Analysis

  • max time kernel
    159s
  • max time network
    159s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-07-2024 17:54

General

  • Target

    ClientAppSettings.json

  • Size

    3KB

  • MD5

    7a3ddecfa7f54d37a3a682ff672ddc5b

  • SHA1

    336e6ec98ec7ede6fecf0ca57009ed300ba5b187

  • SHA256

    d58416aa991d70de03d3d80c8ea1290107222cfa1d4d1714047f878b559d3c11

  • SHA512

    34f84b828576d2dc5f805c4939deb9e7436eb2d75154d7f1f6e2707b9cb07551e376a2b295ffdc97d37ce3e65b8331a1f919c3817efb742634f929b1cc1f4f57

Score
10/10

Malware Config

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    194.28.224.2
  • Port:
    21
  • Username:
    anonymous
  • Password:
    anonymous@

Extracted

Family

lumma

C2

https://bannngwko.shop/api

Signatures

  • Lumma Stealer

    An infostealer written in C++ first seen in August 2022.

  • Executes dropped EXE 2 IoCs
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
  • Suspicious use of SetThreadContext 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 23 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 61 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\ClientAppSettings.json
    1⤵
    • Modifies registry class
    PID:3048
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2832
  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe"
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4400
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe5140ab58,0x7ffe5140ab68,0x7ffe5140ab78
      2⤵
        PID:1396
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1772 --field-trial-handle=1940,i,1032826322274619414,15088433151060237656,131072 /prefetch:2
        2⤵
          PID:1316
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=1940,i,1032826322274619414,15088433151060237656,131072 /prefetch:8
          2⤵
            PID:4948
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2292 --field-trial-handle=1940,i,1032826322274619414,15088433151060237656,131072 /prefetch:8
            2⤵
              PID:1900
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2860 --field-trial-handle=1940,i,1032826322274619414,15088433151060237656,131072 /prefetch:1
              2⤵
                PID:1996
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2876 --field-trial-handle=1940,i,1032826322274619414,15088433151060237656,131072 /prefetch:1
                2⤵
                  PID:4372
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3668 --field-trial-handle=1940,i,1032826322274619414,15088433151060237656,131072 /prefetch:1
                  2⤵
                    PID:1012
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4692 --field-trial-handle=1940,i,1032826322274619414,15088433151060237656,131072 /prefetch:8
                    2⤵
                      PID:1628
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4832 --field-trial-handle=1940,i,1032826322274619414,15088433151060237656,131072 /prefetch:8
                      2⤵
                        PID:400
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 --field-trial-handle=1940,i,1032826322274619414,15088433151060237656,131072 /prefetch:8
                        2⤵
                          PID:2696
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5000 --field-trial-handle=1940,i,1032826322274619414,15088433151060237656,131072 /prefetch:1
                          2⤵
                            PID:632
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3364 --field-trial-handle=1940,i,1032826322274619414,15088433151060237656,131072 /prefetch:8
                            2⤵
                              PID:464
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2636 --field-trial-handle=1940,i,1032826322274619414,15088433151060237656,131072 /prefetch:8
                              2⤵
                              • Modifies registry class
                              PID:392
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4260 --field-trial-handle=1940,i,1032826322274619414,15088433151060237656,131072 /prefetch:8
                              2⤵
                                PID:4080
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3376 --field-trial-handle=1940,i,1032826322274619414,15088433151060237656,131072 /prefetch:8
                                2⤵
                                  PID:3268
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 --field-trial-handle=1940,i,1032826322274619414,15088433151060237656,131072 /prefetch:8
                                  2⤵
                                    PID:4028
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2924 --field-trial-handle=1940,i,1032826322274619414,15088433151060237656,131072 /prefetch:2
                                    2⤵
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:3992
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 --field-trial-handle=1940,i,1032826322274619414,15088433151060237656,131072 /prefetch:8
                                    2⤵
                                      PID:4128
                                  • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                                    "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                                    1⤵
                                      PID:4456
                                    • C:\Windows\System32\rundll32.exe
                                      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                      1⤵
                                        PID:2856
                                      • C:\Users\Admin\AppData\Local\Temp\Temp1_setup.zip\setup\setup.exe
                                        "C:\Users\Admin\AppData\Local\Temp\Temp1_setup.zip\setup\setup.exe"
                                        1⤵
                                        • Suspicious use of FindShellTrayWindow
                                        PID:4640
                                        • C:\Windows\system32\cmd.exe
                                          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tmptfxga5ww\update.exe
                                          2⤵
                                            PID:3108
                                            • C:\Users\Admin\AppData\Local\Temp\tmptfxga5ww\update.exe
                                              C:\Users\Admin\AppData\Local\Temp\tmptfxga5ww\update.exe
                                              3⤵
                                              • Executes dropped EXE
                                              • Suspicious use of SetThreadContext
                                              PID:4848
                                              • C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                4⤵
                                                • Suspicious behavior: EnumeratesProcesses
                                                PID:2604
                                        • C:\Windows\system32\taskmgr.exe
                                          "C:\Windows\system32\taskmgr.exe" /4
                                          1⤵
                                          • Checks SCSI registry key(s)
                                          • Suspicious behavior: EnumeratesProcesses
                                          • Suspicious use of FindShellTrayWindow
                                          • Suspicious use of SendNotifyMessage
                                          PID:4488
                                        • C:\Users\Admin\Downloads\setup\setup\setup.exe
                                          "C:\Users\Admin\Downloads\setup\setup\setup.exe"
                                          1⤵
                                            PID:3564
                                            • C:\Windows\system32\cmd.exe
                                              C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tmp7eadhxqs\update.exe
                                              2⤵
                                                PID:5016
                                                • C:\Users\Admin\AppData\Local\Temp\tmp7eadhxqs\update.exe
                                                  C:\Users\Admin\AppData\Local\Temp\tmp7eadhxqs\update.exe
                                                  3⤵
                                                  • Executes dropped EXE
                                                  • Suspicious use of SetThreadContext
                                                  PID:1996
                                                  • C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                    C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                    4⤵
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    PID:3620
                                            • C:\Users\Admin\Downloads\setup\setup\setup.exe
                                              "C:\Users\Admin\Downloads\setup\setup\setup.exe"
                                              1⤵
                                                PID:4788

