Analysis

  • max time kernel
    150s
  • max time network
    160s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    25-05-2024 14:12

General

  • Target

    ExtraSoft v.2.2/ExtraSoft.exe

  • Size

    517KB

  • MD5

    6d3484be978ce7734185614a50fa2ef9

  • SHA1

    e665f2a7772514a04963f730258bfdbf66f63ad9

  • SHA256

    a324292e0860ef6b1722391ae046dc12820dc08eaadcbf6b83e873d36d421d46

  • SHA512

    d97298ac5e04a9212b05095ebc5077ee0a0115cd6e766fadc3d3591b9131d2d3899a66aed42a2bb53f005c8b4282c494f87994b127dcfddc015e7462e95ff4f3

  • SSDEEP

    12288:RLs3SmdMrtCsuc08EGss3ml5HBtv5cwvIq8:0SisucB2XjBcwJ

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://museumtespaceorsp.shop/api

https://buttockdecarderwiso.shop/api

https://averageaattractiionsl.shop/api

https://femininiespywageg.shop/api

https://employhabragaomlsp.shop/api

https://stalfbaclcalorieeis.shop/api

https://civilianurinedtsraov.shop/api

https://roomabolishsnifftwk.shop/api

Signatures

  • Lumma Stealer

    An infostealer written in C++ first seen in August 2022.

  • Downloads MZ/PE file
  • Executes dropped EXE 7 IoCs
  • Enumerates connected drives 3 TTPs 1 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of SetThreadContext 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: LoadsDriver 3 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 42 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ExtraSoft v.2.2\ExtraSoft.exe
    "C:\Users\Admin\AppData\Local\Temp\ExtraSoft v.2.2\ExtraSoft.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:3240
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
      2⤵
        PID:4240
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        2⤵
          PID:516
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe"
        1⤵
        • Enumerates system info in registry
        • Modifies data under HKEY_USERS
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:2948
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc89c89758,0x7ffc89c89768,0x7ffc89c89778
          2⤵
            PID:708
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1524 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:2
            2⤵
              PID:3596
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:8
              2⤵
                PID:2736
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2076 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:8
                2⤵
                  PID:4720
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2968 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:1
                  2⤵
                    PID:3576
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2988 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:1
                    2⤵
                      PID:4320
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3884 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:1
                      2⤵
                        PID:4772
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4648 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:8
                        2⤵
                          PID:4012
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4748 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:8
                          2⤵
                            PID:1072
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5000 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:8
                            2⤵
                              PID:2256
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5036 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:8
                              2⤵
                                PID:664
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5052 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:8
                                2⤵
                                  PID:5096
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5276 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:1
                                  2⤵
                                    PID:3888
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3364 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:8
                                    2⤵
                                      PID:4240
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3036 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:1
                                      2⤵
                                        PID:816
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2112 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:1
                                        2⤵
                                          PID:1272
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3852 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:8
                                          2⤵
                                            PID:2572
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4892 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:8
                                            2⤵
                                              PID:4308
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3884 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:1
                                              2⤵
                                                PID:3580
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=816 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:1
                                                2⤵
                                                  PID:4796
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5376 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:1
                                                  2⤵
                                                    PID:648
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:8
                                                    2⤵
                                                      PID:2628
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5544 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:1
                                                      2⤵
                                                        PID:1692
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5096 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:1
                                                        2⤵
                                                          PID:1072
                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4748 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:1
                                                          2⤵
                                                            PID:4640
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5708 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:1
                                                            2⤵
                                                              PID:5112
                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=4424 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:1
                                                              2⤵
                                                                PID:4924
                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=2016 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:1
                                                                2⤵
                                                                  PID:2456
                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=5432 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:1
                                                                  2⤵
                                                                    PID:4536
                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=5980 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:1
                                                                    2⤵
                                                                      PID:4920
                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=3000 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:1
                                                                      2⤵
                                                                        PID:4676
                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6204 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:1
                                                                        2⤵
                                                                          PID:4876
                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3172 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:8
                                                                          2⤵
                                                                            PID:308
                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6604 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:8
                                                                            2⤵
                                                                              PID:1832
                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6624 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:8
                                                                              2⤵
                                                                                PID:4724
                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5976 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:8
                                                                                2⤵
                                                                                  PID:1308
                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6196 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:8
                                                                                  2⤵
                                                                                    PID:1872
                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4880 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:8
                                                                                    2⤵
                                                                                      PID:1408
                                                                                    • C:\Users\Admin\Downloads\MuMuInstaller_3.1.6.0_yx-gl-codex_all_1709777287.exe
                                                                                      "C:\Users\Admin\Downloads\MuMuInstaller_3.1.6.0_yx-gl-codex_all_1709777287.exe"
                                                                                      2⤵
                                                                                      • Executes dropped EXE
                                                                                      PID:3640
                                                                                      • C:\Users\Admin\AppData\Local\Temp\7z901DEE38\nemu-downloader.exe
                                                                                        C:\Users\Admin\AppData\Local\Temp\7z901DEE38\nemu-downloader.exe
                                                                                        3⤵
                                                                                        • Executes dropped EXE
                                                                                        • Enumerates connected drives
                                                                                        • Drops file in Program Files directory
                                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                                        PID:720
                                                                                        • C:\Users\Admin\AppData\Local\Temp\7z901DEE38\ColaBoxChecker.exe
                                                                                          "C:\Users\Admin\AppData\Local\Temp\7z901DEE38\ColaBoxChecker.exe" checker /baseboard
                                                                                          4⤵
                                                                                          • Executes dropped EXE
                                                                                          PID:500
                                                                                        • C:\Users\Admin\AppData\Local\Temp\7z901DEE38\HyperVChecker.exe
                                                                                          "C:\Users\Admin\AppData\Local\Temp\7z901DEE38\HyperVChecker.exe"
                                                                                          4⤵
                                                                                          • Executes dropped EXE
                                                                                          PID:4844
                                                                                        • C:\Users\Admin\AppData\Local\Temp\7z901DEE38\HyperVChecker.exe
                                                                                          "C:\Users\Admin\AppData\Local\Temp\7z901DEE38\HyperVChecker.exe"
                                                                                          4⤵
                                                                                          • Executes dropped EXE
                                                                                          PID:4420
                                                                                        • C:\Users\Admin\AppData\Local\Temp\7z901DEE38\HyperVChecker.exe
                                                                                          "C:\Users\Admin\AppData\Local\Temp\7z901DEE38\HyperVChecker.exe"
                                                                                          4⤵
                                                                                          • Executes dropped EXE
                                                                                          PID:2792
                                                                                        • C:\Users\Admin\AppData\Local\Temp\7z901DEE38\MuMuDownloader.exe
                                                                                          "C:\Users\Admin\AppData\Local\Temp\7z901DEE38\MuMuDownloader.exe" --log="C:\Users\Admin\AppData\Local\Temp\nemu-downloader-aria.log" --log-level=notice --check-certificate=false --enable-rpc=true --rpc-listen-port=50682 --continue --max-concurrent-downloads=10 --max-connection-per-server=5 --async-dns=false --file-allocation=prealloc --enable-mmap=true --connect-timeout=5 --rpc-max-request-size=1024M --stop-with-process=720
                                                                                          4⤵
                                                                                          • Executes dropped EXE
                                                                                          PID:196
                                                                                          • C:\Windows\System32\Conhost.exe
                                                                                            \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                            5⤵
                                                                                              PID:4816
                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=6924 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:1
                                                                                        2⤵
                                                                                          PID:4572
                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=5272 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:1
                                                                                          2⤵
                                                                                            PID:3136
                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6732 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:8
                                                                                            2⤵
                                                                                              PID:2172
                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6260 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:2
                                                                                              2⤵
                                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                                              PID:4816
                                                                                          • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                                                                            "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                                                                            1⤵
                                                                                              PID:4544
                                                                                            • C:\Windows\system32\AUDIODG.EXE
                                                                                              C:\Windows\system32\AUDIODG.EXE 0x3ec
                                                                                              1⤵
                                                                                                PID:4656
                                                                                              • C:\Windows\System32\rundll32.exe
                                                                                                C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                                1⤵
                                                                                                  PID:3024

