lumma | 60ecd0f50a2354dca1ce4e87b80d7731fb63cd4c5aab3bccd66ed442f7c0bb16

Analysis

max time kernel
226s
max time network
229s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
21-04-2024 18:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

skip.js
Size

1KB
MD5

e90a0ac100756e945a9ea79582515f95
SHA1

ceaa78b145d9bbeab5942bcc079bb06750080fd2
SHA256

60ecd0f50a2354dca1ce4e87b80d7731fb63cd4c5aab3bccd66ed442f7c0bb16
SHA512

d71cdfdf7826cfd23e487fa3c4112918f765609d05992a7434713f4eea7f357813b17749c577d0e54d9944ed3700aef4674f8b1fbb06ec6b2be81a761da5788f

Score

10^/10

lumma stealer

Malware Config

Extracted

Family

lumma

https://cleartotalfisherwo.shop/api

https://worryfillvolcawoi.shop/api

https://enthusiasimtitleow.shop/api

https://dismissalcylinderhostw.shop/api

https://affordcharmcropwo.shop/api

https://diskretainvigorousiw.shop/api

https://communicationgenerwo.shop/api

https://pillowbrocccolipe.shop/api

Signatures

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133581968976148969"	chrome.exe

Modifies registry class 2 IoCs

Processes:

chrome.exeOpenWith.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1132431369-515282257-1998160155-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1132431369-515282257-1998160155-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

chrome.exechrome.exemsedge.exemsedge.exe

pid process

5084 chrome.exe
5084 chrome.exe
6104 chrome.exe
6104 chrome.exe
5968 msedge.exe
5968 msedge.exe
5100 msedge.exe
5100 msedge.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

OpenWith.exe

pid process

5884 OpenWith.exe

pid	process
5884	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

Processes:

chrome.exe

pid	process
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe

Suspicious use of FindShellTrayWindow 41 IoCs

Processes:

