Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-05-2024 22:00

General

  • Target

    crypted.exe

  • Size

    519KB

  • MD5

    1b1c7e6e96667a6a758b22d444de57a7

  • SHA1

    3eafd122d0814ee5aeb35a9bce975805a8cf6744

  • SHA256

    e03518acef8a2fecee311fac04e11943e8b219815f02224a4ae30d5ecccf0f90

  • SHA512

    2ed665526ec20b8c3d8a6854e25bcf44755e4bfd8f34b3770c3694e4b9cd8b2ad85d130830cb298aa18521f30038ef47e5d93225a5eb14039670f5ef626f91f7

  • SSDEEP

    12288:ar9mi27cWO4AEcI9cCHEAJtv9QXmuP16k:6mfemcCflO1

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://employhabragaomlsp.shop/api

https://museumtespaceorsp.shop/api

https://buttockdecarderwiso.shop/api

https://averageaattractiionsl.shop/api

https://femininiespywageg.shop/api

https://stalfbaclcalorieeis.shop/api

https://civilianurinedtsraov.shop/api

https://roomabolishsnifftwk.shop/api

Signatures

  • Lumma Stealer

    An infostealer written in C++ first seen in August 2022.

  • Downloads MZ/PE file
  • Executes dropped EXE 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 21 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