                                              Network

                                              MITRE ATT&CK Enterprise v15

                                              Replay Monitor

                                              Loading Replay Monitor...

                                              Downloads

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\26448488-a6c6-4932-be44-8046b9f6b82c.tmp

                                                Filesize

                                                6KB

                                                MD5

                                                b684eb69db85440a95e91e4ef3868fef

                                                SHA1

                                                f0edf82a9206fb188a52e3c3f43b0bdadcfaf9ee

                                                SHA256

                                                bd3a7df28606bd899040db0f2b0c6fb4a853947c53eb8c17657194618bcb283a

                                                SHA512

                                                3b064bb53815c1b41726115b249a2eb6f90ed3371552cd0dd0fc91bcfaa38c5639f0b730dbc80007e0c1f67cdf835484c5c8201da2b4bb8aea9f86803fe45c4b

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

                                                Filesize

                                                44KB

                                                MD5

                                                ad57b7d925c8d029e80f69fb326c1640

                                                SHA1

                                                9dae645aefd7df83dffb8fd6000c1d249727687a

                                                SHA256

                                                72c0634d4767b16a498a54f245e104c773c52e8dc54ee144ba89252aba8d78a7

                                                SHA512

                                                a8a71803ab674a87a5a873cbbf8941b0434dbd846b5ef6299672950299393b5d968653f235bf09fc813e5639492533cedf2ea59a85db13d4a66cb808d19536fb

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

                                                Filesize

                                                264KB

                                                MD5

                                                a830a6efc08ff6d11efe7801d9a443d7

                                                SHA1

                                                5c7e008c684b2a4d5f20bc6bcad1d4e17c6edc2d

                                                SHA256

                                                eece7d816c3c20434f3bb7d9efa2192ea1df529005226908fed90e705b8f425d

                                                SHA512

                                                95ae9fb19c67d324cb9232b919910691486cc11e343e7b38a15851ff9ce93e6aa75bc2984d50404061c8577a1aec105444fc21c5a95786eb760ef736dabd1db2

