Analysis

  • max time kernel
    94s
  • max time network
    92s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-07-2024 11:13

General

  • Target

    https://github.com/HossamGouda/premiere

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://bouncedgowp.shop/api

https://bannngwko.shop/api

https://bargainnykwo.shop/api

https://affecthorsedpo.shop/api

https://radiationnopp.shop/api

https://answerrsdo.shop/api

https://publicitttyps.shop/api

https://benchillppwo.shop/api

https://reinforcedirectorywd.shop/api

Signatures

  • Lumma Stealer

    An infostealer written in C++ first seen in August 2022.

  • Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file 3 IoCs
  • Executes dropped EXE 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 6 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Delays execution with timeout.exe 1 IoCs
  • Enumerates processes with tasklist 1 TTPs 2 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 37 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3428
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/HossamGouda/premiere
        2⤵
        • Enumerates system info in registry
        • Modifies data under HKEY_USERS
        • Modifies registry class
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:4460
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb290ecc40,0x7ffb290ecc4c,0x7ffb290ecc58
          3⤵
            PID:2704
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2004,i,2023661922658759711,3074512730189278097,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2000 /prefetch:2
            3⤵
              PID:4972
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1808,i,2023661922658759711,3074512730189278097,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2112 /prefetch:3
              3⤵
                PID:3364
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2276,i,2023661922658759711,3074512730189278097,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2288 /prefetch:8
                3⤵
                  PID:2500
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,2023661922658759711,3074512730189278097,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3120 /prefetch:1
                  3⤵
                    PID:3416
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3108,i,2023661922658759711,3074512730189278097,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3152 /prefetch:1
                    3⤵
                      PID:4872
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4584,i,2023661922658759711,3074512730189278097,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4632 /prefetch:8
                      3⤵
                        PID:4472
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4888,i,2023661922658759711,3074512730189278097,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5088 /prefetch:8
                        3⤵
                          PID:1948
                      • C:\Program Files\7-Zip\7zFM.exe
                        "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Adobe.Software.zip"
                        2⤵
                        • Suspicious behavior: GetForegroundWindowSpam
                        • Suspicious use of AdjustPrivilegeToken
                        • Suspicious use of FindShellTrayWindow
                        PID:2480
                      • C:\Windows\system32\taskmgr.exe
                        "C:\Windows\system32\taskmgr.exe" /4
                        2⤵
                        • Checks SCSI registry key(s)
                        • Suspicious behavior: EnumeratesProcesses
                        • Suspicious use of AdjustPrivilegeToken
                        • Suspicious use of FindShellTrayWindow
                        • Suspicious use of SendNotifyMessage
                        PID:956
                        • C:\Windows\system32\taskmgr.exe
                          "C:\Windows\system32\taskmgr.exe" /1
                          3⤵
                          • Drops startup file
                          • Checks SCSI registry key(s)
                          • Suspicious behavior: EnumeratesProcesses
                          • Suspicious behavior: GetForegroundWindowSpam
                          • Suspicious use of AdjustPrivilegeToken
                          • Suspicious use of FindShellTrayWindow
                          • Suspicious use of SendNotifyMessage
                          PID:2972
                      • C:\Users\Admin\Desktop\Adobe Software\Setup.exe
                        "C:\Users\Admin\Desktop\Adobe Software\Setup.exe"
                        2⤵
                        • Checks computer location settings
                        • Executes dropped EXE
                        PID:3512
                        • C:\Windows\SysWOW64\cmd.exe
                          "C:\Windows\System32\cmd.exe" /k copy Branches Branches.cmd & Branches.cmd & exit
                          3⤵
                            PID:3680
                            • C:\Windows\SysWOW64\tasklist.exe
                              tasklist
                              4⤵
                              • Enumerates processes with tasklist
                              • Suspicious use of AdjustPrivilegeToken
                              PID:4052
                            • C:\Windows\SysWOW64\findstr.exe
                              findstr /I "wrsa.exe opssvc.exe"
                              4⤵
                                PID:4868
                              • C:\Windows\SysWOW64\tasklist.exe
                                tasklist
                                4⤵
                                • Enumerates processes with tasklist
                                • Suspicious use of AdjustPrivilegeToken
                                PID:2244
                              • C:\Windows\SysWOW64\findstr.exe
                                findstr /I "avastui.exe avgui.exe bdservicehost.exe nswscsvc.exe sophoshealth.exe"
                                4⤵
                                  PID:2868
                                • C:\Windows\SysWOW64\cmd.exe
                                  cmd /c md 492839
                                  4⤵
                                    PID:5116
                                  • C:\Windows\SysWOW64\findstr.exe
                                    findstr /V "HostOwnerInteractLibrarian" Success
                                    4⤵
                                      PID:2392
                                    • C:\Windows\SysWOW64\cmd.exe
                                      cmd /c copy /b Recorded + Illegal + Debut + Assigned 492839\Y
                                      4⤵
                                        PID:1220
                                      • C:\Users\Admin\AppData\Local\Temp\492839\Loop.pif
                                        492839\Loop.pif 492839\Y
                                        4⤵
                                        • Suspicious use of NtCreateUserProcessOtherParentProcess
                                        • Executes dropped EXE
                                        • Suspicious behavior: EnumeratesProcesses
                                        PID:4080
                                      • C:\Windows\SysWOW64\timeout.exe
                                        timeout 5
                                        4⤵
                                        • Delays execution with timeout.exe
                                        PID:3128
                                  • C:\Windows\SysWOW64\cmd.exe
                                    cmd /k echo [InternetShortcut] > "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZenPulse.url" & echo URL="C:\Users\Admin\AppData\Local\MindWave Technologies LLC\ZenPulse.js" >> "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZenPulse.url" & exit
                                    2⤵
                                    • Drops startup file
                                    PID:4656
                                • C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
                                  "C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
                                  1⤵
                                    PID:4304
                                  • C:\Windows\system32\svchost.exe
                                    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                    1⤵
                                      PID:1616
                                    • C:\Windows\System32\rundll32.exe
                                      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                      1⤵
                                        PID:4396