Processes

  • C:\Users\Admin\AppData\Local\Temp\crypted.exe
    "C:\Users\Admin\AppData\Local\Temp\crypted.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2748
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
      2⤵
        PID:3048
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4180,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=4080 /prefetch:8
      1⤵
        PID:1008
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault0d2f48f8h6470h433ch9544h2ac67a40edf1
        1⤵
          PID:1228
        • C:\Windows\system32\svchost.exe
          C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
          1⤵
            PID:5232
          • C:\Windows\system32\vssvc.exe
            C:\Windows\system32\vssvc.exe
            1⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:5392
          • C:\Windows\system32\taskmgr.exe
            "C:\Windows\system32\taskmgr.exe" /4
            1⤵
            • Checks SCSI registry key(s)
            • Checks processor information in registry
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SendNotifyMessage
            PID:5696
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault27b73f3dhc136h49edhbd26ha39ab218f48a
            1⤵
              PID:5856
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe"
              1⤵
              • Enumerates system info in registry
              • Modifies data under HKEY_USERS
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of FindShellTrayWindow
              • Suspicious use of SendNotifyMessage
              • Suspicious use of WriteProcessMemory
              PID:5080
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fffe3c9ab58,0x7fffe3c9ab68,0x7fffe3c9ab78
                2⤵
                  PID:6088
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1780 --field-trial-handle=1964,i,17983366771422628456,8056230956171068421,131072 /prefetch:2
                  2⤵
                    PID:5320
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 --field-trial-handle=1964,i,17983366771422628456,8056230956171068421,131072 /prefetch:8
                    2⤵
                      PID:5352
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1436 --field-trial-handle=1964,i,17983366771422628456,8056230956171068421,131072 /prefetch:8
                      2⤵
                        PID:2820
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3136 --field-trial-handle=1964,i,17983366771422628456,8056230956171068421,131072 /prefetch:1
                        2⤵
                          PID:1704
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3168 --field-trial-handle=1964,i,17983366771422628456,8056230956171068421,131072 /prefetch:1
                          2⤵
                            PID:5704
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3656 --field-trial-handle=1964,i,17983366771422628456,8056230956171068421,131072 /prefetch:1
                            2⤵
                              PID:5992
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4488 --field-trial-handle=1964,i,17983366771422628456,8056230956171068421,131072 /prefetch:8
                              2⤵
                                PID:732
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4644 --field-trial-handle=1964,i,17983366771422628456,8056230956171068421,131072 /prefetch:8
                                2⤵
                                  PID:5676
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4660 --field-trial-handle=1964,i,17983366771422628456,8056230956171068421,131072 /prefetch:1
                                  2⤵
                                    PID:4392
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4512 --field-trial-handle=1964,i,17983366771422628456,8056230956171068421,131072 /prefetch:1
                                    2⤵
                                      PID:5596
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4508 --field-trial-handle=1964,i,17983366771422628456,8056230956171068421,131072 /prefetch:1
                                      2⤵
                                        PID:6600
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3432 --field-trial-handle=1964,i,17983366771422628456,8056230956171068421,131072 /prefetch:1
                                        2⤵
                                          PID:6916
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3476 --field-trial-handle=1964,i,17983366771422628456,8056230956171068421,131072 /prefetch:1
                                          2⤵
                                            PID:6956
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5044 --field-trial-handle=1964,i,17983366771422628456,8056230956171068421,131072 /prefetch:8
                                            2⤵
                                              PID:7048
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5112 --field-trial-handle=1964,i,17983366771422628456,8056230956171068421,131072 /prefetch:8
                                              2⤵
                                                PID:7056
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4580 --field-trial-handle=1964,i,17983366771422628456,8056230956171068421,131072 /prefetch:8
                                                2⤵
                                                  PID:6416
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4604 --field-trial-handle=1964,i,17983366771422628456,8056230956171068421,131072 /prefetch:8
                                                  2⤵
                                                    PID:6456
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5036 --field-trial-handle=1964,i,17983366771422628456,8056230956171068421,131072 /prefetch:8
                                                    2⤵
                                                      PID:6536
                                                    • C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
                                                      "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
                                                      2⤵
                                                        PID:404
                                                        • C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
                                                          "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x7ff6712cae48,0x7ff6712cae58,0x7ff6712cae68
                                                          3⤵
                                                            PID:4996
                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4628 --field-trial-handle=1964,i,17983366771422628456,8056230956171068421,131072 /prefetch:1
                                                          2⤵
                                                            PID:7116
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3464 --field-trial-handle=1964,i,17983366771422628456,8056230956171068421,131072 /prefetch:1
                                                            2⤵
                                                              PID:6320
                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3420 --field-trial-handle=1964,i,17983366771422628456,8056230956171068421,131072 /prefetch:1
                                                              2⤵
                                                                PID:6356
                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4720 --field-trial-handle=1964,i,17983366771422628456,8056230956171068421,131072 /prefetch:8
                                                                2⤵
                                                                  PID:6280
                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4596 --field-trial-handle=1964,i,17983366771422628456,8056230956171068421,131072 /prefetch:8
                                                                  2⤵
                                                                    PID:6244
                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4676 --field-trial-handle=1964,i,17983366771422628456,8056230956171068421,131072 /prefetch:1
                                                                    2⤵
                                                                      PID:4568
                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=4092 --field-trial-handle=1964,i,17983366771422628456,8056230956171068421,131072 /prefetch:1
                                                                      2⤵
                                                                        PID:6576
                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=3404 --field-trial-handle=1964,i,17983366771422628456,8056230956171068421,131072 /prefetch:1
                                                                        2⤵
                                                                          PID:1540
                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3368 --field-trial-handle=1964,i,17983366771422628456,8056230956171068421,131072 /prefetch:8
                                                                          2⤵
                                                                            PID:6368
                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3152 --field-trial-handle=1964,i,17983366771422628456,8056230956171068421,131072 /prefetch:8
                                                                            2⤵
                                                                              PID:5920
                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5356 --field-trial-handle=1964,i,17983366771422628456,8056230956171068421,131072 /prefetch:8
                                                                              2⤵
                                                                                PID:5932
                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4688 --field-trial-handle=1964,i,17983366771422628456,8056230956171068421,131072 /prefetch:8
                                                                                2⤵
                                                                                  PID:1008
                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5372 --field-trial-handle=1964,i,17983366771422628456,8056230956171068421,131072 /prefetch:8
                                                                                  2⤵
                                                                                    PID:6792
                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4960 --field-trial-handle=1964,i,17983366771422628456,8056230956171068421,131072 /prefetch:8
                                                                                    2⤵
                                                                                      PID:3008
                                                                                    • C:\Users\Admin\Downloads\MEMZ.exe
                                                                                      "C:\Users\Admin\Downloads\MEMZ.exe"
                                                                                      2⤵
                                                                                      • Executes dropped EXE
                                                                                      PID:6024
                                                                                  • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                                                                                    "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                                                                                    1⤵
                                                                                      PID:4108

                                                                                    Network

                                                                                    MITRE ATT&CK Enterprise v15

                                                                                    Replay Monitor

                                                                                    Loading Replay Monitor...