                                                                                                Network

                                                                                                MITRE ATT&CK Enterprise v15

                                                                                                Replay Monitor

                                                                                                Loading Replay Monitor...

                                                                                                Downloads

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\1884648a-7014-4a75-8448-2dc8ee101eee.tmp

                                                                                                  Filesize

                                                                                                  6KB

                                                                                                  MD5

                                                                                                  9ad3a161e98e3fe7da209f2eb67021f9

                                                                                                  SHA1

                                                                                                  8859c1212a60ed7073e0eb91810ac1607105ba52

                                                                                                  SHA256

                                                                                                  219d525a04bb87af7d3ff65ff2a2bf9e5b24962ae0f815de21be67a9dfd3dbaf

                                                                                                  SHA512

                                                                                                  d4a99a4960c0fc66570056228ccae060f78be64ef160eb5f178e90393dc1f5610f6ee3f6ea8eebaac2614261443bf63f0d7eb3e45262371bce12314972093537

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\93699ea7-9bb8-41ba-8efc-cdbe9e35bc7a.tmp

                                                                                                  Filesize

                                                                                                  5KB

                                                                                                  MD5

                                                                                                  bc78ce8a27e6e83c652c20857625571f

                                                                                                  SHA1

                                                                                                  9bba33f9edbef04627ac01455069be2c16aa25d2

                                                                                                  SHA256

                                                                                                  2129c72ea4a182e5cccdb1600f0f1e9dcff8865a53f3b552fe541367fd552d9d

                                                                                                  SHA512

                                                                                                  a2453b8c2d34f10c61c2c87311d3b6da13883ae11727134b70ea08c77a4ab9d3592145dc5334c19f87898b6f756fc3f268532aebeb19f94d1407aa4aff9d97f2

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

                                                                                                  Filesize

                                                                                                  59KB

                                                                                                  MD5

                                                                                                  7626aade5004330bfb65f1e1f790df0c

                                                                                                  SHA1

                                                                                                  97dca3e04f19cfe55b010c13f10a81ffe8b8374b

                                                                                                  SHA256

                                                                                                  cdeaef4fa58a99edcdd3c26ced28e6d512704d3a326a03a61d072d3a287fd60e

                                                                                                  SHA512

                                                                                                  f7b1b34430546788a7451e723a78186c4738b3906cb2bca2a6ae94b1a70f9f863b2bfa7947cc897dfb88b6a3fe98030aa58101f5f656812ff10837e7585e3f74