                                      Network

                                      MITRE ATT&CK Enterprise v15

                                      Replay Monitor

                                      Loading Replay Monitor...

                                      Downloads

                                      • C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

                                        Filesize

                                        64KB

                                        MD5

                                        d2fb266b97caff2086bf0fa74eddb6b2

                                        SHA1

                                        2f0061ce9c51b5b4fbab76b37fc6a540be7f805d

                                        SHA256

                                        b09f68b61d9ff5a7c7c8b10eee9447d4813ee0e866346e629e788cd4adecb66a

                                        SHA512

                                        c3ba95a538c1d266beb83334af755c34ce642a4178ab0f2e5f7822fd6821d3b68862a8b58f167a9294e6d913b08c1054a69b5d7aec2efdb3cf9796ed84de21a8

                                      • C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

                                        Filesize

                                        4B

                                        MD5

                                        f49655f856acb8884cc0ace29216f511

                                        SHA1

                                        cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

                                        SHA256

                                        7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

                                        SHA512

                                        599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

                                      • C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

                                        Filesize

                                        944B

                                        MD5

                                        6bd369f7c74a28194c991ed1404da30f

                                        SHA1

                                        0f8e3f8ab822c9374409fe399b6bfe5d68cbd643

                                        SHA256

                                        878947d0ec814fe7c343cdebc05eebf00eb14f3023bdb3809a559e17f399fe5d

                                        SHA512

                                        8fc5f073dc9fa1e1ae47c60a5f06e0a48709fd6a4302dffaa721858409e7bde64bc6856d3fb28891090516d1a7afc542579de287778b5755eafe75cc67d45d93

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                        Filesize

                                        2KB

                                        MD5

                                        44564b041f60d33bf1101c74427af0e0

                                        SHA1

                                        30b2c5e803c89df45c9de230b8c8f57eb3a2d784

                                        SHA256

                                        c17d54a0e153d149fc94ff7cee6f8484928c7230370bfc0e53fca310dfacadac

                                        SHA512

                                        fd9dc48d191ea7606807bac85652bd35a44d0e41705938c5acf0f29b2ede392b8af70f070e797d1e2653e5c6c1239aba8b6d6f7cbd962dbfae73583653feacd3

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

                                        Filesize

                                        264KB

                                        MD5

                                        f50f89a0a91564d0b8a211f8921aa7de

                                        SHA1

                                        112403a17dd69d5b9018b8cede023cb3b54eab7d

                                        SHA256

                                        b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                        SHA512

                                        bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                        Filesize

                                        2KB

                                        MD5

                                        d773c2574ce4f9a364c5a191b8fdc7d0

                                        SHA1

                                        4558cb9221c79592650b4cb2c257f8be55a79007

                                        SHA256

                                        6262fdc8ac695bb1df42e287f89f373fcd495de82894d3f44db8c375f15da10a

                                        SHA512

                                        6f469eb2f58cad9dd60120123f6154f5094a156d323a15a2bb11d99f77c67e479bc3362e4b1eae2837cd7fbbbe3e2ce49b0eb5d9af1a60d26a24d81198c34921

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                        Filesize

                                        2B

                                        MD5

                                        d751713988987e9331980363e24189ce

                                        SHA1

                                        97d170e1550eee4afc0af065b78cda302a97674c

                                        SHA256

                                        4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                        SHA512

                                        b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                        Filesize

                                        1KB

                                        MD5

                                        d1353f807c9c82e293a02e9ce898758c

                                        SHA1

                                        9d34a2a91f794b8271e12d3d8d26f77d9769b8cd

                                        SHA256

                                        f69bc4e978f3a1495c9dd988e3384897eb6eb227f164e74193086a92d3b7490e

                                        SHA512

                                        a321aca0180be390dded5056fbab1b84f2278ebb1a31d4dbf2f63956cdf7af19b4e1a310aed34b380b2733a53a45619f617ebbfaf66dc7c194c01ffa44b75d93

