lumma | hxxps://youtu[.]be/CCTH_A4wh-E?si=XQeDbeI7IT9EUyay

Analysis

max time kernel
149s
max time network
153s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
26-11-2024 17:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://youtu.be/CCTH_A4wh-E?si=XQeDbeI7IT9EUyay

Score

10^/10

lumma discovery motw phishing stealer

Malware Config

Extracted

Family

lumma

https://powerful-avoids.sbs

https://motion-treesz.sbs

https://disobey-curly.sbs

https://leg-sate-boat.sbs

https://story-tense-faz.sbs

https://blade-govern.sbs

https://occupy-blushi.sbs

https://frogs-severz.sbs

https://property-imper.sbs

Extracted

Family

lumma

https://blade-govern.sbs/api

https://story-tense-faz.sbs/api

https://disobey-curly.sbs/api

https://motion-treesz.sbs/api

https://powerful-avoids.sbs/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

Executes dropped EXE 2 IoCs

Processes:

OPTIX.exeOPTIX.exe

pid	Process
4800	OPTIX.exe
404	OPTIX.exe

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs

phishing motw

Processes:

flow	ioc
113	https://geohack.fun/

Suspicious use of SetThreadContext 1 IoCs

Processes:

OPTIX.exe

description	pid	Process	procid_target
PID 4800 set thread context of 404	4800	OPTIX.exe	113

Drops file in Windows directory 1 IoCs

Processes:

chrome.exe

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

OPTIX.exeOPTIX.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OPTIX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OPTIX.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133771167296469410"	chrome.exe

Modifies registry class 2 IoCs

Processes:

chrome.exechrome.exe

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4074627901-37362009-3519777259-1000\{995027B9-D69F-4EDD-82CD-19D0243AEA27}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid	Process
1128	chrome.exe
1128	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

chrome.exe

pid	Process
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exeAUDIODG.EXE

description	pid	Process
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: 33	5088	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5088	AUDIODG.EXE
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe

Suspicious use of FindShellTrayWindow 56 IoCs

Processes:

chrome.exe7zG.exe

pid	Process
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
2376	7zG.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	Process
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	Process	procid_target
PID 1128 wrote to memory of 3748	1128	chrome.exe	82
PID 1128 wrote to memory of 3748	1128	chrome.exe	82
PID 1128 wrote to memory of 3400	1128	chrome.exe	83
PID 1128 wrote to memory of 3400	1128	chrome.exe	83
PID 1128 wrote to memory of 3400	1128	chrome.exe	83
PID 1128 wrote to memory of 3400	1128	chrome.exe	83
PID 1128 wrote to memory of 3400	1128	chrome.exe	83
PID 1128 wrote to memory of 3400	1128	chrome.exe	83
PID 1128 wrote to memory of 3400	1128	chrome.exe	83
PID 1128 wrote to memory of 3400	1128	chrome.exe	83
PID 1128 wrote to memory of 3400	1128	chrome.exe	83
PID 1128 wrote to memory of 3400	1128	chrome.exe	83
PID 1128 wrote to memory of 3400	1128	chrome.exe	83
PID 1128 wrote to memory of 3400	1128	chrome.exe	83
PID 1128 wrote to memory of 3400	1128	chrome.exe	83
PID 1128 wrote to memory of 3400	1128	chrome.exe	83
PID 1128 wrote to memory of 3400	1128	chrome.exe	83
PID 1128 wrote to memory of 3400	1128	chrome.exe	83
PID 1128 wrote to memory of 3400	1128	chrome.exe	83
PID 1128 wrote to memory of 3400	1128	chrome.exe	83
PID 1128 wrote to memory of 3400	1128	chrome.exe	83
PID 1128 wrote to memory of 3400	1128	chrome.exe	83
PID 1128 wrote to memory of 3400	1128	chrome.exe	83
PID 1128 wrote to memory of 3400	1128	chrome.exe	83
PID 1128 wrote to memory of 3400	1128	chrome.exe	83
PID 1128 wrote to memory of 3400	1128	chrome.exe	83
PID 1128 wrote to memory of 3400	1128	chrome.exe	83
PID 1128 wrote to memory of 3400	1128	chrome.exe	83
PID 1128 wrote to memory of 3400	1128	chrome.exe	83
PID 1128 wrote to memory of 3400	1128	chrome.exe	83
PID 1128 wrote to memory of 3400	1128	chrome.exe	83
PID 1128 wrote to memory of 3400	1128	chrome.exe	83
PID 1128 wrote to memory of 1984	1128	chrome.exe	84
PID 1128 wrote to memory of 1984	1128	chrome.exe	84
PID 1128 wrote to memory of 2464	1128	chrome.exe	85
PID 1128 wrote to memory of 2464	1128	chrome.exe	85
PID 1128 wrote to memory of 2464	1128	chrome.exe	85
PID 1128 wrote to memory of 2464	1128	chrome.exe	85
PID 1128 wrote to memory of 2464	1128	chrome.exe	85
PID 1128 wrote to memory of 2464	1128	chrome.exe	85
PID 1128 wrote to memory of 2464	1128	chrome.exe	85
PID 1128 wrote to memory of 2464	1128	chrome.exe	85
PID 1128 wrote to memory of 2464	1128	chrome.exe	85
PID 1128 wrote to memory of 2464	1128	chrome.exe	85
PID 1128 wrote to memory of 2464	1128	chrome.exe	85
PID 1128 wrote to memory of 2464	1128	chrome.exe	85
PID 1128 wrote to memory of 2464	1128	chrome.exe	85
PID 1128 wrote to memory of 2464	1128	chrome.exe	85
PID 1128 wrote to memory of 2464	1128	chrome.exe	85
PID 1128 wrote to memory of 2464	1128	chrome.exe	85
PID 1128 wrote to memory of 2464	1128	chrome.exe	85
PID 1128 wrote to memory of 2464	1128	chrome.exe	85
PID 1128 wrote to memory of 2464	1128	chrome.exe	85
PID 1128 wrote to memory of 2464	1128	chrome.exe	85
PID 1128 wrote to memory of 2464	1128	chrome.exe	85
PID 1128 wrote to memory of 2464	1128	chrome.exe	85
PID 1128 wrote to memory of 2464	1128	chrome.exe	85
PID 1128 wrote to memory of 2464	1128	chrome.exe	85
PID 1128 wrote to memory of 2464	1128	chrome.exe	85
PID 1128 wrote to memory of 2464	1128	chrome.exe	85
PID 1128 wrote to memory of 2464	1128	chrome.exe	85
PID 1128 wrote to memory of 2464	1128	chrome.exe	85
PID 1128 wrote to memory of 2464	1128	chrome.exe	85
PID 1128 wrote to memory of 2464	1128	chrome.exe	85

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://youtu.be/CCTH_A4wh-E?si=XQeDbeI7IT9EUyay
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ffa5dd9cc40,0x7ffa5dd9cc4c,0x7ffa5dd9cc58
  2⤵
  PID:3748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2084,i,17834498565781434918,14872012009048822593,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:3400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1880,i,17834498565781434918,14872012009048822593,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2096 /prefetch:3
  2⤵
  PID:1984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2344,i,17834498565781434918,14872012009048822593,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2356 /prefetch:8
  2⤵
  PID:2464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,17834498565781434918,14872012009048822593,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3144,i,17834498565781434918,14872012009048822593,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3692,i,17834498565781434918,14872012009048822593,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4520 /prefetch:1
  2⤵
  PID:3252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4704,i,17834498565781434918,14872012009048822593,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4680 /prefetch:1
  2⤵
  PID:2796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3376,i,17834498565781434918,14872012009048822593,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4356 /prefetch:8
  2⤵
  PID:3452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4940,i,17834498565781434918,14872012009048822593,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4904 /prefetch:8
  2⤵
  - Modifies registry class
  PID:2652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5544,i,17834498565781434918,14872012009048822593,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5552 /prefetch:8
  2⤵
  PID:4104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=6128,i,17834498565781434918,14872012009048822593,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6060 /prefetch:1
  2⤵
  PID:2868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=6112,i,17834498565781434918,14872012009048822593,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1148 /prefetch:1
  2⤵
  PID:2212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5252,i,17834498565781434918,14872012009048822593,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6084 /prefetch:8
  2⤵
  PID:820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=6084,i,17834498565781434918,14872012009048822593,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5208 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5080