chrome.exe

pid	process
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

OpenWith.exe

pid process

5884 OpenWith.exe
5884 OpenWith.exe
5884 OpenWith.exe
5884 OpenWith.exe
5884 OpenWith.exe

pid	process
5884	OpenWith.exe
5884	OpenWith.exe
5884	OpenWith.exe
5884	OpenWith.exe
5884	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 5084 wrote to memory of 4280	5084	chrome.exe	chrome.exe
PID 5084 wrote to memory of 4280	5084	chrome.exe	chrome.exe
PID 5084 wrote to memory of 2580	5084	chrome.exe	chrome.exe
PID 5084 wrote to memory of 2580	5084	chrome.exe	chrome.exe
PID 5084 wrote to memory of 2580	5084	chrome.exe	chrome.exe
PID 5084 wrote to memory of 2580	5084	chrome.exe	chrome.exe
PID 5084 wrote to memory of 2580	5084	chrome.exe	chrome.exe
PID 5084 wrote to memory of 2580	5084	chrome.exe	chrome.exe
PID 5084 wrote to memory of 2580	5084	chrome.exe	chrome.exe
PID 5084 wrote to memory of 2580	5084	chrome.exe	chrome.exe
PID 5084 wrote to memory of 2580	5084	chrome.exe	chrome.exe
PID 5084 wrote to memory of 2580	5084	chrome.exe	chrome.exe
PID 5084 wrote to memory of 2580	5084	chrome.exe	chrome.exe
PID 5084 wrote to memory of 2580	5084	chrome.exe	chrome.exe
PID 5084 wrote to memory of 2580	5084	chrome.exe	chrome.exe
PID 5084 wrote to memory of 2580	5084	chrome.exe	chrome.exe
PID 5084 wrote to memory of 2580	5084	chrome.exe	chrome.exe
PID 5084 wrote to memory of 2580	5084	chrome.exe	chrome.exe
PID 5084 wrote to memory of 2580	5084	chrome.exe	chrome.exe
PID 5084 wrote to memory of 2580	5084	chrome.exe	chrome.exe
PID 5084 wrote to memory of 2580	5084	chrome.exe	chrome.exe
PID 5084 wrote to memory of 2580	5084	chrome.exe	chrome.exe
PID 5084 wrote to memory of 2580	5084	chrome.exe	chrome.exe
PID 5084 wrote to memory of 2580	5084	chrome.exe	chrome.exe
PID 5084 wrote to memory of 2580	5084	chrome.exe	chrome.exe
PID 5084 wrote to memory of 2580	5084	chrome.exe	chrome.exe
PID 5084 wrote to memory of 2580	5084	chrome.exe	chrome.exe
PID 5084 wrote to memory of 2580	5084	chrome.exe	chrome.exe
PID 5084 wrote to memory of 2580	5084	chrome.exe	chrome.exe
PID 5084 wrote to memory of 2580	5084	chrome.exe	chrome.exe
PID 5084 wrote to memory of 2580	5084	chrome.exe	chrome.exe
PID 5084 wrote to memory of 2580	5084	chrome.exe	chrome.exe
PID 5084 wrote to memory of 2580	5084	chrome.exe	chrome.exe
PID 5084 wrote to memory of 1624	5084	chrome.exe	chrome.exe
PID 5084 wrote to memory of 1624	5084	chrome.exe	chrome.exe
PID 5084 wrote to memory of 1452	5084	chrome.exe	chrome.exe
PID 5084 wrote to memory of 1452	5084	chrome.exe	chrome.exe
PID 5084 wrote to memory of 1452	5084	chrome.exe	chrome.exe
PID 5084 wrote to memory of 1452	5084	chrome.exe	chrome.exe
PID 5084 wrote to memory of 1452	5084	chrome.exe	chrome.exe
PID 5084 wrote to memory of 1452	5084	chrome.exe	chrome.exe
PID 5084 wrote to memory of 1452	5084	chrome.exe	chrome.exe
PID 5084 wrote to memory of 1452	5084	chrome.exe	chrome.exe
PID 5084 wrote to memory of 1452	5084	chrome.exe	chrome.exe
PID 5084 wrote to memory of 1452	5084	chrome.exe	chrome.exe
PID 5084 wrote to memory of 1452	5084	chrome.exe	chrome.exe
PID 5084 wrote to memory of 1452	5084	chrome.exe	chrome.exe
PID 5084 wrote to memory of 1452	5084	chrome.exe	chrome.exe
PID 5084 wrote to memory of 1452	5084	chrome.exe	chrome.exe
PID 5084 wrote to memory of 1452	5084	chrome.exe	chrome.exe
PID 5084 wrote to memory of 1452	5084	chrome.exe	chrome.exe
PID 5084 wrote to memory of 1452	5084	chrome.exe	chrome.exe
PID 5084 wrote to memory of 1452	5084	chrome.exe	chrome.exe
PID 5084 wrote to memory of 1452	5084	chrome.exe	chrome.exe
PID 5084 wrote to memory of 1452	5084	chrome.exe	chrome.exe
PID 5084 wrote to memory of 1452	5084	chrome.exe	chrome.exe
PID 5084 wrote to memory of 1452	5084	chrome.exe	chrome.exe
PID 5084 wrote to memory of 1452	5084	chrome.exe	chrome.exe
PID 5084 wrote to memory of 1452	5084	chrome.exe	chrome.exe
PID 5084 wrote to memory of 1452	5084	chrome.exe	chrome.exe
PID 5084 wrote to memory of 1452	5084	chrome.exe	chrome.exe
PID 5084 wrote to memory of 1452	5084	chrome.exe	chrome.exe
PID 5084 wrote to memory of 1452	5084	chrome.exe	chrome.exe
PID 5084 wrote to memory of 1452	5084	chrome.exe	chrome.exe

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\skip.js
1⤵
PID:3004

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5084

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x108,0x10c,0x110,0xdc,0x114,0x7ffd62f9ab58,0x7ffd62f9ab68,0x7ffd62f9ab78
2⤵
PID:4280

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1620 --field-trial-handle=1900,i,17499495090197003219,14868342572766427302,131072 /prefetch:2
2⤵
PID:2580

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1900,i,17499495090197003219,14868342572766427302,131072 /prefetch:8
2⤵
PID:1624

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2276 --field-trial-handle=1900,i,17499495090197003219,14868342572766427302,131072 /prefetch:8
2⤵
PID:1452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2928 --field-trial-handle=1900,i,17499495090197003219,14868342572766427302,131072 /prefetch:1
2⤵
PID:632

