Resubmissions

17-03-2024 13:25

240317-qpfzdafc72 1

16-03-2024 11:53

240316-n2tpwsae21 1

16-03-2024 10:31

240316-mknlwabb86 1

16-03-2024 10:28

240316-mh4kbabb46 8

16-03-2024 09:43

240316-lpxvnsgd3t 1

16-03-2024 09:42

240316-lpqflagd2y 7

15-03-2024 19:28

240315-x6vx7aha7v 8

15-03-2024 12:26

240315-pl6j7aac75 7

14-03-2024 11:42

240314-nt9q5sba9s 6

14-03-2024 11:40

240314-nsz6baba5t 1

Analysis

  • max time kernel
    350s
  • max time network
    329s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-02-2024 15:13

General

  • Target

    https://google.com

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://technologyenterdo.shop/api

https://detectordiscusser.shop/api

https://turkeyunlikelyofw.shop/api

https://associationokeo.shop/api

Signatures

  • Lumma Stealer

    An infostealer written in C++ first seen in August 2022.

  • Executes dropped EXE 4 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://google.com
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4368
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc6bf59758,0x7ffc6bf59768,0x7ffc6bf59778
      2⤵
        PID:3908
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1700 --field-trial-handle=1816,i,17426770134591006297,267103395214097693,131072 /prefetch:2
        2⤵
          PID:4692
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1816,i,17426770134591006297,267103395214097693,131072 /prefetch:8
          2⤵
            PID:4024
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2184 --field-trial-handle=1816,i,17426770134591006297,267103395214097693,131072 /prefetch:8
            2⤵
              PID:1156
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3236 --field-trial-handle=1816,i,17426770134591006297,267103395214097693,131072 /prefetch:1
              2⤵
                PID:1740
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3204 --field-trial-handle=1816,i,17426770134591006297,267103395214097693,131072 /prefetch:1
                2⤵
                  PID:1260
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4632 --field-trial-handle=1816,i,17426770134591006297,267103395214097693,131072 /prefetch:1
                  2⤵
                    PID:1016
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4876 --field-trial-handle=1816,i,17426770134591006297,267103395214097693,131072 /prefetch:8
                    2⤵
                      PID:2524
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4532 --field-trial-handle=1816,i,17426770134591006297,267103395214097693,131072 /prefetch:8
                      2⤵
                        PID:1940
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5140 --field-trial-handle=1816,i,17426770134591006297,267103395214097693,131072 /prefetch:1
                        2⤵
                          PID:4200
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5684 --field-trial-handle=1816,i,17426770134591006297,267103395214097693,131072 /prefetch:8
                          2⤵
                            PID:5052
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6040 --field-trial-handle=1816,i,17426770134591006297,267103395214097693,131072 /prefetch:8
                            2⤵
                              PID:3980
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6136 --field-trial-handle=1816,i,17426770134591006297,267103395214097693,131072 /prefetch:8
                              2⤵
                                PID:2900
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5972 --field-trial-handle=1816,i,17426770134591006297,267103395214097693,131072 /prefetch:2
                                2⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:3476
                            • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                              "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                              1⤵
                                PID:1720
                              • C:\Windows\System32\rundll32.exe
                                C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                1⤵
                                  PID:2144
                                • C:\Program Files\7-Zip\7zG.exe
                                  "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap7144:76:7zEvent29218
                                  1⤵
                                  • Suspicious use of FindShellTrayWindow
                                  PID:1392
                                • C:\Windows\system32\svchost.exe
                                  C:\Windows\system32\svchost.exe -k SDRSVC
                                  1⤵
                                    PID:5052
                                  • C:\Users\Admin\Desktop\EVIL HACK_\EVIL HACK.exe
                                    "C:\Users\Admin\Desktop\EVIL HACK_\EVIL HACK.exe"
                                    1⤵
                                    • Executes dropped EXE
                                    PID:2944
                                  • C:\Users\Admin\Desktop\EVIL HACK_\EVIL HACK.exe
                                    "C:\Users\Admin\Desktop\EVIL HACK_\EVIL HACK.exe"
                                    1⤵
                                    • Executes dropped EXE
                                    PID:4984
                                  • C:\Users\Admin\Desktop\EVIL HACK_\EVIL HACK.exe
                                    "C:\Users\Admin\Desktop\EVIL HACK_\EVIL HACK.exe"
                                    1⤵
                                    • Executes dropped EXE
                                    PID:228
                                  • C:\Windows\system32\taskmgr.exe
                                    "C:\Windows\system32\taskmgr.exe" /4
                                    1⤵
                                    • Checks SCSI registry key(s)
                                    • Suspicious behavior: EnumeratesProcesses
                                    • Suspicious behavior: GetForegroundWindowSpam
                                    • Suspicious use of FindShellTrayWindow
                                    • Suspicious use of SendNotifyMessage
                                    PID:4904
                                  • C:\Users\Admin\Desktop\EVIL HACK_\EVIL HACK.exe
                                    "C:\Users\Admin\Desktop\EVIL HACK_\EVIL HACK.exe"
                                    1⤵
                                    • Executes dropped EXE
                                    PID:4744

