lumma | hxxps://youtube[.]com

max time kernel
369s
max time network
370s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
23/12/2024, 17:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://youtube.com

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

https://spellshagey.biz/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133794482400592260"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000100000000000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Generic"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\Local Settings	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe100000007c1c0c045b25db01cd6cb90e6625db01cc92c1f75f55db0114000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\MRUListEx = ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	chrome.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1669812756-2240353048-2660728061-1000\{5B6D5D74-B2AE-4663-ABAC-202D6D87BD75}	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Downloads"	chrome.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
4452	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4804	chrome.exe
4804	chrome.exe
664	chrome.exe
664	chrome.exe
664	chrome.exe
664	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4292	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4804	chrome.exe
Token: SeCreatePagefilePrivilege	4804	chrome.exe
Token: SeShutdownPrivilege	4804	chrome.exe
Token: SeCreatePagefilePrivilege	4804	chrome.exe
Token: SeShutdownPrivilege	4804	chrome.exe
Token: SeCreatePagefilePrivilege	4804	chrome.exe
Token: SeShutdownPrivilege	4804	chrome.exe
Token: SeCreatePagefilePrivilege	4804	chrome.exe
Token: 33	1140	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1140	AUDIODG.EXE
Token: SeShutdownPrivilege	4804	chrome.exe
Token: SeCreatePagefilePrivilege	4804	chrome.exe
Token: SeShutdownPrivilege	4804	chrome.exe
Token: SeCreatePagefilePrivilege	4804	chrome.exe
Token: SeShutdownPrivilege	4804	chrome.exe
Token: SeCreatePagefilePrivilege	4804	chrome.exe
Token: SeShutdownPrivilege	4804	chrome.exe
Token: SeCreatePagefilePrivilege	4804	chrome.exe
Token: SeShutdownPrivilege	4804	chrome.exe
Token: SeCreatePagefilePrivilege	4804	chrome.exe
Token: SeShutdownPrivilege	4804	chrome.exe
Token: SeCreatePagefilePrivilege	4804	chrome.exe
Token: SeShutdownPrivilege	4804	chrome.exe
Token: SeCreatePagefilePrivilege	4804	chrome.exe
Token: SeShutdownPrivilege	4804	chrome.exe
Token: SeCreatePagefilePrivilege	4804	chrome.exe
Token: SeShutdownPrivilege	4804	chrome.exe
Token: SeCreatePagefilePrivilege	4804	chrome.exe
Token: SeShutdownPrivilege	4804	chrome.exe
Token: SeCreatePagefilePrivilege	4804	chrome.exe
Token: SeShutdownPrivilege	4804	chrome.exe
Token: SeCreatePagefilePrivilege	4804	chrome.exe
Token: SeShutdownPrivilege	4804	chrome.exe
Token: SeCreatePagefilePrivilege	4804	chrome.exe
Token: SeShutdownPrivilege	4804	chrome.exe
Token: SeCreatePagefilePrivilege	4804	chrome.exe
Token: SeShutdownPrivilege	4804	chrome.exe
Token: SeCreatePagefilePrivilege	4804	chrome.exe
Token: SeShutdownPrivilege	4804	chrome.exe
Token: SeCreatePagefilePrivilege	4804	chrome.exe
Token: SeShutdownPrivilege	4804	chrome.exe
Token: SeCreatePagefilePrivilege	4804	chrome.exe
Token: SeShutdownPrivilege	4804	chrome.exe
Token: SeCreatePagefilePrivilege	4804	chrome.exe
Token: SeShutdownPrivilege	4804	chrome.exe
Token: SeCreatePagefilePrivilege	4804	chrome.exe
Token: SeShutdownPrivilege	4804	chrome.exe
Token: SeCreatePagefilePrivilege	4804	chrome.exe
Token: SeShutdownPrivilege	4804	chrome.exe
Token: SeCreatePagefilePrivilege	4804	chrome.exe
Token: SeShutdownPrivilege	4804	chrome.exe
Token: SeCreatePagefilePrivilege	4804	chrome.exe
Token: SeShutdownPrivilege	4804	chrome.exe
Token: SeCreatePagefilePrivilege	4804	chrome.exe
Token: SeShutdownPrivilege	4804	chrome.exe
Token: SeCreatePagefilePrivilege	4804	chrome.exe
Token: SeShutdownPrivilege	4804	chrome.exe
Token: SeCreatePagefilePrivilege	4804	chrome.exe
Token: SeShutdownPrivilege	4804	chrome.exe
Token: SeCreatePagefilePrivilege	4804	chrome.exe
Token: SeShutdownPrivilege	4804	chrome.exe
Token: SeCreatePagefilePrivilege	4804	chrome.exe
Token: SeShutdownPrivilege	4804	chrome.exe
Token: SeCreatePagefilePrivilege	4804	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
4292	chrome.exe
4292	chrome.exe
4292	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4804 wrote to memory of 1712	4804	chrome.exe	82
PID 4804 wrote to memory of 1712	4804	chrome.exe	82
PID 4804 wrote to memory of 1920	4804	chrome.exe	83
PID 4804 wrote to memory of 1920	4804	chrome.exe	83
PID 4804 wrote to memory of 1920	4804	chrome.exe	83
PID 4804 wrote to memory of 1920	4804	chrome.exe	83
PID 4804 wrote to memory of 1920	4804	chrome.exe	83
PID 4804 wrote to memory of 1920	4804	chrome.exe	83
PID 4804 wrote to memory of 1920	4804	chrome.exe	83
PID 4804 wrote to memory of 1920	4804	chrome.exe	83
PID 4804 wrote to memory of 1920	4804	chrome.exe	83
PID 4804 wrote to memory of 1920	4804	chrome.exe	83
PID 4804 wrote to memory of 1920	4804	chrome.exe	83
PID 4804 wrote to memory of 1920	4804	chrome.exe	83
PID 4804 wrote to memory of 1920	4804	chrome.exe	83
PID 4804 wrote to memory of 1920	4804	chrome.exe	83
PID 4804 wrote to memory of 1920	4804	chrome.exe	83
PID 4804 wrote to memory of 1920	4804	chrome.exe	83
PID 4804 wrote to memory of 1920	4804	chrome.exe	83
PID 4804 wrote to memory of 1920	4804	chrome.exe	83
PID 4804 wrote to memory of 1920	4804	chrome.exe	83
PID 4804 wrote to memory of 1920	4804	chrome.exe	83
PID 4804 wrote to memory of 1920	4804	chrome.exe	83
PID 4804 wrote to memory of 1920	4804	chrome.exe	83
PID 4804 wrote to memory of 1920	4804	chrome.exe	83
PID 4804 wrote to memory of 1920	4804	chrome.exe	83
PID 4804 wrote to memory of 1920	4804	chrome.exe	83
PID 4804 wrote to memory of 1920	4804	chrome.exe	83
PID 4804 wrote to memory of 1920	4804	chrome.exe	83
PID 4804 wrote to memory of 1920	4804	chrome.exe	83
PID 4804 wrote to memory of 1920	4804	chrome.exe	83
PID 4804 wrote to memory of 1920	4804	chrome.exe	83
PID 4804 wrote to memory of 4824	4804	chrome.exe	84
PID 4804 wrote to memory of 4824	4804	chrome.exe	84
PID 4804 wrote to memory of 4636	4804	chrome.exe	85
PID 4804 wrote to memory of 4636	4804	chrome.exe	85
PID 4804 wrote to memory of 4636	4804	chrome.exe	85
PID 4804 wrote to memory of 4636	4804	chrome.exe	85
PID 4804 wrote to memory of 4636	4804	chrome.exe	85
PID 4804 wrote to memory of 4636	4804	chrome.exe	85
PID 4804 wrote to memory of 4636	4804	chrome.exe	85
PID 4804 wrote to memory of 4636	4804	chrome.exe	85
PID 4804 wrote to memory of 4636	4804	chrome.exe	85
PID 4804 wrote to memory of 4636	4804	chrome.exe	85
PID 4804 wrote to memory of 4636	4804	chrome.exe	85
PID 4804 wrote to memory of 4636	4804	chrome.exe	85
PID 4804 wrote to memory of 4636	4804	chrome.exe	85
PID 4804 wrote to memory of 4636	4804	chrome.exe	85
PID 4804 wrote to memory of 4636	4804	chrome.exe	85
PID 4804 wrote to memory of 4636	4804	chrome.exe	85
PID 4804 wrote to memory of 4636	4804	chrome.exe	85
PID 4804 wrote to memory of 4636	4804	chrome.exe	85
PID 4804 wrote to memory of 4636	4804	chrome.exe	85
PID 4804 wrote to memory of 4636	4804	chrome.exe	85
PID 4804 wrote to memory of 4636	4804	chrome.exe	85
PID 4804 wrote to memory of 4636	4804	chrome.exe	85
PID 4804 wrote to memory of 4636	4804	chrome.exe	85
PID 4804 wrote to memory of 4636	4804	chrome.exe	85
PID 4804 wrote to memory of 4636	4804	chrome.exe	85
PID 4804 wrote to memory of 4636	4804	chrome.exe	85
PID 4804 wrote to memory of 4636	4804	chrome.exe	85
PID 4804 wrote to memory of 4636	4804	chrome.exe	85
PID 4804 wrote to memory of 4636	4804	chrome.exe	85
PID 4804 wrote to memory of 4636	4804	chrome.exe	85

