lumma | 2bb8fe909426c314cb93c573b4e4230fa8c6649f2862d2cacca751e7998302d0

Analysis

max time kernel
151s
max time network
144s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
18/04/2023, 01:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Lazzarus_Setup.exe
Size

53.2MB
MD5

2ad6b36a0c48ca740b6d5c8f3c988ece
SHA1

86d8ba6c8f6b4f226ab57376d4d2f944cba0c075
SHA256

2bb8fe909426c314cb93c573b4e4230fa8c6649f2862d2cacca751e7998302d0
SHA512

b30e6d6b8aa341d02ee9240e6b9030b4a0fb0609b67e7ea5ac8a27c1814c4790e66694887795a40378ef0687e4d78046e3cb113767b1afba33d8adeb028e06ca
SSDEEP

1572864:CZikz7kZQ0IWFSZhqGJlwRoEpG1wEArR7MCh7:k/kZQfDqGJlwRoh1oFICh7

Score

10^/10

lumma redline infostealer stealer

Malware Config

Signatures

Detects Redline Stealer samples 10 IoCs

This rule detects the presence of Redline Stealer samples based on their unique strings.

stealer

resource	yara_rule
behavioral2/files/0x0007000000012728-97.dat	redline_stealer
behavioral2/files/0x0007000000012728-177.dat	redline_stealer
behavioral2/files/0x0007000000012728-180.dat	redline_stealer
behavioral2/files/0x0007000000012728-194.dat	redline_stealer
behavioral2/files/0x0007000000012728-193.dat	redline_stealer
behavioral2/files/0x0007000000012728-227.dat	redline_stealer
behavioral2/files/0x0007000000012728-228.dat	redline_stealer
behavioral2/files/0x0007000000012728-225.dat	redline_stealer
behavioral2/files/0x0007000000012728-255.dat	redline_stealer
behavioral2/files/0x0007000000012728-267.dat	redline_stealer

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Control Panel\International\Geo\Nation	allahsikiciss.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Control Panel\International\Geo\Nation	allahsikiciss.exe

Executes dropped EXE 4 IoCs

pid	Process
1728	allahsikiciss.exe
668	allahsikiciss.exe
1008	allahsikiciss.exe
1936	allahsikiciss.exe