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

                                                Filesize

                                                1.0MB

                                                MD5

                                                bd2112a621cd61be49506ae4d266f66b

                                                SHA1

                                                1be5b13047c3f7e6405599361f366c909b096de7

                                                SHA256

                                                9b3c035a3f58e019bf2fccaa5d8754b9ddaae4b9e4954e166b7248ae51e07137

                                                SHA512

                                                ca9c61edc16e262dfa6c3ae531fc0ca5f77e1a531822c4381b2a979101b7de0a370803fab2e4202a927144f2157d062d4fa67bc88991e528f5e0da8c8e46628b

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

                                                Filesize

                                                4.0MB

                                                MD5

                                                538ad9e59a673264b8e5391fe07b647c

                                                SHA1

                                                dd4f372bb69ade55a1ceab979c822a3723a24b8e

                                                SHA256

                                                a3e64510fe5ec32cd49569ae126238b736dddf9e4845ee6741d112a90bba2469

                                                SHA512

                                                2179ae0e850a041a996028017ce31abac91ffc46cc8c1a1b7eabea22d353d0abf386fde8805a97915ee3caf23eec4bc26353a83242377e02a15de9240a226ef1

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

                                                Filesize

                                                115KB

                                                MD5

                                                5d4f18316d56a0bd3d32c33c75adc3f7

                                                SHA1

                                                cbaa299fca2e2f98741ff1acad6b681c3c089f3b

                                                SHA256

                                                19e429854c0cfdae2cd47bb8a333dcd860017e4e67d7e0c7ea53f8248b454d6d

                                                SHA512

                                                3661fbfcb2d0304daf1bfbdd8616ac255bc3f14a5d311a2a698127b5caf665dedb14b3706f09ecff434e50c5bc998e7df43e1992021bb3cf54572e3583d57706

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

                                                Filesize

                                                20KB

                                                MD5

                                                628ba8d31375849e0943894669cd033c

                                                SHA1

                                                4fa6d50a37fa2dadec892474d3e713ef9de2d8a1

                                                SHA256

                                                80e3440c312f921afe33a7d4a3d11d1d2dc7162f8f50b748b796f424441d10d6

                                                SHA512

                                                d4406493dc8767c479460f3039b038866549feebf392280384da08adbcad2e871720d046220cb67ebe3ab75c14e06a31df2fa7c0f2c17f91eda26ba0a709d27f

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

                                                Filesize

                                                37KB

                                                MD5

                                                f31a1ab9f483d9db21349522e39dd16e

                                                SHA1

                                                01a275d7fc1c4f578fa506c8e0bf9b7787dd4806

                                                SHA256

                                                463800c9ec072ae72a4f6fdc1f2f779c792cb7ceb6f57c7d1231eabefad2bd9d

                                                SHA512

                                                cab9bf13c36b854bef939e1d09c8d896caf1d7c20f6948f70f27eaf2869e49c8b9be728b4c95926ba869a987516a79d3193d416b0582b7570a58269c8caa7603

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

                                                Filesize

                                                37KB

                                                MD5

                                                669b1563b95fce26d9ddc3c7e9bdc538

                                                SHA1

                                                275e4ae2606a0da908003b77ea06b24ea8b66214

                                                SHA256

                                                d46765072d87d9892a0f6f8f9849eafe0abecee9d662e99f8b45d8c5b22ac667

                                                SHA512

                                                09e066f5a1974927b2cb607a8b953f2732928c7347f65cdfcdb573170840562de6eae091a61108827b3ae0799c16bfbd41d858ee1a8bc57d9bb1fac814438302

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

                                                Filesize

                                                82KB

                                                MD5

                                                8b36b954e5a8947dedbc720664fbccb7

                                                SHA1

                                                0310a60a8bbd7ac385b6e94aec8dee9aa05a6d24

                                                SHA256

                                                069b3e224154172e3c385b5ebbdde887253d596776b74b9fb2a326b875fb718e

                                                SHA512

                                                c2827251585fbb5e24bc38ef58822e8892d952c6e2a90743453502254550384cfcc9789858d66706c86f51c483fc28c23c796ba6285747689940460402b30f29

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

                                                Filesize

                                                26KB

                                                MD5

                                                d7ff26e78ea2a2e4caf35ba779aeb43d

                                                SHA1

                                                2f023ba26ef838fc038851728cec296e7b00b936

                                                SHA256

                                                eafb740ac39eadc1d188c34eed6c0e56c75eed1ef8b273806b21f110420e483d

                                                SHA512

                                                a6073702a4b558e5ef867a7967538b0c6600f763a52ec9bb76f920819ae759de9e7296177c41bee4c3309f4add8403a276fdaa32ae84aab897ca6608bf824b5f