                                  Network

                                  MITRE ATT&CK Enterprise v15

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

                                    Filesize

                                    195KB

                                    MD5

                                    873734b55d4c7d35a177c8318b0caec7

                                    SHA1

                                    469b913b09ea5b55e60098c95120cc9b935ddb28

                                    SHA256

                                    4ee3aa3dc43cb3ef3f6bfb91ed8214659e9c2600a45bee9728ebbcb6f33b088d

                                    SHA512

                                    24f05ed981e994475879ca2221b6948418c4412063b9c07f46b8de581047ddd5d73401562fa9ee54d4ce5f97a6288c54eac5de0ca29b1bb5797bdac5a1b30308

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

                                    Filesize

                                    49KB

                                    MD5

                                    4b4947c20d0989be322a003596b94bdc

                                    SHA1

                                    f24db7a83eb52ecbd99c35c2af513e85a5a06dda

                                    SHA256

                                    96f697d16fbe496e4575cd5f655c0edb07b3f737c2f03de8c9dda54e635b3180

                                    SHA512

                                    2a3443e18051b7c830517143482bf6bffd54725935e37ee58d6464fac52d3ce29c6a85fc842b306feaa49e424ba6086942fc3f0fea8bb28e7495070a38ce2e59

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

                                    Filesize

                                    24KB

                                    MD5

                                    1deeafca9849f28c153a97f5070355d6

                                    SHA1

                                    03b46b765150a2f308353bcb9838cbdd4e28f893

                                    SHA256

                                    b1639f4ce0285c41f4bd666f3fae4767094e3042b0379646b5ccfe04ef01ec19

                                    SHA512

                                    52122b7e3ca9b58eab42fc652c24b4b8c17c43970f88860372d8377c49c540c31ddc81b519f4d59d34e199571758f82ab2fea0737ac1f847b3d4dd75d7acac19

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

                                    Filesize

                                    43KB

                                    MD5

                                    4b4d8982bbafa622e9dc9f2d794f964c

                                    SHA1

                                    3786c77dd5cb7d7853a5c24ce9b92f84792b74f0

                                    SHA256

                                    af0a5509a81b5b5ae6a1f55283a33f62955e1bd644786818854f13a64a3cfee4

                                    SHA512

                                    b629256ec91938011669484c521e88321c5b40299f3d6915517a6e8bb718a7e410fa53ff47607bbcb242621c20b68c1432952ed81b72cae1c72ee63e00dc24a1

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

                                    Filesize

                                    23KB

                                    MD5

                                    bc4836b104a72b46dcfc30b7164850f8

                                    SHA1

                                    390981a02ebaac911f5119d0fbca40838387b005

                                    SHA256

                                    0e0b0894faf2fc17d516cb2de5955e1f3ae4d5a8f149a5ab43c4e4c367a85929

                                    SHA512

                                    e96421dd2903edea7745971364f8913c2d6754138f516e97c758556a2c6a276ba198cdfa86eb26fe24a39259faff073d47ef995a82667fa7dee7b84f1c76c2b2