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://youtube.com
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ffc129dcc40,0x7ffc129dcc4c,0x7ffc129dcc58
  2⤵
  PID:1712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2032,i,6525013712157569167,11249072385002758573,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2028 /prefetch:2
  2⤵
  PID:1920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1892,i,6525013712157569167,11249072385002758573,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2148 /prefetch:3
  2⤵
  PID:4824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2304,i,6525013712157569167,11249072385002758573,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2500 /prefetch:8
  2⤵
  PID:4636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,6525013712157569167,11249072385002758573,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:1176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3128,i,6525013712157569167,11249072385002758573,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4492,i,6525013712157569167,11249072385002758573,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4512 /prefetch:1
  2⤵
  PID:2580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4684,i,6525013712157569167,11249072385002758573,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4504 /prefetch:8
  2⤵
  PID:2344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4856,i,6525013712157569167,11249072385002758573,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4848 /prefetch:8
  2⤵
  - Modifies registry class
  PID:4524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4984,i,6525013712157569167,11249072385002758573,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4344 /prefetch:8
  2⤵
  PID:1924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5268,i,6525013712157569167,11249072385002758573,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5380 /prefetch:8
  2⤵
  PID:3460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5584,i,6525013712157569167,11249072385002758573,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:1840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5568,i,6525013712157569167,11249072385002758573,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=6052,i,6525013712157569167,11249072385002758573,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5948 /prefetch:1
  2⤵
  PID:4632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5100,i,6525013712157569167,11249072385002758573,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6152 /prefetch:1
  2⤵
  PID:1148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4884,i,6525013712157569167,11249072385002758573,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4496 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4672,i,6525013712157569167,11249072385002758573,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5496 /prefetch:8
  2⤵
  PID:2000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=3196,i,6525013712157569167,11249072385002758573,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:3824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5972,i,6525013712157569167,11249072385002758573,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:3412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=4032,i,6525013712157569167,11249072385002758573,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4024 /prefetch:1
  2⤵
  PID:1656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6100,i,6525013712157569167,11249072385002758573,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6032 /prefetch:1
  2⤵
  PID:3020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6260,i,6525013712157569167,11249072385002758573,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5556 /prefetch:8
  2⤵
  PID:2432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6240,i,6525013712157569167,11249072385002758573,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3356 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:4292