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

                                                Filesize

                                                20KB

                                                MD5

                                                0f3de113dc536643a187f641efae47f4

                                                SHA1

                                                729e48891d13fb7581697f5fee8175f60519615e

                                                SHA256

                                                9bef33945e76bc0012cdbd9941eab34f9472aca8e0ddbbaea52658423dc579f8

                                                SHA512

                                                8332bf7bd97ec1ebfc8e7fcf75132ca3f6dfd820863f2559ab22ac867aa882921f2b208ab76a6deb2e6fa2907bb0244851023af6c9960a77d3ad4101b314797f

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

                                                Filesize

                                                56KB

                                                MD5

                                                f817e737bd803df8a4f12c1937ab0d51

                                                SHA1

                                                24e172cdf9d4b77b0cb4c271aed4a7c9eba98fc9

                                                SHA256

                                                17b0202476b336c41e4108aa245ac863c3e19ef8c5e430fe112a0900f0a18802

                                                SHA512

                                                d417d62e0fdcdfa883d4ffb317546e7ac5258aac538cbfad4eb111b134839750a65c55b5230507ff6912ffd272c0eb6317bcdd95c38cfb81c63b8e85b1359346

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

                                                Filesize

                                                53KB

                                                MD5

                                                8fcb818bc23425964d10ac53464bf075

                                                SHA1

                                                396f40d25a7d38eed9730d97177cd0362f5af5d7

                                                SHA256

                                                8b56333cda4211c50ada778d598348b8a846d557ed9117d8b265e004db31e9f7

                                                SHA512

                                                6ec7588257bd1261f9b2876c3aa57fba2b6bdc33a2a68830c8d8d539f449c552cf6923a5e8afb5e665d12cad253a10d68ad665d9eb74ff8250c6daf2f61e6da8

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

                                                Filesize

                                                132KB

                                                MD5

                                                01088b35a7144b96e1c65db9ecf5aeab

                                                SHA1

                                                3d5b4a4fafdc3867adca4a4a640d6296bba06f82

                                                SHA256

                                                66616d0b8be2030b1f40d1da2a80bdf930172335226111b7965a4480bb584f1f

                                                SHA512

                                                bf639e6539792c3ebab0ddb646b795a1cb14e4359fe97726db69ba2e082debdb920c15d5eb96a552613ead61ee4320de0331c02aaba3f14dd83956cc7affba89

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

                                                Filesize

                                                21KB

                                                MD5

                                                8680ad8cc782b74ee7a15f0a042c76f1

                                                SHA1

                                                ec430c456dedd9a2360703a826491fcd69f6dd8b

                                                SHA256

                                                af745264049ea73c66c1dc7783e59fcfe94c0506337867380ae638e694cfe5e7

                                                SHA512

                                                7869afe9f737bc31a9c33b03014f4d5239cc48a798deabc0fdc835fd6736a99b17d181e57866ac960bbdb0d1e3e8610cf97bb01762435d8808ca56f1e74dc2be

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

                                                Filesize

                                                53KB

                                                MD5

                                                57f762b59d4a540b8c807855c8839de4

                                                SHA1

                                                ed86ae32eef69c8c08cefb75424e328c9f6d2f88

                                                SHA256

                                                208e03059a44119a94b1a5b69ea6daa3f0591bc64e7c8f81ff4dba3f151e9d10

                                                SHA512

                                                2bf1f27d62f39b68666edc5a5749b247e6c7edfdfec0bdeb404aedc52ec54dca7ca08a15431f4498b58c6e19f67b39a99c58f3c73f9fd3813c2f01fc67d508f5

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

                                                Filesize

                                                19KB

                                                MD5

                                                ebb14f8ddf064a1c3407de603cfc3bda

                                                SHA1

                                                ec6ffea909c632de39c0907fe9b22896e77cf7e1

                                                SHA256

                                                e87c3131854fb59d9063ca472f491127584f987375cdb44f40b9bd5192370cc9

                                                SHA512

                                                a61b41289f8398abf3f9d6a3be3e4105bd490aec57917d4dc455947f9842667bb480b4df329f190d613e7e5cd8451a8eda6ada6a19c5e4c8af8ce1cc2f93a1ed