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                    Filesize

                                    2KB

                                    MD5

                                    f6711cd8cc8ffc15d4b145299d38eb6f

                                    SHA1

                                    1d425141817f7795594f69b2a091188236de8dad

                                    SHA256

                                    377d224157f3915cac77f858e0e32fba114e10cbcbb8f756f83d16bd326934a3

                                    SHA512

                                    746c9644102d9ac0ead16654d7ecfca1150c6658b7edb6098eff3179902b7881345039319c0f018cceb16ec149e19f2deaa681d80dac6d2a46dbbac3188cce34

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                    Filesize

                                    2KB

                                    MD5

                                    6bb6d5b73f35db304d8bb0318a030501

                                    SHA1

                                    a2ec32d79b55c447b27093735209b6ff2019a07c

                                    SHA256

                                    ccca467e7c6d3c5f3c9d875d1fb99000cb3058b70abf90737c2e2c6ab00d3ffb

                                    SHA512

                                    ec82728fbe19580eb413efdbbd04ec69b1015abe86c8676f3eea9f8dee1243080566be4c6e2345d59f6b566f92a8e9a66d38ccdf5b71d73d89678651bbabe8a7

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                    Filesize

                                    2KB

                                    MD5

                                    2fbdf4a4219a335ba77dcc0bad647c06

                                    SHA1

                                    06ff875fa142aeaf5a38c1ee6cb22dcb2f7750cf

                                    SHA256

                                    38baba4b760ce301acae71dd1696ff63def1e842d245901030aed82284ab5771

                                    SHA512

                                    ee6419b3f51ab641c96626d7851c721a1e9f0ec7a26d0cfc6fb7e9858ec21a8cc943733f021587fe1e5b67aabb030e529c0c0c5b8e68e997a9638141367e48fb

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                    Filesize

                                    2KB

                                    MD5

                                    d2d4cee6deffb02fb826dd3910e9e0f9

                                    SHA1

                                    a0af6aefc119356dbf1bd2a1931e4eaafad32a8c

                                    SHA256

                                    c15dd0b35e1c0c75a2f737bbda3849915f55784c77f37d8522dae0a7bebcbfd9

                                    SHA512

                                    6db658302d6f738dc36fcf1f2e791886a7d8c875cb7f72047b4b967abc3305fdbdb11420d6e9cb2b6fee807894b828aadd4c3bcec02e1ad13fe88daa2a423f21

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                    Filesize

                                    1KB

                                    MD5

                                    908138be80d0c7c85e94c268b559c8cc

                                    SHA1

                                    52ea983edb152d740868b9fd5cac702836fb571d

                                    SHA256

                                    2e52a36630f459b90a483979e23a2aff96ba3f707f66eb48fcc588406ed1583b

                                    SHA512

                                    ab975b28c3a29904b65ed362ce23af81172cbb430439049013205720c63461244ef5440c2f5bdbf57faf5e4a8949508a70d70486dfe0d8f2c18da1097e4ed92e

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                    Filesize

                                    1KB

                                    MD5

                                    003053a8c7a1ec0ea99a0f0b758be19e

                                    SHA1

                                    a6099cda8526a752a5c77d66232606b83e52d448

                                    SHA256

                                    ad7c25267ee2af5cc4e7292c94fa94bd9430fcd64657f5d319599f188f4d270d

                                    SHA512

                                    2243a71fa6c1d35f8c7d11cd3ceee08257313c8c5b76628b36f975d0d966f1c3b8430e58eb70b01ad83556f4226fef8147c23030849f0cdc4c11929433af008b

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                    Filesize

