lumma | hxxps://youtube[.]com

max time kernel
361s
max time network
363s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241211-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
26/12/2024, 12:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://youtube.com

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

Executes dropped EXE 1 IoCs

pid	Process
3764	Exlauncher_ab2setup4.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
127	sites.google.com
128	sites.google.com

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Exlauncher_ab2setup4.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133796887602703398"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2062871678-1047416116-518495306-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2062871678-1047416116-518495306-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2062871678-1047416116-518495306-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\MRUListEx = ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2062871678-1047416116-518495306-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2062871678-1047416116-518495306-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2062871678-1047416116-518495306-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2062871678-1047416116-518495306-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2062871678-1047416116-518495306-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2062871678-1047416116-518495306-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2062871678-1047416116-518495306-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2062871678-1047416116-518495306-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0 = 5a003100000000009a59ed61100045784c34756e63680000420009000400efbe9a59bd619a59ed612e0000005763040000002a000000000000000000000000000000586b5e00450078004c00340075006e0063006800000018000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2062871678-1047416116-518495306-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2062871678-1047416116-518495306-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2062871678-1047416116-518495306-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2062871678-1047416116-518495306-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\NodeSlot = "5"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2062871678-1047416116-518495306-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2062871678-1047416116-518495306-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2062871678-1047416116-518495306-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2062871678-1047416116-518495306-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2062871678-1047416116-518495306-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = 00000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2062871678-1047416116-518495306-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2062871678-1047416116-518495306-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2062871678-1047416116-518495306-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2062871678-1047416116-518495306-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2062871678-1047416116-518495306-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2062871678-1047416116-518495306-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2062871678-1047416116-518495306-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2062871678-1047416116-518495306-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2062871678-1047416116-518495306-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Downloads"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2062871678-1047416116-518495306-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2062871678-1047416116-518495306-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2062871678-1047416116-518495306-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2062871678-1047416116-518495306-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2062871678-1047416116-518495306-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2062871678-1047416116-518495306-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2062871678-1047416116-518495306-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2062871678-1047416116-518495306-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2062871678-1047416116-518495306-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2062871678-1047416116-518495306-1000\{F03F3B2E-1B22-44B2-A440-1985BB7DC04F}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2062871678-1047416116-518495306-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2062871678-1047416116-518495306-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2062871678-1047416116-518495306-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2062871678-1047416116-518495306-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2062871678-1047416116-518495306-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2062871678-1047416116-518495306-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2062871678-1047416116-518495306-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2062871678-1047416116-518495306-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2062871678-1047416116-518495306-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2062871678-1047416116-518495306-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2062871678-1047416116-518495306-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 14002e8005398e082303024b98265d99428e115f0000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2062871678-1047416116-518495306-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2062871678-1047416116-518495306-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe10000000f8576328dd4bdb018d0cd71de34bdb01698da2d88f57db0114000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2062871678-1047416116-518495306-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2062871678-1047416116-518495306-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2062871678-1047416116-518495306-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2062871678-1047416116-518495306-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2062871678-1047416116-518495306-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2062871678-1047416116-518495306-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2062871678-1047416116-518495306-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2062871678-1047416116-518495306-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2062871678-1047416116-518495306-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2062871678-1047416116-518495306-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2062871678-1047416116-518495306-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000100000000000000ffffffff	chrome.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
1224	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
636	chrome.exe
636	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
2664	chrome.exe
3764	Exlauncher_ab2setup4.exe
3764	Exlauncher_ab2setup4.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

pid	Process
1072	chrome.exe
2276	OpenWith.exe
1076	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: 33	856	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	856	AUDIODG.EXE
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
2348	7zG.exe
696	7zG.exe
4084	7zG.exe
3448	7zG.exe
2680	7zG.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe
1076	taskmgr.exe