Loads dropped DLL 11 IoCs

pid	Process
2032	Lazzarus_Setup.exe
2032	Lazzarus_Setup.exe
2032	Lazzarus_Setup.exe
2032	Lazzarus_Setup.exe
1728	allahsikiciss.exe
1728	allahsikiciss.exe
1728	allahsikiciss.exe
1728	allahsikiciss.exe
1008	allahsikiciss.exe
1728	allahsikiciss.exe
1936	allahsikiciss.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
1728	allahsikiciss.exe
1728	allahsikiciss.exe
1728	allahsikiciss.exe
1728	allahsikiciss.exe
1728	allahsikiciss.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeSecurityPrivilege	2032	Lazzarus_Setup.exe
Token: SeShutdownPrivilege	1728	allahsikiciss.exe
Token: SeShutdownPrivilege	1728	allahsikiciss.exe
Token: SeShutdownPrivilege	1728	allahsikiciss.exe
Token: SeShutdownPrivilege	1728	allahsikiciss.exe
Token: SeShutdownPrivilege	1728	allahsikiciss.exe
Token: SeShutdownPrivilege	1728	allahsikiciss.exe
Token: SeShutdownPrivilege	1728	allahsikiciss.exe
Token: SeShutdownPrivilege	1728	allahsikiciss.exe
Token: SeShutdownPrivilege	1728	allahsikiciss.exe
Token: SeShutdownPrivilege	1728	allahsikiciss.exe
Token: SeShutdownPrivilege	1728	allahsikiciss.exe
Token: SeShutdownPrivilege	1728	allahsikiciss.exe
Token: SeShutdownPrivilege	1728	allahsikiciss.exe
Token: SeShutdownPrivilege	1728	allahsikiciss.exe
Token: SeShutdownPrivilege	1728	allahsikiciss.exe
Token: SeShutdownPrivilege	1728	allahsikiciss.exe
Token: SeShutdownPrivilege	1728	allahsikiciss.exe
Token: SeShutdownPrivilege	1728	allahsikiciss.exe
Token: SeShutdownPrivilege	1728	allahsikiciss.exe
Token: SeShutdownPrivilege	1728	allahsikiciss.exe
Token: SeShutdownPrivilege	1728	allahsikiciss.exe
Token: SeShutdownPrivilege	1728	allahsikiciss.exe
Token: SeShutdownPrivilege	1728	allahsikiciss.exe
Token: SeShutdownPrivilege	1728	allahsikiciss.exe
Token: SeShutdownPrivilege	1728	allahsikiciss.exe
Token: SeShutdownPrivilege	1728	allahsikiciss.exe
Token: SeShutdownPrivilege	1728	allahsikiciss.exe
Token: SeShutdownPrivilege	1728	allahsikiciss.exe
Token: SeShutdownPrivilege	1728	allahsikiciss.exe
Token: SeShutdownPrivilege	1728	allahsikiciss.exe
Token: SeShutdownPrivilege	1728	allahsikiciss.exe
Token: SeShutdownPrivilege	1728	allahsikiciss.exe
Token: SeShutdownPrivilege	1728	allahsikiciss.exe
Token: SeShutdownPrivilege	1728	allahsikiciss.exe
Token: SeShutdownPrivilege	1728	allahsikiciss.exe
Token: SeShutdownPrivilege	1728	allahsikiciss.exe
Token: SeShutdownPrivilege	1728	allahsikiciss.exe
Token: SeShutdownPrivilege	1728	allahsikiciss.exe
Token: SeShutdownPrivilege	1728	allahsikiciss.exe
Token: SeShutdownPrivilege	1728	allahsikiciss.exe
Token: SeShutdownPrivilege	1728	allahsikiciss.exe
Token: SeShutdownPrivilege	1728	allahsikiciss.exe
Token: SeShutdownPrivilege	1728	allahsikiciss.exe
Token: SeShutdownPrivilege	1728	allahsikiciss.exe
Token: SeShutdownPrivilege	1728	allahsikiciss.exe
Token: SeShutdownPrivilege	1728	allahsikiciss.exe
Token: SeShutdownPrivilege	1728	allahsikiciss.exe
Token: SeShutdownPrivilege	1728	allahsikiciss.exe
Token: SeShutdownPrivilege	1728	allahsikiciss.exe
Token: SeShutdownPrivilege	1728	allahsikiciss.exe
Token: SeShutdownPrivilege	1728	allahsikiciss.exe
Token: SeShutdownPrivilege	1728	allahsikiciss.exe
Token: SeShutdownPrivilege	1728	allahsikiciss.exe
Token: SeShutdownPrivilege	1728	allahsikiciss.exe
Token: SeShutdownPrivilege	1728	allahsikiciss.exe
Token: SeShutdownPrivilege	1728	allahsikiciss.exe
Token: SeShutdownPrivilege	1728	allahsikiciss.exe
Token: SeShutdownPrivilege	1728	allahsikiciss.exe
Token: SeShutdownPrivilege	1728	allahsikiciss.exe
Token: SeShutdownPrivilege	1728	allahsikiciss.exe
Token: SeShutdownPrivilege	1728	allahsikiciss.exe
Token: SeShutdownPrivilege	1728	allahsikiciss.exe
Token: SeShutdownPrivilege	1728	allahsikiciss.exe

