Analysis Overview
SHA256
dde02744526968833651a9f70be666ceec221599b03272c9c5fc5d729667dd72
Threat Level: Known bad
The file Loader.exe was found to be: Known bad.
Malicious Activity Summary
Lumma Stealer
Unsigned PE
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Suspicious use of AdjustPrivilegeToken
Modifies data under HKEY_USERS
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-29 02:26
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-29 02:26
Reported
2024-02-29 02:29
Platform
win10-20240221-en
Max time kernel
150s
Max time network
158s
Command Line
Signatures
Lumma Stealer
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133536472095688214" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Loader.exe
"C:\Users\Admin\AppData\Local\Temp\Loader.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xd0,0xd4,0xd8,0xac,0xdc,0x7ff9915a9758,0x7ff9915a9768,0x7ff9915a9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1848 --field-trial-handle=1796,i,13468575503129979028,15797176705579981748,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=1796,i,13468575503129979028,15797176705579981748,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2100 --field-trial-handle=1796,i,13468575503129979028,15797176705579981748,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2956 --field-trial-handle=1796,i,13468575503129979028,15797176705579981748,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2916 --field-trial-handle=1796,i,13468575503129979028,15797176705579981748,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4388 --field-trial-handle=1796,i,13468575503129979028,15797176705579981748,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4844 --field-trial-handle=1796,i,13468575503129979028,15797176705579981748,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4868 --field-trial-handle=1796,i,13468575503129979028,15797176705579981748,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4872 --field-trial-handle=1796,i,13468575503129979028,15797176705579981748,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4716 --field-trial-handle=1796,i,13468575503129979028,15797176705579981748,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3756 --field-trial-handle=1796,i,13468575503129979028,15797176705579981748,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3016 --field-trial-handle=1796,i,13468575503129979028,15797176705579981748,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 --field-trial-handle=1796,i,13468575503129979028,15797176705579981748,131072 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3016 --field-trial-handle=1796,i,13468575503129979028,15797176705579981748,131072 /prefetch:2
C:\Users\Admin\Desktop\Temp-Spoofer-Lifetime-main\Loader.exe
"C:\Users\Admin\Desktop\Temp-Spoofer-Lifetime-main\Loader.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | sideindexfollowragelrew.pw | udp |
| US | 8.8.8.8:53 | gemcreedarticulateod.shop | udp |
| US | 8.8.8.8:53 | secretionsuitcasenioise.shop | udp |
| US | 104.21.16.152:443 | secretionsuitcasenioise.shop | tcp |
| US | 8.8.8.8:53 | 152.16.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| IE | 74.125.193.147:443 | www.google.com | udp |
| IE | 74.125.193.147:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 94.116.253.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.193.125.74.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 94.202.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| IE | 74.125.193.95:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 94.203.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.193.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | claimconcessionrebe.shop | udp |