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                        Filesize

                                        9KB

                                        MD5

                                        32cb9062c7ab14e277f8fef89a902f7e

                                        SHA1

                                        2d766498fb681a3c0864d564c7e2d473ee130802

                                        SHA256

                                        0a23e184fc3f29547e2b55fa3a1ecc64ee34a663cb1d228c668edc8c51873461

                                        SHA512

                                        e98fcbb161b81d0ac350c1fc20e32eb805fa727e10cf0f20d7888ab92d7009033aec685ffb32c85c5e18f5f5a869563a17e7c78a7b455ecafd774b53bb95a5a4

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                        Filesize

                                        92KB

                                        MD5

                                        02027d14370305450142a49dee14a050

                                        SHA1

                                        03ee2b3e92d435c8445054bb70dc4d85edf6f94b

                                        SHA256

                                        d4df3474c43a2c9698d11e798d3d21f4837bf777b95e3279cd12ced9e8658de2

                                        SHA512

                                        6aa5a83b226bf7e694ecd9ad8526c84d1749c472c39d77a21969fdaa254f2b65c0ab55c5983fe6f2c3f522f28b4a4fbe6c93dfaa3e32ae36f00153ad3ba7386b

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                        Filesize

                                        92KB

                                        MD5

                                        e2581af68eba00ac24db94acbfd85eea

                                        SHA1

                                        671e8886aa2d732e3e922fc85b11f77a55f4fa94

                                        SHA256

                                        d9a17c4824072800d4853f1c70964b8a180d311cbeb54a4f4bcd4b43aef9e65b

                                        SHA512

                                        0a2044b72e0b2e1cac1421fd4c09f4843707521d3f6f90f03dfc6289b185252449538472d61b0c8163c2ce0e21ac32ab1d9dcd727f4d382602586611d3feeca4

                                      • C:\Users\Admin\AppData\Local\Temp\492839\Loop.pif

                                        Filesize

                                        915KB

                                        MD5

                                        b06e67f9767e5023892d9698703ad098

                                        SHA1

                                        acc07666f4c1d4461d3e1c263cf6a194a8dd1544

                                        SHA256

                                        8498900e57a490404e7ec4d8159bee29aed5852ae88bd484141780eaadb727bb

                                        SHA512

                                        7972c78acebdd86c57d879c12cb407120155a24a52fda23ddb7d9e181dd59dac1eb74f327817adbc364d37c8dc704f8236f3539b4d3ee5a022814924a1616943

                                      • C:\Users\Admin\AppData\Local\Temp\492839\Y

                                        Filesize

                                        462KB

                                        MD5

                                        d14230bbba52cf07e55df2d5bed137c9

                                        SHA1

                                        d9f07677fedb949ec63cd9a0c2b0709398227071

                                        SHA256

                                        7c56e2340d3e51b703e9354aaf472966ebf495cdb21b5f5bc828ab782b02f2bc

                                        SHA512

                                        f4dc959d43ee2e852a22c16e9ec9a39d9cc4fde546f5b0b9010dd359f6dc3d97ae74aba893dadd994c335a7f3b7d88197f6feeb672aac03092e651dce1fd062c

                                      • C:\Users\Admin\AppData\Local\Temp\Addressed

                                        Filesize

                                        33KB

                                        MD5

                                        2d3857b6df976ebb47af251dba688f05

                                        SHA1

                                        d7b12267d90c7ea2d5a5d668454278f029bb63b3

                                        SHA256

                                        5e8f6f3b2e13a28237aefe9e16e5e13f8683374e3d19689bcbca5381b398781a

                                        SHA512

                                        842cf4347d2fc38b98a25a57f6f7299984a7563baa9d21bc9717bb99b98f82730c3beafce5fcd877d63c258e7fa4830e5ca921311e670a77b2f9a278fa59b4d9

                                      • C:\Users\Admin\AppData\Local\Temp\Assigned

                                        Filesize

                                        146KB

                                        MD5

                                        ba77e44a07d2c686888b61d1116a8a1b

                                        SHA1

                                        7a2c889bf9f1b1f88040362c5458a02f2cca6f6f

                                        SHA256

                                        ff1033c08821682b4690e067b6f624a153d6226b52e976ed9a0256e64b462d84

                                        SHA512

                                        520c6a952f0cb22aff00896d9e304e83552f0930279aad6e19e80f1d71b98f563b2766cbd3085f5460f46db333448e6134d6a25b0c8251521187a89864e3cff9

                                      • C:\Users\Admin\AppData\Local\Temp\Bedford

                                        Filesize

                                        65KB

                                        MD5

                                        af65a035ff63ca41798c083097a61e09

                                        SHA1

                                        119ab40e227a88c5a204d0d2296a6fd72d8a3e16

                                        SHA256

                                        33f7d6aec3bcd9df73d5d02424bae30efe58d77e099f3fd4bb7631d64a53eb40

                                        SHA512

                                        7aef32cb7e8bf610603a4eb906256091a19003f918cbc68baab27c850f415c8a95d3225234a77eca76b787b9bf22b2da4233d9c1e8c6cd6842f27ffb1b01a982