Suspicious use of WriteProcessMemory 52 IoCs

description	pid	Process	procid_target
PID 2032 wrote to memory of 1728	2032	Lazzarus_Setup.exe	28
PID 2032 wrote to memory of 1728	2032	Lazzarus_Setup.exe	28
PID 2032 wrote to memory of 1728	2032	Lazzarus_Setup.exe	28
PID 2032 wrote to memory of 1728	2032	Lazzarus_Setup.exe	28
PID 1728 wrote to memory of 668	1728	allahsikiciss.exe	29
PID 1728 wrote to memory of 668	1728	allahsikiciss.exe	29
PID 1728 wrote to memory of 668	1728	allahsikiciss.exe	29
PID 1728 wrote to memory of 668	1728	allahsikiciss.exe	29
PID 1728 wrote to memory of 668	1728	allahsikiciss.exe	29
PID 1728 wrote to memory of 668	1728	allahsikiciss.exe	29
PID 1728 wrote to memory of 668	1728	allahsikiciss.exe	29
PID 1728 wrote to memory of 668	1728	allahsikiciss.exe	29
PID 1728 wrote to memory of 668	1728	allahsikiciss.exe	29
PID 1728 wrote to memory of 668	1728	allahsikiciss.exe	29
PID 1728 wrote to memory of 668	1728	allahsikiciss.exe	29
PID 1728 wrote to memory of 668	1728	allahsikiciss.exe	29
PID 1728 wrote to memory of 668	1728	allahsikiciss.exe	29
PID 1728 wrote to memory of 668	1728	allahsikiciss.exe	29
PID 1728 wrote to memory of 668	1728	allahsikiciss.exe	29
PID 1728 wrote to memory of 668	1728	allahsikiciss.exe	29
PID 1728 wrote to memory of 668	1728	allahsikiciss.exe	29
PID 1728 wrote to memory of 668	1728	allahsikiciss.exe	29
PID 1728 wrote to memory of 668	1728	allahsikiciss.exe	29
PID 1728 wrote to memory of 668	1728	allahsikiciss.exe	29
PID 1728 wrote to memory of 668	1728	allahsikiciss.exe	29
PID 1728 wrote to memory of 668	1728	allahsikiciss.exe	29
PID 1728 wrote to memory of 668	1728	allahsikiciss.exe	29
PID 1728 wrote to memory of 668	1728	allahsikiciss.exe	29
PID 1728 wrote to memory of 668	1728	allahsikiciss.exe	29
PID 1728 wrote to memory of 668	1728	allahsikiciss.exe	29
PID 1728 wrote to memory of 668	1728	allahsikiciss.exe	29
PID 1728 wrote to memory of 668	1728	allahsikiciss.exe	29
PID 1728 wrote to memory of 668	1728	allahsikiciss.exe	29
PID 1728 wrote to memory of 668	1728	allahsikiciss.exe	29
PID 1728 wrote to memory of 668	1728	allahsikiciss.exe	29
PID 1728 wrote to memory of 668	1728	allahsikiciss.exe	29
PID 1728 wrote to memory of 668	1728	allahsikiciss.exe	29
PID 1728 wrote to memory of 668	1728	allahsikiciss.exe	29
PID 1728 wrote to memory of 668	1728	allahsikiciss.exe	29
PID 1728 wrote to memory of 668	1728	allahsikiciss.exe	29
PID 1728 wrote to memory of 668	1728	allahsikiciss.exe	29
PID 1728 wrote to memory of 668	1728	allahsikiciss.exe	29
PID 1728 wrote to memory of 668	1728	allahsikiciss.exe	29
PID 1728 wrote to memory of 668	1728	allahsikiciss.exe	29
PID 1728 wrote to memory of 1008	1728	allahsikiciss.exe	30
PID 1728 wrote to memory of 1008	1728	allahsikiciss.exe	30
PID 1728 wrote to memory of 1008	1728	allahsikiciss.exe	30
PID 1728 wrote to memory of 1008	1728	allahsikiciss.exe	30
PID 1728 wrote to memory of 1936	1728	allahsikiciss.exe	31
PID 1728 wrote to memory of 1936	1728	allahsikiciss.exe	31
PID 1728 wrote to memory of 1936	1728	allahsikiciss.exe	31
PID 1728 wrote to memory of 1936	1728	allahsikiciss.exe	31

C:\Users\Admin\AppData\Local\Temp\Lazzarus_Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Lazzarus_Setup.exe"
1⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2032
- C:\Users\Admin\AppData\Local\Temp\2OIou9VACdHURkjqxEXk12BwuOa\allahsikiciss.exe
  C:\Users\Admin\AppData\Local\Temp\2OIou9VACdHURkjqxEXk12BwuOa\allahsikiciss.exe
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1728
- - C:\Users\Admin\AppData\Local\Temp\2OIou9VACdHURkjqxEXk12BwuOa\allahsikiciss.exe
    "C:\Users\Admin\AppData\Local\Temp\2OIou9VACdHURkjqxEXk12BwuOa\allahsikiciss.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=928 --field-trial-handle=1060,i,10930569270769985022,2925072927973492808,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    - Executes dropped EXE
    PID:668
- - C:\Users\Admin\AppData\Local\Temp\2OIou9VACdHURkjqxEXk12BwuOa\allahsikiciss.exe
    "C:\Users\Admin\AppData\Local\Temp\2OIou9VACdHURkjqxEXk12BwuOa\allahsikiciss.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --mojo-platform-channel-handle=1292 --field-trial-handle=1060,i,10930569270769985022,2925072927973492808,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1008
- - C:\Users\Admin\AppData\Local\Temp\2OIou9VACdHURkjqxEXk12BwuOa\allahsikiciss.exe
    "C:\Users\Admin\AppData\Local\Temp\2OIou9VACdHURkjqxEXk12BwuOa\allahsikiciss.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --app-path="C:\Users\Admin\AppData\Local\Temp\2OIou9VACdHURkjqxEXk12BwuOa\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1524 --field-trial-handle=1060,i,10930569270769985022,2925072927973492808,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1936

