Analysis

  • max time kernel
    258s
  • max time network
    247s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-02-2024 12:18

General

  • Target

    https://www.thegamesdownload.biz/pc/rise-of-the-tomb-raider-game-d/

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://technologyenterdo.shop/api

https://detectordiscusser.shop/api

https://turkeyunlikelyofw.shop/api

https://associationokeo.shop/api

Signatures

  • Lumma Stealer

    An infostealer written in C++ first seen in August 2022.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 16 IoCs
  • Suspicious use of SetThreadContext 2 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.thegamesdownload.biz/pc/rise-of-the-tomb-raider-game-d/
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2104
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcf3849758,0x7ffcf3849768,0x7ffcf3849778
      2⤵
        PID:3964
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1888,i,14343496128453320741,10385306135195046076,131072 /prefetch:2
        2⤵
          PID:2764
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1888,i,14343496128453320741,10385306135195046076,131072 /prefetch:8
          2⤵
            PID:1876
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2192 --field-trial-handle=1888,i,14343496128453320741,10385306135195046076,131072 /prefetch:8
            2⤵
              PID:4372
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3076 --field-trial-handle=1888,i,14343496128453320741,10385306135195046076,131072 /prefetch:1
              2⤵
                PID:2184
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3064 --field-trial-handle=1888,i,14343496128453320741,10385306135195046076,131072 /prefetch:1
                2⤵
                  PID:5008
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 --field-trial-handle=1888,i,14343496128453320741,10385306135195046076,131072 /prefetch:8
                  2⤵
                    PID:1148
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5080 --field-trial-handle=1888,i,14343496128453320741,10385306135195046076,131072 /prefetch:8
                    2⤵
                      PID:2340
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5148 --field-trial-handle=1888,i,14343496128453320741,10385306135195046076,131072 /prefetch:1
                      2⤵
                        PID:440
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5492 --field-trial-handle=1888,i,14343496128453320741,10385306135195046076,131072 /prefetch:1
                        2⤵
                          PID:1968
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5604 --field-trial-handle=1888,i,14343496128453320741,10385306135195046076,131072 /prefetch:1
                          2⤵
                            PID:1856
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3164 --field-trial-handle=1888,i,14343496128453320741,10385306135195046076,131072 /prefetch:1
                            2⤵
                              PID:1376
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5292 --field-trial-handle=1888,i,14343496128453320741,10385306135195046076,131072 /prefetch:1
                              2⤵
                                PID:1964
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5576 --field-trial-handle=1888,i,14343496128453320741,10385306135195046076,131072 /prefetch:1
                                2⤵
                                  PID:5016
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5592 --field-trial-handle=1888,i,14343496128453320741,10385306135195046076,131072 /prefetch:8
                                  2⤵
                                    PID:4432
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1768 --field-trial-handle=1888,i,14343496128453320741,10385306135195046076,131072 /prefetch:8
                                    2⤵
                                      PID:2292
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5616 --field-trial-handle=1888,i,14343496128453320741,10385306135195046076,131072 /prefetch:8
                                      2⤵
                                        PID:1936
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6424 --field-trial-handle=1888,i,14343496128453320741,10385306135195046076,131072 /prefetch:8
                                        2⤵
                                          PID:1476
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5272 --field-trial-handle=1888,i,14343496128453320741,10385306135195046076,131072 /prefetch:2
                                          2⤵
                                          • Suspicious behavior: EnumeratesProcesses
                                          PID:4008
                                      • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                        "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                        1⤵
                                          PID:1108
                                        • C:\Windows\system32\AUDIODG.EXE
                                          C:\Windows\system32\AUDIODG.EXE 0x514 0x4ec
                                          1⤵
                                          • Suspicious use of AdjustPrivilegeToken
                                          PID:2320
                                        • C:\Windows\System32\rundll32.exe
                                          C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                          1⤵
                                            PID:2336
                                          • C:\Program Files\7-Zip\7zFM.exe
                                            "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_@File_2255_P@ssWord#.zip\Full_Set_Up_File\@File_2255_P@ssWord#.rar"
                                            1⤵
                                            • Suspicious use of FindShellTrayWindow
                                            PID:3296
                                          • C:\Program Files\7-Zip\7zFM.exe
                                            "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_@File_2255_P@ssWord# (1).zip\Full_Set_Up_File\@File_2255_P@ssWord#.rar"
                                            1⤵
                                            • Modifies registry class
                                            • Suspicious behavior: GetForegroundWindowSpam
                                            • Suspicious use of FindShellTrayWindow
                                            PID:4640
                                          • C:\Users\Admin\Desktop\New folder\Setup-File.exe
                                            "C:\Users\Admin\Desktop\New folder\Setup-File.exe"
                                            1⤵
                                            • Executes dropped EXE
                                            • Loads dropped DLL
                                            • Suspicious use of SetThreadContext
                                            • Suspicious behavior: EnumeratesProcesses
                                            • Suspicious behavior: MapViewOfSection
                                            PID:1976
                                            • C:\Windows\SysWOW64\cmd.exe
                                              C:\Windows\SysWOW64\cmd.exe
                                              2⤵
                                              • Suspicious behavior: EnumeratesProcesses
                                              • Suspicious behavior: MapViewOfSection
                                              PID:4460
                                              • C:\Users\Admin\AppData\Local\Temp\win_rtm.090713-1255.exe
                                                C:\Users\Admin\AppData\Local\Temp\win_rtm.090713-1255.exe
                                                3⤵
                                                • Loads dropped DLL
                                                PID:2688
                                          • C:\Windows\system32\taskmgr.exe
                                            "C:\Windows\system32\taskmgr.exe" /4
                                            1⤵
                                            • Checks SCSI registry key(s)
                                            • Suspicious behavior: EnumeratesProcesses
                                            • Suspicious use of FindShellTrayWindow
                                            • Suspicious use of SendNotifyMessage
                                            PID:4872
                                          • C:\Users\Admin\Desktop\New folder\Setup-File.exe
                                            "C:\Users\Admin\Desktop\New folder\Setup-File.exe"
                                            1⤵
                                            • Executes dropped EXE
                                            • Loads dropped DLL
                                            • Suspicious use of SetThreadContext
                                            • Suspicious behavior: EnumeratesProcesses
                                            • Suspicious behavior: MapViewOfSection
                                            PID:912
                                            • C:\Windows\SysWOW64\cmd.exe
                                              C:\Windows\SysWOW64\cmd.exe
                                              2⤵
                                              • Suspicious behavior: MapViewOfSection
                                              PID:4696
                                              • C:\Users\Admin\AppData\Local\Temp\win_rtm.090713-1255.exe
                                                C:\Users\Admin\AppData\Local\Temp\win_rtm.090713-1255.exe
                                                3⤵
                                                • Loads dropped DLL
                                                PID:1596