                                    1KB

                                    MD5

                                    c8b4222410300530763d2e50fd05cc04

                                    SHA1

                                    72c9f4056b72406cf4545ae5be63bd2be6d2126d

                                    SHA256

                                    0ef02dc1141b0716eb98dece5346cd37dc46797358cf7587f3beca6a7c4e331e

                                    SHA512

                                    aab1a96dc3b26b892d35767c4099d46cf30e0e0c29cd71e521a562f1e7c64d0ca61f8a0de282d041c069f0a4059a16162977efc33edd6662b90a4fbb6e49cf4f

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                    Filesize

                                    1KB

                                    MD5

                                    9c8c87016bccc14daab8df1c105011e5

                                    SHA1

                                    ae038043df40dbfd3e7cde15deb71ab59911063d

                                    SHA256

                                    a247fdc9aee3d3633f8f9fc72d663fc372e251ee16d972513640a4ab4fbcb8ab

                                    SHA512

                                    03327faf480ecd81494ec4b5213fe4b39074814c910d66a71b89a355451e180c9635cc6ca69d290fc37d7840b65d745fdc4faebe557805a9b673634c71b8f260

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                    Filesize

                                    1KB

                                    MD5

                                    935e576c37a7f76d3003dd558de9de38

                                    SHA1

                                    e95794d14ee813ec68f226e532cf1a7136c8ce25

                                    SHA256

                                    3c2e97fd9e990f0a593d44c7a332bb093cf1d7a2c7934bca4a15eebce4905f40

                                    SHA512

                                    96c37e98529d399fd131ea6b7c36396a8f69dd0f6f2f26953df81269ef829c82e49759bf663eef2484dc83223a297add28e4b3358e9a4f770f850bd85de9b851

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                    Filesize

                                    6KB

                                    MD5

                                    caff23d78ede7a6938ab2b6d451dbf86

                                    SHA1

                                    0b19880c1bb888bc84e8a4ce4c632945b5777142

                                    SHA256

                                    7040a15356a3fe6ef6ac0909967cea536abc93cf2bd153942aee19c4d6e3df0e

                                    SHA512

                                    5735ede6618bfada342e60d123b9f64a6455183900ccb49f573f76eae18f06f798479aad6b264a3223448b502e1ee524de1d1a49e9bab70f1dfc85df9e8fedbc

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                    Filesize

                                    6KB

                                    MD5

                                    19cad71674f01470e1f30d1fc1701c1a

                                    SHA1

                                    771fb60e6794f9f546db8fd3c261fb262459fd85

                                    SHA256

                                    e200842fdadd0afc41defc83a5d3b308778ab6fb35f3e9a9821ace3e09babd9c

                                    SHA512

                                    552e2afe879473154a2b5144311578692b6c42763d78dea74677e192815acf2cd4eb5b6c309bf24f6f6be66d236be076c7e535e146e78a20094d506db1ff0973

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                    Filesize

                                    7KB

                                    MD5

                                    baa33bbf564a6b7431e1d2f98a5e567a

                                    SHA1

                                    05df34039572445691fe306de36235b418e48909

                                    SHA256

                                    c325942046841cdd607b2f79041fd25e95aaf5bb2e5d364d9628c40e9b82d184

                                    SHA512

                                    102a8d787d853e36e93d5547ce5506fe8967fc8e8a77ee6d852cd2fe7d496a9875aa8b5e227996ec5ffccfd1f557f1a2567644470004c3a9b8d99e784403f953

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                    Filesize

                                    6KB

                                    MD5

                                    097a275cc74f59ec65b5e10b7ea5f737

                                    SHA1

                                    477b54cf312b4dca24ad057bc8549e3f37f13e57

                                    SHA256

                                    7af20d8615f827766434213f4b184e41445eb05fc84132255fbae91e13de7e56

                                    SHA512

                                    6074201b6b9cccd84d5e08f5f51452767411f69d864cd89562b774ebaba89b4a801fe45b02aec16db7222c5374e8ab9e1346bd1f6e634481cf2ebe8e6b1582d8

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                    Filesize