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\2OIou9VACdHURkjqxEXk12BwuOa\allahsikiciss.exe

Filesize
127.7MB

MD5
c1768f56ff0577cc2ef03b5b52ce80ae

SHA1
3f09f34fc76fe577dfd379c94ac47517f529861e

SHA256
09cfc244db61179cd7becc1273b1d8d468b7fc240a270bd8f59af64a5012536b

SHA512
7aa638af5132461a3ccbd1bbd9b3f7a558c3ffa3d1628135b0710d987ef7f0bd05d11cd1a56b40bc47961a792646e672939b757869613bc84b60afaf2dff17d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\2OIou9VACdHURkjqxEXk12BwuOa\allahsikiciss.exe

Filesize
127.7MB

MD5
c1768f56ff0577cc2ef03b5b52ce80ae

SHA1
3f09f34fc76fe577dfd379c94ac47517f529861e

SHA256
09cfc244db61179cd7becc1273b1d8d468b7fc240a270bd8f59af64a5012536b

SHA512
7aa638af5132461a3ccbd1bbd9b3f7a558c3ffa3d1628135b0710d987ef7f0bd05d11cd1a56b40bc47961a792646e672939b757869613bc84b60afaf2dff17d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\2OIou9VACdHURkjqxEXk12BwuOa\allahsikiciss.exe

Filesize
127.7MB

MD5
c1768f56ff0577cc2ef03b5b52ce80ae

SHA1
3f09f34fc76fe577dfd379c94ac47517f529861e

SHA256
09cfc244db61179cd7becc1273b1d8d468b7fc240a270bd8f59af64a5012536b

SHA512
7aa638af5132461a3ccbd1bbd9b3f7a558c3ffa3d1628135b0710d987ef7f0bd05d11cd1a56b40bc47961a792646e672939b757869613bc84b60afaf2dff17d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\2OIou9VACdHURkjqxEXk12BwuOa\allahsikiciss.exe

Filesize
127.7MB

MD5
c1768f56ff0577cc2ef03b5b52ce80ae

SHA1
3f09f34fc76fe577dfd379c94ac47517f529861e

SHA256
09cfc244db61179cd7becc1273b1d8d468b7fc240a270bd8f59af64a5012536b

SHA512
7aa638af5132461a3ccbd1bbd9b3f7a558c3ffa3d1628135b0710d987ef7f0bd05d11cd1a56b40bc47961a792646e672939b757869613bc84b60afaf2dff17d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\2OIou9VACdHURkjqxEXk12BwuOa\allahsikiciss.exe

Filesize
127.7MB

MD5
c1768f56ff0577cc2ef03b5b52ce80ae

SHA1
3f09f34fc76fe577dfd379c94ac47517f529861e

SHA256
09cfc244db61179cd7becc1273b1d8d468b7fc240a270bd8f59af64a5012536b

SHA512
7aa638af5132461a3ccbd1bbd9b3f7a558c3ffa3d1628135b0710d987ef7f0bd05d11cd1a56b40bc47961a792646e672939b757869613bc84b60afaf2dff17d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\2OIou9VACdHURkjqxEXk12BwuOa\allahsikiciss.exe

Filesize
127.7MB

MD5
c1768f56ff0577cc2ef03b5b52ce80ae

SHA1
3f09f34fc76fe577dfd379c94ac47517f529861e

SHA256
09cfc244db61179cd7becc1273b1d8d468b7fc240a270bd8f59af64a5012536b

SHA512
7aa638af5132461a3ccbd1bbd9b3f7a558c3ffa3d1628135b0710d987ef7f0bd05d11cd1a56b40bc47961a792646e672939b757869613bc84b60afaf2dff17d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\2OIou9VACdHURkjqxEXk12BwuOa\chrome_100_percent.pak