                                          Network

                                          MITRE ATT&CK Enterprise v15

                                          Replay Monitor

                                          Loading Replay Monitor...

                                          Downloads

                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000030

                                            Filesize

                                            17KB

                                            MD5

                                            950eca48e414acbe2c3b5d046dcb8521

                                            SHA1

                                            1731f264e979f18cdf08c405c7b7d32789a6fb59

                                            SHA256

                                            c0bbe530abfce19e06697bc4358eb426e076ccdb9113e22df4a6f32085da67a2

                                            SHA512

                                            27e55525ade4d099a6881011f6e2e0d5d3a9ca7181f4f014dc231d40b3b1907d0d437b0c44d336c25dd7b73209cd773b8563675ac260c43c7752e2d2d694d4d9

                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                            Filesize

                                            504B

                                            MD5

                                            ee6e421e60cea230e2270bd8d1a36207

                                            SHA1

                                            b7a145b78a4e67796f9c7b07e912fca5c5cb5443

                                            SHA256

                                            8b723d4ea4f861aa24bf76ab6133062b8d01f7d70027d14586c8e873534dbe1e

                                            SHA512

                                            b4c3853864b700992b4fa2f825c410ecb2b750a71c02ead530b5ae8ae5dc6590aa828b6d0e51b09e08e775c9dc297d122993b3bcc2fd19ef4e30eeba948595bf

                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                            Filesize