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5052

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4b8 0x3d4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1140

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2752

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\88acidd\" -spe -an -ai#7zMap3113:76:7zEvent11416
1⤵
PID:980

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1428

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\88acidd\nok_acid8\" -spe -an -ai#7zMap2480:96:7zEvent21401
1⤵
PID:3616

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\88acidd\nok_acid8\88_acid\source\License.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:4452

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
3cf0c95904448d72c20a139d73722a1f

SHA1
2895131bc91a4215149f65b53b22f6f37ad7a65b

SHA256
c781eb6070e825688fbad716cb313006f3017a74d37a29f0e480cf4e4e196d26

SHA512
65a682c5e63e93064535a6556dcf51cdd80197b73e92dada908773457d7e32436e466ef43c9295623949da0b8164e05b3e2ecf3922a12cc57bec9e6a32703b46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\191c9257-442f-4925-8c10-17bae79a4388.tmp

Filesize
13KB

MD5
fe4b73a79ea94a7779ab1d44c5dc4b97

SHA1
e424f4f21c3540655604c2ed40777870b44912a7

SHA256
874bc5f834f86d81199656e4af93c81b515031267a9af68e464fb39dbeda4f40

SHA512
ade1078eb0f8a74e366e6634c4f36a7c9f1e9e8104b4b6420aa7c43cb75bc11b3d05e98bba968a7cb75f0f1e9d07ca12d615d5513c9e2203bbe7a2f6aba72459

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\6f2f2a30-f5bf-4227-bcf0-aa6b3a793f4f.tmp

Filesize
13KB

MD5
18a820ec763ac87bbddb77bf4ffa5e98

SHA1
9543ebb04a38b02c1b7ddd7908a44c12b3d614dc

SHA256
a28274f10c9c8aee64930af6c9d51e36283402acdc8ab9676301dcb0aeab7b4b

SHA512
f6743bd252b83d8ed561959f6f1a6f1680c1d07deed26533fa65f55254fdd6cbb122df89e6ccefb8851d903c314ae0d35f066e8db0cdc6f788c45cedac3a5626

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
73777c3a841aa57bc911d66fbb1c8bd6

SHA1
b304005a3f5ad5aafa6e7e0c9468e0ef26a5f290

SHA256
cd9a3bbcbbc99c4912ec38491503cc7e8408ec9d1c43b932e66024bfdae1ede0

SHA512
531602b02a560921c3a798daa39e17fba525a2884055ad14e86d13e48c64fb49cef1122c387d4d789c492ea7ba4e19a7f5009fb3d6e660d798df06dffd5aba2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000061

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000066

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
18b6f8b1ac0e184229434f9891b3d79d

SHA1
d640bdd1764c478feb2ae7f99a00832680f66a3d

SHA256
5485e72ce493dd8a1dc9bf761b477ffc34abdfa36024ce2f50102d0290ff0be6

SHA512
7af40d138e0caa485651fe03d4caeb1a277d9539c7cb05fbb78c7d51720088f6233019007ee2a0c5b42ebfa11e57c2e184e0f3b3f383b6bfbfd63b8a10f8664f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
d6299caae6c38efe28d1f96085e39090

SHA1
c7882e75eea89aca0d77269b92e2a41a24284935

SHA256
4b1f75e1d239ca3585e944aa36093ff2654c9beddd0ad741632dc3e948e1b19c

SHA512
c4c09b2cda72768f98aea8a9c83dadcc9d149aa22484afa0cd992fa16e4278168702e4e48e1ed52042a15dba1c805c8d12493bdbdf5e34c23805a0d7d86f3e7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
d94f6085bf0c5155d9c83c13d108654c