| US | 8.8.8.8:53 | liabilityarrangemenyit.shop | udp |
| US | 8.8.8.8:53 | modestessayevenmilwek.shop | udp |
| US | 104.21.78.62:443 | modestessayevenmilwek.shop | tcp |
| US | 8.8.8.8:53 | 62.78.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | triangleseasonbenchwj.shop | udp |
| US | 172.67.204.169:443 | triangleseasonbenchwj.shop | tcp |
| US | 8.8.8.8:53 | 169.204.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| NL | 142.250.179.163:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 216.239.34.117:443 | beacons2.gvt2.com | tcp |
| US | 216.239.34.117:443 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | 163.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| NL | 142.250.179.163:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | culturesketchfinanciall.shop | udp |
| US | 104.21.53.166:443 | culturesketchfinanciall.shop | tcp |
| US | 8.8.8.8:53 | 166.53.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| IE | 74.125.193.102:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | 102.193.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| DE | 140.82.121.3:443 | github.com | tcp |
| DE | 140.82.121.3:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | private-user-images.githubusercontent.com | udp |
| US | 185.199.109.133:443 | private-user-images.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 3.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| IE | 74.125.193.95:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| DE | 140.82.121.6:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 22.112.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| DE | 140.82.121.9:443 | codeload.github.com | tcp |
| US | 8.8.8.8:53 | 9.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sofahuntingslidedine.shop | udp |
| US | 172.67.166.242:443 | sofahuntingslidedine.shop | tcp |
| US | 8.8.8.8:53 | 242.166.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.17.178.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| IE | 74.125.193.101:443 | clients2.google.com | udp |
| NL | 142.250.179.163:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | 101.193.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sideindexfollowragelrew.pw | udp |
| US | 8.8.8.8:53 | gemcreedarticulateod.shop | udp |
| US | 104.21.16.152:443 | tcp |
Files
memory/4988-0-0x0000000000290000-0x0000000000327000-memory.dmp
memory/4988-5-0x00000000008A0000-0x00000000008A1000-memory.dmp
memory/4988-6-0x00000000008A0000-0x00000000008A1000-memory.dmp
memory/4988-7-0x00000000008A0000-0x00000000008A1000-memory.dmp
memory/4988-8-0x00000000008A0000-0x00000000008A1000-memory.dmp
memory/4988-9-0x00000000008A0000-0x00000000008A1000-memory.dmp
memory/4988-10-0x00000000008A0000-0x00000000008A1000-memory.dmp
\??\pipe\crashpad_3408_RWLJQLJJWKJEPQZK
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
memory/4988-31-0x00000000008A0000-0x00000000008A1000-memory.dmp
memory/4988-32-0x00000000008A0000-0x00000000008A1000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 5b2cc5e88ea8b3417f77980bc9e36f7e |
| SHA1 | 13af52638e0063c6e7b59d3228ed34ab6f8902dd |
| SHA256 | df87132be2a63598bfdc310cf714a681dfac612a1f7f13687e58b2c0d7e633c5 |
| SHA512 | 05fc1c933b4b4ad8244912ee60e290302919d735b6589c7a937fd11ebac23fbd98cf7cdf6649ecb1a61750d97e9896ec2b5bfb94cbb98197624a2b3cc7c9034c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e2f300ea34b44da7e63eebf056884c2b |
| SHA1 | ba1b220ec991e2abff6f172a01ab359821dc9683 |
| SHA256 | 35f08e341a0523ada519627622212ef98e15d748f5c097f98fd8e365b97d286c |
