1aae19270de9cc0768543ae0f691da4ea6c7d350d54f8accc02f5eb94e03f6b1671f8aa31f9370b9758827ad42870c9e264c3fea65e2074717ab24f9c0872d86

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz9282.tmp\7z-out\libGLESv2.dll
Filesize
6.1MB

MD5
1baf13b30d409e0df85ac538d8883e3f

SHA1
e61c3231a330e806edebd04520b827b43820a268

SHA256
4a51e8a30804dd766dd01da3d574caeca459542f9aed255eca2bcc8e2ed9b893

SHA512
67fe5baa4948cacb2925710f68de3f7a226a9c26150d84b1a78d9d8d6aa097ae3055a557c4354eb545a314d9112702dec60c20fde2de5a4a025dce74f54e0bd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz9282.tmp\7z-out\resources\app.asar
Filesize
39.1MB

MD5
83b291a44efe8769f4bb5cdf5da392d6

SHA1
a54f89bae800074a1ed2959c3a2ec75d2096baa7

SHA256
3d6cdc5eec92ce1d12e393de9ec20d254ccdc30d2ec246e484bcbee09480c5e0

SHA512
7e2fbe901c5b3d3777a9039dc32670c19df2f061ee9da0e3c1d4b835647bdd65adc2bc73d668a26af442cdfc0afa7ec6195bd012305585d3de8a9e7f193881cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz9282.tmp\7z-out\resources\elevate.exe
Filesize
105KB

MD5
792b92c8ad13c46f27c7ced0810694df

SHA1
d8d449b92de20a57df722df46435ba4553ecc802

SHA256
9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37

SHA512
6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz9282.tmp\7z-out\snapshot_blob.bin
Filesize
281KB

MD5
52304e76978a13b8d7fd46771cbfea84

SHA1
a1af053116b9cd1018fa3c145785eb3c030f709f

SHA256
bb3acfe786e2efd17ad5f5957f06e4ba3d656aac65dcab1b9a2ddaae877bc824

SHA512
d1face9a819fe54500435dd55dc051337229de4f1c10713457b6a7847eb71b4713c2a50f260c35576cc41fef7606a3b6b33407962c91224c389ed0b97ed8b3dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz9282.tmp\7z-out\v8_context_snapshot.bin
Filesize
596KB

MD5
5d9b4473dd8705940bbb4a4036e395d0

SHA1
af35aa3374200dd2b9102f6767e53413e4e09e20

SHA256
ca2245da2a4aa7e4c9dcbf810c90048f73a9a96f6432f7895f3e6fe0c21e48f1

SHA512
bcc78b845a2aac96e46162c6a81dd1a914a6e8ed6d9753f648ae125958042a76ab49f1fefc8615891a1e007f0d0b63980517953ee088e29d46ba9d258f130192

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz9282.tmp\7z-out\vk_swiftshader.dll
Filesize
4.0MB

MD5
f6f3a64471f6a9738456259d09e617c4

SHA1
47cf0831fa4fb561c045e38f5edb5aa45a01324a

SHA256
0e7950569c56123708e5f9b934c3d2abfe787c3e275af3fab9fb0517329783be

SHA512
7eb35f7283475471e8e8ba77fb276bb7348c4c5b2ee552edf3b23f94b3eeb92d54ed09c8930faa059733532a33861e3af5f261e36e288237b611864e7b272118

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz9282.tmp\7z-out\vk_swiftshader_icd.json
Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz9282.tmp\7z-out\vulkan-1.dll
Filesize
743KB

MD5
eafcefd44884880bb202cfac8f2576ad

SHA1
9936e5fed1328e72d34a8a6239101f1264290879

SHA256
1e7851e7828d9b99745fdb9f13793147df3248a6550ae81af99177c168aad5b2

SHA512
c7745839afbe953f030e54cec75db50ccd1277ce59c7c3cf05004b15d1476ae0ef27bb7de7be3c7beccc2946c43c422a48adba82d47dddc7fa58a9db6ed1325a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz9282.tmp\StdUtils.dll
Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz9282.tmp\System.dll
Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz9282.tmp\nsis7z.dll
Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon
Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\prefs-1.js
Filesize
6KB

MD5
fba2ae45aa97166be90011fe99509ea5

SHA1
f6eaedc414ba1de9b2db1e2d1e22a9a122ca7ec4

SHA256
b11b97910968552e61895a1b630d817de8b3688bb8afff4b5a3a82c1663f6680

SHA512
991616b4f882683903a078157b81d8d5c6a84867b33ac6dd8665762b488f104e2c75b353be285a58c8c26ad5e9a6e7e7e5a239f3b1cb996c9c5c812b67b3f03a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\prefs-1.js
Filesize
6KB

MD5
dc04748bfa0167af241220ab3a56a7d2

SHA1
09875870d299b2c758b24714a7b10d7d13319626

SHA256
cdb1b047162cc487dc165af99967fa9c103d8fba0a102211c40f61043f8c873a

SHA512
9243cf6ab51249da5fef4468ae0a48f1647d21e3b0462e1929f0574469a56084508cc969cf414eb423fad52387989df22773594cc17c75cd50eaad0f9158c2bb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\prefs-1.js
Filesize
7KB