                                      • C:\Users\Admin\AppData\Local\Temp\Bradford

                                        Filesize

                                        38KB

                                        MD5

                                        cdb81e9dbecfd854b501b2ee56f7700f

                                        SHA1

                                        e149ca0edc2d44b3bc9a941a5d05ea4e4cddf088

                                        SHA256

                                        cb26d988c4d5bfe8a8b1754bbf4b4ae8435c7c4ccf8313dadd79f569d41cf54b

                                        SHA512

                                        d5acb8a7e7d43ac118e2432d524383b156a55c13385816dcad25c8a4bcc4863f0844b53473a58ff7d0e45f03fb21fe4f9d8163133e150935cf5233da680209eb

                                      • C:\Users\Admin\AppData\Local\Temp\Branches

                                        Filesize

                                        15KB

                                        MD5

                                        292220fa1aebe90c0ca13549f9ab2218

                                        SHA1

                                        4a6488b9c81414963d31bc4fd5c113375f2bb45f

                                        SHA256

                                        e6bc87c8fd98e7fa14b252ce79b063d8750ece12c85309ff926c6c9973ff0c28

                                        SHA512

                                        62a1ff5b3385830cd691fb4f2274d91af39fb069da301c8cfe68d49cde777aae9df8204ef8b55c94056915cbf88755d8657a66fe228631796a18579e175b1c94

                                      • C:\Users\Admin\AppData\Local\Temp\Consecutive

                                        Filesize

                                        19KB

                                        MD5

                                        e907c3e11fa705739b4fcaf50d82b3cd

                                        SHA1

                                        54f48b916acd47e0c2ccda8a2a3e70f4703c7ec9

                                        SHA256

                                        05d67cde7168d85a5593ed861d476451ebfc3a25612cda708f5aaf86af44901c

                                        SHA512

                                        90331a4c184c376f926237f9995fb60b4a114781159e8c388069639790ee8d9f9a278985b057e0ed3d96b89a9a3e4bb26b3780cb4f0dcc848e48caf2629d4ad3

                                      • C:\Users\Admin\AppData\Local\Temp\Customized

                                        Filesize

                                        55KB

                                        MD5

                                        df32c68c2dda2e2b3d15506463abafb0

                                        SHA1

                                        53c319b848cdfa1c727beb691629172d49642f7c

                                        SHA256

                                        4fe0bb161013575fb47afc8fd4daec14bdbe1aaefefcda36d853c6501d3db773

                                        SHA512

                                        2c511562515d3a6ac4bb5b34dd1114a4d76f851072414928d81ff328f063c9eecbd38bbfad8ebcb489c5cc02ed2b07d483a1b0d9e0a0087def4305eb7ae827cc

                                      • C:\Users\Admin\AppData\Local\Temp\Danger

                                        Filesize

                                        66KB

                                        MD5

                                        593b867ccc2bc75898ac76a232085f76

                                        SHA1

                                        561bb48a0880bb07e2ad23eed7911173150de94d

                                        SHA256

                                        fc140966fb51e6865572424afd942c3cf67e7a2dd07b35eefcdbf39a7a91a39a

                                        SHA512

                                        e267695d062a2f8d4b2e8978a49b40983fc712f1d5707f03461596a34d039d13dd669c617e35204416d1ce728796727a95b599ca98f452e3a4eaedd15fa7ee7e

                                      • C:\Users\Admin\AppData\Local\Temp\Days

                                        Filesize

                                        20KB

                                        MD5

                                        4522f273e25f477a64363257d468e7d7

                                        SHA1

                                        d53bac65884ddef6b0ed35f536cebe573aa72ab0

                                        SHA256

                                        f60fa406a31acf2b2272e6e44f2d6a888561698052ccd55c335ce335fab06430

                                        SHA512

                                        8dae807e022b6a05026232c049d2e8bd940720880ed2e1cad1d3e177ff8be1d4da51cc351bbb7e2e2763b52c2823e3b90117edcc1a40ea271bf51fc38243c401

                                      • C:\Users\Admin\AppData\Local\Temp\Debut

                                        Filesize

                                        77KB

                                        MD5

                                        4730f7f39098cbf5f4ad158b3f4024f9

                                        SHA1

                                        7849f3803e54ec64aa455fe12f055889e02025e4

                                        SHA256

                                        41d0127c475014caa33afb338e922eff32177d807576effeb7434ca933044787

                                        SHA512

                                        a9e71e75b6f6a69b9b3b86330ac9475c8707ddef65972566a84f73ea5eeadfbde16533f20d1accf9537c78c9c404748126453fa5701bd4dc6965f78ace98027f