Suspicious use of SetWindowsHookEx 24 IoCs

pid	Process
1072	chrome.exe
1072	chrome.exe
1072	chrome.exe
2276	OpenWith.exe
2276	OpenWith.exe
2276	OpenWith.exe
2276	OpenWith.exe
2276	OpenWith.exe
2276	OpenWith.exe
2276	OpenWith.exe
2276	OpenWith.exe
2276	OpenWith.exe
2276	OpenWith.exe
2276	OpenWith.exe
2276	OpenWith.exe
2276	OpenWith.exe
2276	OpenWith.exe
2276	OpenWith.exe
2276	OpenWith.exe
2276	OpenWith.exe
2276	OpenWith.exe
2276	OpenWith.exe
2276	OpenWith.exe
2276	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 636 wrote to memory of 3068	636	chrome.exe	82
PID 636 wrote to memory of 3068	636	chrome.exe	82
PID 636 wrote to memory of 1928	636	chrome.exe	83
PID 636 wrote to memory of 1928	636	chrome.exe	83
PID 636 wrote to memory of 1928	636	chrome.exe	83
PID 636 wrote to memory of 1928	636	chrome.exe	83
PID 636 wrote to memory of 1928	636	chrome.exe	83
PID 636 wrote to memory of 1928	636	chrome.exe	83
PID 636 wrote to memory of 1928	636	chrome.exe	83
PID 636 wrote to memory of 1928	636	chrome.exe	83
PID 636 wrote to memory of 1928	636	chrome.exe	83
PID 636 wrote to memory of 1928	636	chrome.exe	83
PID 636 wrote to memory of 1928	636	chrome.exe	83
PID 636 wrote to memory of 1928	636	chrome.exe	83
PID 636 wrote to memory of 1928	636	chrome.exe	83
PID 636 wrote to memory of 1928	636	chrome.exe	83
PID 636 wrote to memory of 1928	636	chrome.exe	83
PID 636 wrote to memory of 1928	636	chrome.exe	83
PID 636 wrote to memory of 1928	636	chrome.exe	83
PID 636 wrote to memory of 1928	636	chrome.exe	83
PID 636 wrote to memory of 1928	636	chrome.exe	83
PID 636 wrote to memory of 1928	636	chrome.exe	83
PID 636 wrote to memory of 1928	636	chrome.exe	83
PID 636 wrote to memory of 1928	636	chrome.exe	83
PID 636 wrote to memory of 1928	636	chrome.exe	83
PID 636 wrote to memory of 1928	636	chrome.exe	83
PID 636 wrote to memory of 1928	636	chrome.exe	83
PID 636 wrote to memory of 1928	636	chrome.exe	83
PID 636 wrote to memory of 1928	636	chrome.exe	83
PID 636 wrote to memory of 1928	636	chrome.exe	83
PID 636 wrote to memory of 1928	636	chrome.exe	83
PID 636 wrote to memory of 1928	636	chrome.exe	83
PID 636 wrote to memory of 1244	636	chrome.exe	84
PID 636 wrote to memory of 1244	636	chrome.exe	84
PID 636 wrote to memory of 2452	636	chrome.exe	85
PID 636 wrote to memory of 2452	636	chrome.exe	85
PID 636 wrote to memory of 2452	636	chrome.exe	85
PID 636 wrote to memory of 2452	636	chrome.exe	85
PID 636 wrote to memory of 2452	636	chrome.exe	85
PID 636 wrote to memory of 2452	636	chrome.exe	85
PID 636 wrote to memory of 2452	636	chrome.exe	85
PID 636 wrote to memory of 2452	636	chrome.exe	85
PID 636 wrote to memory of 2452	636	chrome.exe	85
PID 636 wrote to memory of 2452	636	chrome.exe	85
PID 636 wrote to memory of 2452	636	chrome.exe	85
PID 636 wrote to memory of 2452	636	chrome.exe	85
PID 636 wrote to memory of 2452	636	chrome.exe	85
PID 636 wrote to memory of 2452	636	chrome.exe	85
PID 636 wrote to memory of 2452	636	chrome.exe	85
PID 636 wrote to memory of 2452	636	chrome.exe	85
PID 636 wrote to memory of 2452	636	chrome.exe	85
PID 636 wrote to memory of 2452	636	chrome.exe	85
PID 636 wrote to memory of 2452	636	chrome.exe	85
PID 636 wrote to memory of 2452	636	chrome.exe	85
PID 636 wrote to memory of 2452	636	chrome.exe	85
PID 636 wrote to memory of 2452	636	chrome.exe	85
PID 636 wrote to memory of 2452	636	chrome.exe	85
PID 636 wrote to memory of 2452	636	chrome.exe	85
PID 636 wrote to memory of 2452	636	chrome.exe	85
PID 636 wrote to memory of 2452	636	chrome.exe	85
PID 636 wrote to memory of 2452	636	chrome.exe	85
PID 636 wrote to memory of 2452	636	chrome.exe	85
PID 636 wrote to memory of 2452	636	chrome.exe	85
PID 636 wrote to memory of 2452	636	chrome.exe	85