                                            504B

                                            MD5

                                            11ad5f4827923bf2771479d06822243c

                                            SHA1

                                            58aa6f5c4b529f7f965f7c9944a23cb051e874b0

                                            SHA256

                                            b39b2789050960be0fbb98eb30d827b6dbc9a5792404047e34d8d5f11d7183c4

                                            SHA512

                                            69ba5bafe7e355ffb56d0cfd7690d7f03a1abd44e98b0ecd471703c28a9ad23c7f9e123d5bd9a57b99f4050e35e34346263342d3f63821db62522e9387fff48c

                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\MANIFEST-000001

                                            Filesize

                                            41B

                                            MD5

                                            5af87dfd673ba2115e2fcf5cfdb727ab

                                            SHA1

                                            d5b5bbf396dc291274584ef71f444f420b6056f1

                                            SHA256

                                            f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                            SHA512

                                            de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

                                            Filesize

                                            16B

                                            MD5

                                            46295cac801e5d4857d09837238a6394

                                            SHA1

                                            44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                            SHA256

                                            0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                            SHA512

                                            8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\MANIFEST-000001

                                            Filesize

                                            23B

                                            MD5

                                            3fd11ff447c1ee23538dc4d9724427a3

                                            SHA1

                                            1335e6f71cc4e3cf7025233523b4760f8893e9c9

                                            SHA256

                                            720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

                                            SHA512

                                            10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                            Filesize

                                            4KB

                                            MD5

                                            07c60b42a25d94a7ea6c458f0d064280

                                            SHA1

                                            449ab1d1ebc369b7fdaa8fd384da0e753a8ab14b

                                            SHA256

                                            dc104e3aaf5b5ce774e7d232d47a716964654321155eecbb835a53ee7e721d9c

                                            SHA512

                                            b87f1063562ff504a927fc414e4e7e7d5d4909b702d054d70906c933e2f279dc8bafcefb914fdc8808809760bca60e87ae981c70db29229d08291bdd7623f59e

                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                            Filesize

                                            4KB

                                            MD5

                                            af489e0c261437aec5707be4130d3ae8

                                            SHA1

                                            d0dad5de4a26e92f714ddc8b8716ce78245bfe70

                                            SHA256

                                            9400266dfae9735d45a4fa2870583fc31577ec22e9ae3ef1089092e65c95ab57

                                            SHA512

                                            63e6babe06cf1fa3ea76b9153b36acfb8a0accefb342ed0413ca4dccc6a3128e8a2e38448cd262197c7a247dbd2e35ddc2e19e9357c0421c879cab4e4499cef9

                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                            Filesize

                                            1KB

                                            MD5

                                            dea595e7fd6c95bb23e54db918cddf67

                                            SHA1

                                            ca89b1812cac35d2035b2de5a246c3a52464b6fc

                                            SHA256

                                            91c025de685becb4e522616a049958e7e55d4d1d10b5e101e0a03d26773759df

                                            SHA512

                                            e02d9eb3141f81b4bc181fd3a0d9894f11307719cf8e3a691f8d218441f1d227466d196909c49f34fc5534f4f9e7cb5cb70313c6525d5ad1e4b2bce8ced9e30e

                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                            Filesize

                                            1KB

                                            MD5

                                            4460ee387f390ef8f685b7f077c24c4e

                                            SHA1

                                            56779d781d1ed1bb24888eb46d7b30dafa81cca3

                                            SHA256

                                            58aadcc3ced098a28f629f5eb4b59673d228db27539fef42d6287ea68b92a42a

                                            SHA512

                                            5a6a43684a0035a73ef77b50e329f56b9156c0b328c3d87ef7369ad5de95d9bae0cd1da1c295641abf10366df8cb6fa40d8daffc9a3131d48a819c9b36fe09ce

                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                            Filesize

                                            1KB

                                            MD5

                                            55fc76588e5cfe4a11855a6265ee94d7

                                            SHA1

                                            a85e71ed9f15bcd8c4aa3050312569559b856268

                                            SHA256

                                            d1be349d20f6ce7f68507c19a0186102f050ba13e4888c8ceb8eb5e4d63dc688

                                            SHA512

                                            289e8cadecfd71d37be72cf9f3a45f22ee6dd8cdf8e7f136b5c11c5422d4f628e1adedde5f028c7bd8e8eba4aa22bbca5259e6c6763a5b932c35479217a2e633

                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                            Filesize