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2936 --field-trial-handle=1900,i,17499495090197003219,14868342572766427302,131072 /prefetch:1
2⤵
PID:4052

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4144 --field-trial-handle=1900,i,17499495090197003219,14868342572766427302,131072 /prefetch:1
2⤵
PID:4460

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4228 --field-trial-handle=1900,i,17499495090197003219,14868342572766427302,131072 /prefetch:8
2⤵
PID:4744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4488 --field-trial-handle=1900,i,17499495090197003219,14868342572766427302,131072 /prefetch:8
2⤵
PID:3392

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4496 --field-trial-handle=1900,i,17499495090197003219,14868342572766427302,131072 /prefetch:8
2⤵
PID:1652

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
2⤵
PID:4612

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff6c99cae48,0x7ff6c99cae58,0x7ff6c99cae68
3⤵
PID:4768

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4832 --field-trial-handle=1900,i,17499495090197003219,14868342572766427302,131072 /prefetch:8
2⤵
PID:1588

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4856 --field-trial-handle=1900,i,17499495090197003219,14868342572766427302,131072 /prefetch:8
2⤵
PID:2404

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4064 --field-trial-handle=1900,i,17499495090197003219,14868342572766427302,131072 /prefetch:1
2⤵
PID:2696

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4548 --field-trial-handle=1900,i,17499495090197003219,14868342572766427302,131072 /prefetch:1
2⤵
PID:1872

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4456 --field-trial-handle=1900,i,17499495090197003219,14868342572766427302,131072 /prefetch:1
2⤵
PID:1080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3484 --field-trial-handle=1900,i,17499495090197003219,14868342572766427302,131072 /prefetch:8
2⤵
PID:4584

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4976 --field-trial-handle=1900,i,17499495090197003219,14868342572766427302,131072 /prefetch:8
2⤵
PID:4948

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4332 --field-trial-handle=1900,i,17499495090197003219,14868342572766427302,131072 /prefetch:1
2⤵
PID:4020

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4940 --field-trial-handle=1900,i,17499495090197003219,14868342572766427302,131072 /prefetch:1
2⤵
PID:5376

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5464 --field-trial-handle=1900,i,17499495090197003219,14868342572766427302,131072 /prefetch:8
2⤵
PID:6076

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5684 --field-trial-handle=1900,i,17499495090197003219,14868342572766427302,131072 /prefetch:8
2⤵
PID:2468

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6140 --field-trial-handle=1900,i,17499495090197003219,14868342572766427302,131072 /prefetch:8
2⤵
PID:664

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5888 --field-trial-handle=1900,i,17499495090197003219,14868342572766427302,131072 /prefetch:8
2⤵
PID:3232

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5984 --field-trial-handle=1900,i,17499495090197003219,14868342572766427302,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:6104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4208 --field-trial-handle=1900,i,17499495090197003219,14868342572766427302,131072 /prefetch:1
2⤵
PID:2104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6072 --field-trial-handle=1900,i,17499495090197003219,14868342572766427302,131072 /prefetch:1
2⤵
PID:5812

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=3076 --field-trial-handle=1900,i,17499495090197003219,14868342572766427302,131072 /prefetch:1
2⤵
PID:5676

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2404 --field-trial-handle=1900,i,17499495090197003219,14868342572766427302,131072 /prefetch:8
2⤵
PID:3352

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4684 --field-trial-handle=1900,i,17499495090197003219,14868342572766427302,131072 /prefetch:8
2⤵
PID:676

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2904

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5164

C:\Users\Admin\Downloads\EulenCheats-main\EulenCheats-main\Loader.exe
"C:\Users\Admin\Downloads\EulenCheats-main\EulenCheats-main\Loader.exe"
1⤵
PID:6056

C:\Users\Admin\Downloads\EulenCheats-main\EulenCheats-main\Loader.exe
"C:\Users\Admin\Downloads\EulenCheats-main\EulenCheats-main\Loader.exe"
1⤵
PID:1948

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\EulenCheats-main\EulenCheats-main\how to use.txt
1⤵
PID:4924

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultb4219c7ahd9a2h4b8eha3f0hde031c04d57a
1⤵
PID:4332