SHA1
716b12f8800703c51ca734845bce3dac5f03ce56

SHA256
c7eb893146e30542994fa0bfc3bf6005cd05b5e01b3d2fefbbcbc2bb604612a4

SHA512
d3c2b696976eca38ae25d0799b1e823e6049ab79de73dba69bb743def743bc085df3bf712e35d238c9ef1a5db29857d61c0f648f671c70d5b117833b6cc9dc39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
ed72de4934ffa1bef1302498145e2df3

SHA1
582d6401d4e07cc6e2d3cbd92e3f81f084d59895

SHA256
afd6f1a4f74edd153c0aa8221a30fa28fc5ab8dad3c2a506d261b8509d3f76b8

SHA512
3ec5578b6ee06e065135f843976095cede3bd0cbf85eba80dadb52bc779cef26ec6ba550aeb1237eb7e6c8f5249142c3a8b451cd328ce908f1efb26d427a051e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
16KB

MD5
56a8c629824cccfa304697d797e81962

SHA1
0f4cb4bf5690c88c6666b0ac8496f95e6237c3a0

SHA256
601f29b1238a8cc953f2c4dcde30d3910cb1fde8d3bf5896e980c0c0a92d2e0b

SHA512
6315ce4756a494721d4ab06740916403a79a1277182c1b5f47184351dbf4b86e5480038d0d838eba30d74e802271f35187a61b23fbb67586d3585b75c694e108

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
15KB

MD5
9d9725d92d446d38f33af664d695713c

SHA1
9d5232d129ca94e709728bc0521fa280972659a2

SHA256
5a4d74f5cbeaf1265805c9d5d9f0d71fad7e2e83bf25869a2cf63aed0a0a4eea

SHA512
6c5b083c92c8e31357247a618fece21028f4b7e33d4a1bd533b90ada699a97f98a6f0b8d9dd798d195ed5403c4c0319e4ebf2783741cf8018dcbd8d8fb1f8812

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
19KB

MD5
2f5612cce3fac82ef12b1f7801152d07

SHA1
57946e3d5fe3197a9180b4fff9dee999d9f515fa

SHA256
498013f5fcf8cd87414f449c1fa443d76c9ec04dc1e4d01ab4ae473565a17aea

SHA512
208ee90f4a1e6642ac327fe193502ca98acbd7e2c9fefed9c6629f51b6db2125e8c8fc6f4ad2aed006f1a45dd9c2b5f1b279ad0bc4e8d600d141be8a565c8f7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
7f80f536759aec93084fca5e35bd7bd9

SHA1
887a3aacfcdfb11fdf722239d391b4fd84cd6664

SHA256
3a24ba29c5773bcb8931da50c12a148f96ae8682fbf3bd9d910d28370947e025

SHA512
538652a8bb752380ceec59854e5298023544b315fa650fd325555bf53337e97df581c2dbc1f65eb01e7abf34bf3e169990bae699a6101fe9c3fce39655a5967c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ed5b6b6af42e5811e8e143014a50291d

SHA1
58562599efd68ce7037e64f27db6d7d3268a403e

SHA256
593ac47a65e5cbaaf12e9fd3737a7681ae5a9705acc757ef63edf825b0d639f2

SHA512
6af53091f927e562794c24979f110745830a505f2c7e2ac441a5ecabd359663cb7a5192e57a239b26036e20cdc18db186eb5f5618be1b0294c2f6b565d5d5c66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b56bd916b5e3976c31c3c5599d560eb9

SHA1
6fb47b7e36fc3596c1e083962a012ebde0f4088c

SHA256
0dde1468199f8858df1f74b53104f4a02164a6bf85eef65e2e23b976694657a4

SHA512
071429b0d2f6b39dc31ae3e2d31edf0ff76016aa569413d752da259321dfd5a14e082164f1c831e3d2c21102ce14b6df09605de5578b4cbd08c6d7f41a0818c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8928c0a66004745163cd70a2d86e68b2

SHA1
543b91d82322fef65efb0f8d8fdc1b986e74f0ad

SHA256
7ab7dc8d15d7f83183f02e28165422ab38617052908fa481cf7c500f2204df99

SHA512
078d16f05315b4b7585e06889ddb39c460fbb478da3ac89c4c7a5eb32b35da810e638e81f8d87217ed5bac0f8c4d0c79d17582250d05ebb7da425f57262970a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
3f49f5a380f6e347c3525e1719d3eaf1

SHA1
eb9c49ef583b92ce449be48cd75d708cbe043010

SHA256
9b6d4ff6ca8e8544b7c2ee39e9b18785921e78631fcf1fa1ebd0773d93d9ff34

SHA512
1a6b9fea146d8988c6f639a774df63f6a4004f223ca62043b86f2caa87239732558bb0b0fd48eae99c816f7cd31100caf1737751bfc351d0db0ed115276652df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d78ca0b281e60db318a11099da34b7b3