                                                                                    Downloads

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

                                                                                      Filesize

                                                                                      59KB

                                                                                      MD5

                                                                                      7626aade5004330bfb65f1e1f790df0c

                                                                                      SHA1

                                                                                      97dca3e04f19cfe55b010c13f10a81ffe8b8374b

                                                                                      SHA256

                                                                                      cdeaef4fa58a99edcdd3c26ced28e6d512704d3a326a03a61d072d3a287fd60e

                                                                                      SHA512

                                                                                      f7b1b34430546788a7451e723a78186c4738b3906cb2bca2a6ae94b1a70f9f863b2bfa7947cc897dfb88b6a3fe98030aa58101f5f656812ff10837e7585e3f74

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                                                                      Filesize

                                                                                      2B

                                                                                      MD5

                                                                                      d751713988987e9331980363e24189ce

                                                                                      SHA1

                                                                                      97d170e1550eee4afc0af065b78cda302a97674c

                                                                                      SHA256

                                                                                      4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                                      SHA512

                                                                                      b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                      Filesize

                                                                                      690B

                                                                                      MD5

                                                                                      f55a77399a49fc94dfbc33557cd4fc1e

                                                                                      SHA1

                                                                                      60bdf0ec8f8eddc06780a51f6d30cd507a5926f0

                                                                                      SHA256

                                                                                      3fe785f71eba4ded4f670017de14b21f2d181c8f4e29056c9ade461eba8a1c89

                                                                                      SHA512

                                                                                      64d45bf160c6addc19b46e7eb280c9ca0ab3f59ee0747b9272370ad490e7493fb89d897e5ece2b179935222ddf44ccea263eeb112bf9e3206cce900bfdefdb1c

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                      Filesize

                                                                                      1KB

                                                                                      MD5

                                                                                      bd99adf36513061d4baa4427ecafadb5

                                                                                      SHA1

                                                                                      01ea9373ab4e14f30d13bf974376e674b7df91f3

                                                                                      SHA256

                                                                                      bc11900f22bf33fecac1f874963ff1dfd91ce63f8793505dd2da72146017a21a

                                                                                      SHA512

                                                                                      0e4a64a8058c3f0aa3d789123d48f74374a8a4221e220bea4a3f22cb0531f1320d159bf69716be3030c18c902c1f4b071fed0682096e68ee635131042260eef1

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                      Filesize

                                                                                      690B

                                                                                      MD5

                                                                                      40896ce2c5226c0a391c88d04ba88ac7

                                                                                      SHA1

                                                                                      acd0b242c3a64fb4374a4521c0130332237f1b26

                                                                                      SHA256

                                                                                      99747c423f6c7256dc598c735ada0cc61b8c9c1ffa5bfb0ca2f307f6c293ac94

                                                                                      SHA512

                                                                                      460779adc2ba9c7e6dd44e95eb2bbd679b6071def0c835d7a6b5db627f9f838d91fbd4edc8d65702d6615e70ec9b02c54aaad2f3e7d1771be1f0fbf9919dd6e6

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                      Filesize

                                                                                      7KB

                                                                                      MD5

                                                                                      4080e223eea26d711473f37a4dae50f7

                                                                                      SHA1

                                                                                      ebb75b156f28e663aa04f32c32f0ec220200487f

                                                                                      SHA256

                                                                                      4dfc3138b403fc47b737a454dc08b547b752fa1b0f899af20e7c4f5f736ff0a1

                                                                                      SHA512

                                                                                      a22465abb9890113d3cacf57bb00c8958be3e3fcacff1d9346dad02d5d3008967114c0309bc31699f930136f43f4c45b29d35bceb2467a92d4bcb5eaa51bc446

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                      Filesize