MD5
b198c267e43813f2246c6e509d5d1b6d

SHA1
2c53e8d6c056fb94e2c18b44e87baa14b276a5c9

SHA256
f76a19f3924af51bef6ca3430aa4aad7b3f3419090993fa1020fc2db21628575

SHA512
475a2d3e1c27e14c53cffbf73333e9e7acaffc9d5aac199c0ac84f6cb3185c721137192e80c9ac513108309dd78ccccb634318f78112fd3b22b9bde3848fcdcb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\prefs-1.js
Filesize
7KB

MD5
f7dbbd1693aaf9356fca6579f926f829

SHA1
27ddeb77a2f7c25bd2faddd9d50cbd6948f8320d

SHA256
ba324ab468e7b2c4f1ce7e36de26cb448a279dbd6018367ab41a7df2d4f61c96

SHA512
3f9e57f476d44ee254c249da8fe10a04ff8805522c3159ff71184ba9bf7a1577bfaf9b6aacb13c4c3fca21f4f82c2d41b849ec33a7e8c10818682c54f1ae7893

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\prefs-1.js
Filesize
8KB

MD5
a539922dc02e34659fa2d83f9c36fc41

SHA1
c3438ed88ed5ca4f366c83661c20f3ead8e1488a

SHA256
b697f690af23249f92592fce8cc390da4943a74a8b30392c6c615f32794ca51a

SHA512
b34e4e7defaede29c334670815d7948e8f390e7b69051311920adb80dceaf397bb5d0e5d8e819becf92888082c305bbfb276cb1bddb0e2d71330997f2b8a3777

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\prefs-1.js
Filesize
6KB

MD5
fe0ab3a6c18688b107d14114aa0f5292

SHA1
a1b7eea13e33d3921185262cec03273725f03dcf

SHA256
fa935ccdc28331676ca570d5dbc305738608e3024955a46a5b1864274e89c0df

SHA512
a3ead1f5859ab0bbace0de6f6345d717293f5aec95e37b51993fcd369b51a51e3939f1283ef26c5eca52666da169074b04adb1a75972d925a93929349efca43e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\prefs.js
Filesize
6KB

MD5
fcd5f37e5e4066f7cffe8eb106b6ce19

SHA1
b0a1c4d3d5c96271429fb09cb71055d177c13402

SHA256
38dbdb91f24f8e138803d71d0f7e4758fbb78e7f657208325fe30a501e225c67

SHA512
afdf7697bc784c3c85f30a8a1e4caa32459cf7f19c1ffacde04f62f089218ff1899ffe69fc465677d719546c8f91bea0d04807b13d58096f79aeba8eef0a0a15

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
ca33d6ed2fa657b9a6c1781b4645a50e

SHA1
4e2e21f5970dcf562268c27704f7b5a7d9d01ecf

SHA256
1ccbbff83adb5f7400bd408e175728c975d7ca5fedabbebc64ec69431c0b96aa

SHA512
166d3620c93329127265ff7dc7c55fb9ca971279f5f3d4cf92668c15b5d2427d6838d95fe36a1040efffe9612c43c7ca1790b215f350470d0ff735af99c4fb79

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
9KB

MD5
58638b5208d5b2f13c2349ddad80ac2c

SHA1
805fce9404bba9df65905f08e8ea10e28f2816b9

SHA256
f7e446e14635d6b1e1957e49bfdc3beaa4fc667460b414e19afd7bd9c8150b77

SHA512
a30dca13031ed2dcf45bbce46e8f2a0be95873677ad209af60c2c32d09156aa8704a2a094607502d18b2eb248c849fd75e63d61067cdcceab0eda0b1b4f0dfcd

Download Submit
\??\pipe\crashpad_4472_SQGYBHIOBESWFZRI
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/3412-3079-0x00000000025A0000-0x00000000025B0000-memory.dmp

Filesize
64KB

Download
memory/3412-3089-0x00000000057F0000-0x0000000005856000-memory.dmp

Filesize
408KB

Download
memory/3412-3088-0x0000000005680000-0x00000000056E6000-memory.dmp

Filesize
408KB

Download
memory/3412-3087-0x0000000004E90000-0x0000000004EB2000-memory.dmp

Filesize
136KB

Download
memory/3412-3104-0x0000000005E50000-0x0000000005E6E000-memory.dmp

Filesize
120KB

Download
memory/3412-3120-0x0000000007020000-0x00000000070B6000-memory.dmp

Filesize
600KB

Download
memory/3412-3121-0x0000000006360000-0x000000000637A000-memory.dmp

Filesize
104KB

Download
memory/3412-3122-0x00000000063B0000-0x00000000063D2000-memory.dmp

Filesize
136KB

Download
memory/3412-3128-0x0000000007670000-0x0000000007C14000-memory.dmp

Filesize
5.6MB

Download
memory/3412-3129-0x0000000007160000-0x00000000071F2000-memory.dmp

Filesize
584KB

Download
memory/3412-3081-0x0000000004F60000-0x0000000005588000-memory.dmp

Filesize
6.2MB

Download
memory/3412-3080-0x00000000025A0000-0x00000000025B0000-memory.dmp

Filesize
64KB

Download
memory/3412-3078-0x0000000002550000-0x0000000002586000-memory.dmp

Filesize
216KB

Download