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffd5d4946f8,0x7ffd5d494708,0x7ffd5d494718
2⤵
PID:1428

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,2206087334297340112,5971020082270449233,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:2
2⤵
PID:512

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,2206087334297340112,5971020082270449233,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2420 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,2206087334297340112,5971020082270449233,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
2⤵
PID:864

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5884

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1616

C:\Users\Admin\Downloads\EulenCheats-main\EulenCheats-main\Loader.exe
"C:\Users\Admin\Downloads\EulenCheats-main\EulenCheats-main\Loader.exe"
1⤵
PID:3064

C:\Users\Admin\Downloads\EulenCheats-main\EulenCheats-main\Loader.exe
"C:\Users\Admin\Downloads\EulenCheats-main\EulenCheats-main\Loader.exe"
1⤵
PID:5988

C:\Users\Admin\Downloads\EulenCheats-main\EulenCheats-main\Loader.exe
"C:\Users\Admin\Downloads\EulenCheats-main\EulenCheats-main\Loader.exe"
1⤵
PID:3108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultbe11f83bhd118h4f9ah9e00hd9c4540e0cf4
1⤵
PID:5360

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd5d4946f8,0x7ffd5d494708,0x7ffd5d494718
2⤵
PID:5480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,10587272962642012840,12390130694155156253,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
2⤵
PID:4348

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,10587272962642012840,12390130694155156253,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2476 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,10587272962642012840,12390130694155156253,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2980 /prefetch:8
2⤵
PID:5996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3796

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5992

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5884

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006
Filesize
58KB

MD5
9b603992d96c764cbd57766940845236

SHA1
4f081f843a1ae0bbd5df265e00826af6c580cfe7

SHA256
520408fec7c6d419184ec68ad3d3f35f452d83bd75546aa5d171ffc7fe72cb2b

SHA512
abd88ee09909c116db1f424f2d1cbc0795dbc855fef81f0587d9a4e1a8d90de693fa72841259cf4a80e0e41d9f3e1f4bf3a78c4801264e3e9c7d9635bb79ccf5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007
Filesize
198KB

MD5
319e0c36436ee0bf24476acbcc83565c

SHA1
fb2658d5791fe5b37424119557ab8cee30acdc54

SHA256
f6562ea52e056b979d6f52932ae57b7afb04486b10b0ebde22c5b51f502c69d1

SHA512
ad902b9a010cf99bdedba405cad0387890a9ff90a9c91f6a3220cdceec1b08ecb97a326aef01b28d8d0aacb5f2a16f02f673e196bdb69fc68b3f636139059902

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
5bf30e84d18f3aa2c40a87e1633f9b80

SHA1
e126ff04226497efa53aab1cdd894fd9acf86663

SHA256
48f10b8a766adba8dbb52b997ff7cb9d7e46a94d2ea8a3c5a281afa399adddfc

SHA512
d22476fdfaa5ade5932009bc3b3d984c43590fde04594819679f13d55b4817e0b2f5d6b4f80eff4360df2146f791f248778c9ead2a8b68094c1319013bc317a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
50cd7db2756a7133320e39f7298096f7

SHA1
9f246a807482c8a302929ffd0b74d12b0f1cb6df

SHA256
fe5dbfc801793e5d86772e091e7dcd073389fba65ad07403a65da151a597416a

SHA512
6ac9bfd8f176871b81e45c861a22abb01d84fa491c2d2179aaf3175cc7e8d0087927825cd57114897cf78f8ef3b8775db35f402649d13fb1cedeb1390f590408

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
c5667da52f3065cdc80873bf037bbf28

SHA1
9c680a044af54c12c3831677c21fa63a7c5dcedc

SHA256
572718166fd808020fbd4ff87bf7e702f947ffcb6a666c27fb38ee485f387649

SHA512
492e6f06552da4888319241818b5d7081188ee4e0f60f9851f86c2a9a3447dd6b8c6be93f58560a9efd46a162550c552022a94c033aaeaff90f719f1904033e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
584d24729d1fbf022b8f7d557a282387