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

                                                                                                  Filesize

                                                                                                  40KB

                                                                                                  MD5

                                                                                                  5ce7bdeeea547dc5e395554f1de0b179

                                                                                                  SHA1

                                                                                                  3dba53fa4da7c828a468d17abc09b265b664078a

                                                                                                  SHA256

                                                                                                  675cd5fdfe3c14504b7af2d1012c921ab0b5af2ab93bf4dfbfe6505cae8b79a9

                                                                                                  SHA512

                                                                                                  0bf3e39c11cfefbd4de7ec60f2adaacfba14eac0a4bf8e4d2bc80c4cf1e9d173035c068d8488436c4cf9840ae5c7cfccbefddf9d184e60cab78d1043dc3b9c4e

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

                                                                                                  Filesize

                                                                                                  69KB

                                                                                                  MD5

                                                                                                  0ed8278b11742681d994e5f5b44b8d3d

                                                                                                  SHA1

                                                                                                  28711624d01da8dbd0aa4aad8629d5b0f703441e

                                                                                                  SHA256

                                                                                                  354730711c3ca9845bf98ec5dfb58a16e50984f9edcf0e8f432742326334f8a2

                                                                                                  SHA512

                                                                                                  d296ab1f1b418b125f09598ca6645d984a1cf67092a914956b8879d285ee35521b408363b47da195de79086e3be3ed9b1709bc8f9cd2e32d5dccb720a010bc8c

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

                                                                                                  Filesize

                                                                                                  326KB

                                                                                                  MD5

                                                                                                  f04cc7d5ee9150a73ba2eac920e78841

                                                                                                  SHA1

                                                                                                  92b4c0ad93889f3d1e851b83e0fd027caca10d59

                                                                                                  SHA256

                                                                                                  1a87118c3d118dade65324586a2930cf11fb929362f9612cc93f875c67e2c4bd

                                                                                                  SHA512

                                                                                                  52b1a050e6da4c57cba4623dd225844d83d9a47e4cb1f5512e4aa1365537022bbb0b9b3217465c258facf576b4706e577a83078f2fa71b4442a4a7624ac1fdab

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

                                                                                                  Filesize

                                                                                                  133KB

                                                                                                  MD5

                                                                                                  da1d252e947bce39c6b4fc3270383195

                                                                                                  SHA1

                                                                                                  f6e8fcd9d63683e56e457bbf1dfbd684586382fc

                                                                                                  SHA256

                                                                                                  28ac23c8020d600a3141888b982e3061d34aeaad83fe5993d8e61cf2a70b7bd4

                                                                                                  SHA512

                                                                                                  320539f5ec40d9bf31f6b9b7c1c99f6c644937060c5f29726b6719f2ff5d2043d237ddcbf4be20055e9b13673fc0e4e025d172bcd51495caf65ca57a689e2eb4

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

                                                                                                  Filesize

                                                                                                  46KB

                                                                                                  MD5

                                                                                                  b4e4c40ba1b021933f86142b1010c253

                                                                                                  SHA1

                                                                                                  8901690b1040e46b360f7b39ecb9f9e342bd20af

                                                                                                  SHA256

                                                                                                  a1ad4fde10e0f378aeeb97ec0aaa27bbdba9ed434a0334052f0230e09fd891ae

                                                                                                  SHA512

                                                                                                  452cbfc40d99d69d65271ab7a6fb62c87d123813fe20898d13b938c13d54efb2e33eb04e165f18e9e91b6a0d02b3282b8e3bf2b8c65efaa974022d14c07bcfd4

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

                                                                                                  Filesize

                                                                                                  19KB

                                                                                                  MD5

                                                                                                  16c0a2c82dc0ab50f23123f7ecb11f51

                                                                                                  SHA1

                                                                                                  fbaef7794f352126af25aedaa99f1bc22d131f71

                                                                                                  SHA256

                                                                                                  5749a98e9383a271b4f6cac8caefea4d86a6b40e203a750d45fda652e167583d

                                                                                                  SHA512

                                                                                                  0bf3c5458b647601a1f28c194ac1bcc424ecdeba91871fab9178e8daf1fdf2ee956ba55bbf61b3cd2f54cb1ca008dc894e6a54730f5caf754c61d9ba20da8244

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

                                                                                                  Filesize

                                                                                                  95KB

                                                                                                  MD5

                                                                                                  0f978383950b924d31b77aad56c0ae79

                                                                                                  SHA1

                                                                                                  4481f7635c1cf3d98c542542d0106cfe498446e1

                                                                                                  SHA256

                                                                                                  afca43c7931d9ddc33882d9a079772bddced944debbf84143192c4eea3292c77

                                                                                                  SHA512

                                                                                                  b8ffaaf2d63b9582ec4917e970b2033989bd414b9bbf2b9d3b5359aa4a8a15cd3206e556514483e511df2433adab4c8cef9b8a251e2fb942fe4e7d846fdf936f