SHA1
b5c6d8d4cf62c6bba14d16ae91bb3fc739df922a

SHA256
8395c43b3754fefd241fb1215d1c1792bb43c27c5b649e5e4c39b110e5df9606

SHA512
6eca9e88675b90dba840123f71479c25cb0a131dd451201cc65b5818d7feda8256a2f01d3b36064a7dcb41b6cc07b0c648fb17e587b5729a128379c7e02d618f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f3e250f19e8bd7bb0bc4ae66446ace76

SHA1
c25507b774b3a298579b1f4164caacc40a2a97c5

SHA256
ea2b67a62e84b9752706499b3bc1d118ae45248833a13defcd85224f99d3ec88

SHA512
039e4208b47f2243f15b7d8e6c0815f3948c033f6e7b8c11785c965ac121336d150f3f3ebb56a181d14400f1eeec3589ca29865cc21de1ffcfb5c935ba615f55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b427a3a7b3c4c746466068dbfa34657b

SHA1
9252cb158f1994db935ecdc0ba1f78c90b4fad6d

SHA256
e0badd52f35bcdf177a0d43fc47734c87e9de0f491088377bfbb13a9ba24efc8

SHA512
f452ed4a6d80839787effe75b45ea6432b3c00a2e36ade80d568534efd4e64336e7b52d7876d81c1dc8495544584f6ca06a53200ac31441dadb579fd4a871c09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6388bffb6c7176ed174fc02e98b5b2e4

SHA1
c511c2211b81a12dce6f9be3dd8472cb696368b3

SHA256
4112b3c7baa6be288735f0c0ceb960ea6bee9cba70ff9303ed6b2e561f27c450

SHA512
66529a0ece6d038f88155930065a39fdaaa94883eaf44128a77dced224457ab08d0fcbe5d856345252a16d86205caf84fb2160d5913f0bb20e5a5519140f2c83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0a7e5fdd6fa801b4cea3ffbed148277e

SHA1
e81bfb6fcacdc7e8504490af139d279221155f04

SHA256
31e20151370b4e6020a30f57d90a3afb2219b4c97bfbeb2fcb9b4d01ba7f4632

SHA512
5adc720cb0d78e5ceedb8ef4c5f06c616734c2cd7f4a4ef779beadc83fc3a8ee946dd75ca4fb8dccd1cc447cd832746af890310ead3a9a276c6e852a90fd2b00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ce7c92732fe72bd8ff5a3cb6248f676d

SHA1
de2833737f2a03de60d30b6a1181c25171b1860a

SHA256
fb333583d95cde10e16c686fc039b422e6a725d5383af6aa0f0d4c3735e5cb7b

SHA512
877557152bb78db17dbba726b83d5243cb17a928d121ab532a03c92b72ae54c5b2c8df91a498f2900d8dbfc6f9d5dfdd0901193dba34e2cc04eed85a88f6076b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
0ede2867598d891ed2ac714c98652744

SHA1
366dc2bcfb873789bc06e89b62ca443f0e8ed936

SHA256
eb9f34d336e49493ac26ff4ac6504c979519a46e1c491794825f1a4a7dda5d5d

SHA512
8de4d3773516a46c06380bfe383e357fc0d1e5e3c112affe8376edf97e0723e0252e2be3ed7bffdcb43542f58dc1a062ab569099c95f22651cb7c57a2f622941

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
d75f72a83ce4a7dee8e8eded78b19b57

SHA1
46731277060f55c2d70330e2830c00607678c077

SHA256
5cc5787169fe9b5e909d653c2ad2ed2f3824739ae88202796a3af3204efbe852

SHA512
6a713fbd5c1c448d67c5410c58fa02b0ab99a1ad52d4eaac812a7ed1036344858d324489f5eb7ce45a0808d3d001141d4b5607e5ec2f00fb784cf487e945e09e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
15755995ebedfdc43515746f9286881f

SHA1
fafa508d0a02a23b178bf223051b65e511664b26

SHA256
59c74125a2a085f35f6c3d7a1da1b23d02ba0d6044bfa69ae32cec0858fb225b

SHA512
13c46d383413d8f68ce30c24b7d81b49210fb09124014c01099bd68784cda79bbc57dd0fbb78088e045358975050be1403bb9b56e1b1ea90044d03383b4f7d9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
771d47a724ae609223bbd5aea72bdd6d

SHA1
ae1efacba615e0b89fc57df41320e2fc57a6a16f

SHA256
f3fe17310497b9b3579389a3ce63d8b2524e5835b7f890769e4495e325faa332

SHA512
4db0b5ce114076e68b131680ee02bb325cc0e9e836da0149c1e1c5e8a15d41423fba6fd09f0e1df547e1bbb59cb2480ed6674e0b8626f579847c0c280ff3590c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
ed999c7dac352de92566ee1d66b3c215

SHA1
56cb3dd8ea71aa5023b8dcc746b86a74a196424f

SHA256
90f41459e82a4a4bd5cc5db98dce95b73c2ddc8e7188e38cfeffcbb0e2d2158c

SHA512
968dde338693e5fb3ab70b9fca4808ee8ed6a0b8812e2174f998ee01ce5df45d72b4223defb88cc77d40a424a14fa76f4e823fd68cb0de071f9d90488ccd7c2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
b1b30af350f98b7fcf947f47b4203d72