SHA1
91663db5a977aca4cf950b6f5a1c15b27c481008

SHA256
738ccd2d35940a4fb78ed38d2673fe5e3ffc6e27c6dc20b3f4df49fc94028404

SHA512
79cc6bb89951b29afa380ca5e86ddc35fd34539d6a59d14aeef7db1a4113460d4286bee598477098c6df2717dd1358ab28794a1bd5f0b010ab7c16f06c7c63c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
9893185d5d694bb0a4f8f1461bbdf8c9

SHA1
c38b589d86ed1126e3f908d9e4e912e19bc260be

SHA256
6564f41c88d1e6f47c84dab34c8c5392dbeabc2cef5d6195c7eaa95525ccb994

SHA512
129f7df02cd72d1c14d89c8f0a8157174bf5e3f942d43b55e23bc759bf4006ba0f316575bdf4a7cac016ec6b0745ab181ae8cb96b34a4580d69c9428d6226130

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
f1e044044a56786d2b9b104be4ecdd8f

SHA1
85c648cce52cdecf833d6ffaeffabcd7b60690ff

SHA256
cfffb133988c03beba37605683b5aef81341440f46cf975f63691a027e4c6abb

SHA512
533bdd8d9072502969a8c84826ae5589f6b4251616679cb95b9b29cedcb980569dae35e158ff337b4bbe12e11d586e871aae515a11a3b953479a158f516b6584

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
122a90ce0af3ef3a6e3746aba4a46dce

SHA1
29271c3c9c4d4f4cb52ed8d3c05b5aa46f17748f

SHA256
032b093c8257c1dad328ab79766c85e71f79e4df0d0e1c202df28e8ffa16b09c

SHA512
ec196736393396e47569edae0ea23af735f7ff7368b55d4e22489fe9c7a466942ef87af363dc6c3c819d04a0edde957f2939460324cb283e9acafb2b7a41aad8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
81a1125b6005e2514a34b815fafdbfe0

SHA1
450c210e59a0fc481de874c1beb661559bc880e1

SHA256
961dda8749dc41c684ebca3c7aedd4b02d3891e5481485ae409f433253d82176

SHA512
0d455646a363db40ae3f94746c94ad1bf05508f7e26f6db608720178b4e0a35c278f67d30c141bcc55cfc192801c81e4f99d691eff014265dbc6631788a3b6c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
4c7532a34853479409517450bcd09d0c

SHA1
6a753ab238bb1960b31f921a525e177a429f9a0a

SHA256
7b226965194fbe4279686b3a2dfa7a83697d799799f6ef5f5e8f5e783e56aada

SHA512
601aa5fcd87bd7e1ca78efac82a77f45516cf8f560ad790cf8229d44885a333f0bcba9cf7ac5c5661064bb31d558325efa52bcf37443a742b87833a5b6808ab9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
d9828160aed174a45a03c1cfbb030774

SHA1
575283cc51eb4fd1953b7cbefccb1aea88219b77

SHA256
de4ff1d9438a27b40bd8051d4770c38dc58d35216264f76059681f13b7800fe8

SHA512
1b6459643625a9754c35ca7bdfa4a6c52d30043e640bc3ee8584f69015fab01b9f5c91d5fb98a86302d5e469a1bcfd745daa906d0b490f36d1c99f7a47b623ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
883ca52974951ee20337c4b295595ce5

SHA1
0569290dc9f6addd06c0787231388ff0c2e1a0ba

SHA256
1abc9189f87c38d9e2940134ba682737bbd565a88b0b366f2dbbb43b3cbb0b2c

SHA512
c4a2a596eb9186285ad8f38949814c9c0e7ceedf5df7110912ea7fae19fe6073d049785587ecbd867f53582f9bd77f0b2fdb64189d9824346c2f7aa5e8e3cdd3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
88bf7b0078f33dc5bca864f47ea49456

SHA1
a5e9ac4adede0d23ff2be11283852aa2a38ea578

SHA256
39f9021e316e245e177ab32d210ba54029da2a1b97e76524117ae11eaa8ecddb

SHA512
3fb062377832e1b297dfa820fc0a1921554290f464acc021ab647f0b8e9a4f3b9d096b449d66eeb4b01c15437833734c7302e5ab5645e9e858b42a2ac195b026

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
6fffbf75e4a7397527d2ba78b530d699