                                            6KB

                                            MD5

                                            a5dd84ba7b48683ae686439a18197749

                                            SHA1

                                            ffb1a71c6b1febe1f458b15bdd445dbe72b09a45

                                            SHA256

                                            869d46b1a3ec30d59e635d8ba2c43310da9313569f0c435736b29bd1785ad80c

                                            SHA512

                                            2edc9b8ecdc86d91568e85f9d970077bcc61bcaa3140681c36f5249ae3a3a5b3b20d361e53b91f2ca0745326294c5054b2d43591144630d28efdf15c6dcbfd9d

                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                            Filesize

                                            7KB

                                            MD5

                                            49e22ee6dc7631ba61631195ea70fa35

                                            SHA1

                                            b077da696629088a586779ed65bdd67319bea7d9

                                            SHA256

                                            d22340c7e6438862e1f74da24ab29c786c2db7cf346ff02717836c1343ccdd45

                                            SHA512

                                            7fee6b4a919252f0507791261416a07c3da069b4cf96ee65c4e13d8e5c0726572f194daa772d1a9f36221caada62eed6f51667f97a0256d37ce5380cea9c245b

                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                            Filesize

                                            7KB

                                            MD5

                                            cb7c8573594b8eee127e9e069ef94d54

                                            SHA1

                                            86ec77b96578e18074c0bf75f53ebb28c2724d63

                                            SHA256

                                            5c3290e1bcd43b23e950484698008b757f6f022343902af4ffdb70908336287d

                                            SHA512

                                            de65fc1800523b37e410686f0e5988907a1c267f4237096a6424b59e102ebdd8b55e5ec97017f8e316958ee66f1fcf0ec5ef21d808ff0ec4d893970e4d76db9d

                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                            Filesize

                                            7KB

                                            MD5

                                            dd66fa83cff5eb31ee678f0b8a9da555

                                            SHA1

                                            f675f7eec7275985d306db72f2dd4fe9ef0ebb8f

                                            SHA256

                                            daf8d174e9291dc615a49f5d8bb8a2380e662811337bed6c7ab57e2472d747ba

                                            SHA512

                                            df3434f7481d03124b3bce11f492475c733e03e4712a186fe281bb753acd0b97f4346a63d978f328f004497aff5ed9aa70f230a6d08f4170bf3d85e3e06305fd

                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                            Filesize

                                            7KB

                                            MD5

                                            d68225333a40e1421daa9d6a54fa2897

                                            SHA1

                                            eec550f00e8bb0da69346cb831e204a331652095

                                            SHA256

                                            ecc652d87e22f6b68a67047c1811d6a73520c6e5ef1871ae299008325caffdcd

                                            SHA512

                                            2fe8f44cea5a0b96cc02dc66618d8cba4add14cd0848a560a104a7620f3cda42afccaffea041419c97d241dee92714a560fbfb62cd9b428eac6d9ccb09e4ad81

                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                                            Filesize

                                            72B

                                            MD5

                                            b4f1f96c8c7ce409caaf94b7f085fe32

                                            SHA1

                                            7a709d1d26235025bbde943b2c2c583d22e69a86

                                            SHA256

                                            0df729be37491a9374e1d7a19ecf8aafd33485e28e7770319848e82cee98c2fa

                                            SHA512

                                            49f9c04a67a1b2c1274d4130ee54fdc7f4a1f14ac4e955f645836d4bf9b897ec1a1ec9e882411fa19879a32f8bbb8bd2a113ef8cc2a876c3512a0171e95c4b48

                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5815f4.TMP

                                            Filesize

                                            48B

                                            MD5

                                            4b994e4080dbf2b31f24de2f3ccacfc4

                                            SHA1

                                            243a32426713ba00d6c72d358034fc13f578c7e0

                                            SHA256

                                            2c9e1ef1b2ef43134c70e8bbe2f94cbe5892b5b3cfa8c3753ae3ffdd4aba6059

                                            SHA512

                                            5d2350e4d0e81bae0e936f57e923170c81a0fd773d9baea0275af47f0539e2733d78a28342fb6ab87f1863067d3893979b757da8185e7d9d5887598c8f96b99b

                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                            Filesize