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003e

                                                                                                  Filesize

                                                                                                  64KB

                                                                                                  MD5

                                                                                                  d84862513956cbe61aeb4ebbfdd3355a

                                                                                                  SHA1

                                                                                                  14ab269df17cb0333b1556ce120d587324479f6b

                                                                                                  SHA256

                                                                                                  a18b26912ab9e034923cc64fbfdb59d682500f2c556456930e480b6bd69e33b5

                                                                                                  SHA512

                                                                                                  d04ca96d72595f1e291a6ce96f092c1707064800103cde733512a186c1b22e089b63690a0c53965c97248dd782731b22fa2d27b8ee3ae112647382f1c06d1a9d

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000047

                                                                                                  Filesize

                                                                                                  19KB

                                                                                                  MD5

                                                                                                  d41d72406bf403e2a2d1ec60ef889531

                                                                                                  SHA1

                                                                                                  3af9e732d1366595da6737bd0f943df4704ac4ac

                                                                                                  SHA256

                                                                                                  913bf99a86dde22866e137811794ce0a5737a1741583c2e06483c31a6b43629c

                                                                                                  SHA512

                                                                                                  e1268f335a51062f1d59dd392e13730045cf0b4eac1eef48659f280330a0c280aa3d28064a94918acb3b1c6f6d53ee674f9ecb51eb0e78729672205c25f490ff

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                  Filesize

                                                                                                  3KB

                                                                                                  MD5

                                                                                                  92e568aef33c25d3f0c42e8b32f15dbd

                                                                                                  SHA1

                                                                                                  b7234bcdadea9e6e0a8a91725a5609e5fc2e4895

                                                                                                  SHA256

                                                                                                  6e3c3b527962c490bc2ee07ed46459f4888af18b842f1ce4c16cfa364f0ae154

                                                                                                  SHA512

                                                                                                  be22b154fdecbdb69c5023bb96914c77a7ce1af92ad5fa7f69b9eab2be1117fd2c9857511365d202b5608d23e92c3e47c2f412011c6607b20689a0ef441d9541

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                  Filesize

                                                                                                  192B

                                                                                                  MD5

                                                                                                  fa7aabca1fcfab3a03656e6524e818e4

                                                                                                  SHA1

                                                                                                  fb3c464a15f94fae8d232e1f15aab08182fd457c

                                                                                                  SHA256

                                                                                                  914af35658d8483a17e54013a6ba6abdab53011a6e838cb1fa533dd8f9e50c36

                                                                                                  SHA512

                                                                                                  cde0d00b6150f2faf1545ae8fba1fcc3962aa03a751ee40ea2edc974c16b5cbf5a2b6b001f185a11d23df9912da7ebbf27e6fbfdc615fcdc6d4fe54c68e3ecc5

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                                  Filesize

                                                                                                  5KB

                                                                                                  MD5

                                                                                                  74573a8359304e7bc22fcad18b339160

                                                                                                  SHA1

                                                                                                  dcecff8e2e6c79f14ec646d6c3ffbe42e2d19898

                                                                                                  SHA256

                                                                                                  df0648a91e483e3db7cae5eb610d5185e85b15e19b90bcbbd53c47a41c3d376c

                                                                                                  SHA512

                                                                                                  798a0ac02ec5600013e297f140e12212e14a92a9aade4356c2e5dec6cc31b1011e09830ff30da73492c2746463168ec59a347d7a66d066f525f1f6921c1b05dc

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                                  Filesize

                                                                                                  2KB

                                                                                                  MD5

                                                                                                  ab3b00867cbcf7a060703ea22af100eb

                                                                                                  SHA1

                                                                                                  8a98d22e13ca8d66e5ef59f20d85fb3972e4f3fe

                                                                                                  SHA256

                                                                                                  8e60b6d4c14d0b56ddaee7f6e39037955e6edab535cc501403af465e513434da

                                                                                                  SHA512

                                                                                                  ef7e0c41b247f437d48f1fe6d2a2f3b337c4a9f38081a9d158e2440cb70c7a5b79eaf4b29f78ba41824cb0eba341940fb1f8619c0cd27346898ab4e9a1b15557

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                  Filesize

                                                                                                  539B

                                                                                                  MD5

                                                                                                  7d8caf8f19cd653b161c37a5d18dea61

                                                                                                  SHA1

                                                                                                  4cc032367e7b34122ee0aa58f8c53abca4b86e70

                                                                                                  SHA256

                                                                                                  75e00c2293e4db9ca1a3d2998c1fd98c76d620d2edfb0a6865e1095543105576

                                                                                                  SHA512

                                                                                                  99eb53eff078c13948eb1b93771fb815f157af18312b4c81f17a3032b7376eecaf177f1b83b7908e6abe444c93a5a97f86ca76613434c6c07e0a95ac9a0073c0

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                  Filesize

                                                                                                  707B

                                                                                                  MD5

                                                                                                  c64751a97d845ff3463567cef86d549e

                                                                                                  SHA1

                                                                                                  475a2d3e62a6e421d32c9df0ada90c295b655173

                                                                                                  SHA256

                                                                                                  24d800e619af7009c542ea78701016dc7bf8ce21ff123eaf5552158981d4d560

                                                                                                  SHA512

                                                                                                  e838a270215afd5e685720df36b9951de1a146dc57fbdc538a84641c698dc1b6a6d9cd98f651d88f527222d0d0c0514d86125b9f47f9a8bb6c01e39e98482778