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5028

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x504 0x4f8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5088

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3728

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1124

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap1847:72:7zEvent19247
1⤵
- Suspicious use of FindShellTrayWindow
PID:2376

C:\Users\Admin\Downloads\OPTIX\OPTIX.exe
"C:\Users\Admin\Downloads\OPTIX\OPTIX.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:4800
- C:\Users\Admin\Downloads\OPTIX\OPTIX.exe
  "C:\Users\Admin\Downloads\OPTIX\OPTIX.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:404

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\921a671d-2657-4b9e-a84c-02ecc91a0bcb.tmp

Filesize
10KB

MD5
1693d2a38fe62dde26c35b56441df86e

SHA1
d26f54b71959b18ac8cc634411a2402ddfcc4ba0

SHA256
d3932900bd69aaee9236ca32b5c6401116165772625cda7fe8cafbef1045d953

SHA512
5f0bab6a4b3386c6aad70beee8322e11fd21875f24358d3cf3b601ba9be1b5c9c2097e403a781def6989f6c472e6126a73609d86dfc460afc44aced89cd63fec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
f030a60ad6969697ff3e759285f4fe09

SHA1
e1dd9f06d6a5809eb62d452123de141dbbd7e03b

SHA256
ebf7e31cd907b8b61d4635f6c2bccb0b33a1b5a6e69d4d71842a3a81fd9ba73b

SHA512
1713ee39dd16b9e4c427a1dc44c4472af9a44d8a82395d3749ac5e2c854a977643e7559ad4fc9c0f0939e09d6c226d6dfd6f8ad29f7f0709383f93fe138b4a85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
234KB

MD5
4cfa14429fd069a508ee080dcac8d2e2

SHA1
179ade0cee274fb3e970df204cd182ca6456f598

SHA256
6e1beb1b9890c5fa1b4c5c30535eb3329711b337b082d4bd32ec13ef6dc67643

SHA512
1ec5fe5ed9f91173ecfbc7fd72e22114fc282ebfb3b9cdc5a3cbdc435853f5b54f8b785bdc22186a589981b6c80bad4ae3c0c7a9f7f9d045874702b6cbef1d27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
32KB

MD5
e8caf9aa03a76568d4dfb4bce1c070b2

SHA1
929a63300cc8b20e5d06dc052ec862b9b5df3a1f

SHA256
d6aba74a90bcbe4a59e6d0d336f0354327449ceb67ad46dc1cd0ac0b8258173b

SHA512
8e9f6d753624a0370581340612ace94e8c1c62bc64b0b4c39035721c6d088bf77b544b9f0e380c5038d0a101e8500ca8fab589c38ba1d1137df9d3f3bf140658

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
33KB

MD5
383b0cf9c1ad6f185bcae0daadd3a542

SHA1
a4d3ec3ae12e9586c62ff18bb8311ae697f10c3e

SHA256
3aee4b10da5eb1bd91dc1ef2d158e4984659dd164a5250f3944710c610caa62b

SHA512
53ff30f96d32f6261b2063ab723c2e17feebf1a259d96263db8f923550bf813ba7d90118d81c43dd37e250487d709f8909ee61fbd6e014d4ed6c198ab9cd387c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
bbacbbd54d41b25b172ebca89a8fec33

SHA1
e29431f7e4118d41fc7aeadb8743241382f4f4c3

SHA256
6eb5779722f8a2a73d8fa6319bfa772bee9b5d683101ddcc600b51327db98c34

SHA512
2001620aa074f864b731fc8b3c2cd74fdae2db9522c4ce1844471aef059e222ed2ec5e2e84f9f8129d3000ccceff3681986d6d1ca520ac899feae1fb687bd32a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
7b0b98805c22e00907cc40bddf0bfb83

SHA1
edc46e9c1cb095d73a3ca86be60e7f8bd188f3f5

SHA256
f1cceb8d925884fe0ee5cc4b485dd7858f73def37fda53b97cca11083dee5dcd

SHA512
cfb48e4356391c16548b33f755bc89c76e6460409a1e0244d777a2447f1233bcfd5faafded2b58ab0d81f22172903e06f0ea7fc2e71d8e66900bfbc996296f66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
718567c74642f2fcd8df3fd18316e4f0