Filesize
126KB

MD5
44a69827d4aa75426f3c577af2f8618e

SHA1
7bdd115425b05414b64dcdb7d980b92ecd3f15b3

SHA256
bca4401b578a6ac0fe793e8519fed82b5444972b7d6c176ec0369ed13beaad7b

SHA512
5c7bdf1f1deb72c79b860bf48f16c19cb19b4d861c0b6beb585512ad58b1bc4b64e24edfcd97233e5b91dcd0f63ed1c7b278d22ec062fd0dfe28fe49cae52049

Download Submit
C:\Users\Admin\AppData\Local\Temp\2OIou9VACdHURkjqxEXk12BwuOa\chrome_200_percent.pak

Filesize
175KB

MD5
9c379fc04a7bf1a853b14834f58c9f4b

SHA1
c105120fd00001c9ebdf2b3b981ecccb02f8eefb

SHA256
b2c25fb30fee5f04ccdb8bf3c937a667502d266e428425feeb5af964f6167d48

SHA512
f28844dba7780e5f5c9d77ac3d29069dfcd6698447d5723886e510eadd51d6285e06adbda06bf4a69f841afc161c764cb2e5b9ad2c92f0a87176709b4acd2c13

Download Submit
C:\Users\Admin\AppData\Local\Temp\2OIou9VACdHURkjqxEXk12BwuOa\debug.log

Filesize
524B

MD5
524fe1c6363fb813134cbe29bab74121

SHA1
cb4200252f8bd369f8da5e063d997b528097d075

SHA256
0b080d2b3b0f300e0bd76cd069b4d117d9f675debbfb2735bb2d8a3560b35000

SHA512
406c89c19cda112747765d51eac16e7f0f86df2cd15dce3a68dcd3308c55a72bc5d8184d53bce04d1bd917d46789cca3a616cf3fef7cc70c0a78c00c021b3f66

Download Submit
C:\Users\Admin\AppData\Local\Temp\2OIou9VACdHURkjqxEXk12BwuOa\ffmpeg.dll

Filesize
2.4MB

MD5
2132fad8315a47284cb3ffc75b318b28

SHA1
1f41e3b2dbb2dd2f59f3a278bdae715c15a5948a

SHA256
5923c9159b33f5645741afef4550a7c3a57283cb6c22b95b677c8d4799d3db29

SHA512
f5eeabda49d1938a24a5c8859ca2707368ce874bcee57c658d8b1013572b92687de92159df6b3db0f19e46ae9809873103beba50233b2925ef6ae76855011945

Download Submit
C:\Users\Admin\AppData\Local\Temp\2OIou9VACdHURkjqxEXk12BwuOa\icudtl.dat

Filesize
10.0MB

MD5
cf9421b601645bda331c7136a0a9c3f8

SHA1
9950d66df9022f1caa941ab0e9647636f7b7a286

SHA256
8d8a74ca376338623170d59c455476218d5a667d5991a52556aa9c9a70ebc5e5

SHA512
bc9601e2b4ab28130bfadfd6f61b3ed500deb0bd235dc5ca94999c09f59d10bdcbf278869a9802f918830041f620c88e2c3b506608ade661db48ccd84c1977eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\2OIou9VACdHURkjqxEXk12BwuOa\resources\app.asar

Filesize
52.3MB

MD5
16729de8ad5731364dad9b7869ecbee4

SHA1
a5e09fbcf19f227d1d4a061618f548fc3623d81d

SHA256
a3637fde03be3f715d80b13d76e3745e7c9cfc9d5d2677b0a6a079e50d576395

SHA512
506ab5a82c3ba68ac094bf468291b37483db9211a7700b84bb29e43b7894e3a84ca2f4fd1e125b7f8e780c8f201ba13a45f28a0bb73241083570278737171a83

Download Submit
C:\Users\Admin\AppData\Local\Temp\2OIou9VACdHURkjqxEXk12BwuOa\v8_context_snapshot.bin

Filesize
590KB

MD5
60beed67e605fdbe79d2735f59113a93

SHA1
6cd5625c6dfb8a16b619490890e38c6da902b43e

SHA256
ffc7423ee2a75a420118465181e9307c6b7b2df5e40d7e4018dec07a9c6bab11

SHA512
1f4bff04464fab0c149344529903aa805c7c03b7f8c21b5f959c7c7ff11802d07079e069d3b8e8a63f409a4541b3aac4b695c535228c4a89b15c8033567d645f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy1595.tmp\7z-out\chrome_100_percent.pak