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                  Filesize

                                                                                                  1KB

                                                                                                  MD5

                                                                                                  51f467557c2dc2b97a1ed327115ff5e6

                                                                                                  SHA1

                                                                                                  da9e23fec234d5b7c0000d1b43ae660da3daa12f

                                                                                                  SHA256

                                                                                                  31946053d9281f861f807dd8735eb31a9b41b823f68a2435422429dad8ead56d

                                                                                                  SHA512

                                                                                                  55b68f06549437e6e137ee84ef1337968f13524cbdd7d5b3108b210d3414c06d797e6379564695f5a9f41cd4252345c9d38992ae3ed4c226c7563288f03083ba

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                  Filesize

                                                                                                  1KB

                                                                                                  MD5

                                                                                                  4aeb7d44529f26f5f9880f7b9f6fa2f4

                                                                                                  SHA1

                                                                                                  f362b204d5874bd404feeba6ad20186af6172dbf

                                                                                                  SHA256

                                                                                                  05940ccd1153d8f57c164e3c98e96226dedaaf045e4bf819c5506326b4bca305

                                                                                                  SHA512

                                                                                                  5c7a14ceb472913fccb9a341dc520b8f2a5ca3b1bd24ac2df907f5160cb5a0fc30580a0c4c4808b65b0a97c87857360348904e856d0ce91cede406a2369c622c

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                  Filesize

                                                                                                  1KB

                                                                                                  MD5

                                                                                                  28d297753391ed5afc1190c0d67c4547

                                                                                                  SHA1

                                                                                                  edd3867d9be9c52ea0f23c309a6882e625cf40f1

                                                                                                  SHA256

                                                                                                  917ed7c2a13ca43e172c37c178d96fd462d22e1855ea505a02bb7c854152c67b

                                                                                                  SHA512

                                                                                                  fbb523d517d66e1929529da5410dbe78523c6bc6e9b4d36ff61c6b538e4f8d08fdca240d1d68dc79a3c839c980836d0b193fe1be0f72fa1250b690c5cad05cec

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                  Filesize

                                                                                                  539B

                                                                                                  MD5

                                                                                                  35a023dc83f8bf62645b2aedf7434b4f

                                                                                                  SHA1

                                                                                                  75e195fedd5f94529e9a936df0b1de60fbc26a5d

                                                                                                  SHA256

                                                                                                  b26fe2cc7746ee180c9a5fad1c9c042fcf32b9acc661c570962b62c33aced098

                                                                                                  SHA512

                                                                                                  de9a3435b8a9ac23b574c32ccabf34f05f22bf9d9300436897aa33d76167a7acfca97234730891ab58f2143c3313411fef7c3ae421f3745cc70f1db1777e0dfe

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\e29248a6-ae14-4a32-b2b0-b15eef7e7c11.tmp

                                                                                                  Filesize

                                                                                                  1KB

                                                                                                  MD5

                                                                                                  61df28715853094e7e1f8484f97e7663

                                                                                                  SHA1

                                                                                                  6b842abfe05836a47ba7b60cee37ba33c421c6b1

                                                                                                  SHA256

                                                                                                  bcea67642fbb45b4eeb3e2d81b8c396b8ca244d96291728423dc87803c3acd3d

                                                                                                  SHA512

                                                                                                  6fe33292d0abc786821e4c7382558b9eb9898c9555e4fa7ee70ff302c24466da30f7942b0bbfab70e6c4ac25e79fd6e37ac96aaf72ca3abe9debbba41ce41f24

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                  Filesize

                                                                                                  5KB

                                                                                                  MD5

                                                                                                  dfeb75ab5b71689fd07d8873d5af9d98

                                                                                                  SHA1

                                                                                                  0f00534b4e5b53023cf363f6338d093bf7339e65

                                                                                                  SHA256

                                                                                                  8e0a1a98548e0abe786e9279b41aecccb544097ea82a017a34d2c86c72977144

                                                                                                  SHA512

                                                                                                  7304dd85f805afda47b3ac9b5423c26773f69618e48da81ee7e4c358fc62f5e9b391a251a4bd3e069521689b5e90c3fd1a38fdebd72281415ff2fa5296fccccd

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                  Filesize

                                                                                                  6KB

                                                                                                  MD5

                                                                                                  b2cf6fbed4beaeded2637f1c58adea5d

                                                                                                  SHA1

                                                                                                  420c58e4fb109fbc76b2c6da38eafd6ba6b7c07c

                                                                                                  SHA256

                                                                                                  11e799bc936b70847a8a9d8758664f76d4434e3e8403d98f5d03d86913fa5593

                                                                                                  SHA512

                                                                                                  17405a234b4483509bf612767a8da351c852e528f277aa0ed44f8311ff09f708c1124a8cf91b73e342cffe35676f07041ecb952de3b33b4b436c5c624b36f69c

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                  Filesize

                                                                                                  7KB

                                                                                                  MD5

                                                                                                  170937257784a633fdc5276e55b2d37c

                                                                                                  SHA1

                                                                                                  89e6b52092b6b59b9f2164d730f87795cbbd8a0c

                                                                                                  SHA256

                                                                                                  d4ef1c19c5b7252e93be6f2ccffdf63a66481cf567ed16b2db36fce6e4dc4c74

                                                                                                  SHA512

                                                                                                  06be90cb66f5e0ae86e2e8643d1824de54796e3c2a0a6c4dcaca2d1a9f7f476bc1420167504c9f99f07da077ede2ea1ddb4f7bccbb9f94997e2cc3a9c825867c