                                            130KB

                                            MD5

                                            c7f45ea3cff98adfd4e4b6a69f5897ee

                                            SHA1

                                            500444382e0e80b45322dcf28863864201fc53da

                                            SHA256

                                            0f685f77cf3c3ad8c45755fb4759523ae7eb9a17db3682d4b1e7687fcef4b8a7

                                            SHA512

                                            ce7b68d81c6adef879d8e3170937759c10d6766207be732a03cdda1b56ff50225c0cd36223792ef414f9f7a770d5236f8e2c3137b51cd0301654ce472b6146ed

                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                            Filesize

                                            130KB

                                            MD5

                                            a1d2a05294b517ad2d50851c5cd1efb9

                                            SHA1

                                            da5558b0e6991eef9551997ba0d7a3ef80805e63

                                            SHA256

                                            faa1ccb4f300b18c2015b1c67941e2076b5170e17b52ea9de48b97a810a710e6

                                            SHA512

                                            01727caeea0e1a5953cfc5aac2da007e534b14aba56f876ff6498a1dcbd2aa363d338314178a62a34580f60827bcecc29d5e670c341fc9a14ff93868e1cfe7e8

                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                            Filesize

                                            110KB

                                            MD5

                                            7a41f9bd1c0e3764bae68196fdd83907

                                            SHA1

                                            83a8611809d0fb321a1d72f58a492d443a046d7f

                                            SHA256

                                            61a03abf45e34fbbbe7939875769328dae10dc2db7a330fea602982adc2d4af4

                                            SHA512

                                            7d8e6194f8b33077aef2c428c13c183d66adfa98370d1242edded82d8705ebbe0b3a3426e24d31e38dc576858400d64075f479de40185fe81aea751e31d9dfca

                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe582575.TMP

                                            Filesize

                                            101KB

                                            MD5

                                            06f279a60cd025bfd533cc2e42c4241c

                                            SHA1

                                            cfe6e7af9deb19a74fe8d924f7daf56a59176d0a

                                            SHA256

                                            18b31a18a97457bd06d96598aea0b5d5122a21fbcad4c32be1023e61ef732032

                                            SHA512

                                            4b20868b9ce29e81ac724982ac8357949b685f8884ab340c8d47a4107b71458124ba9ea40589e6ed977377a3a943005a270178f90801840a65fff4b7b7e359aa

                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                                            Filesize

                                            2B

                                            MD5

                                            99914b932bd37a50b983c5e7c90ae93b

                                            SHA1

                                            bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                            SHA256

                                            44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                            SHA512

                                            27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                          • C:\Users\Admin\AppData\Local\Temp\29121630

                                            Filesize

                                            984KB

                                            MD5

                                            78ab5743ae6908b507579314d9b288bd

                                            SHA1

                                            7b6408aad20214d133fafc61b092c8167928a148

                                            SHA256

                                            78844d54a0a5c04386960cd11416c20512fa7b0705c8a55a3b7a2bb697872a05

                                            SHA512

                                            c76805617455f2f03d740616f77f40e9c125b724e8358784f49cc69c76838e5c2f7977607c393f3b1ce342c48fe5fe37e19863e2bff626ad70aba82fe4c6da99

                                          • C:\Users\Admin\AppData\Local\Temp\c0458554

                                            Filesize

                                            984KB

                                            MD5

                                            1360863ad01ca3090201a73204618808

                                            SHA1

                                            8a8d20ef56655ea807ae40ebc39b4c06c0a42811

                                            SHA256

                                            d5b0c17e3a4fcfe26ab2be458ebd75bb05f7e5c40d6c8f3bf02168b6ca8280eb

                                            SHA512

                                            63fe9191347e135ffe27ba7c79716d1046403cd997ffd1a2299eb6b853537b6bff5604ba2f1c45cfeb48854719054cf0040514766fa404fba5eadc464be99631

                                          • C:\Users\Admin\AppData\Local\Temp\win_rtm.090713-1255.exe

                                            Filesize

                                            37KB

                                            MD5

                                            53aad2e4026c58223f4282f18954b224

                                            SHA1

                                            350ad08ce6d0f7d3e573b7254c18ba2dfbd4e2be

                                            SHA256

                                            be0f607d5dcf558b16910646b943f0e92da29fcb1590b8e5fb69d53f899b2ca5

                                            SHA512

                                            e9a0ba189e9862871235f3d339adb7de77c8c3a6cc574c9e3216b07ab460529befdd543f54fbacc139d071ea9549427402104b1d37cdacec6895af89590f8338