Filesize
126KB

MD5
44a69827d4aa75426f3c577af2f8618e

SHA1
7bdd115425b05414b64dcdb7d980b92ecd3f15b3

SHA256
bca4401b578a6ac0fe793e8519fed82b5444972b7d6c176ec0369ed13beaad7b

SHA512
5c7bdf1f1deb72c79b860bf48f16c19cb19b4d861c0b6beb585512ad58b1bc4b64e24edfcd97233e5b91dcd0f63ed1c7b278d22ec062fd0dfe28fe49cae52049

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy1595.tmp\7z-out\chrome_200_percent.pak

Filesize
175KB

MD5
9c379fc04a7bf1a853b14834f58c9f4b

SHA1
c105120fd00001c9ebdf2b3b981ecccb02f8eefb

SHA256
b2c25fb30fee5f04ccdb8bf3c937a667502d266e428425feeb5af964f6167d48

SHA512
f28844dba7780e5f5c9d77ac3d29069dfcd6698447d5723886e510eadd51d6285e06adbda06bf4a69f841afc161c764cb2e5b9ad2c92f0a87176709b4acd2c13

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy1595.tmp\7z-out\d3dcompiler_47.dll

Filesize
3.9MB

MD5
ab3be0c427c6e405fad496db1545bd61

SHA1
76012f31db8618624bc8b563698b2669365e49cb

SHA256
827d12e4ed62520b663078bbf26f95dfd106526e66048cf75b5c9612b2fb7ce6

SHA512
d1dc2ec77c770c5da99e688d799f88b1e585f8dcf63e6876e237fe7fce6e23b528e6a5ef94ffc68283c60ae4e465ff19d3fd6f2fae5de4504b5479d68cbc4dba

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy1595.tmp\7z-out\ffmpeg.dll

Filesize
2.4MB

MD5
2132fad8315a47284cb3ffc75b318b28

SHA1
1f41e3b2dbb2dd2f59f3a278bdae715c15a5948a

SHA256
5923c9159b33f5645741afef4550a7c3a57283cb6c22b95b677c8d4799d3db29

SHA512
f5eeabda49d1938a24a5c8859ca2707368ce874bcee57c658d8b1013572b92687de92159df6b3db0f19e46ae9809873103beba50233b2925ef6ae76855011945

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy1595.tmp\7z-out\icudtl.dat

Filesize
10.0MB

MD5
cf9421b601645bda331c7136a0a9c3f8

SHA1
9950d66df9022f1caa941ab0e9647636f7b7a286

SHA256
8d8a74ca376338623170d59c455476218d5a667d5991a52556aa9c9a70ebc5e5

SHA512
bc9601e2b4ab28130bfadfd6f61b3ed500deb0bd235dc5ca94999c09f59d10bdcbf278869a9802f918830041f620c88e2c3b506608ade661db48ccd84c1977eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy1595.tmp\7z-out\libEGL.dll

Filesize
367KB

MD5
5c70cc094fc6e108a5689c88f1144a51

SHA1
460b668e4301e774b79b182756db25fb0b7c206e

SHA256
c99a051b9d73bc638d593561ea7ed499db689420b51d5945a618579a26cb0b42

SHA512
3943bb1bbbe683a4d2a43609d78dec9b70b58f542f88aa783080732201650b38bd0a3e6936439cfadc211c51512da9680999d6e4f7deb077096988b6878124e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy1595.tmp\7z-out\libGLESv2.dll

Filesize
6.2MB

MD5
7b2ce44ad89a57b1183d36e89fd0357f

SHA1
178f7ed96f5c879b08729acff45bc50cd2ed64c7

SHA256
9072dc08a094f4669e50ac1d062e1e0ee53714eec67a2e7fc0dd2de832239701

SHA512
9d2909023d60564c8ab65cb1668e52b715c37df22bef480e5efa3218b1fad8777acaeae7a17b385e2dda2f3dc0e051ec157ec73b56cef1aff2b8a2281ef7ba41

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy1595.tmp\7z-out\resources\app.asar