SHA1
4241c927345e6fad349a6b62788ad68a0d27bea6

SHA256
46b5c2d8038cbc360e3e91fe4569c0e238487a31d5e9a93accfc34f6ca89d28d

SHA512
715543e8424583e6ebd89c08d154419ce7818d47bd899e85af46c0c465f67f92565138f20117f936768c4a392f289751b71aa645e21f4654db76af7e61e8c458

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
88bd34bedccc0d190cbf19adf7d7e086

SHA1
be787acdb69ead289c7efdc53fa3a82067de4407

SHA256
794afe9d407e5878576750de9503b46732e1e17d508e603e6488dc3d64fb3fc0

SHA512
8fd3dfd3b1bca7a3930358396100875209e5b54f11af8b573716f235a7a315efff803a197f240c1de804aba5e4eb7675fdcd4b8848d6d35e95dc1c3466aa2de1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
5387384e81f2526cd4116b7132cbae91

SHA1
b495549b0a2de65cf0df35f0d7048520ccdfde47

SHA256
b3ad31997eae55ecfa3b38c189e0c8496886fe5b91035f16affc282627e6b68a

SHA512
b03ae6c32e313ae31b62cd95084d4178047cc885b2410ff96bdedd295fd8d9cf81faf195daed2e77544684308c3ebe306ba043cff2f73f00d8b653a09f8cf40d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
c23cc9aa8083aec81ac140da390d506c

SHA1
35f6e91356b22d0f7ca6970e855e522c0d2cb201

SHA256
eb5c3c7cc3f2cc6e2bfd75763ed23971c09333914def0e2e8450d6f9d69e6e1e

SHA512
49169d5a4ece719dba399e618fd473ddb4bded9aaff5cdea2292da0d7da3deeaec0d33cfa04ab33db139b4ac219c007e98016038e83fb7ded81b88fc6b41f76c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
16KB

MD5
6a575a63fd41c9bed1b820c3d7d01043

SHA1
4ebb6212e3373637672f0678abba09e86c96855a

SHA256
6635fe4d5ce94cc6c75729246eef1705b5f81a6a9e55bfb5051398b097215d29

SHA512
d5f3122d89c105641f88c1110af73600576812062b771b7dc7d36cee7d062953d391775a81c99ca80e0f5c4e274b9c00a6d43d04a125ca69a1d821bdf0affbcd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
252KB

MD5
f7b3bb3f841260a70263bb84393d9b3d

SHA1
87be867c535eb02b228acc9d8f0c65500e5e233f

SHA256
9d222d34902a57cc2e8ced45c3a15b7d07b0910abe43d242e16e75036c6366f0

SHA512
1d1d8b37a7bc5df634e2cd9f10f07fdfea7e961ad264bb8f8aa05b293c70eae8496048b73449d3938d54971a0345f59f81850371d1ca5645d5b953562781c4ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
252KB

MD5
ef528b898cd98ef47c5ae9af3bef6172

SHA1
7469bd49f7f19cd8fdba1105e10261369511b4c9

SHA256
eaf7dcb4cb5896a1a411e72cff6413662e5003b09c502065cd7216c8d4426c70

SHA512
0dd345814aa720a8048edbf3ae69bde72f8926b864c6276e742f4626f6c4b10166cb0c04bf4f8d93cf4d26e9a7d042c28df6b2ff5aaa0d6d62f158263e28cdb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
97KB

MD5
1399c84d4307fdc4ae832b5c47c51f31

SHA1
9c6bb43a46944edc2da3f683b23403369f236537

SHA256
43249de903f6421662cd8320cfd06dc90e38fcaa3a10932ae2ad057b2dc6dca6

SHA512
445c4fcb1f9920b68661d8226dafc755e1d81f449b72f72ba43749ebb927f1ff1324d7b3b882b2ccd60bcf82f0e82951886437c51c815a53a007375f62bbb642

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58b244.TMP
Filesize
89KB

MD5
5343f86b937815111679c8067a297035

SHA1
8b32158dab2a940928a810fd10e94b40ae871c81

SHA256
91f58775d58e69c7e4e1621d2a11f9df28d968df34526231fa12e2dfd1e7cc58

SHA512
0d3bd5207eac7d97688c53aef8856d8d9205bfcf15367947a3b03904444f0c154c587d976952169234d6440abb945f9e8bae7971d1e44fab30653203ff0f51fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
bc2edd0741d97ae237e9f00bf3244144