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                  Filesize

                                                                                                  7KB

                                                                                                  MD5

                                                                                                  5effdac89cf57163e7de1548224cf36b

                                                                                                  SHA1

                                                                                                  706423fb7bc3e8a8acae2c1528e896c7c688947c

                                                                                                  SHA256

                                                                                                  24c52668245184f8179d919fda8875e821ddffaa1915ddc8a4df31f0877526f3

                                                                                                  SHA512

                                                                                                  541ea5d4a644c94bd90d5b2a1683f47d8ddc4d611747c2a830a77079ea3f3d4e1e7a261f618dab16379ae14267b6bd2f227c848893573a8ad8420d1cf69a6b7e

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                  Filesize

                                                                                                  7KB

                                                                                                  MD5

                                                                                                  46c84d228efceec02534395262f2754c

                                                                                                  SHA1

                                                                                                  6acf17646e703f387314686237426801c87437ba

                                                                                                  SHA256

                                                                                                  478d94aa3f5397ae96726e2399ebbe8949cdaae5d28c78073dacd72473ac90b0

                                                                                                  SHA512

                                                                                                  0b21ab972bfc9c72b0d874f4dc2f709a56c1675907eb32333c0e800b53dc485c37808773bc4043deaca159683fb176c3ac81d780647e12531c26e4576d971655

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                                                                                  Filesize

                                                                                                  12KB

                                                                                                  MD5

                                                                                                  bfe988983af5f5f7e09887b3a0bb1e9b

                                                                                                  SHA1

                                                                                                  0c7945b2fd8c9f0ea109bc3c0579f58e232023ed

                                                                                                  SHA256

                                                                                                  4e68a75b82a0705f6ecf9f0c7660ef0430087c6b7ac7c3cf7614ae9d84a31cd3

                                                                                                  SHA512

                                                                                                  8c1470e2be2fc2ba2f47c4aeeda627411f32b8295f190faf84e63435c8d54e5cf6f3de1b95e2a4af767e15aed2bf7d200f85b93a1c61d74b2f8ffcf161518581

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                                                                                  Filesize

                                                                                                  56B

                                                                                                  MD5

                                                                                                  ae1bccd6831ebfe5ad03b482ee266e4f

                                                                                                  SHA1

                                                                                                  01f4179f48f1af383b275d7ee338dd160b6f558a

                                                                                                  SHA256

                                                                                                  1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

                                                                                                  SHA512

                                                                                                  baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58dafa.TMP

                                                                                                  Filesize

                                                                                                  120B

                                                                                                  MD5

                                                                                                  6cf7090d872224f968f3b6bab683baa4

                                                                                                  SHA1

                                                                                                  380eab3abcd7422883eb869ff4c71b6300971ddf

                                                                                                  SHA256

                                                                                                  c57d8a2f21a9b5b8cb7a125fef54e6b4f3e40c1fe977e6bf79bb6c9ee0aa2571

                                                                                                  SHA512

                                                                                                  7ddda0d49b01664b27d8e4e4d3eecd5f6629d87d0303dfc0806e90be75f65f33e184e31513bff645bc5c1cbeb12c89f52763b2b03fee96493e6528ae0fd55bdf

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                  Filesize

                                                                                                  277KB

                                                                                                  MD5

                                                                                                  ea9f8e1a1aa1959402aea0d01bc13c7c

                                                                                                  SHA1

                                                                                                  5f7b0512af06b4317a9e3eda192d728f804dc1ec

                                                                                                  SHA256

                                                                                                  10ffbbb4254dde094797d964c7dd22706a9a54627dfa01403ceed176cf4404f3

                                                                                                  SHA512

                                                                                                  1d6dbd85488025af97aa16af1567ecc1ed3bf701e957c308ff72b42a0ef98bff1cfab655d68b176d8378475fd59d7285d8eccb5fcb29303fc711a57d1068c1e2

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                  Filesize

                                                                                                  277KB

                                                                                                  MD5

                                                                                                  1dc3bb967cdf426aeeeaf7777b340046

                                                                                                  SHA1

                                                                                                  70787d886a017c0c1d84698d3d96d2939beb9233

                                                                                                  SHA256

                                                                                                  6504193876fdf2fbcb66a0a89cd3d949400ecfeb225c92b1af26949ca3aede94

                                                                                                  SHA512

                                                                                                  478926cef458af67e16b3959832cc827a464e426de1549e5853f84d0df12a614f700b37956f45f8de999cda33fb76580fcefc4499e53547ccf6652b778a860e1

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                  Filesize

                                                                                                  277KB

                                                                                                  MD5

                                                                                                  0c940a26f84ca477fe2f2ffee5ff2931

                                                                                                  SHA1

                                                                                                  ff2eb757f1c760213d7c10fcaca56c0bc129f042

                                                                                                  SHA256

                                                                                                  7fe9d9ee38c5fa23a3e15afbb95cad118952c016742c2f08c4a4dc2453d05865

                                                                                                  SHA512

                                                                                                  094a11f43b6f8a1d13ee8d6b887ef39b68e8404d4d31360199c50886170e6b10bdfcb9d40778ab1bc06e85cc903cb4cfca2fa01ca456c89bb277438578ae0e82