SHA1
9dd8b78b17ffa410058808aaabff842274c9e0fb

SHA256
7f7eeaac6eb78ed9d3e5e30e226023a0b3f3e28771b305627fb88cf8e26c6a47

SHA512
01649c4e833eeb099cd0cc29cdb545acb8b192d629b9d583beb34a07be244e752e84d876d0466314eac7b382b95649e9f15d7de62660e82bc5d7042141870e62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
f93554ec64b99c020e864a4c1258a6cd

SHA1
aa20c8164614e55611ce205595f0b3a49f7df9a8

SHA256
9366fdbe6d755e72b3f24d337671dd4b27f1c5b62e4245184230105ee3923017

SHA512
d7498912947064c42663e1ff55334a0f7953b708fac26b8b3738118184dc07edc0583a4485a4949de0ea91b2e498c82187b78f2a3710210b425a07b4f5913f8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
027cdd6600b230044feeb6c8ce415c0a

SHA1
ec6d7188571cf18ac094c0f647e9e72ef3982319

SHA256
99315157dc084a463b1827496ee9834574672410cd74fe5918bd233a168136d3

SHA512
b2dca4aa8991c36144c34dd69f53cc47dd686dd4d40426bf0bd3a2fdeedf4a82f77b9e0aa48a8d65cd65b2ef0fe10214d775f2fcd7bc387fbe2e5d1a3c8f608f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
a0502a9fdfcc3e99dd1b761edcc9bbe1

SHA1
7dcb46f85919156f6e3fc628aa0fe1c58cd08383

SHA256
fb74bcc36b8244c40db13571acee2de300fe59a50241c602fe0dffbe940834bb

SHA512
765f57e5cfda69d28fc2d422d738764c4f6961b5363920b287b69c875d234b504cdeb6e22899769b820c6b3223586c2966f74a92d6d12bfe41107289381d8b29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
82a8074f42d50924e116c6664903a89b

SHA1
1fc33b7ad76fe22f9da21b370c8498dbe92c38ac

SHA256
6154b94f6b7e01ccaa0102d74196f72bf29b78286b79a7b9f55975ce21a3d5e9

SHA512
a38d8f36136285a40422a1e6d4b7ccbdc4b372494bd4904d1368e01bbada7456be502f33034c1bf6391fe885a6aa26d5c3e0389988672f6eccab6caf0acb0f2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
49064c67ac995a323e7cd0f6daf8c9aa

SHA1
3ea2f18dea3bf6291cdea6f6338e5e42b3913c89

SHA256
4de8826e1b5200cdd57a5dcf32abae4c9153b0f43fb3bf4c87de64bd0be20398

SHA512
465bff7b43457648e5069806a3aa1d016f80cfda94ac42ccb6c3df1aedc5407006c2cf7bb96450a70636215b09931e0f48bc8a2343b264c5ad307373d056658e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
11f9584f74c16fdec75b491d9daaef9c

SHA1
72eecd82db9c0c610263d6785213dfde26f5e466

SHA256
768a165cbd8acd079d0c39dda38f382cfa8cc8d41191f4f1fa6782788066cc20

SHA512
d3948f77448f8fd0f83d57b83a0b450b7a33ac4d8847dd267c9b95a70fa970f5ad7d9f79c6b992aa4c268030ffb8320e2287df46c1be952422c1e7cacbd8ad30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
78a047e30129871313ee7e60d3020c25

SHA1
fec715151647e5df85e052675129bb77fe29330a

SHA256
58a238889419b25e3f0821765950edfcee07b979a34fcfb71c59424e2fbac973

SHA512
5d7d43cad3c795f7172c3625a33eadbaa974e7cc125375f102d4d60827b81043579c550310228e88c92d9fd0070bdc1717e4db5d1f229bc3ccf863e4757d92a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
bb1d358e41928592d09f455867faabfe

SHA1
e3b014db6d5cca26a259f0255e775d46d15e4e2c

SHA256
02bf6a04bca5778667ecd90741be51387ac4beff13a1305705ad46d71a6b65d8

SHA512
1df93612b6b54224bfc9658877adc546e002133258832819f57883b741b7bab3b448c85cb5952a8492eaffe58b9e83c6b2e26b5400de8d326cd28833a079b0f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
f0addbcbc543761e74b5d913d7ad876f

SHA1
299f479782e5bdebca81b518b9af72877a7f87e5

SHA256
0e1d2dc31ea80ae5a6e22e3045e418adf2f87a3934dd77e083f31c868c4c62a6

SHA512
0aae54acf48d496419074413bfcf8870bd9ffafec4483816e8bcc4126e69b878c4c628cbadf541e3c846cbbae632e1e870c2daed0726ebc7e91a2ef7973d3304

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\626441ce-54d3-450f-b9bd-4652647f4965\index-dir\the-real-index