                                          • C:\Users\Admin\Desktop\New folder\Setup-File.exe

                                            Filesize

                                            63KB

                                            MD5

                                            ae224c5e196ff381836c9e95deebb7d5

                                            SHA1

                                            910446a2a0f4e53307b6fdeb1a3e236c929e2ef4

                                            SHA256

                                            bf933ccf86c55fc328e343b55dbf2e8ebd528e8a0a54f8f659cd0d4b4f261f26

                                            SHA512

                                            f845dbb13b04f76b6823bec48e1c47f96bcbd6d02a834c8b128ac750fe338b53f775ee2a8784e8c443d49dfcb918c5b9d59b5492a1fe18743b8ba65b7d12514c

                                          • C:\Users\Admin\Desktop\New folder\glib-2.0.dll

                                            Filesize

                                            1.0MB

                                            MD5

                                            2c86ec2ba23eb138528d70eef98e9aaf

                                            SHA1

                                            246846a3fe46df492f0887a31f7d52aae4faa71a

                                            SHA256

                                            030983470da06708cc55fd6aca92df199a051922b580db5db55c8cb6b203b51b

                                            SHA512

                                            396a3883fa65d7c3a0af7d607001a6099316a85563147cb34fa9806c9a4b39cfa90c7fa9eb4456399977eb47438d10896d25ed5327ae7aa3e3ae28cd1d13701c

                                          • C:\Users\Admin\Desktop\New folder\gmodule-2.0.dll

                                            Filesize

                                            24KB

                                            MD5

                                            b0a421b1534f3194132ec091780472d8

                                            SHA1

                                            699b1edc2cb19a48999a52a62a57ffc0f48f1a78

                                            SHA256

                                            2d6bc34b38bc0abf0c5e2f40e2513b4df47af57848534e011a76d4e974ad958b

                                            SHA512

                                            ba74654843c5b0f94dfefbed81cbee4c5f360193ef8ea92836c712fbeada39fa8179a51f0849f6c4be23add1ced08f5e25f873c4b0e7533ae647fa2b19b83f98

                                          • C:\Users\Admin\Desktop\New folder\gobject-2.0.dll

                                            Filesize

                                            281KB

                                            MD5

                                            24a7a712160abc3f23f7410b18de85b8

                                            SHA1

                                            a01c3e116b6496c9feaa2951f6f6633bb403c3a1

                                            SHA256

                                            78dd76027e10c17824978db821777fcaa58d7cd5d5eb9d80d6ee817e26b18ab8

                                            SHA512

                                            d1f14a7bd44e1fc9bfc61f0b751ee6e0677322807ce5621206eeef898bab6c71ef1464962b20dc50f706084e53281a0d4b6d9142c6c1170a1e0a5fe4b12171df

                                          • C:\Users\Admin\Desktop\New folder\gthread-2.0.dll

                                            Filesize

                                            31KB

                                            MD5

                                            78cf6611f6928a64b03a57fe218c3cd4

                                            SHA1

                                            c3f167e719aa944af2e80941ac629d39cec22308

                                            SHA256

                                            dbaad965702b89c371462e735dd925c694eda8d8557b280f7264bba992c0e698

                                            SHA512

                                            5caf019a6b75ba0330b8d0b60d362201d4863c0f3d70d2a9c84b6dbea2027d09bc8a6433820f28a41d126c7aaa13dbe126b38dc5c6d14a67ddef402fed9d9b7c

                                          • C:\Users\Admin\Desktop\New folder\iconv.dll

                                            Filesize

                                            1.1MB

                                            MD5

                                            862dfc9bf209a46d6f4874614a6631cc

                                            SHA1

                                            43216aae64df217cba009145b6f9ad5b97fe927a

                                            SHA256

                                            84538f1aacebf9daad9fdb856611ab3d98a6d71c9ec79a8250eee694d2652a8b

                                            SHA512

                                            b0611cd9ad441871cca62291913197257660390fa4ea8a26cb41dc343a8a27ae111762de40c6f50cae3e365d8891500fc6ad0571aa3cd3a77eb83d9d488d19a8