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://youtube.com
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ff8aeb8cc40,0x7ff8aeb8cc4c,0x7ff8aeb8cc58
  2⤵
  PID:3068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2024,i,9077395914918190046,3984920337117133948,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=1948 /prefetch:2
  2⤵
  PID:1928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2156,i,9077395914918190046,3984920337117133948,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  PID:1244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2256,i,9077395914918190046,3984920337117133948,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=2456 /prefetch:8
  2⤵
  PID:2452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3132,i,9077395914918190046,3984920337117133948,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:3148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3148,i,9077395914918190046,3984920337117133948,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:2700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4428,i,9077395914918190046,3984920337117133948,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4516 /prefetch:1
  2⤵
  PID:3340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4384,i,9077395914918190046,3984920337117133948,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4404 /prefetch:8
  2⤵
  PID:3676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4888,i,9077395914918190046,3984920337117133948,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4876 /prefetch:8
  2⤵
  - Modifies registry class
  PID:2816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4868,i,9077395914918190046,3984920337117133948,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5056 /prefetch:8
  2⤵
  PID:3164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5984,i,9077395914918190046,3984920337117133948,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4968 /prefetch:8
  2⤵
  PID:1136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5328,i,9077395914918190046,3984920337117133948,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:3880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5300,i,9077395914918190046,3984920337117133948,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:2816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4596,i,9077395914918190046,3984920337117133948,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5992,i,9077395914918190046,3984920337117133948,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5168 /prefetch:8
  2⤵
  PID:2576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3792,i,9077395914918190046,3984920337117133948,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5500 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5116,i,9077395914918190046,3984920337117133948,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=1236 /prefetch:1
  2⤵
  PID:3412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5996,i,9077395914918190046,3984920337117133948,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=6136 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=6340,i,9077395914918190046,3984920337117133948,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4832 /prefetch:1
  2⤵
  PID:528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=4468,i,9077395914918190046,3984920337117133948,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:3828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6100,i,9077395914918190046,3984920337117133948,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=6424 /prefetch:8
  2⤵
  PID:1224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6512,i,9077395914918190046,3984920337117133948,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5496 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:1072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6604,i,9077395914918190046,3984920337117133948,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=6504 /prefetch:1
  2⤵
  PID:2708

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1496

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x348 0x4d8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:856

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1320

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2116

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\ExL4unch\" -spe -an -ai#7zMap1172:78:7zEvent4484
1⤵
- Suspicious use of FindShellTrayWindow
PID:2348

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\ExL4unch\" -spe -an -ai#7zMap32708:78:7zEvent25588
1⤵
- Suspicious use of FindShellTrayWindow
PID:696

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\ExL4unch\" -spe -an -ai#7zMap2266:78:7zEvent8765
1⤵
- Suspicious use of FindShellTrayWindow
PID:4084