Filesize
2KB

MD5
5243fddc3fac5340c791d3cf5a5d70b0

SHA1
0b8fac638c4259a14599ae074f3df36d6d40b21d

SHA256
88e2a8f4b5034d41cb8cca658da11eb7aa2054cbeb4c0b548ba41ffdc66baebb

SHA512
4a575e8307bab210248aea239d34637b0aaa0a9dda058b3f5c627c1fb10016e4a4d30ab52d23ae8671af72d1790ca1e7f59bee3e71bb19387b5f2469182d145b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\626441ce-54d3-450f-b9bd-4652647f4965\index-dir\the-real-index

Filesize
2KB

MD5
b479bcc888d7d6cc6ce1b43e96a9f1b6

SHA1
6fc4de4f99f2d5c2b48bfe5373022f04d2152f0a

SHA256
40c7a130836e0505eab957fd367dcf6acec63492924ae5fda78fb6ada52b7577

SHA512
0ed4e7cc635a5ae476555c77a362f82d8f48231993c9cbd8bae8b80b46b229dc985ddd42243989e1be2e4470adefdcc365cd3cd7567aed56c7ea2228eab16520

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\626441ce-54d3-450f-b9bd-4652647f4965\index-dir\the-real-index~RFe5832f2.TMP

Filesize
48B

MD5
1b840c26bc4346c76643364391680a71

SHA1
07569b47461290bb4c5df12ed467181830871b99

SHA256
7a51cd4f40c0eabf520072dd425097122b66065215adb6aacbcac439b404c9c2

SHA512
322ad5987f63ad976e83b9431e1fb6d7177e0341864b77604ab626375ff6ecc6c3cba51ec2774c108812d20301f3de1999cc3ca3f12ce56e9cd188d1354a786e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
632c0db60b3f686c9ec0246a42199741

SHA1
a4ca1f8d771f29844af053d06656a941d480d9a7

SHA256
d50f3f7991a03de92f07400f4072038be4501f21371b73e90d3e8818c575e4be

SHA512
abf92fc23cdb09d4e5515c3ed9dbb4c78e10e1f8bd057b752969f566cbc8e6234a01c360032875780a30a3a8cf3f0f3a579761bd617a98bd851c4c486af3fb53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
90dc4f2b9c4e53968de01f8dd214fba6

SHA1
d5bc37cd3a378c5f99aa8694c7f722c0b1ab2cff

SHA256
0b538bbee663488ee74fc19d4c218c99f79021be38210b3d3a363563b2679c25

SHA512
6f637f91e78f500b56c8de00c7625d507577a3a6458c58e312ff74d7c7f0494e6f4f97e2a0fda5e903279ab3acbd0139e0211a19d51ba400f0fe105f68c66385

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
56b13c1f8a4cfd92ade80a7269785b17

SHA1
235b77306cdb61dac29a7e40a03ebe8eb5f9ca77

SHA256
5e4e59486b021a3d55e6de0e4998bbc75b0e63914e36cc6152bc1e5b59d18dac

SHA512
5474c3c4a247c29100bb0e798edcfc4c7a4c41302665b945d1a5eff13e7e2f3da76ddb3763a5ee60c242c19ab54a62d44ed25c2841a2cf03468a73be5844d9be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
44ea3d8c01d9453acba2f7ec7cdc5642

SHA1
02c05ed16128bc80358a37c80be3141a79c4cf64

SHA256
0bf144569e368fa7139e259284b636b0a548f2e47275c5fcf7d87730089eba1b

SHA512
4caec3dc12af297d920ae2a70701c9666312424b61d8f0199b4acfb4777420903b0cda26163156f49a38a47abd3f962a8ac47d70a12e6f8daf3c053e2fd9dbd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57929b.TMP

Filesize
119B

MD5
962f4c2eb699ead86e9811e67a0c8846

SHA1
a9defb56c3aa5c8a0d8e3ad6ca80ac717438c532

SHA256
7ab2d6ad7222c0fc0bff865a40654f31827dc55013f80da11fda3e67057f7f2a

SHA512
180334be6d93ed9f77bd1b3111cef383ba1b70b0b5b0c99cf13539099d0c63cef6f59cd8d6049ccb657d5ba461d252b6a4f2970065e0feb3fe3fd4ce46e806e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
376260898d10aa96c2e507a21690a49f

SHA1
8569af8de9f7f333f6ad632530795f9c960362c3

SHA256
0b018ca76fdc5f68a50f1a24f954ab96d768d8ed90e25e664963e6a205113f52

SHA512
35a5a535349170ac0f6861002b62bee5bbc876499b9e5de81298efce074e2e97ffea53e295d9620e47dad8f2fa8f7e358f97ae6eeb34b21ef0017ecb738600cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
9d256d821bac3f0e518d00dbe21f9dfb

SHA1
68b508b5308b2ea77f180ffebaf4afd6eccfe15d

SHA256
b191590c5784344c977a1eccf3375e8ac8b3661d1d816e2907e5fa92d9c986a6

SHA512
9489ef7c4d970b108e521d922eba2e4c506770afdd640d824b66d99f430347787b612540b31225a14470b74d92a9aa945d962dc00203f3511a8920c382361ba1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
aa1076b452f90a62a5905eb7efecb83c