| SHA512 | fd49ded6d6cc2f57e1f720cea13fa3e3f976ac7b4c5cf8fc5e2fda631879fe77887adc96c52e1086e6adbd74c7aa59bc5432f2d72dcb756d31fff5b701a99fa6 |
memory/4988-44-0x00000000008A0000-0x00000000008A1000-memory.dmp
memory/4988-43-0x00000000008A0000-0x00000000008A1000-memory.dmp
memory/4988-45-0x00000000008A0000-0x00000000008A1000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 6062bdaf021968fa1c7281fdd21803c2 |
| SHA1 | d1867705089c34605a4393b05c4191c8700cf771 |
| SHA256 | 8b9b57f5605a038f6c6702441e76c09e91907d17e4beaf497ee988dc27cffd7c |
| SHA512 | dc893f1e80a6c4450857d58e5773d653221118d3e55d645be5e0579c60a314bc6a204aa40779ff1c70a1ec0609c9983a37ede310124ba0e6c322721c7fc809b5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001
| MD5 | 89d79dbf26a3c2e22ddd95766fe3173d |
| SHA1 | f38fd066eef4cf4e72a934548eafb5f6abb00b53 |
| SHA256 | 367ef9ec8dc07f84fed51cac5c75dc1ac87688bbf8f5da8e17655e7917bd7b69 |
| SHA512 | ab7ce168e6f59e2250b82ec62857c2f2b08e5a548de85ac82177ac550729287ead40382a7c8a92fbce7f53b106d199b1c8adbb770e47287fc70ea0ea858faba6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8b945d630c95cc60abfc7b99d482b62e |
| SHA1 | e5b16913f029d184a127279f1531b7273723ef5c |
| SHA256 | 42eeacb33b859ecd30cf24c77efb601654077c2845137694b9b1c449a5e8a9d9 |
| SHA512 | 524c82d90357764155254b51c11604da3a0c9f17274e37085cb97f871d3f4ec567e8dd9516fc32b0960884b8a5e90a5083942723c72ca9ae534d9ad15f716b52 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | fd40674c0c32e3542290eee5c7d55c6f |
| SHA1 | 250fdf484dd5fdf5ee72dacd80de827725414256 |
| SHA256 | 4f788bbb5dcd6a75b2278dbad4e684d051f8b4c3654eff6f41cbb0724f4a1640 |
| SHA512 | 89ef5bc43378e148fff3b64fc8dbbd86baa943ab031b9b7029918e6ba39e52be61785fe2a3e742cc3e9b88e77d5c8f080c062e77d2e407ff4b10794df40af9bc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 0940552558d9663e8acc3ab27745f0b3 |
| SHA1 | e1387b955db0dba3cc53033299c734a12c0b66ed |
| SHA256 | c0e171f02c81d1fac41f93e7cc2ce5ceb663f9efc93e626459276574b00737bf |
| SHA512 | 01444bb88dd86c57edbd45210e54e22960fc715e4d313dcb250188a648ae230e060e8d9fbdf94a8a556bb7b25d88de6580a1e18e56e5866d73e11e3ce54e998f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\c1592e30-7706-4b10-b9a5-755d231a83f1.tmp
| MD5 | 3c3549c9b71c2de855c5dc6c52c1576d |
| SHA1 | 3c9cca22ee8abe0e21ec0d7e4e8d4e86a5a67b6a |
| SHA256 | b43c0710d575609c849a999d5362255245f9e363b75c00f7b9f1158a56af9d56 |
| SHA512 | 22a5698924a2bbfed67094374c145118ec0f25c185b37026bf06f66a87ae28168ede67e79d209ef18d37295cdb22fa13ac53fc9d070d0b6ca8598634fa0cfc7d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 4131bbe2c1557309315ae9137e47386e |
| SHA1 | 018a7b61a0508bfc9a53c8cbe859b4e73efc9cd8 |
| SHA256 | eac58155f6e24e586169931d9986cc8a310bc51de4c47e3ecc1536265853e27e |
| SHA512 | 8f5ef1fe95c7cad0dcb42c173871339a336fd98a8f785f1d8c1ca5e2bf9ea653038cbfbaa1daf37129447941ecce493fe0cb74a63851f50949c747b7b9f39aeb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c74135f98f65fcf48ef4a4e2d8e9a409 |
| SHA1 | 56df26814046b1b3c59bdffac23d4249e5496f64 |
| SHA256 | c615dc6c7676a9b203f3b406f5e5cef94903ddaa6e99e3008da2d78c98b856a1 |
| SHA512 | 6e4f5dccd4c7161d0ae451b6a970dabf6982486f55314ac15296f4b944554ba0cb74ea82eb1e6187131e0a9b5730be94ab826583f2584c6267938bf4f0ed5687 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 84ece8a057c205f1772357135867f6f1 |
| SHA1 | ecae8b01b17ef5185c7c6adadf5d93657c8cd422 |
| SHA256 | 9f83746530bc7ac55e79ac8a52850883509d09aebc6cb206aec675a4bc01fb20 |
| SHA512 | 501d2137453ca79f85c65d2b58ff0bd8e634833bc5e694546e9243144b48d88cc42830e8efd28167fd80d224142f2c77a1c131bdc24b4c0db06ede5f5f5c0baf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 4ba750dc6926670fdc5b9ec475d6e89e |