SHA1
bb69a357f04eae702ba2d07d8b45df7a76b7bec4

SHA256
40eed689101a4cd0494cb8e2bea2b7545fc65143ac10164d304070bf831ad2f9

SHA512
d3a52f9591bbd32f935a56f3032694309726afdddb0d50899af406c0140da798b8d9272d550f7610b484d124233f991d8e044abe86adad44696c8829134ce6c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
b6d8ae13bf6d9298f7914f66a709bb76

SHA1
5e0f782b819087d070efc828c19bbcbf139b5cb0

SHA256
9bf6cddd1009e946ad5f80afa445b95c373b50b08ed8201ea47c0d11ae9c70c1

SHA512
c00bb98da0c113e67d2e6c451d4c7c43665968cf11b9a8829bcab9d355dce8726c38188fc156562f714643ae97d13af3e048b73e3d4360fa012589f927e00095

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2cdbe64c39116b7768afba2c500d3fd4

SHA1
a23e08ca36ec1d62f101be9fb9d40e735d9ca91b

SHA256
46d3b0225a7b95d6dceb0fea88ba2c82b9db9de5d6f93d44c09ee1240bbe8869

SHA512
d5d937ae4ba1ec985c74eef41b9543b63524407b5593b13273af235a76cbe2c908f6ecb69ec80cf600779ae44936c6777945912eb15caca93320940dacd36379

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
99effcfa0d415508521bfbdb01cb7e99

SHA1
e9316c4e9cb1928f2fdf19a16ccc533a48fe41e4

SHA256
db00d067254a376f3d37702a7c45c35ccbae6f5825413158109e51039d530e92

SHA512
465c6d62a1821532aa9ea0b77e4de787bbf6f2c77f85eb32b28d96b3a342f650391c8b0855c644b7945ac976547a618783a1173804c6b7928febc290da70f9bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0b83a9b2dc03077b45b26c49a22ec031

SHA1
d6247ba88cb1cdaa6646ce28c241216ab14fe5c3

SHA256
75952c07bb92c466e12d9b34ae1259c14554e7715f0dc13b8bf1c1a8c7440442

SHA512
2b09e20882678b69681f001fa505d60a6af6df7f8af9cd4a2232a29b7e1e934478dea39da06e472bfc173cc4c21f50ca5001c20f2df84d353dc74118827648c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a2f887617129cd0492ba9045c5a572bc

SHA1
0c910114f25d93f94a4716ee9893842a6c5fb52d

SHA256
973999bde6b275b31bb48902e256cc96328c00e82509a8db2a9c002942d4d009

SHA512
4d2c3ea892c85c2a0e07c9a7b2b855abbc1122d7c3ad9fc0b8827321d6f46231c0e417ef3668f69fadfffc929a301007fd79e768099740c88b6e3db3319cc153

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a513b6e3d6ba9ca78187022ed4e175bc

SHA1
9c98fa8215fced1ac9872cf6e84baca511f5cbcb

SHA256
c91cdde131088831628797210f73d55be0028f65181e9ac9eaff61c00b6d0db2

SHA512
eb9faf9cf00e9ed53b4fb2921850d9e5408ae9162303c7b8e28bc6d8ef384a423989dc443139b4bef869a83e021612897f59eff8050d95eecbd6ad6cd0f1362b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
261292463c629d7a76b93138d0198f40

SHA1
d6e14448c96080b114bb20aa1052b4af6a93899b

SHA256
137c784bd107641a8b100078f360d0ab72c515163245bc6a7b2b05792dcc64e3

SHA512
d92d1270be49c868ee92205005a9b5fbbc68a9c56899435bcf8e0e1db45fd07f2aaeef3b5977fde46ae6aee8b7a178408fac2c58d1aade49cfe772ae6b422654

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fd09bc418393b2e6b95f9b64e59b6ac2