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                                                                                  Filesize

                                                                                                  98KB

                                                                                                  MD5

                                                                                                  bedcd4a1cf1a610f2d9a9ed025348bbf

                                                                                                  SHA1

                                                                                                  9e2768e434e92e438b301cad77eb4855ed4f603e

                                                                                                  SHA256

                                                                                                  e04e6ffac93749181ca79844b56d51907a60bd315db6f4f613878f98438934c7

                                                                                                  SHA512

                                                                                                  dfbfb3a6fc22d07abca1ca06366fea5ddf6435d6e64b675ef639aec6616fd14d08dcc3baaba4c82bfc1f9cf262cd2cf783922a16569c0e49ce239062e45e24ab

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                                                                                  Filesize

                                                                                                  114KB

                                                                                                  MD5

                                                                                                  f26adb4f725120721d9b581b9e0accbf

                                                                                                  SHA1

                                                                                                  dc17f7eeefcb7d63ea045659404a48b10e498409

                                                                                                  SHA256

                                                                                                  47cc2457a6bf52e037aa7e93d30b8695a6aea8537a526bd3d805eae18f413a4f

                                                                                                  SHA512

                                                                                                  e2dfcbf186a4647d53e289e04211ac088010b45f466e737232f397c63835d57dce5530a8986bdfd3b50e9b3a6d0c039603640241453785d547dc255a6dc2eb20

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58b2c1.TMP

                                                                                                  Filesize

                                                                                                  93KB

                                                                                                  MD5

                                                                                                  0d02d9832339538110262d930dc1a1d8

                                                                                                  SHA1

                                                                                                  805bdab19bfdfccce59170a41b1af5c7793e79f7

                                                                                                  SHA256

                                                                                                  b1619f20103ffa7f9f2f48205bbb6bc83f42ed55891faadc67cc7e87f9ef74f0

                                                                                                  SHA512

                                                                                                  6bd7d2a8e3aa93ea4205b8ba6d8c4d6cbdbc90c1bca9d77be49c8200f753a464dcaaa889113598d130848a26882e88e72113978e5c6f9f38f59d3790883cf334

                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\d06eb52b-2df7-4c08-9f63-07ef5539e0b5.tmp

                                                                                                  Filesize

                                                                                                  2B

                                                                                                  MD5

                                                                                                  99914b932bd37a50b983c5e7c90ae93b

                                                                                                  SHA1

                                                                                                  bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                                                                                  SHA256

                                                                                                  44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                                                                                  SHA512

                                                                                                  27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                                                                                • C:\Users\Admin\AppData\Local\Temp\7z901DEE38\ColaBoxChecker.exe

                                                                                                  Filesize

                                                                                                  4.0MB

                                                                                                  MD5

                                                                                                  839708e3f96cf055436fa08d6205263c

                                                                                                  SHA1

                                                                                                  a4579f8cb6b80fe3fd50099794f63eb51be3292f

                                                                                                  SHA256

                                                                                                  1373c5d006a5dbcd9b86cfff9a37616f1245d1333c4adcefc7cd18926b98d752

                                                                                                  SHA512

                                                                                                  ece67e031e06a0442d935e7d81d0eed57ae92b348b5d104423577478ce226e4a4bde834c54e31d33bfe6f574fb7798ba96886d9e8edb738edee6e7c9c43054cd

                                                                                                • C:\Users\Admin\AppData\Local\Temp\7z901DEE38\HyperVChecker.exe

                                                                                                  Filesize

                                                                                                  117KB

                                                                                                  MD5

                                                                                                  dbd84c6083e4badf4741d95ba3c9b5f8

                                                                                                  SHA1

                                                                                                  4a555adf8e0459bfd1145d9bd8d91b3fff94aad0

                                                                                                  SHA256

                                                                                                  9ff467bc5a1c377102d25da9fa9c24dcc4375f456510f71584f0714fdfb2af39

                                                                                                  SHA512

                                                                                                  fb5fe74f64254609e07d6642acf904562bb905cd7c14c6f85ba31bcdbaf06686c0586609ec4f5d2f8f55ff90334dcbb774a3a6e78df74bf1b1d0cd03dec21870

                                                                                                • C:\Users\Admin\AppData\Local\Temp\7z901DEE38\MuMuDownloader.exe

                                                                                                  Filesize

                                                                                                  5.7MB

                                                                                                  MD5

                                                                                                  2f3d77b4f587f956e9987598b0a218eb

                                                                                                  SHA1

                                                                                                  c067432f3282438b367a10f6b0bc0466319e34e9

                                                                                                  SHA256

                                                                                                  2f980c56d81f42ba47dc871a04406976dc490ded522131ce9a2e35c40ca8616e

                                                                                                  SHA512

                                                                                                  a63afc6d708e3b974f147a2d27d90689d8743acd53d60ad0f81a3ab54dfa851d73bcb869d1e476035abc5e234479812730285c0826a2c3da62f39715e315f221