                                      • C:\Users\Admin\AppData\Local\Temp\Defense

                                        Filesize

                                        40KB

                                        MD5

                                        8905ddc79bb3e64515ab4bf31b19b987

                                        SHA1

                                        57d645e7114680a92fdc40ec66f84462f36ef62e

                                        SHA256

                                        d75e3331de9374fc70e8b57f640173407a67f8cac29affb5a370d2fd61ccc083

                                        SHA512

                                        d42a08ac1d6a655fc4aafd3fdb750dd3b3dba745443e38fc8b5c61ffa29d2b5825916390b8cf02f1fb2d07ea624721ac3547c10eaa08df4a90bd5c63f0f28137

                                      • C:\Users\Admin\AppData\Local\Temp\Drove

                                        Filesize

                                        46KB

                                        MD5

                                        325ea571270daf745b869785949fbac5

                                        SHA1

                                        12dc723a9d00ec39014b63615ada0dc496ed2f41

                                        SHA256

                                        9071174f468c21c024c41f917d22c35d117c1822a296df3cd48158d7f6c9b6f9

                                        SHA512

                                        7c3680b3feba5e5a5bba43c133932c45e0cff66750c044c88224d1d327aedff780cbc9570170f13f113e69760a736900d0588ba9cff8c08779a888586c10aeb5

                                      • C:\Users\Admin\AppData\Local\Temp\Experience

                                        Filesize

                                        22KB

                                        MD5

                                        08190bd96d08787e15e5b54471c98185

                                        SHA1

                                        bb22a3e100d39670182eb0d998c0f29e7e77fd34

                                        SHA256

                                        ab16bac8e35b2f790f281b3c7787f4a6dae9c6f328c5d081bcae46a589613569

                                        SHA512

                                        1c8521b43b09c312bec2853d51269a57f8f8d22f9f5fb368e4ae8ee6422e5b54e581e7c3afeb7326c30464a5007dff4af38da7c8382900a95c63ef28d791d304

                                      • C:\Users\Admin\AppData\Local\Temp\February

                                        Filesize

                                        18KB

                                        MD5

                                        324453420dafdc5dcf4c64fe5294991b

                                        SHA1

                                        1f91a4c62e7500b350dd5b7a2370a2a79b6d0c45

                                        SHA256

                                        d914b0c6d1e28798d1612ae5ba57d44500b805b9b4aa3449af5154036ef27f46

                                        SHA512

                                        eb6cc3dd88dbf6c2a17f739e7051325480ba771eb914464da5e70c31a951ac7edbe818e8d3b84d5331f02b230f731dfba4087974c8ec75407da760ccda509d1c

                                      • C:\Users\Admin\AppData\Local\Temp\Happy

                                        Filesize

                                        14KB

                                        MD5

                                        8a742671f27793b749feac4047ead5d4

                                        SHA1

                                        42e95f3a7ec41e0f9197035762ce21943c9e59ff

                                        SHA256

                                        c8dc8f978bf654f736b0278526a2b6f5be5e9d2b83af413deec67dfcd11db469

                                        SHA512

                                        8c989b1e86347d12282fc4b3556c1ec3da7eb0fd2bed0d040d0a78061f723a32f53e96c90322d3d578c93f44679a1ab276ed77a1c1a4f3b85a939e3fdb80b57f

                                      • C:\Users\Admin\AppData\Local\Temp\Illegal

                                        Filesize

                                        117KB

                                        MD5

                                        449b06684e3a98da86ebc29b2ab2bf65

                                        SHA1

                                        16e42f5e4b9fa8efd6365a551321872cf86d9fb3

                                        SHA256

                                        035d10d74ab970e57e13f16c6c1c148cd7413019937c9579b171d812a01d2872

                                        SHA512

                                        00c5a4bb4df9c4d84190817498f134e6c7767ee7f20598893b67b53587f5b5d2c507cdd892c04df33d8dec351052e26e2a7c2aacd539cf01921048a320eb794e

                                      • C:\Users\Admin\AppData\Local\Temp\Laws

                                        Filesize

                                        35KB

                                        MD5

                                        5185548ad509b92015f71d2400e53b7a

                                        SHA1

                                        d4d6501162f0c6a9fca5a96df42d5f3fe58bb518

                                        SHA256

                                        6f9adcc7c2572c126590b5a37835289213fab6507a184a440a4ae0a14106c241

                                        SHA512

                                        182f3e9893944e9466f107b885684c9729808f5e3e88673808886f9278288f55baec2ca9a1cd47c7c7f73be391d90dffa37f355a009bafb22c7408db62056769

                                      • C:\Users\Admin\AppData\Local\Temp\Lid

                                        Filesize

                                        7KB

                                        MD5

                                        57f071c155464739a67d87c9644ea14c

                                        SHA1

                                        7749932d5a95e8eff2b5ddd9c7c54dad707a65d1

                                        SHA256

                                        a90f6451155ea62257f69a886dd89ec4af3f970fcfd3d2a3013ee43c62cb18df

                                        SHA512

                                        f51fa0529f38f59ec4ac1c1973c0d78ef1eb5399c4c938631f94d01b5200fdfec39894eb637469de13c88503902eca05c390fdd314751a1ddbb63a4724a67353