SHA1
6e88565c7844afb9eaab15874969de8cd80204bb

SHA256
ba9cfa4dc74451e79bbf7240499fe0672d19270a7db6d1fa3fa976a8151e39fd

SHA512
6fad1818b94fce8344e57dbb0a3400c06722689714725070ef7a9cf0568d1e171956358d5df4d98ee842ded8c09a18b744301332133b2451c1246e0080884b56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
cc6af84106f98a9ab443d2176aa4ecd6

SHA1
93f00608e48dfcb76663307318835ab9f688bce5

SHA256
db7d94426e16abae18c9baa14a4fef98a694b83762f9d9566e029d3534d5ca2d

SHA512
7fab18f0c859895004ae1079f475b922210c2886fbb0ba2de29c4171fcbcf6582c4ccded50aa69fd48425aa6d16af492bf4f223edb8b8dd36f523ec652ed4725

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c406e241caeeed4cefe3117701ace1f8

SHA1
10563e4127c1b0140725f9e81869a7288d4316b3

SHA256
9344dab5769b93905b21a77e05cb9495433bc51ac9e6843c304435c39de8c032

SHA512
c43653083860839867bb88ffeb39d2441afc7c300b68119cf86ef7fd011d46e62b5406ca45b93e33ff19c79e7368ed6ed6772729317eea780858627c902621f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f124c8f5e969910791a24695266a7c7c

SHA1
32e4341891aa84ba4731536542c336a2d8896050

SHA256
e577c4a24dc729090a9ad05a7e8a8d4c51dc1c52cfb21103a931e29d599374f7

SHA512
7c91c7c18312931904f5da4b6f2a9816541c9b8e7f916fb7a24f5ec8889a4449c70cbfaed427773b2ffc60cc229a7beeef2fb7aea0497a790efd9f68f792e576

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fd2c1fdd8fc76d3bb172a509e80343ef

SHA1
e4c71681f7d160bf5a4721396b46eb9568441fb1

SHA256
8e11931a5863d9a073fcab611a159d0ba31877a038f7dec1e28267c9f5afeb0f

SHA512
28dc2d73c2a35abf289ec4e4b48fb108538efd0536d489e719e56a32a4356b733b8d6eee80e0fea380a9cfb49e30497fad94929ca177f7298bf3a2bff4005e44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3cdb94ec-fa52-47a5-9314-3100e19aa634\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3cdb94ec-fa52-47a5-9314-3100e19aa634\index-dir\the-real-index

Filesize
624B

MD5
384b8a3bf79adb85f355cb42d05c0584

SHA1
eacb72437a2fa3d07f059a7f8e00f95d36474ee0

SHA256
b26e1deff311b01b89ff5324f9c49071f3e62167bec57dedb669c678946cf4ab

SHA512
de037cad542c1ff3ee4c5494e97d9e92ba4cada4326b59857801478c199b74f6cc98b640b6c6eeefcbbe625c61c3197a2715b951e373e13b362a7d7e0d2d3708

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3cdb94ec-fa52-47a5-9314-3100e19aa634\index-dir\the-real-index~RFe5906dc.TMP

Filesize
48B

MD5
b2dfadca94c5c68c9d68c140299494e8

SHA1
cfee0ba8c8fa014f19aa4f678432996ec33a0d9e

SHA256
5d9d2bd7a5bed3128e433882e4aba7413d60a3cba88692d89f0033f3fd27d87c

SHA512
367ce5a0cb2f39511ac74d3648d4f66e2367f345d7185ff536d8c695d7de82c44a5eaf4716492115c9ffd16c8e35fa170d1fe535e07c374d434c64eaa609294a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f87afbc7-966e-40d8-8bd3-cf553e9c0394\index-dir\the-real-index

Filesize
2KB

MD5
466c62875771107ba268a05b50c3eb00

SHA1
f37279712030eff86d995ed0f3821a588ee56b42

SHA256
8361df517edfbe0a6cea28f36a32e007c285e66bf0a04f84011df75ab55ffa7e

SHA512
6cc054c1b87ed681261150272e68d5f0a1020b9fe706a2c60e7e80a28344dd1a32a1907fa0016c45290e0410bc8b3bf842b7f2665a40541adc668f29713e572e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f87afbc7-966e-40d8-8bd3-cf553e9c0394\index-dir\the-real-index