SHA1
7c1e5d324f5c7137a3c4ec85146659f026c11782

SHA256
dbce3287c7ae69ccbd1d780c39f3ffa3c98bd4609a939fff8ee9c99f14265041

SHA512
00f505a0b4ea0df626175bf9d39a205f18f9754b62e4dba6fbb5b4a716b3539e7809723e1596bcfe1ba3041e22342e3a9cbaad88e84ce9c8c6531331bbc25093

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
120a75f233314ba1fe34e9d6c09f30b9

SHA1
a9f92f2d3f111eaadd9bcf8fceb3c9553753539c

SHA256
e04101215c3534dbc77c0b5df2e1d1ff74c277d2946f391f939c9a7948a22dd0

SHA512
3c4eb93e425b50e8bcc1712f4cc2be11888a0273c3a619fc6bf72ccab876a427158f661bfc80d0c1e47ef4116febf76a3aaa31a60ec662eae0e51c7f1d3d89b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
Filesize
334B

MD5
86cce0cabb7e70e15514c9cf1bfcb1d2

SHA1
3abfc1cdbefc917867ae1fc135c448d2cc4004cf

SHA256
c96e79abeebe9c7dc88df7829d78e1c15f205b6178e7cd9b3d0ec5ed5d1cd18a

SHA512
5f0ed66565b73d54335f0fb7349b250a5c30425a632ae968c86098ecaa0b73d19d3ac4011a00ebab6b0245e3edfd21d8e799c3eac9f9611216db07d301632b44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
b387bb8fda39cee0e1b40d3c58952b1e

SHA1
41898d24c9101e528ee1dd01fd1d6553eb375160

SHA256
4ca0f35606ec0730728215a9c3296a5f4e5c8436d34d944737360911aea3958b

SHA512
a20fe929ea1a19f978788e1c80d5e1d58f37f80a34385be54082f91f1d5dd9acecff24d1388aceed36ad3008caf29f2efac42682e95703daf1b0a8184307233a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
Filesize
347B

MD5
a9ba30651cf8f27ef79a89437a2f33cb

SHA1
e441fb9ad077482dbe07551792bcc34d05a5e428

SHA256
d85cd663707480ceb65adb094a7e0bff9d9690c5f2ebd67283338e151bf56abc

SHA512
016f509b77253b6f10a37df2cbcc6902c6bf6cf1cf6c8a27c4b47fb9b8736fb70394d1af7559ccffde646b8cff19b41ad14470e96657a08b6d08d2e1cc3033db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
Filesize
323B

MD5
8db98f91b6883598966ddc59b8c611be

SHA1
298877525ad5d0df3aa63f61f98009f459cd9df8

SHA256
cb2d99f51279af310884951ee73dacd000da6282b2e36415d44a9cbf673b55a3

SHA512
9e5f48f4d448d76e330e368946a2179146b515bb4850c3d8a57cb4cd58ab66af3e309fcc976ae72064ec6be3e5cbf540d0ceb8ae229177b9e191fd608469f01e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b4f11301-dcb6-4cfd-ab74-963eb023b5f2.tmp
Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
8KB

MD5
0596e56b4afaddf01858e8b9de2b9f2c

SHA1
92d83955c9ca65194d9729e65c2f95fe6d92578b

SHA256
ee44c74f629770728d5f8196adfcebbd09a4c00fcbed582978d334267611f417

SHA512
f5d8d0f15af798ad5d8c95c9b5edfe9da8df91dfdc1240a80c66cbedc3e869cb930e1755a9815e1975e8828ab3d258fb36c6acb98c3920773787f3bdf82c9c86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\Downloads\EulenCheats-main.zip.crdownload
Filesize
909KB

MD5
ca96ace6236a10adce9fff46cad81978

SHA1
e09a521a520d272542d89a6cd39da05b87a44b1c

SHA256
b8fda5d72d39eac478dd164215d7a7646b2510cfbeaeedd1966db5fc327a7f49

SHA512
ba5c174000da3e438e30a94ad79330640740c246ac1eb3514d7e7f63f91dbddbf3e6d2ae1de6cd1afc95d6170b284bd58ea02de6987fabdaa8d9966e6cd1d983