                                      • C:\Users\Admin\AppData\Local\Temp\Planets

                                        Filesize

                                        22KB

                                        MD5

                                        b6e07fee45bed2329dab08bca45cfc7d

                                        SHA1

                                        b814c34b36d0d6be71bf99138f9cc8e32779e9f0

                                        SHA256

                                        b4d2108ef2858a00f12fa7bc669a99d9d366c44632e480702f92f6425be88e2c

                                        SHA512

                                        5b95c761c5eec0375857278ee599599c91402215e79460fee8861a4a4beba5390eebb58cafef6da52d8ce6e25fd6db317c138d69faa97ea99a8c4eec151610dc

                                      • C:\Users\Admin\AppData\Local\Temp\Ready

                                        Filesize

                                        14KB

                                        MD5

                                        40b24a61b68b391e5a4f9b7d6ead1835

                                        SHA1

                                        ffe4d1ffe718588ed37d94f19d69fd62b43ae853

                                        SHA256

                                        28379515d3c26ceaba9128bd814dc7a7275b978b3847d8e90758ff2794602f8c

                                        SHA512

                                        929a10634225fbaa8e14ee18b2631ba18f1c283e064a5274c9745ecaff9c6a440c69f13cc7ecf8f41cc72e3fd1eafc113a5915222c3535371c6155143c1166ae

                                      • C:\Users\Admin\AppData\Local\Temp\Recorded

                                        Filesize

                                        122KB

                                        MD5

                                        685804d09f6c2325a9f49912fae69495

                                        SHA1

                                        0f197e033abe07bbc9a2a65ab4d5f360b356507f

                                        SHA256

                                        27f6eb940e623f459401d694220450ab620125f1a1119d4baeaba6c955c3e55e

                                        SHA512

                                        8fe27bd03b352e9e743314ad59106875dc56dd153eecea07632e8fc45b3398f22f3a4b665e59276ca9e150caca80ef2ebe561ea451ac09e734a85b300163cc8b

                                      • C:\Users\Admin\AppData\Local\Temp\Replaced

                                        Filesize

                                        69KB

                                        MD5

                                        1a4ca19f1625a101494ca8d500f8bbdf

                                        SHA1

                                        739cd46c578d8480420b8ffa6936abf0de08a585

                                        SHA256

                                        1dcf638484bde4328f544a2ac054863121e88c5e0740297c68866572a66a0001

                                        SHA512

                                        f4b6bc54542770df70fc165fe00ad37e65a58a510a0250336d9d23c1b28b92648bc27a00e5034ed5cbe9871072144816418a2ef5a43c40ebd3e9db756b1707ac

                                      • C:\Users\Admin\AppData\Local\Temp\Restoration

                                        Filesize

                                        60KB

                                        MD5

                                        b0be85a70ae8b9a60d19aae5dec8d458

                                        SHA1

                                        5eb543634be6fe71447f5dcc5e26040ab657b5ad

                                        SHA256

                                        b5a119b169bc250f312b21e5daa0223dc7bb47e991098d12e7fee514763b3769

                                        SHA512

                                        976e144c65850c26d92f9936c6fbd23960fa2ce325a069bd787a8498b41547941427e7087de7887ae0881803cb69cef3b2b111086fc263f9ae4f5770e61e2e3c

                                      • C:\Users\Admin\AppData\Local\Temp\Rpm

                                        Filesize

                                        50KB

                                        MD5

                                        bd969150e43e9b571e09f9f4661c2578

                                        SHA1

                                        3c10f94e128f4403b110a6bbcf0c432fff579399

                                        SHA256

                                        f6e26fdda09bb6789cfc46c14f3256c666dc36bb4e4858d5dc4a6baabfb204d9

                                        SHA512

                                        b785e0d2686493dee62d5650afc52888d7a4dd7a361973ec05a229afba23108b48370813428188670a95f2f4c292d521fb0433fcc0ae038662cdc0733199f1a3

                                      • C:\Users\Admin\AppData\Local\Temp\Seafood

                                        Filesize

                                        22KB

                                        MD5

                                        0612da23c966bcf2d963d9817f609b2d

                                        SHA1

                                        98d98fe4cfa5d75e3171dc739f10c97503a93d83

                                        SHA256

                                        6feb1095fe8a2db4f28a2743638f14d2a426f5675b9930313e6bb33fbdcb3a59

                                        SHA512

                                        e1ac51f3c9d4546cac813d92df771aaef3e376997bbbc93d081a95a1b0867bca2d3f4d337d9dfb8d8097e3316d78d82d5b775055ca91fd2e00627bb575c02eaf

                                      • C:\Users\Admin\AppData\Local\Temp\Solving

                                        Filesize

                                        37KB

                                        MD5

                                        b945305b3da36975d73812c394e6f1a3

                                        SHA1

                                        3e50dc13aca532fe8d1b2efb3b92f72219e77843

                                        SHA256

                                        f37007ce70c4ab740f8f682f8bc3322a0991cd2bbb954c65d71f7bd54b0c4a89

                                        SHA512

                                        4a2ecf3d64b1802885c5d243f8844f1006812fae951fad08f36fe64ccd66d9380166ead29d8e47fb18aae19bed32eb462712402f5d4fc5868f165128c2432daa