                                          • C:\Users\Admin\Desktop\New folder\intl.dll

                                            Filesize

                                            87KB

                                            MD5

                                            d1a21e38593fddba8e51ed6bf7acf404

                                            SHA1

                                            759f16325f0920933ac977909b7fe261e0e129e6

                                            SHA256

                                            6a64c9cb0904ed48ce0d5cda137fcfd6dd463d84681436ca647b195aa2038a7e

                                            SHA512

                                            3f4390603cd68d949eb938c1599503fb1cbb1b8250638e0985fad2f40f08d5e45ea4a8c149e44a50c6aa9077054387c48f71b53bf06b713ca1e73a3d5a6a6c2e

                                          • C:\Users\Admin\Desktop\New folder\monogyny.ppt

                                            Filesize

                                            755KB

                                            MD5

                                            4a516d58ebbb9d2307640bbaaae5ebcb

                                            SHA1

                                            fad445cf0560b0568284cc8dcd66a9610c5ffa75

                                            SHA256

                                            9f2ffcb4d46535acb5a64e64ebf850fa1e8c66774450a660b1e770124823e1c2

                                            SHA512

                                            4bb6ec86149798e58f007bc02fd86c28060d549893d9da42bfefb7db8087ae25bdcba741f6147281146752024dd6850c412c3fbbce951e7c4a1f411eda7230fa

                                          • C:\Users\Admin\Desktop\New folder\vmtools.dll

                                            Filesize

                                            617KB

                                            MD5

                                            a1c7b8b893a0e413f87d7304409fdb6c

                                            SHA1

                                            54afef7867790fbdca361bd36150bfcb0314171e

                                            SHA256

                                            3de9e8dc56516b31122f36600af63bed34eaa7f330a992f44a0903c588f803c6

                                            SHA512

                                            5bb97dc8a4f22113329e11112114bc06f774bb91b8a16d54d8c505deacb992222aeb763c0677b4c6781bd161b94c3ab92ec99aaea78a9f0fa83e250ce24e59bc

                                          • C:\Users\Admin\Downloads\@File_2255_P@ssWord#.zip

                                            Filesize

                                            18.8MB

                                            MD5

                                            dcdc3dd6fb6b3dfab420c3fdf1e9c76d

                                            SHA1

                                            1a9b10dbe5c5719fe2c4271d13b8fc783658f24f

                                            SHA256

                                            3ad453f7fd898c540b6a83fe2209509ee4dcf96585381c68d41f619cf93bed00

                                            SHA512

                                            5966eb937475d86340a27d2e7afd08d87ea9a86b53de227513228501fac4c6171a343c00e41bef6fa267d0af0cea4e70f60c42f491e413e8b0017f1c6bf464b8

                                          • \??\pipe\crashpad_2104_KNLIFBJTFBFDYFVD

                                            MD5

                                            d41d8cd98f00b204e9800998ecf8427e

                                            SHA1

                                            da39a3ee5e6b4b0d3255bfef95601890afd80709

                                            SHA256

                                            e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                            SHA512

                                            cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                          • memory/912-1536-0x0000000075640000-0x00000000757BB000-memory.dmp