                                    128KB

                                    MD5

                                    11822e0a47942588f7ed6745012509ee

                                    SHA1

                                    175ce4a7164dbab202f2aa16b1b5a27e8525781e

                                    SHA256

                                    735357eb357f50f8adf2da0d1d4921b9ea3e26db354724b288e7e9ac5b94f35d

                                    SHA512

                                    924643a4d09fe449ea86d15f8c21facb7e86f097e1b2b64fbbd3120ad2884fdd111ba9949f80534dd06582bc75c4392698cf12252f38a65806db22824f5b6b02

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                    Filesize

                                    106KB

                                    MD5

                                    f893755437b89fd343a061029f6f2bb6

                                    SHA1

                                    3dc6da2c8c10350ba4693cef1afd940b0daed360

                                    SHA256

                                    2b6d252e073c315220c77a76a0191f7cf2207b1183abec0c98c11d19da458d31

                                    SHA512

                                    50fa5305425b2e8717b87fa04b71dfaf35429e43df2f43e54714002bfd5c7fb25263cc2b9b3b798dc5eadba75dc9e6cedaebfe31ed93bd7846b5a12d236eb0b7

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5806e1.TMP

                                    Filesize

                                    97KB

                                    MD5

                                    f4891b61c71a201ad29ee5cccdcb61ef

                                    SHA1

                                    47039ddf7477dfe20ed21ac0002dbd0e43dae5c9

                                    SHA256

                                    60f650888a4b920b71b5ef71ac1dd6831c85e4b041564d6923cb0841ffce523e

                                    SHA512

                                    7cbd4a8c49eaf30279692339ac4049139c463b367e05f170e94fa2521891cce0579990160fbd908ba42a93364e95ab383c5d8a741f6873d082ab2093a78d6592

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                                    Filesize

                                    2B

                                    MD5

                                    99914b932bd37a50b983c5e7c90ae93b

                                    SHA1

                                    bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                    SHA256

                                    44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                    SHA512

                                    27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                  • C:\Users\Admin\Desktop\EVIL HACK_\EVIL HACK.exe

                                    Filesize

                                    479KB

                                    MD5

                                    1582c91ce3295398d82e5f24c7ee3bcf

                                    SHA1

                                    2ae5bef7f43dedf03abfabde7b1b8137226e1cfd

                                    SHA256

                                    3244aa3cca2f7394edb843d4b444d4ae90356ca2521da2e470e6476ac97039e4

                                    SHA512

                                    9183886fcf786e0601e89b2d1460c0c94f3e212b16c76c8000d9ccef9433e004aba8e49992465826f3310c147803611f83781848cf74b37e1cb90c73b78f8a49

                                  • C:\Users\Admin\Downloads\CHEAT-FORTNITE--main.zip.crdownload

                                    Filesize

                                    267KB

                                    MD5

                                    7649763bbc438362466b7f120cbcae10

                                    SHA1

                                    364c5baee16acb8cd0ec3b886edee4ac2d885927

                                    SHA256

                                    d480a98bf15a408ba207c0adb01d9edbeaa9ae6878442a1bf4143a8fc43c7c57

                                    SHA512

                                    176a5560ce13dd88cfbc33142170317da542392b7532dc492d9e6c8a5969ecdd5c1dac2bfab271de195735b83f02167f380d37610a8b9583155c10a52d80c293

                                  • \??\pipe\crashpad_4368_RIKDQDBZCRJCYNEZ

                                    MD5

                                    d41d8cd98f00b204e9800998ecf8427e

                                    SHA1

                                    da39a3ee5e6b4b0d3255bfef95601890afd80709

                                    SHA256

                                    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                    SHA512

                                    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                  • memory/228-497-0x00000000001C0000-0x0000000000209000-memory.dmp