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

                                                Filesize

                                                21KB

                                                MD5

                                                938dc31d2f35dc1246db9b2da3feb1e1

                                                SHA1

                                                4be7b831da6438258d5e66cac62f0fc8b16950ec

                                                SHA256

                                                2d3784c15029e41998ee878b333c1dfd23556964ffb6334c7f24e810a913bf90

                                                SHA512

                                                df07eec1b86ae76cb5ff2ba8b01a8152f2e6d4448be6ff7f11a68e6215712b9190a41e4c03c9dfad2a9266c88ef684b54e8de3a318d7d8c390ea2f52fc7ac102

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

                                                Filesize

                                                50KB

                                                MD5

                                                b64844536d46bdcb587ce47dfad8acd9

                                                SHA1

                                                484b23719e15111009ba4d83a1c97b0befa516a5

                                                SHA256

                                                09cd7e351b2241846801de43f710c5186af4ea2598faceab40120190989b4a33

                                                SHA512

                                                d8e06b7f81337ad0b8fba9141e172118a5b3cb7a298c5381b4f59c81ae87312aa869aa8fc1fd0b7e03bf68a8a1f3d937c2f4e359b75f94ca3db2e44da5cc7b5c

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                Filesize

                                                2KB

                                                MD5

                                                2c82b078d0b781612039e8bcc165f1f9

                                                SHA1

                                                8fe65093a4ad4d44281cf7d586c7aa6c44f60e94

                                                SHA256

                                                3f1b75d6d4d370e0a81983bf9cf5001dea7870c5e0edbcb2474eae66add590c5

                                                SHA512

                                                1b343be4a7b837d87e50c535e10aec15c2ec313db110644d9de2b043309effe3777acfb7bd3a02168e836e02fa5c9c41538365318a5b1f5512459b14277b27c3

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

                                                Filesize

                                                152KB

                                                MD5

                                                46718f09588f37b78323e88f6dd473b0

                                                SHA1

                                                d7332feadfb335f112252fd4a4076ef339d14114

                                                SHA256

                                                fdaeb34e1c316d09f7e947deb27bd505f3aabca3526cdd9fb43e8158227eea43

                                                SHA512

                                                8e0858be915b1867bff04146338ac8182d8512c42be788352e5ce358f61e90509dc1d1596bd0ef94b4f8860af7809fe9e8f4d6db479ca4022674a1f517fca28f

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

                                                Filesize

                                                20KB

                                                MD5

                                                5708322279edbb147f83c76dab9e62c1

                                                SHA1

                                                b74374fd3489b681f60227d16409d4220afb3b04

                                                SHA256

                                                f154eef970f06c9873891568624d7a0495c50badb11dcf15e675124783d4d944

                                                SHA512

                                                fb218c902bb09979c2a532577bf5e837f2268b07e141c9ee62a70acc85777b973836dec474b4dec1cde2bf1e030601fe178486f0c524e6825d32c62c96719b4a

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

                                                Filesize

                                                20KB

                                                MD5

                                                4fef7f899d2af2824b689bf0391940e8

                                                SHA1

                                                0e115b0bf17f777d3f6f0298e150ac4e11966aa7

                                                SHA256

                                                9a85530960b7daf37360777b51d3e35e6b3500b3cf8c7293ea3ee8065ee8f693

                                                SHA512

                                                b6a55cd2c42f62de856f9bc6130950b66ab7580fe9710fe94f2058066622b88ac389575852edec37f30d873bbf66a073308f89f592a6a716a95356c548836570

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                Filesize

                                                1KB

                                                MD5

                                                d044a64734c2d0ce5520161a11e19500

                                                SHA1

                                                caf72a692fe90be208754693738c812e4d2c97fa

                                                SHA256

                                                4c271e31670342a92dd5a23fd388a9f2dbeace6856ccffab5da2ee79b8d9ea6e

                                                SHA512

                                                99f7791f27763891d1a25b34494226cec0187b744c907efc75f5af8c86e530d767eb0bcf7eb66da5d9b5c48bdafa6ebfb80bd9fa37d01ff63a7f121deecd9a0d