                                                                                      8KB

                                                                                      MD5

                                                                                      6fd9d0c686c2da11c9c7653be98439ad

                                                                                      SHA1

                                                                                      86a093327559837318f38e8d2df25a811f1158b3

                                                                                      SHA256

                                                                                      c25cebf60106c277ab73a54aed35f18efe02c32ffafee8317813db868cb6db34

                                                                                      SHA512

                                                                                      69e5ee8f9a8f4ba4b571d73996e06a12a20050c2a393f32b8e08ca1604eb4e4aecbed0faf22f3208eb9875106c226c8d9292b17b4fd7188af9712125f45e8f73

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                      Filesize

                                                                                      8KB

                                                                                      MD5

                                                                                      46644e9d00d70a8918b4edb24cf59043

                                                                                      SHA1

                                                                                      ab2cd74bb2f19aab27de2b9e2b1ffebf972d30ae

                                                                                      SHA256

                                                                                      3403451e3a229eb93b4b6dbdb084fe730e0a8dd4af6daa65063bfb4b68ff906d

                                                                                      SHA512

                                                                                      ec87d5e6f20b46d50685696b0770ed7397dc845510b599d76a122a688379c759d3af7bb28faeefdc14275cc1c764e37bcb74da3063de3b4a038a979c36db0410

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                                                                      Filesize

                                                                                      16KB

                                                                                      MD5

                                                                                      24e409ad6e04a9bee1e909fa4036bbcd

                                                                                      SHA1

                                                                                      59746788646041610093ba1fabe23731606701a7

                                                                                      SHA256

                                                                                      333dfdd91b2e69bf342a6aa2b07b91f6608a11e46a654e91258d165edb8274ab

                                                                                      SHA512

                                                                                      e96e8df208d1fa933e7f92206d3e34bd3b3cd615410cbadd3c101642401540c4564fc5f727ec4e67e2d737103e22f1071f80f29809eb0e90ad7d8e626f3c076c

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                                                                      Filesize

                                                                                      56B

                                                                                      MD5

                                                                                      ae1bccd6831ebfe5ad03b482ee266e4f

                                                                                      SHA1

                                                                                      01f4179f48f1af383b275d7ee338dd160b6f558a

                                                                                      SHA256

                                                                                      1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

                                                                                      SHA512

                                                                                      baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5a14d1.TMP

                                                                                      Filesize

                                                                                      120B

                                                                                      MD5

                                                                                      57ef14e29ee6d4b80b8f3d70ce457efe

                                                                                      SHA1

                                                                                      ea9dc3c260009de5ef0e5ba558dbffc4321e57f1

                                                                                      SHA256

                                                                                      b3dee9482ad5acbb7697549cb2b825266a91c0b359586b417ca2e9074b4f1b30

                                                                                      SHA512

                                                                                      a7cc583cba141f12bec605b1f7dd717e48dab56b0a7d3229f9f47c8de30e17b8c15f1374654bb77435bd60a8307edb23e09410cd4c94882056c99b2d9402f990

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                      Filesize

                                                                                      260KB

                                                                                      MD5

                                                                                      afd9683aa4aacf5524e1a1c51b35bc13

                                                                                      SHA1

                                                                                      9044470fbb2ab43cfff8ad72a1a21b283c18ee2e

                                                                                      SHA256

                                                                                      7175133e3e5c5b29931b3df52013aeffcbd2c8b90be719bae324b34778b1bf9e

                                                                                      SHA512

                                                                                      a950e54e7ce6596e50c25b8de3ed68d2edd3e3d0506a71edb40219cfa2761b06150d1c0141a5f55ea0614543420e20a67e835d8dce73cd12c453bd30585301cc

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                      Filesize

                                                                                      260KB

                                                                                      MD5

                                                                                      55e99e6494bc3b5f98c8f7c56a033b2d

                                                                                      SHA1

                                                                                      73276f73816851107678f701be2c7b16491733ac

                                                                                      SHA256

                                                                                      310bbe23fdcba9be4e2368706a2f27ab784442767301fd0f7ce5f2e8e815cf66

                                                                                      SHA512

                                                                                      0f04a447ed4a31958e251807661f03782329764be833ea976ea0174a0a82864f6bd0bd2cb5dab09cc6cb439049e64d5d62c2d30edb21e9c8837389318d717684