                                      • C:\Users\Admin\AppData\Local\Temp\Success

                                        Filesize

                                        107B

                                        MD5

                                        149e1d3118d551528518afa8adcc7fe1

                                        SHA1

                                        89c7bcda52b2617961108f38930fac29f3586c3e

                                        SHA256

                                        f4d5abc79ca35284a3988c1dec63f9029fad2ad2208648f6914739d94e3ed95a

                                        SHA512

                                        5f19c7474f38c18d7e5780a93a239831bf31c7993c12c1adb3e1b1e04488fcd11c301bec3992f622ac0aca1f466bdb101f77acf9aec684fe7b384373839e5853

                                      • C:\Users\Admin\AppData\Local\Temp\Thanks

                                        Filesize

                                        43KB

                                        MD5

                                        5985ba24a4e055667cabfab081e6b6fe

                                        SHA1

                                        f0406b101432bfc6e365e001e4da9e01c12d0617

                                        SHA256

                                        880917b61e03ef22af3dfb5c6fe15c93f1587fb731622cf0317b0be4088079bc

                                        SHA512

                                        8945fe7f4dfd25c2acdc704a79a0c1dbd7ca5bc297c8cd44da771bac93cc11e1bb2619a9e8fe16d70eadab065b20e5c8b63b9783671dd2fe3f336a95ed6b8a7b

                                      • C:\Users\Admin\AppData\Local\Temp\Though

                                        Filesize

                                        37KB

                                        MD5

                                        e75c740d75ecb3dfa46d6def9c206756

                                        SHA1

                                        8924535bf888d22d7a86177bb9d0ced6396c58d8

                                        SHA256

                                        32d633ac17b63db46af4592e605cf4dd3362f086768c94f7b3a013c4c588cdf5

                                        SHA512

                                        d75d688a5900263ec0f02ebaf9b4279573b7e4ec4b5a25e61eea6efef222ac2b493d1a7104212fe0720ed243d112114b77e36d46215f75e0a57655d86a17e63a

                                      • C:\Users\Admin\AppData\Local\Temp\Tutorial

                                        Filesize

                                        34KB

                                        MD5

                                        f75a14dca5073999666e3533d5c35b40

                                        SHA1

                                        dbc05f940924f29e18bc33caef13f1eb9d12279b

                                        SHA256

                                        a8a0b9d251cb0295fa9d6573659625654be279cdae68a96a02e64ff0da6e4deb

                                        SHA512

                                        146df7544bce76da40228360b95b05add3dcb9ccd4107906bb87e7a938bff702fb4ca2b6a69ddd8a6da38c79c18ed2f900ab4fd9c87c24ed6ea3ee5b11760a52

                                      • C:\Users\Admin\AppData\Local\Temp\Victory

                                        Filesize

                                        15KB

                                        MD5

                                        d09b603849fed4840ac8dbf058db87ff

                                        SHA1

                                        02a7f3bf022af0d7b7107644091b2edd207b60fe

                                        SHA256

                                        ac2e2390912b10f6cd9560bbcc4d1bb8ee45c1f837802535e277b77ea6ec5811

                                        SHA512

                                        e867610027564adf81bdd23217dab1f6af60a5bfec910b11701462c0f894004ba54e09cd384c0d3d0381e87e62a26d5f3083ad4c7b29c9a072e080ad42236910

                                      • C:\Users\Admin\AppData\Local\Temp\Warrant

                                        Filesize

                                        7KB

                                        MD5

                                        f6b23c0f817e70853128854d111480c1

                                        SHA1

                                        c0d4c6fdbe8e9df4644ec585d58d8ef39d142a32

                                        SHA256

                                        6a88a3aaf9b6ebc4787d3f53307499204d8e89dff74d838873cc5cfa5691bfed

                                        SHA512

                                        9f87bcb59149400997db55ca8fa09b61facda376268e7ceafa11bbb6f5c17ad8388aef3d197a8ee03cbc4a0b7fb87647b4c69b0e8d5f6a23c3d402cc66fdbd36

                                      • C:\Users\Admin\AppData\Local\Temp\Wiley

                                        Filesize

                                        27KB

                                        MD5

                                        e0330424dd73ef6e836cbda57e496117

                                        SHA1

                                        a2ed657834a524440f983b00b6df375c90a7c85f

                                        SHA256

                                        cb979170d67f09bcc06aa39904dca1a78039761054e0b09082e3a4fd14941bc7

                                        SHA512

                                        068076cbed9115cc5c53f739b247623a1868fb39ce7f8f2f2b8eef5956106c03648d126d0c20b93f7a6ad1e0b8e172bac64cc2b4cf1003f56dea193d2dcbaaef