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

                                                Filesize

                                                36KB

                                                MD5

                                                867e123bcb3572aaad5c10240fc3be83

                                                SHA1

                                                9901a9e65e70bfa15e878438291cc374798d53e1

                                                SHA256

                                                a9cbed4d4c9de9300fca61b81b7e94dc6c5359080ec034bff96f7ca2b6f07925

                                                SHA512

                                                cf2783c1b721bc9d85879cfbe81f5831efe55ec8b937b033da6c9e96cf4a9840b734430c9037df78b11a117b4843038d1f78714af6e1a525e3cdb33008a63588

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                                Filesize

                                                2B

                                                MD5

                                                d751713988987e9331980363e24189ce

                                                SHA1

                                                97d170e1550eee4afc0af065b78cda302a97674c

                                                SHA256

                                                4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                SHA512

                                                b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                Filesize

                                                352B

                                                MD5

                                                30c12e49c97d8dc877bd94f2bb93089a

                                                SHA1

                                                2141c4f29beeb016541581e42a78f262c16794b4

                                                SHA256

                                                bbfdccb71cdf0165558ec0c3f2326efc9579c559f0abe1349305f42dadf1ea98

                                                SHA512

                                                5574d3a821ecfd9eabf6336fbdba9fdad25207251ee853728be6b6761b0f213e1cdd51c3a78ebfc5c7ac00664c640ea57be7c2e7e576c4ec9b7c9b2602efd300

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                Filesize

                                                1006B

                                                MD5

                                                469230944097a0d7f355578be5345d12

                                                SHA1

                                                5bfede06e83aba45d68504e5b494faaa7dc99ebe

                                                SHA256

                                                76e38855f66dd2aac31d627092da0d243cb8b2535f06e2c8e32daa0d47e9c2f2

                                                SHA512

                                                16f8c4d211255bdeec7104def295e48135844c36526ddbccf2c128e0f6b50294380120281a0d767395f79f025827c6c9a33e9d91df8f45fbd87315fa3c8f0b37

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                Filesize

                                                1KB

                                                MD5

                                                ced157b9831b1eb8ac69c55a5f432626

                                                SHA1

                                                63f1b0efd43a75d1e0786ad6a5f096369750a0ed

                                                SHA256

                                                40f39d81d7ef0beee371138d112c10f683710eb16009b89f539ce7218fbb5592

                                                SHA512

                                                642dd1debfa28da27896da54a7d0bac718e8920b8c2fd1f7785e9487d45bfec22a5fe040d5649bfe1a1c0277ddd6a0c1de08ba11b62914e477e924275f1e7cba

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                Filesize

                                                7KB

                                                MD5

                                                e243fa9aead0ae4b9837cf05ebf8af7f

                                                SHA1

                                                3f2c2bc0bc6d75c0f01c00c1f580f915604e0b86

                                                SHA256

                                                3b1fa0e0c0741b4844127dc03f5df36164c57df6bac026e034484b00ef8743e2

                                                SHA512

                                                8f11adaa6f48004fd619f87381d472a8f86a12002464dc9b452b16b326d68a5217a25435746eedb80429354955bbc0d9eb79a7b504562c1e661c8c308bbacbdc

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                Filesize

                                                7KB

                                                MD5

                                                4eea611b0fd52838af8196ac0138648b

                                                SHA1

                                                8e5c587d96181f1b39c8e0f570449d6d36ab0ab0

                                                SHA256

                                                3b9780ee34bf758f3cdad609f261f9a9678983a3760d636171fea086b7048f5a

                                                SHA512

                                                2b20844fde0086a3553ba3102c859bdd6778bb2a5cc1d268ad16b75eeb19321098968b16a1481630f9f526f982212ed5c5cf47276977bd41bb86311536fe3193

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                                Filesize

                                                16KB

                                                MD5

                                                c99bb59bcd1c7c798a74af330388bd5d

                                                SHA1

                                                c534429d7f45e12cc1393c29cb5a59a767904398

                                                SHA256

                                                2164db2d3799623c914d08c7dc8fd0564855f24c86cd0e92ea65efe0a60438ad

                                                SHA512

                                                be89d933b37414ff74b09f0425317fb8e7f27561c987cc9276a054962f14f3e2ddefecd518a8bcd9804d4f838be43c9ae66cf435fd54f47bb1d5dcc8458a6f39