Download Submit
\??\pipe\crashpad_5084_YVDFKTDNBJVNRPZS
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1948-543-0x0000000002C00000-0x0000000002C32000-memory.dmp

Filesize
200KB

Download
memory/1948-547-0x0000000000F00000-0x0000000000F4B000-memory.dmp

Filesize
300KB

Download
memory/1948-544-0x0000000002C00000-0x0000000002C32000-memory.dmp

Filesize
200KB

Download
memory/1948-542-0x0000000002C00000-0x0000000002C32000-memory.dmp

Filesize
200KB

Download
memory/1948-535-0x0000000000F00000-0x0000000000F4B000-memory.dmp

Filesize
300KB

Download
memory/1948-540-0x0000000002CE0000-0x0000000002DE0000-memory.dmp

Filesize
1024KB

Download
memory/1948-541-0x0000000002C00000-0x0000000002C32000-memory.dmp

Filesize
200KB

Download
memory/3064-619-0x0000000001340000-0x0000000001341000-memory.dmp

Filesize
4KB

Download
memory/3064-612-0x00000000011B0000-0x00000000011FB000-memory.dmp

Filesize
300KB

Download
memory/3064-617-0x0000000001340000-0x0000000001341000-memory.dmp

Filesize
4KB

Download
memory/3064-618-0x0000000001340000-0x0000000001341000-memory.dmp

Filesize
4KB

Download
memory/3064-639-0x00000000011B0000-0x00000000011FB000-memory.dmp

Filesize
300KB

Download
memory/3108-640-0x00000000008B0000-0x00000000008FB000-memory.dmp

Filesize
300KB

Download
memory/3108-630-0x00000000008B0000-0x00000000008FB000-memory.dmp

Filesize
300KB

Download
memory/3108-635-0x00000000009B0000-0x00000000009B1000-memory.dmp

Filesize
4KB

Download
memory/3108-636-0x00000000009B0000-0x00000000009B1000-memory.dmp

Filesize
4KB

Download
memory/3108-637-0x00000000009B0000-0x00000000009B1000-memory.dmp

Filesize
4KB

Download
memory/3108-638-0x00000000009B0000-0x00000000009B1000-memory.dmp

Filesize
4KB

Download
memory/5988-625-0x0000000000860000-0x0000000000861000-memory.dmp

Filesize
4KB

Download
memory/5988-704-0x00000000005D0000-0x000000000061B000-memory.dmp

Filesize
300KB

Download
memory/5988-626-0x0000000000860000-0x0000000000861000-memory.dmp

Filesize
4KB

Download
memory/5988-620-0x00000000005D0000-0x000000000061B000-memory.dmp

Filesize
300KB

Download
memory/5988-627-0x0000000000860000-0x0000000000861000-memory.dmp

Filesize
4KB

Download
memory/5988-629-0x0000000000860000-0x0000000000861000-memory.dmp

Filesize
4KB

Download
memory/5988-628-0x0000000000860000-0x0000000000861000-memory.dmp

Filesize
4KB

Download
memory/5988-641-0x0000000000860000-0x0000000000861000-memory.dmp

Filesize
4KB

Download
memory/6056-534-0x00000000006E0000-0x00000000006E1000-memory.dmp

Filesize
4KB

Download
memory/6056-533-0x00000000006E0000-0x00000000006E1000-memory.dmp

Filesize
4KB

Download
memory/6056-532-0x00000000006E0000-0x00000000006E1000-memory.dmp

Filesize
4KB

Download
memory/6056-531-0x00000000006E0000-0x00000000006E1000-memory.dmp

Filesize
4KB

Download
memory/6056-526-0x0000000000600000-0x000000000064B000-memory.dmp

Filesize
300KB

Download
memory/6056-548-0x0000000000600000-0x000000000064B000-memory.dmp

Filesize
300KB

Download

pid	process
5084	chrome.exe
5084	chrome.exe
6104	chrome.exe
6104	chrome.exe
5968	msedge.exe
5968	msedge.exe
5100	msedge.exe
5100	msedge.exe