                                                                                                • C:\Users\Admin\AppData\Local\Temp\7z901DEE38\baseboard

                                                                                                  Filesize

                                                                                                  114B

                                                                                                  MD5

                                                                                                  0ce266dae74ed7669e7075da1e0600e8

                                                                                                  SHA1

                                                                                                  c69253e45e98d96047c8dc60b4a0adfee92771d3

                                                                                                  SHA256

                                                                                                  5d0e133e7edfe5383cd7625b44604615f64a0c65b8c0986e400978e813cd5adf

                                                                                                  SHA512

                                                                                                  15602c131b494431a65bbbe9ee9c6ed47175fb54915082aab25dd6eb106c263904e1f9ba06caf0fd530a2ee38ad8cd4b5430ca8ff78d148b275febe68bec24a3

                                                                                                • C:\Users\Admin\AppData\Local\Temp\7z901DEE38\config.ini

                                                                                                  Filesize

                                                                                                  342B

                                                                                                  MD5

                                                                                                  048404eeb7f19ff7aea3e0e282b2668f

                                                                                                  SHA1

                                                                                                  4ee3a5f86c9cc6a0f2fd597e41264249d49d7e30

                                                                                                  SHA256

                                                                                                  536276708fd9e141dc5036a7feb791a2467c667bb16d7ce90bf2917a68a772a2

                                                                                                  SHA512

                                                                                                  6fe975bfc6994edb1fddab0fa635a6d34d5624836fa7f77f6029c13ff633ee0af49fe513f1bb24d7c3cc90e83fcba837d82c8e593ca6e68e8101d4f44cf43b2c

                                                                                                • C:\Users\Admin\AppData\Local\Temp\7z901DEE38\nemu-downloader.exe

                                                                                                  Filesize

                                                                                                  3.2MB

                                                                                                  MD5

                                                                                                  b311535e3673c225b4095f77ca7ea4f5

                                                                                                  SHA1

                                                                                                  4206e1cbe58428fdbc9b319b8919373646807583

                                                                                                  SHA256

                                                                                                  7662f1e4e1b4a52cce2fb8c57ffdd4ec8654f3bd1a830814845e75fdcd3f1735

                                                                                                  SHA512

                                                                                                  57d9d6e592a6cdc3a8ffd514ad21729de15fcdd8b4fd321ce013c9541e08ad6cf3a11bf1479464b5b0fff771552c19ccad2720239779fcd25290c436a287b6c2

                                                                                                • C:\Users\Admin\AppData\Local\Temp\7z901DEE38\skin.zip

                                                                                                  Filesize

                                                                                                  509KB

                                                                                                  MD5

                                                                                                  d59a09fb475ed8cd967e1a5366d7884d

                                                                                                  SHA1

                                                                                                  8636b3f7d18482ce940607af9d0e51232d8491d4

                                                                                                  SHA256

                                                                                                  45a97dba97f3613ec8f357d9a36fe336c2795ead0f32081856b9b2dad4620ce1

                                                                                                  SHA512

                                                                                                  39a667a970f66ba6c28351a038c23bb4f4427e1b584a2cabf962711c64ad7540f09a00b2771c01c965d59f69b5b707e9659349aaf68b6f675695e9e83cf40e58

                                                                                                • C:\Users\Admin\Downloads\Unconfirmed 933943.crdownload

                                                                                                  Filesize

                                                                                                  5.3MB

                                                                                                  MD5

                                                                                                  86e0f88dcc69e631df6cfd28bb5babb1

                                                                                                  SHA1

                                                                                                  e7b3552cf10983c97bf3381fe66053f8f5a1ea9c

                                                                                                  SHA256

                                                                                                  baa175b6fa6ee27992d80995f9eae285f3a3eceb35b655c0c5a5f58b7ac748dc

                                                                                                  SHA512

                                                                                                  c2e0b76ea267cbe01019cd826c90ffcf84e88da1f16c83ae36cebe543cf75316b5a375a3f053165d4e8fe0b6d65a70558cb08693473d5710dc9de4a44fef7843

                                                                                                • \??\pipe\crashpad_2948_EVSBOYLBHFYMVJDL

                                                                                                  MD5

                                                                                                  d41d8cd98f00b204e9800998ecf8427e

                                                                                                  SHA1

                                                                                                  da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                                                  SHA256

                                                                                                  e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                                                  SHA512

                                                                                                  cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                                                                • memory/516-5-0x0000000000400000-0x0000000000455000-memory.dmp

                                                                                                  Filesize

                                                                                                  340KB

                                                                                                • memory/516-2-0x0000000000400000-0x0000000000455000-memory.dmp

                                                                                                  Filesize

                                                                                                  340KB

                                                                                                • memory/516-6-0x0000000000400000-0x0000000000455000-memory.dmp

                                                                                                  Filesize

                                                                                                  340KB

                                                                                                • memory/516-10-0x0000000000400000-0x0000000000455000-memory.dmp

                                                                                                  Filesize

                                                                                                  340KB

                                                                                                • memory/3240-0-0x00000000012C0000-0x00000000012C1000-memory.dmp

                                                                                                  Filesize

                                                                                                  4KB

                                                                                                • memory/3240-3-0x00000000012C0000-0x00000000012C1000-memory.dmp

                                                                                                  Filesize

                                                                                                  4KB

                                                                                                • memory/3240-1-0x00000000012C0000-0x00000000012C1000-memory.dmp

                                                                                                  Filesize

                                                                                                  4KB