Filesize
2KB

MD5
53ba9a3642454ab3e84a40e281456f56

SHA1
5e67126fb2451b9893cd3408633813a52b1b9bae

SHA256
e14052822a60fb90765485536b148c82a8251af836a54762bb0875270d71a7bd

SHA512
c56c732ddd52fe59aacf54f24a14d034831f643102438febb539c97d8e1dff593f661c5713870b0062b1ef20bd856be6db84013b6f87dee7c6c46c15aad11ac9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f87afbc7-966e-40d8-8bd3-cf553e9c0394\index-dir\the-real-index~RFe5835ff.TMP

Filesize
48B

MD5
5d3cb9299e1569a9fba695e367e8869f

SHA1
136bff85ee56fed1562048e85871d44af7ecd93c

SHA256
016748f65483838e4f48f6947b87253166a20ac65cd0070530ecc16022180c10

SHA512
f3f14f8b1cf960dee2f181eee42ad5aa91b4a5b3c0280b94c9fda1e42ce1af3f2d4a7c4da431b0231c3fdf67823f59b24b4d2f51a4d06458e1e94b5ad160cc7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
178B

MD5
eed15073c8ea598515c17076b740c12c

SHA1
a8b6cf644301f693938e28dd27f30313a46f5006

SHA256
fc394c1c1f7c84f2cb3be77c41239913a61cdc97d735705e0af50dd6b6893380

SHA512
087e83e96910e15c19b88fad05acb43253d49ad9c056caabf97987e04a615f508a6346f130de4582f9c43a84a9b23096412f7da040172b91a0504ba75e242d8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
b6d135df977d26b854cf5ccf31c90f86

SHA1
44a1842e243138f1ca93b319bbe1f4429a61377e

SHA256
ad1792c294921fd5531fdf8ec591f356dfde68ee6995c617277f4196353a39a9

SHA512
da71c52057b473f7474e26c08db87068a8b37651a2fcaf83062a8ecf88f0d6c67042b409400560bf0812b640d6e464b817131dcb642c425d784a02cdda1b6f3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
1f0e25139fe483ab173b92fc4d2064b0

SHA1
6b8c21502cdf923a774f4c7c3ef15b1d88ba5ac9

SHA256
263cb9c0bb5da05c1bc07981d4aa30d8738282d680736f932e053d20629b28be

SHA512
81a45a97fe82308cedf048d7d0c50afaa405c09c30988b43c1fcb3f5702db928c1cecf5c95b9ac4e2ceb157624d6eb3031aa51259ddb8f0bad7827339ac247b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
187B

MD5
a6482305cebc13f2b3935ad05563c582

SHA1
332444f0f461cff1eaaffde18d327424e4974eab

SHA256
752753c8229e055ca365f5d93732bab9cc01e1bc76329ffe8d485ca98d807332

SHA512
2352f4d9b5aa6cc57128dec8b17e48ed6a84b774282e1a58ec9b0dbe3a0c87dc7a0780e4ffaead5b9074ddab89b4e18a0dc36894c0156c0a6063005882aca2b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
6119643d69d1c31c47119accfd26e505

SHA1
bf6af293b8d46eb8daf50219e6c9caa53a4d3591

SHA256
fd459f93a87adadf46eec67f7675a5f5fb2f16e98784e576e4953dceedd317a9

SHA512
6711f1b667178ebbfaaa74f66a1e787bc9a9a1630092dbea8ec944b45d3bc00341dbe86cacaabb8f4a2e7fca31701224599967450d44c2134324730e376dc842

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
183B

MD5
844ecc0e690bfa181442449bbebbb796

SHA1
6fca25d46e19d3bf5dc0bf8dda0d01c500388d86

SHA256
a59b372420d5056a4122a06926a00aef00facff736f437210352aa58c703f8ae

SHA512
a50d6037acd4e0e9c3e08b462efd0534c7b0b0cab179cf8cb226d843bcc95959f4223312b6f3d817d3df57d6ed4bdfaa7057e3fd8d97662304642aa6e5057baa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57db5c.TMP