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

                                                Filesize

                                                14B

                                                MD5

                                                009b9a2ee7afbf6dd0b9617fc8f8ecba

                                                SHA1

                                                c97ed0652e731fc412e3b7bdfca2994b7cc206a7

                                                SHA256

                                                de607a2c68f52e15a104ead9ecbaa3e6862fdb11eac080e408ba4d69f1f7a915

                                                SHA512

                                                6161dd952ae140a8fb8aa5e33f06bc65fdc15ce3fbfe4c576dc2668c86bce4a1d5c1112caee014e5efa3698547faad3bc80ec253eedb43148e36e1a02ce89910

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                Filesize

                                                285KB

                                                MD5

                                                b211cf8459293fd400fc61320f6e31ae

                                                SHA1

                                                b3910950e7222bdd550544b3bc4b4095c6dc3904

                                                SHA256

                                                6bb393188e50458c3b7c14ce861f7d6a37d553a4fd2c67a7d4d37fdec7c7e176

                                                SHA512

                                                9eb11bc4a3413353c09c1e9a7e9eff9b45df289b515894d9e1ca710b5cf11ec9afe19e9272f6da2e476b21c5f0df5889943c4a7142a57247989d87355d47b402

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                                Filesize

                                                89KB

                                                MD5

                                                b031670b41d0f7441a311c98841928ad

                                                SHA1

                                                abed019c066a5a01b5709f4a192402f86bb9b9d3

                                                SHA256

                                                92443a92bd23f1922d9dcafd0d17e0ad87ed104294f7bc56c435a63572aef9ef

                                                SHA512

                                                b9293a1ccbac6489bf55ffdae946145b9f0cf7b0aec50d6578cbd45fdecf7eba273be98a135bff6860f88cbd4182917f292e6ac9b3f08f3f384dd6a3df20e474

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                                Filesize

                                                98KB

                                                MD5

                                                90eefef6a12ccf2491e85a83d9c24a65

                                                SHA1

                                                3a4386912c4ff04fd9c5122b8c70da6569f1541a

                                                SHA256

                                                fbc41683fa79d86f74d926683dc2f36bdca6877e191fe8628b7c26d952a1a01f

                                                SHA512

                                                42a0971d1ed7cc401202d0220fb549eae2d67b2e25d4ec61c6ad2068295463ba418a4e5eac19125b953bd29e08173afdb1d945986bf2eaa4816cc998bdf0da10

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58657b.TMP

                                                Filesize

                                                88KB

                                                MD5

                                                ffd450fee1f47184a466ce47cc708a1e

                                                SHA1

                                                672ff9e669145c82784b1a2cdb0aa49a36602b68

                                                SHA256

                                                5de51d2dc79880bc7d7a0276d789d1776614cdf02df0826b444abb723d300e5d

                                                SHA512

                                                67a7fdea7d83afa4fd2aeddc143885b58afbfde91ae6e5f6548adafe18547baf560a5fce63cfa1a570ef9e42eaf74ef224481f7738cee4d79de01c116aade9a4

                                              • C:\Users\Admin\AppData\Local\Temp\tmptfxga5ww\update.exe

                                                Filesize

                                                12.5MB

                                                MD5

                                                0b7e6ef92b0cfa06d61ba19b250c3c7f

                                                SHA1

                                                1bfe28646c8b4e20e94926ea1987d64228095bfe

                                                SHA256

                                                15f779bef759b5566c409ab78d4fe244dc224c669cf3f67b0b93f89520261ae7

                                                SHA512

                                                2711d92c167ebbb060b2025062018ec67e4f39ed7783722b84ed145e32b7c1673341f993405070dea55ead256d38d6d97512d6087cb5685358f33fab4c906d2f

                                              • C:\Users\Admin\Downloads\setup.zip.crdownload

                                                Filesize

                                                21.2MB

                                                MD5

                                                a1af1192eed791d7c1657202eaae7297

                                                SHA1

                                                e5e52b46b67d32609cb7ef961399336697f29d45

                                                SHA256

                                                b334f7430886e3ba64d87482182e23a6f028a0c744b12a9950fdeeacd67ee825

                                                SHA512

                                                1501a50f08d94b26ccd428958cf2b96705f733c749744993d04e7be1937c7f8b803a8de00fddd2c205f9cdd7f06ab6023790ff5e2ebd05f7fd83df324f4483ec