Filesize
52.3MB

MD5
16729de8ad5731364dad9b7869ecbee4

SHA1
a5e09fbcf19f227d1d4a061618f548fc3623d81d

SHA256
a3637fde03be3f715d80b13d76e3745e7c9cfc9d5d2677b0a6a079e50d576395

SHA512
506ab5a82c3ba68ac094bf468291b37483db9211a7700b84bb29e43b7894e3a84ca2f4fd1e125b7f8e780c8f201ba13a45f28a0bb73241083570278737171a83

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy1595.tmp\7z-out\resources\elevate.exe

Filesize
105KB

MD5
792b92c8ad13c46f27c7ced0810694df

SHA1
d8d449b92de20a57df722df46435ba4553ecc802

SHA256
9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37

SHA512
6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy1595.tmp\7z-out\snapshot_blob.bin

Filesize
290KB

MD5
c2cf86c9046343131080edf914f69eba

SHA1
10bb7f1a96fdbcd4d5cd7a0ec2477f3c0354eed7

SHA256
7209863f22740b465301ce82919a042df5dbb7a7c50828643c9cd2e1e8802496

SHA512
d78ffcdcc9ca77c1405f3e98ba5b5b7a56c39bd06d923f39a4df9e56aba3af8afd1ebd8f09a85b5f2c71c9c2e5843d9e724ca3475693966dcfab1c7703c6c06d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy1595.tmp\7z-out\v8_context_snapshot.bin

Filesize
590KB

MD5
60beed67e605fdbe79d2735f59113a93

SHA1
6cd5625c6dfb8a16b619490890e38c6da902b43e

SHA256
ffc7423ee2a75a420118465181e9307c6b7b2df5e40d7e4018dec07a9c6bab11

SHA512
1f4bff04464fab0c149344529903aa805c7c03b7f8c21b5f959c7c7ff11802d07079e069d3b8e8a63f409a4541b3aac4b695c535228c4a89b15c8033567d645f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy1595.tmp\7z-out\vk_swiftshader.dll

Filesize
4.2MB

MD5
dd3a757828c6cc214fac84486f69ba8e

SHA1
5f79beada6f80c903b5d1c04f0eb30e8acd396a2

SHA256
baf14a4d3a28ac7ceab2a750a49bbc5d3259856c16ee160a444b92b8de908e9c

SHA512
9d4943c76f828bb61162517acc50cb34cb181f155e8ddcaa293f493354789fa3ace21eabca833d407aa0c83b89fa7661cb6739f147c3002972d1db364ab4828e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy1595.tmp\7z-out\vk_swiftshader_icd.json

Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy1595.tmp\7z-out\vulkan-1.dll

Filesize
744KB

MD5
bb7496239e0f1b44c935df3954c3fc42

SHA1
d063da60766682cf40b690bc03094e5c7ebd8669

SHA256
e125930a96f0bcb36287932ceb3676d44e5c5e6a9e8ab6ca6ca60faa833f3d9c

SHA512
7b8fecee987d1f551f1d66446348c62601784977ccdca302f5173f049972271f341ec05a0de6c1eee4f2e8cb761538dd7cea03d1364920a5b1dddf02a397a324

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy1595.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Local Storage\leveldb\CURRENT~RF6c8759.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
\Users\Admin\AppData\Local\Temp\2OIou9VACdHURkjqxEXk12BwuOa\allahsikiciss.exe

Filesize
127.7MB

MD5
c1768f56ff0577cc2ef03b5b52ce80ae

SHA1
3f09f34fc76fe577dfd379c94ac47517f529861e

SHA256
09cfc244db61179cd7becc1273b1d8d468b7fc240a270bd8f59af64a5012536b

SHA512
7aa638af5132461a3ccbd1bbd9b3f7a558c3ffa3d1628135b0710d987ef7f0bd05d11cd1a56b40bc47961a792646e672939b757869613bc84b60afaf2dff17d7

Download Submit
\Users\Admin\AppData\Local\Temp\2OIou9VACdHURkjqxEXk12BwuOa\allahsikiciss.exe

Filesize
127.7MB

MD5
c1768f56ff0577cc2ef03b5b52ce80ae

SHA1
3f09f34fc76fe577dfd379c94ac47517f529861e

SHA256
09cfc244db61179cd7becc1273b1d8d468b7fc240a270bd8f59af64a5012536b

SHA512
7aa638af5132461a3ccbd1bbd9b3f7a558c3ffa3d1628135b0710d987ef7f0bd05d11cd1a56b40bc47961a792646e672939b757869613bc84b60afaf2dff17d7