                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                      Filesize

                                                                                      260KB

                                                                                      MD5

                                                                                      02535d324f8975cf7b53b93dd643817f

                                                                                      SHA1

                                                                                      fd7e8ad2510d1f527289c445952a81473164f98f

                                                                                      SHA256

                                                                                      26030233fe185348244a57f7003676046ba4381147f0c940dce6b09a529c2141

                                                                                      SHA512

                                                                                      d11875690139b9b88386ff23c4ee8a6128d8673fdd120dac6ba28925e867a967306b4ea036299a2f1eef5113d441d5ff41bb25b36ff397aa208ef7065d199d90

                                                                                    • C:\Users\Admin\Downloads\MEMZ.exe

                                                                                      Filesize

                                                                                      16KB

                                                                                      MD5

                                                                                      1d5ad9c8d3fee874d0feb8bfac220a11

                                                                                      SHA1

                                                                                      ca6d3f7e6c784155f664a9179ca64e4034df9595

                                                                                      SHA256

                                                                                      3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

                                                                                      SHA512

                                                                                      c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

                                                                                    • \??\PIPE\wkssvc

                                                                                      MD5

                                                                                      d41d8cd98f00b204e9800998ecf8427e

                                                                                      SHA1

                                                                                      da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                                      SHA256

                                                                                      e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                                      SHA512

                                                                                      cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                                                    • memory/2748-0-0x00000000003F0000-0x00000000003F1000-memory.dmp

                                                                                      Filesize

                                                                                      4KB

                                                                                    • memory/2748-2-0x00000000003F0000-0x00000000003F1000-memory.dmp

                                                                                      Filesize

                                                                                      4KB

                                                                                    • memory/3048-6-0x0000000000400000-0x0000000000455000-memory.dmp

                                                                                      Filesize

                                                                                      340KB

                                                                                    • memory/3048-4-0x0000000000400000-0x0000000000455000-memory.dmp

                                                                                      Filesize

                                                                                      340KB

                                                                                    • memory/3048-1-0x0000000000400000-0x0000000000455000-memory.dmp

                                                                                      Filesize

                                                                                      340KB

                                                                                    • memory/3048-5-0x0000000000400000-0x0000000000455000-memory.dmp

                                                                                      Filesize

                                                                                      340KB

                                                                                    • memory/5696-16-0x000001E69E1C0000-0x000001E69E1C1000-memory.dmp

                                                                                      Filesize

                                                                                      4KB

                                                                                    • memory/5696-19-0x000001E69E1C0000-0x000001E69E1C1000-memory.dmp

                                                                                      Filesize

                                                                                      4KB

                                                                                    • memory/5696-7-0x000001E69E1C0000-0x000001E69E1C1000-memory.dmp

                                                                                      Filesize

                                                                                      4KB

                                                                                    • memory/5696-9-0x000001E69E1C0000-0x000001E69E1C1000-memory.dmp

                                                                                      Filesize

                                                                                      4KB

                                                                                    • memory/5696-8-0x000001E69E1C0000-0x000001E69E1C1000-memory.dmp

                                                                                      Filesize

                                                                                      4KB

                                                                                    • memory/5696-18-0x000001E69E1C0000-0x000001E69E1C1000-memory.dmp

                                                                                      Filesize

                                                                                      4KB

                                                                                    • memory/5696-17-0x000001E69E1C0000-0x000001E69E1C1000-memory.dmp

                                                                                      Filesize

                                                                                      4KB

                                                                                    • memory/5696-15-0x000001E69E1C0000-0x000001E69E1C1000-memory.dmp

                                                                                      Filesize

                                                                                      4KB

                                                                                    • memory/5696-14-0x000001E69E1C0000-0x000001E69E1C1000-memory.dmp

                                                                                      Filesize

                                                                                      4KB

                                                                                    • memory/5696-13-0x000001E69E1C0000-0x000001E69E1C1000-memory.dmp

                                                                                      Filesize

                                                                                      4KB