                                    Filesize

                                    292KB

                                  • memory/228-504-0x00000000003B0000-0x00000000003B1000-memory.dmp

                                    Filesize

                                    4KB

                                  • memory/228-505-0x00000000003B0000-0x00000000003B1000-memory.dmp

                                    Filesize

                                    4KB

                                  • memory/228-506-0x00000000001C0000-0x0000000000209000-memory.dmp

                                    Filesize

                                    292KB

                                  • memory/228-503-0x00000000003B0000-0x00000000003B1000-memory.dmp

                                    Filesize

                                    4KB

                                  • memory/228-502-0x00000000003B0000-0x00000000003B1000-memory.dmp

                                    Filesize

                                    4KB

                                  • memory/2944-485-0x0000000002FE0000-0x0000000003012000-memory.dmp

                                    Filesize

                                    200KB

                                  • memory/2944-482-0x0000000002FE0000-0x0000000002FE1000-memory.dmp

                                    Filesize

                                    4KB

                                  • memory/2944-476-0x0000000001210000-0x0000000001259000-memory.dmp

                                    Filesize

                                    292KB

                                  • memory/2944-481-0x0000000003190000-0x0000000003191000-memory.dmp

                                    Filesize

                                    4KB

                                  • memory/2944-487-0x0000000001210000-0x0000000001259000-memory.dmp

                                    Filesize

                                    292KB

                                  • memory/2944-486-0x0000000002FE0000-0x0000000003012000-memory.dmp

                                    Filesize

                                    200KB

                                  • memory/2944-483-0x0000000002FE0000-0x0000000003012000-memory.dmp

                                    Filesize

                                    200KB

                                  • memory/2944-484-0x0000000002FE0000-0x0000000003012000-memory.dmp

                                    Filesize

                                    200KB

                                  • memory/4744-526-0x00000000003B0000-0x00000000003B1000-memory.dmp

                                    Filesize

                                    4KB

                                  • memory/4744-527-0x00000000003B0000-0x00000000003B1000-memory.dmp

                                    Filesize

                                    4KB

                                  • memory/4744-529-0x00000000001C0000-0x0000000000209000-memory.dmp

                                    Filesize

                                    292KB

                                  • memory/4744-528-0x00000000003B0000-0x00000000003B1000-memory.dmp

                                    Filesize

                                    4KB

                                  • memory/4904-515-0x0000025B95FA0000-0x0000025B95FA1000-memory.dmp

                                    Filesize

                                    4KB

                                  • memory/4904-507-0x0000025B95FA0000-0x0000025B95FA1000-memory.dmp

                                    Filesize

                                    4KB

                                  • memory/4904-514-0x0000025B95FA0000-0x0000025B95FA1000-memory.dmp

                                    Filesize

                                    4KB

                                  • memory/4904-516-0x0000025B95FA0000-0x0000025B95FA1000-memory.dmp

                                    Filesize

                                    4KB

                                  • memory/4904-517-0x0000025B95FA0000-0x0000025B95FA1000-memory.dmp

                                    Filesize

                                    4KB

                                  • memory/4904-518-0x0000025B95FA0000-0x0000025B95FA1000-memory.dmp

                                    Filesize

                                    4KB

                                  • memory/4904-519-0x0000025B95FA0000-0x0000025B95FA1000-memory.dmp

                                    Filesize

                                    4KB

                                  • memory/4904-513-0x0000025B95FA0000-0x0000025B95FA1000-memory.dmp

                                    Filesize

                                    4KB

                                  • memory/4904-509-0x0000025B95FA0000-0x0000025B95FA1000-memory.dmp

                                    Filesize

                                    4KB

                                  • memory/4904-508-0x0000025B95FA0000-0x0000025B95FA1000-memory.dmp

                                    Filesize

                                    4KB

                                  • memory/4984-494-0x00000000014A0000-0x00000000014A1000-memory.dmp

                                    Filesize

                                    4KB

                                  • memory/4984-489-0x0000000000F90000-0x0000000000FD9000-memory.dmp

                                    Filesize

                                    292KB

                                  • memory/4984-495-0x0000000000F90000-0x0000000000FD9000-memory.dmp

                                    Filesize

                                    292KB