Download Submit
\Users\Admin\AppData\Local\Temp\2OIou9VACdHURkjqxEXk12BwuOa\allahsikiciss.exe

Filesize
127.7MB

MD5
c1768f56ff0577cc2ef03b5b52ce80ae

SHA1
3f09f34fc76fe577dfd379c94ac47517f529861e

SHA256
09cfc244db61179cd7becc1273b1d8d468b7fc240a270bd8f59af64a5012536b

SHA512
7aa638af5132461a3ccbd1bbd9b3f7a558c3ffa3d1628135b0710d987ef7f0bd05d11cd1a56b40bc47961a792646e672939b757869613bc84b60afaf2dff17d7

Download Submit
\Users\Admin\AppData\Local\Temp\2OIou9VACdHURkjqxEXk12BwuOa\allahsikiciss.exe

Filesize
127.7MB

MD5
c1768f56ff0577cc2ef03b5b52ce80ae

SHA1
3f09f34fc76fe577dfd379c94ac47517f529861e

SHA256
09cfc244db61179cd7becc1273b1d8d468b7fc240a270bd8f59af64a5012536b

SHA512
7aa638af5132461a3ccbd1bbd9b3f7a558c3ffa3d1628135b0710d987ef7f0bd05d11cd1a56b40bc47961a792646e672939b757869613bc84b60afaf2dff17d7

Download Submit
\Users\Admin\AppData\Local\Temp\2OIou9VACdHURkjqxEXk12BwuOa\ffmpeg.dll

Filesize
2.4MB

MD5
2132fad8315a47284cb3ffc75b318b28

SHA1
1f41e3b2dbb2dd2f59f3a278bdae715c15a5948a

SHA256
5923c9159b33f5645741afef4550a7c3a57283cb6c22b95b677c8d4799d3db29

SHA512
f5eeabda49d1938a24a5c8859ca2707368ce874bcee57c658d8b1013572b92687de92159df6b3db0f19e46ae9809873103beba50233b2925ef6ae76855011945

Download Submit
\Users\Admin\AppData\Local\Temp\2OIou9VACdHURkjqxEXk12BwuOa\ffmpeg.dll

Filesize
2.4MB

MD5
2132fad8315a47284cb3ffc75b318b28

SHA1
1f41e3b2dbb2dd2f59f3a278bdae715c15a5948a

SHA256
5923c9159b33f5645741afef4550a7c3a57283cb6c22b95b677c8d4799d3db29

SHA512
f5eeabda49d1938a24a5c8859ca2707368ce874bcee57c658d8b1013572b92687de92159df6b3db0f19e46ae9809873103beba50233b2925ef6ae76855011945

Download Submit
\Users\Admin\AppData\Local\Temp\2OIou9VACdHURkjqxEXk12BwuOa\ffmpeg.dll

Filesize
2.4MB

MD5
2132fad8315a47284cb3ffc75b318b28

SHA1
1f41e3b2dbb2dd2f59f3a278bdae715c15a5948a

SHA256
5923c9159b33f5645741afef4550a7c3a57283cb6c22b95b677c8d4799d3db29

SHA512
f5eeabda49d1938a24a5c8859ca2707368ce874bcee57c658d8b1013572b92687de92159df6b3db0f19e46ae9809873103beba50233b2925ef6ae76855011945

Download Submit
\Users\Admin\AppData\Local\Temp\e6f025ee-732d-4edc-a2a3-caa14d54f6fd.tmp.node

Filesize
120KB

MD5
aa7eb1ed50471e76e52494e9ecf56e88

SHA1
b5cdfc7ca8fdfae7be282852d206966dcb88700d

SHA256
1544875269095605b5ef42195f86e785972cb6bef187a39fc388f46b6beb2ba2

SHA512
37b5714542b4cafc88646e535f8b55b5a0d0afeb5aa4c39624494d37727c9763f903a24c7844c03736aabede062f226bd90e8c99edfd657742a9f61379d5ecff

Download Submit
\Users\Admin\AppData\Local\Temp\nsy1595.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
\Users\Admin\AppData\Local\Temp\nsy1595.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
\Users\Admin\AppData\Local\Temp\nsy1595.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
memory/668-195-0x00000000008E0000-0x00000000008E1000-memory.dmp

Filesize
4KB

Download
memory/1728-261-0x000000000A7F0000-0x000000000A7F1000-memory.dmp

Filesize
4KB

Download