                                            Filesize

                                            1.5MB

                                          • memory/912-1537-0x0000000075640000-0x00000000757BB000-memory.dmp

                                            Filesize

                                            1.5MB

                                          • memory/912-1519-0x00007FFD01D50000-0x00007FFD01F45000-memory.dmp

                                            Filesize

                                            2.0MB

                                          • memory/912-1518-0x0000000075640000-0x00000000757BB000-memory.dmp

                                            Filesize

                                            1.5MB

                                          • memory/912-1517-0x0000000000A90000-0x0000000000AA1000-memory.dmp

                                            Filesize

                                            68KB

                                          • memory/1596-1548-0x00007FFD01D50000-0x00007FFD01F45000-memory.dmp

                                            Filesize

                                            2.0MB

                                          • memory/1976-1465-0x00000000755A0000-0x000000007571B000-memory.dmp

                                            Filesize

                                            1.5MB

                                          • memory/1976-1455-0x00000000755A0000-0x000000007571B000-memory.dmp

                                            Filesize

                                            1.5MB

                                          • memory/1976-1444-0x00000000755A0000-0x000000007571B000-memory.dmp

                                            Filesize

                                            1.5MB

                                          • memory/1976-1445-0x0000000000A90000-0x0000000000AA1000-memory.dmp

                                            Filesize

                                            68KB

                                          • memory/1976-1446-0x00007FFD01D50000-0x00007FFD01F45000-memory.dmp

                                            Filesize

                                            2.0MB

                                          • memory/2688-1504-0x00000000006C0000-0x00000000006C1000-memory.dmp

                                            Filesize

                                            4KB

                                          • memory/2688-1505-0x00000000006C0000-0x00000000006C1000-memory.dmp

                                            Filesize

                                            4KB

                                          • memory/2688-1507-0x00000000000E0000-0x0000000000128000-memory.dmp

                                            Filesize

                                            288KB

                                          • memory/2688-1506-0x00000000006C0000-0x0000000000700000-memory.dmp

                                            Filesize

                                            256KB

                                          • memory/2688-1503-0x0000000000400000-0x000000000040A000-memory.dmp

                                            Filesize

                                            40KB

                                          • memory/2688-1493-0x0000000000400000-0x000000000040A000-memory.dmp

                                            Filesize

                                            40KB

                                          • memory/2688-1492-0x00000000000E0000-0x0000000000128000-memory.dmp

                                            Filesize

                                            288KB

                                          • memory/2688-1491-0x00007FFD01D50000-0x00007FFD01F45000-memory.dmp

                                            Filesize

                                            2.0MB

                                          • memory/4460-1484-0x00000000755A0000-0x000000007571B000-memory.dmp

                                            Filesize

                                            1.5MB

                                          • memory/4460-1488-0x00000000755A0000-0x000000007571B000-memory.dmp

                                            Filesize

                                            1.5MB

                                          • memory/4460-1467-0x00000000755A0000-0x000000007571B000-memory.dmp

                                            Filesize

                                            1.5MB

                                          • memory/4460-1486-0x00000000755A0000-0x000000007571B000-memory.dmp

                                            Filesize

                                            1.5MB

                                          • memory/4460-1469-0x00007FFD01D50000-0x00007FFD01F45000-memory.dmp

                                            Filesize

                                            2.0MB

                                          • memory/4696-1542-0x00007FFD01D50000-0x00007FFD01F45000-memory.dmp

                                            Filesize

                                            2.0MB

                                          • memory/4696-1539-0x0000000075640000-0x00000000757BB000-memory.dmp

                                            Filesize

                                            1.5MB

                                          • memory/4696-1546-0x0000000075640000-0x00000000757BB000-memory.dmp

                                            Filesize

                                            1.5MB

                                          • memory/4696-1544-0x0000000075640000-0x00000000757BB000-memory.dmp

                                            Filesize

                                            1.5MB

                                          • memory/4696-1543-0x0000000075640000-0x00000000757BB000-memory.dmp

                                            Filesize

                                            1.5MB

                                          • memory/4872-1479-0x00000239521B0000-0x00000239521B1000-memory.dmp

                                            Filesize

                                            4KB

                                          • memory/4872-1480-0x00000239521B0000-0x00000239521B1000-memory.dmp

                                            Filesize

                                            4KB

                                          • memory/4872-1481-0x00000239521B0000-0x00000239521B1000-memory.dmp

                                            Filesize

                                            4KB

                                          • memory/4872-1478-0x00000239521B0000-0x00000239521B1000-memory.dmp

                                            Filesize

                                            4KB

                                          • memory/4872-1471-0x00000239521B0000-0x00000239521B1000-memory.dmp

                                            Filesize

                                            4KB

                                          • memory/4872-1472-0x00000239521B0000-0x00000239521B1000-memory.dmp

                                            Filesize

                                            4KB

                                          • memory/4872-1476-0x00000239521B0000-0x00000239521B1000-memory.dmp

                                            Filesize

                                            4KB

                                          • memory/4872-1470-0x00000239521B0000-0x00000239521B1000-memory.dmp

                                            Filesize

                                            4KB

                                          • memory/4872-1482-0x00000239521B0000-0x00000239521B1000-memory.dmp

                                            Filesize

                                            4KB

                                          • memory/4872-1477-0x00000239521B0000-0x00000239521B1000-memory.dmp

                                            Filesize

                                            4KB