SHA1
085d6290694966f7e8598d390d706b2a551e1156

SHA256
273fbff10c8a9ded94c19c677006859edaffe91414507857e6bf9f8c696f2c6e

SHA512
8d0a9dcd9fe3eb480914a658240fe6760c05e0820a52491ca02c9bafde4e78c2232ca640be8126e149e83355447468ad63b09659f55051132df4775b963ac5eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
5bc2d46e8310787e97e059c78cf6fd84

SHA1
7699b65ffa414b9f3fad37f8cba1f2e3ca6bc784

SHA256
1b17dd9d623594d900f1c9226b6caa8954877e67d1bb4de29214477c13197915

SHA512
56f7b3e050d519be1928d70a86782b911d9bd9fc1ebca1da0f4a942ad98b0970331ebdc3f8ac624203269f44396d9af1b3fcdd9d068912b704221a5666ac04e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
42fb3a36b23f1bd41120b5799f3cc293

SHA1
7098d571e9349573024a3a5733e50b8a84fd17ea

SHA256
312f25a542990c5313d82a90de7a427d30dac0ae0203098951d915ef8a081a58

SHA512
6316c9a45998aa395f9933b329ec9d9f46f0046381c3ba57ca0a63e72bc53d479e80702354e1be155f5c76c4bec560e16b42142b8148bce2a34326a350751ec9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
b13eeca36d0a61e07854f38e4a5d9f2e

SHA1
22edfb3ee599640daf846ef9d80e2e86c02d91ec

SHA256
75e7098533f978db6efcaf95cb480d59ac6f16d6a00fce3b466c53bc66a506cc

SHA512
666a941224876c9da8975fa96e99bba5868c3495eef8b622aa67966cadd145c66d77d01be7fdbc9c1c9a0cc148aed707efc66d5cf208433b183de1874418bcad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
b69bed60a2f59e27959c115f337dbc20

SHA1
b826f9bc357626450188958e62b93c51cd362f0d

SHA256
43759713a7528bc0a5707f485b8ec61caf84f34b07bffac868b520da7ffa56ef

SHA512
1a5c28f03b751c9f4903f2ad672513f9bebb99ce7fcf8cb6b3620f8b27ea77eca2c930358e14594df8ef0e423181f7ec3d449900764041d2075a9126ebd04d3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
a6b25e1c0cdaef937ac75c2fdb6e67b6

SHA1
e577fa383690b195be82252bd3ca8bedb103cf72

SHA256
2e9ef25dc4d8178d90dfbc7a0ab119acdf5461a5eea0f01b13549acee2871c43

SHA512
4433d7183d0831919e668d0f53823a8379dbdbc8c17c23be0175000f5abe2f336664b9b27e5d4429b6cf03024ceb95674150ce729430a43102761cfac758c412

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\88acidd.zip

Filesize
13.4MB

MD5
3304b0186a7dd6cc3da5def6014dec3f

SHA1
91e77d1f86696c08bb0df9dec0ac13636956cc60

SHA256
89c8d2efc95e064405ce2ce742fc6968528d95cb6a66192daef4fbcdfeaa7721

SHA512
c2731aee49458b2f56e58ba6f3cfe73301b26ba1034d15cda77e41d02cb91cb646991552d98267f5289a112d3ea754f0e982b3240099b4515fbb5ee965fac7b7

Download Submit
C:\Users\Admin\Downloads\88acidd\nok_acid8.zip

Filesize
13.4MB

MD5
cdaf6a115da4d4201fdf5eef071e5d34

SHA1
02755b86ced927f0456c89b4f71c75f1fff4e19b

SHA256
618e252383a5b9c127fcba05219068e2abe591e483a4aec1d6ecb489945ec5d0

SHA512
29fbfaf12c1b8885bbf629e170486c23c0ef9c5c04b7042c18324a5c6abe62897001e287f0befaab5d59cf4013477981256912ae782444ad962cfff482a22a8e

Download Submit
C:\Users\Admin\Downloads\88acidd\nok_acid8\88_acid\acid88.exe

Filesize
605KB

MD5
2816f592a20b55ac30849a92e6d61c00

SHA1
46eb22835a28b154dbf700416094ce22f8ff65f6

SHA256
8e8be57740fd43058b3e310c77c9ffda477e62f729550030d38a9afe9bdddf12

SHA512
137c0cadf443a2525a710ea394f06312a4993eb1bb29db66f1e0a12778b68b8e370befd30702c7c465bf960d0361d264ec186dd12f2e2407adebc5508658334e

Download Submit
C:\Users\Admin\Downloads\88acidd\nok_acid8\88_acid\source\License.txt

Filesize
1KB

MD5
d2317a93ad2409aea36363bbb83f1bde

SHA1
e368c238fae3220741c20908a0fb9908b961bb94

SHA256
e7f9919d918d62c5b30a87c45e1f3397a2a9700c17a3b7cc3ab02f3ab0996b55

SHA512
300c97237a5b7e4b91d7649e63abaa41fbb27478f8d231abfa6980a78a6725fe8d2275eb419db01de9c0e75b9b704ef047e8d29ccd4e061e2d8c1a60c23144cc

Download Submit