                                              • \??\pipe\crashpad_4400_IQXSUCQDKBRJHXJV

                                                MD5

                                                d41d8cd98f00b204e9800998ecf8427e

                                                SHA1

                                                da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                SHA256

                                                e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                SHA512

                                                cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                              • memory/1996-456-0x00007FF6186E0000-0x00007FF6193FE000-memory.dmp

                                                Filesize

                                                13.1MB

                                              • memory/2604-390-0x0000000000C80000-0x0000000000CD7000-memory.dmp

                                                Filesize

                                                348KB

                                              • memory/2604-387-0x0000000000C80000-0x0000000000CD7000-memory.dmp

                                                Filesize

                                                348KB

                                              • memory/3564-452-0x00007FFE432D0000-0x00007FFE432FA000-memory.dmp

                                                Filesize

                                                168KB

                                              • memory/3564-451-0x00007FF799BC0000-0x00007FF79BA70000-memory.dmp

                                                Filesize

                                                30.7MB

                                              • memory/3564-473-0x00007FFE432D0000-0x00007FFE432FA000-memory.dmp

                                                Filesize

                                                168KB

                                              • memory/3564-472-0x00007FF799BC0000-0x00007FF79BA70000-memory.dmp

                                                Filesize

                                                30.7MB

                                              • memory/3620-455-0x0000000000C00000-0x0000000000C57000-memory.dmp

                                                Filesize

                                                348KB

                                              • memory/3620-457-0x0000000000C00000-0x0000000000C57000-memory.dmp

                                                Filesize

                                                348KB

                                              • memory/4488-370-0x00000220031C0000-0x00000220031C1000-memory.dmp

                                                Filesize

                                                4KB

                                              • memory/4488-371-0x00000220031C0000-0x00000220031C1000-memory.dmp

                                                Filesize

                                                4KB

                                              • memory/4488-378-0x00000220031C0000-0x00000220031C1000-memory.dmp

                                                Filesize

                                                4KB

                                              • memory/4488-376-0x00000220031C0000-0x00000220031C1000-memory.dmp

                                                Filesize

                                                4KB

                                              • memory/4488-381-0x00000220031C0000-0x00000220031C1000-memory.dmp

                                                Filesize

                                                4KB

                                              • memory/4488-382-0x00000220031C0000-0x00000220031C1000-memory.dmp

                                                Filesize

                                                4KB

                                              • memory/4488-379-0x00000220031C0000-0x00000220031C1000-memory.dmp

                                                Filesize

                                                4KB

                                              • memory/4488-372-0x00000220031C0000-0x00000220031C1000-memory.dmp

                                                Filesize

                                                4KB

                                              • memory/4488-380-0x00000220031C0000-0x00000220031C1000-memory.dmp

                                                Filesize

                                                4KB

                                              • memory/4488-377-0x00000220031C0000-0x00000220031C1000-memory.dmp

                                                Filesize

                                                4KB

                                              • memory/4640-369-0x00007FFE519F0000-0x00007FFE51A1A000-memory.dmp

                                                Filesize

                                                168KB

                                              • memory/4640-432-0x00007FF6C9840000-0x00007FF6CB6F0000-memory.dmp

                                                Filesize

                                                30.7MB

                                              • memory/4640-433-0x00007FFE519F0000-0x00007FFE51A1A000-memory.dmp

                                                Filesize

                                                168KB

                                              • memory/4640-368-0x00007FF6C9840000-0x00007FF6CB6F0000-memory.dmp

                                                Filesize

                                                30.7MB

                                              • memory/4788-474-0x00007FF799BC0000-0x00007FF79BA70000-memory.dmp

                                                Filesize

                                                30.7MB

                                              • memory/4788-470-0x00007FF799BC0000-0x00007FF79BA70000-memory.dmp

                                                Filesize

                                                30.7MB

                                              • memory/4788-475-0x00007FFE432D0000-0x00007FFE432FA000-memory.dmp

                                                Filesize

                                                168KB

                                              • memory/4788-471-0x00007FFE432D0000-0x00007FFE432FA000-memory.dmp

                                                Filesize

                                                168KB

                                              • memory/4848-388-0x00007FF63F640000-0x00007FF64035E000-memory.dmp

                                                Filesize

                                                13.1MB