Filesize
119B

MD5
f851d642adb729452fc53fe5eb7a41f2

SHA1
f28caaf84eaed5e78153a6cfd484e8c0fb9e4dcd

SHA256
c69f2dacc52b372fc664f1764a9675af577384a5f4c347b02d273b27b011403f

SHA512
8fe94ba18cb2192cfb3c73ddbb41d793ff873123a16fc79ac51764926ef8068aa166c5ff6418d0fd28b854852ea0d7c43c243e5fa7706d107cb6db3b59a749b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
794bec4e2d4eadd673337885635c3f97

SHA1
aecb14d37fba3f1e4f1b1fae024bc480b3d628cf

SHA256
29a441a2b2245956395862f6b6b38741ba9f51e73b88e7506af70668077d8e46

SHA512
7c8cc4c93f8d468fb90fea1ea3c8b08d61823c1494c75ecec1f8b36b142ea617610771b69a4b5a56946feedcf66944e45e0e1f9e7dd47421939055052b4c9209

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
1bbbb2b659a9598ba74da9e4c02b1ebe

SHA1
cbaa6d48760cb51729b37e06e79f5e362c1f74b8

SHA256
1cc6181db0db0d96e78fe2b39296f40feff79c8c0eb768c69e1ee04783947a70

SHA512
ed5b411ee70dd69644a7a658c467675bd5a322339cd4483e5567281c56544ab02f286f0ab0d013756d4eb1c7d01d3d594f070e0ee67b62fa601a06d58befa601

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
8f3cfd966a3ad6ca4d4a1ad6f6fb587a

SHA1
2ae9c8241909061f6a28f6a0afe46ff187aa2990

SHA256
6d342aceb4f2aa0a6551d351ec7cb5f1c1109675a3da05349b3eec91c5d6d280

SHA512
8fbf908e5a85e33b6551f3bd49a61c5b5010a1d9e5061a29be796041255c6929bbb12eb20621578011bd63bbb90683b52120f2a7054af36e0de8be88eec502e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
c0504a0bfec7cfcb6dde876a958def0f

SHA1
a9fe04f13fdbc334c03d672dafe75f42f8539a7f

SHA256
6c7d3a45998a40e150179161f63cb540175e37a5cf23d00884e2cd71e2d4a6da

SHA512
4d00035ebbeb2fd46fb36421d95849f72d29053c0fd4be1266ce9616f594923974e52e95154dd6cecb8f9a1e98a2a4cd4374e480a6e8bd0f7f8790a46805ad65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
1cccb5fc1b5d66060b4fb60e1efb077a

SHA1
0aac8c65d8bfd6f7d82f5fd528fe0c67744a9795

SHA256
8ac4e1c06923c01b7c60c5cbbd075883770286e0222c513af48f02c594139d4b

SHA512
52b926d99d1ad46ee4ea4b27ce32ee936601968c9945442e963c6dfd72d279ab500d4f47173973346af5b6fdf8c87964d6670394e393562963fded28c5e309c9

Download Submit
C:\Users\Admin\Downloads\OPTIX.zip

Filesize
9.8MB

MD5
b7cb3a9cdbc58ccc54e19ac838cf8000

SHA1
d76672984bc4ae1f3a9f09ab2743269d0a57be63

SHA256
620f83119bb498067efcac8632770e27d06b4f4ae6924fab45f1f8f105a706fb

SHA512
7b33fd90dba124791be147ca9c812377f709586b9452a6669cf9bcb8c07ac206d9fb38917c68f5677dfde22b8fcec9cc51a0c4941e47a279b86addeaa144a7f3

Download Submit
C:\Users\Admin\Downloads\OPTIX\OPTIX.exe

Filesize
452KB

MD5
56199047b3923e010c421efcdc90c968

SHA1
bf502e14e83aee23a71b295e04c23f8553b991e5

SHA256
123107a1a3096f69bcf3dcaa185a7f3017b288b9475c861b092d05de0d0c4224

SHA512
df4bd355a1a12d716f25c15a9604e0d3408194bc3368e59bfd75b84ab49a70a9e1075b9ab9d73aba31d8b393bfc8535d26641b81546ff61c8c1c0b60d45e1aa4

Download Submit
\??\pipe\crashpad_1128_IFOUASBRRSWOZHEK

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/404-850-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/404-852-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download