                                      • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZenPulse.url

                                        Filesize

                                        98B

                                        MD5

                                        d96374b72e3ebf091bee4ad24f8263d5

                                        SHA1

                                        705afe970160e9719918222d4b7854cc14cdfe01

                                        SHA256

                                        c61e7d7e7e201e82991902c3515cf2249a12897feb2a1aa1350ff4e6333cb269

                                        SHA512

                                        cdf986970a7fdc85bae66d62a635f773321db317688eeabb842b3026134572e4203bf91cad6d7bcdbff75da6c9868be5e1e4b1fc7a572ad03e4d7e1efe828c38

                                      • C:\Users\Admin\Desktop\Adobe Software\Setup.exe

                                        Filesize

                                        1022KB

                                        MD5

                                        4feaa73d5ae0b0ad580f6bbe51dfb43c

                                        SHA1

                                        96dacd29fe2fad08335d7c02cde13707f9791c77

                                        SHA256

                                        a204091d91d983a178eed21ccbef7f58e75667c99950ae597a3854754d2e4969

                                        SHA512

                                        f70f6c844c37332a1bf10f68fd2e8b0ef10fe771fb464b129311ba3652ed09f9a1e2221b0fb29e7f211b9d590b24fb3153e685f42d73dc9552d3ab8a11612d74

                                      • C:\Users\Admin\Downloads\Adobe.Software.zip.crdownload

                                        Filesize

                                        17.0MB

                                        MD5

                                        0e0d71f1d24e8605eb0512c6360cd797

                                        SHA1

                                        84aa6c633a697e51718d16fff7192ae5449900c4

                                        SHA256

                                        1b7767a6a3e01cabb93bc128c8a72975e288e4bceab39e58daee9638a82f28e2

                                        SHA512

                                        ecb3178868990a4ca7545deebbd15757ec269e52e0504f885f661a8b3aad219c507d3fcc619bf90040d91db06024a03c9f40f5620320b25c75bc8c5266f580d2

                                      • \??\c:\users\admin\appdata\roaming\microsoft\windows\start menu\programs\startup\zenpulse.url

                                        Filesize

                                        22B

                                        MD5

                                        353795816ae5b37d44a9024159d27ea8

                                        SHA1

                                        4a2376ab8738d2394cb0e7a37d73c9ec29122b20

                                        SHA256

                                        c0fc703b325b80cd526b0cf1aaa1a1bfebbbfcb68a00b2493f690b950722e242

                                        SHA512

                                        0ed99579906d2f8cbb891173e58299d2e211e4981dc7719cc2f8120bf8dd08870b086a6e0062dd4ee99593bf12bc16ed855f384a53036f0823d47d525e7757bd

                                      • \??\pipe\crashpad_4460_WUWIQYCNAGFSXWHP

                                        MD5

                                        d41d8cd98f00b204e9800998ecf8427e

                                        SHA1

                                        da39a3ee5e6b4b0d3255bfef95601890afd80709

                                        SHA256

                                        e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                        SHA512

                                        cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                      • memory/956-397-0x000002954BB60000-0x000002954BB61000-memory.dmp

                                        Filesize

                                        4KB

                                      • memory/956-398-0x000002954BB60000-0x000002954BB61000-memory.dmp

                                        Filesize

                                        4KB

                                      • memory/956-396-0x000002954BB60000-0x000002954BB61000-memory.dmp

                                        Filesize

                                        4KB

                                      • memory/956-399-0x000002954BB60000-0x000002954BB61000-memory.dmp

                                        Filesize

                                        4KB

                                      • memory/956-389-0x000002954BB60000-0x000002954BB61000-memory.dmp

                                        Filesize

                                        4KB

                                      • memory/956-388-0x000002954BB60000-0x000002954BB61000-memory.dmp

                                        Filesize

                                        4KB

                                      • memory/956-387-0x000002954BB60000-0x000002954BB61000-memory.dmp

                                        Filesize

                                        4KB

                                      • memory/956-395-0x000002954BB60000-0x000002954BB61000-memory.dmp

                                        Filesize

                                        4KB

                                      • memory/956-394-0x000002954BB60000-0x000002954BB61000-memory.dmp

                                        Filesize

                                        4KB

                                      • memory/956-393-0x000002954BB60000-0x000002954BB61000-memory.dmp

                                        Filesize

                                        4KB

                                      • memory/4080-832-0x0000000000180000-0x00000000001D7000-memory.dmp

                                        Filesize

                                        348KB

                                      • memory/4080-833-0x0000000000180000-0x00000000001D7000-memory.dmp

                                        Filesize

                                        348KB

                                      • memory/4080-834-0x0000000000180000-0x00000000001D7000-memory.dmp

                                        Filesize

                                        348KB

                                      • memory/4080-835-0x0000000000180000-0x00000000001D7000-memory.dmp

                                        Filesize

                                        348KB

                                      • memory/4080-836-0x0000000000180000-0x00000000001D7000-memory.dmp

                                        Filesize

                                        348KB