| SHA1 | d5d84264ba544e491a3441c83b904bd20ce8fb0c |
| SHA256 | 65952a97eccfd93ae9a5a990ad09e406ebcd0927e5d52b4cff9b6c232a381f98 |
| SHA512 | 173acf34fa54cfc9891977a87819cb0c8b223b40e470c2b9e737989f94ac0adc568a468d4d9a081a7f0139c3d4141c7f0505c05a6d1dde276e1d7f1bcdac6e36 |
C:\Users\Admin\Downloads\Temp-Spoofer-Lifetime-main.zip.crdownload
| MD5 | ee2407cadf7d970e8f828cd0b2a154a5 |
| SHA1 | 1991a745497dcfb99182e9acd11ab97442bcb150 |
| SHA256 | b20b682bccf264fb5cafa0f9379f597e5786aecdd17a7064f5ed4f4cd7a10924 |
| SHA512 | e8216793506b316835b9cf4d261c8b0ae55a216408d255360fa2909e849eefe2d700f2c5a4f281b514b2d8f353708490881d4799d8887c3093e4096bd0c672e9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a53dfb0fb3bcccd7bfb270a217506401 |
| SHA1 | 225da1829280d159c703e778b59809ec9457b52b |
| SHA256 | 10896c8a0df361c559f2a1bb398860046ece20aeb30c0ca8a25b81d70a794ebe |
| SHA512 | d7ca1224e0f2fce32df94af543d51b1a425fb6c4656151a4a81f2602de72a195f990e91fce38341f93dc5bd35fca26e8ac6b0042f34e612a7185d820d50f79f7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b04a966de65afcd16f3cfa43ed04a877 |
| SHA1 | 9ba02ab40ea09463ce42b1ba7b6cc23ce9eb7c59 |
| SHA256 | 9e80bdf6e259fbf30e99059b3e6d70436b9b5dcced9ec302d101de0c14fa4c15 |
| SHA512 | ccd8b48a3e5a93d752ae852607ca35a205c1fb9b1d307a4f3e9adae7e994f3ca113db95f39ad5f82c5606b16b10f6fb8ae3e21b110755f20db020116594928a2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 16b7a7890e00e38a906834895c6958ab |
| SHA1 | b768ff4a1d76dc18f4f051d765caa6642e79c6ad |
| SHA256 | 080e43d310e4f9d8328ade5729bc88a4b53066b3f0a9dcdc84cfca3e41a58f94 |
| SHA512 | 1a1a929134da1ecf908df2df9d7a698ccbb585969c1d80c4d119c8dabad226b7c73b3bf07a2c7a2366196fbe8ee6da7ab4c556fe19d75a5f2ecab52a0ccd34d4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 286ea460a2b3a7a46f9c3c36b83daf65 |
| SHA1 | 96ca5b93a0b6a00b6fc14a7ed624a53f29c2d005 |
| SHA256 | 0e8e14ddc714884a86bdc568f68a7d6d0b721b60f8e6201ef2d6ba31f10c5ebe |
| SHA512 | a96501cb2c355e658187003e235a1c8bd7f46dfcf33e037e9a0e7336a916c9a24bca823fc409bd43e2648667c97b8a1527a971795f342bf53428a3526f645ff7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe598795.TMP
| MD5 | ea98dcb2f6326e3fa09fa0edba694eb6 |
| SHA1 | 01306487d74326a85cc6f8e929ca24e7c60af946 |
| SHA256 | fd1fee9055c8fb40282822266e702a1334c143235ef0a60aedac0b91c03a7a43 |
| SHA512 | 5c2b1c5589eaba8f1130f3e62213b6fb95c346fe91036e5263c7eff3f6ac86f40ae575453ca7f815a670cd17ea32aab25c91c936e855233f04ef6a0b3cf25377 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 895ca8f856d914ed993cd49fcceff6a7 |
| SHA1 | d0f1faebb74d72ba9c083497816f3e49faed4ed0 |
| SHA256 | 6d8237ce3e94b796793d6f2adc305d41889c4dfe4263126ea6d2c9ecf5c83fba |
| SHA512 | 64f3ceb46b019096300336fe3637c156b72382fd3a848b0d1044aa990e5dd14b9a8f167194abc252c98264c14c34f07072b947476136e8f63d2aee6833f95781 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 71a574e243507da5f03f43e2e4682a39 |
| SHA1 | ed08a3fc48a033131cfe43540cf16c3a55de85f3 |
| SHA256 | 6ca036b6b70f079096e89c1af67d52f0b832497a974b9ae61fc8e4b7322989fe |
| SHA512 | f9303fabfa927ef8ddb786b3f3e28f555fbf34928871d043c43a221ee4ece125a542a98252ec1e5b3d4705a43606e37cd6006b20d9c3cce3ca6fa765146be1da |
memory/2992-434-0x0000000001040000-0x00000000010D7000-memory.dmp
memory/2992-439-0x0000000001020000-0x0000000001021000-memory.dmp
memory/2992-441-0x0000000001020000-0x0000000001021000-memory.dmp
memory/2992-440-0x0000000001020000-0x0000000001021000-memory.dmp
memory/2992-443-0x0000000001020000-0x0000000001021000-memory.dmp
memory/2992-442-0x0000000001020000-0x0000000001021000-memory.dmp
memory/2992-444-0x0000000001020000-0x0000000001021000-memory.dmp