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\ExL4unch\ExLaunche3\" -spe -an -ai#7zMap27776:100:7zEvent23700
1⤵
- Suspicious use of FindShellTrayWindow
PID:3448

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" a -i#7zMap7899:92:7zEvent11124 -ad -saa -- "C:\Users\Admin\Downloads\ExL4unch\ExLaunche3"
1⤵
- Suspicious use of FindShellTrayWindow
PID:2680

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2276
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\ExL4unch\ExLaunche3\config.prx
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:1224

C:\Users\Admin\Downloads\ExL4unch\ExLaunche3\Exlauncher_ab2setup4.exe
"C:\Users\Admin\Downloads\ExL4unch\ExLaunche3\Exlauncher_ab2setup4.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:3764

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1076

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
2917709fa697809977ad6f4944d74bd6

SHA1
a76a17ce70ba9ca6d4e8a202c7249b5c8e209c0e

SHA256
e8bd15b8ef4be845b4627ac18b605b1aba7dfcf82ff99481a9b59aa949b0ec1c

SHA512
8c80de6fb14cb79428a80c00a3fceddd699a19992f1309c1b5f037fb7a42153cfdf26405091b6a97e8d80c8cfc97ba87ea73b34a0da38c875a25b35c19fec1fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
239KB

MD5
5b1a50d32003745b1a936967b98f11e6

SHA1
fbe602b3997dd91a54a9a6578b2f5dac7cf50280

SHA256
177717c6a2bfd0ed22a2d249ad621321f2b901f0fce4dc118ef8e020d80d8d95

SHA512
6c49d6db209bb14e1462e655bb7d90b02750eb2ef6241110a97365799b8af2ada372b3455396ced05ecd9ca49baf007171d4a72a7b219fdea4afc16c43b7dac2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
49KB

MD5
7ca090d5f0c1a9e7d42edb60ad4ec5e8

SHA1
7278dcacb472ec8a27af7fbc6f8212b21e191042

SHA256
4039fef5575ba88350a109b2c8d9aa107f583acb6cbe2ac8e609071567c4cc76

SHA512
c4f2d23eacf74f87de8dea6e4532b120253bb9ad356341532f5e1aaf2ce90d137f46b50df7de5250bce4eca1fbfb74da088accd7c626fa853dc524abad7bfe8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
635KB

MD5
b537ca5fec304dcf3ce3171edf1e8fa4

SHA1
52665eefc08697d21f82719269fbfef687a643d7

SHA256
50b93c8ccbf1304dde0b424bafadf2fb654597bf4a35def9f29356988dfeb2ca

SHA512
81ae8df536c60aa8eb9a687625a72de559d15018c5248e0bc12ce7ed45aa7b960e999b79a8e197c38ddde219aa942ba4534f154aa99386e5e242d18a7d76c805

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
34KB

MD5
e85ac71b59dadc1488a1c888db91c5ea

SHA1
a4aa7fc9226bd867a978945a27fd78a0a82cc994

SHA256
7441da6812af01a6eb9afa5d602986b233a57700cb721343b0aa9830a15def0d

SHA512
2b4d952a258f9001c2d8a42402c98788759138669750667524df2031d3926e21836b037974ded859bebf88fd9296791a6a2de65561b8098f066f9cbb8ae719ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
34KB

MD5
6242c13ec6b35fed918ab71eb096d097

SHA1
691e6865e78afb11d9070056ba6cd99bdad7b04e

SHA256
b1c7566622f40bad557a6c5b7bc5b8ae25b4da191ac716cc7923282eef96034c

SHA512
52914b4ca7362e9ebe326ea89006f5cc096fd4d1c360cae33ca768af92fe6fdb5078d0848fb6dc092848ba0e3d3f51bfb20a292250c35e8bd2e79fd5a19dd7b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005a

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
744B

MD5
8be4762f00146951df873c68bcb0d388

SHA1
6927467c4c51cd7a5116c9f68c16ab0397e149db

SHA256
1c69d883a716db8736efb36abe92cdd39b594b8efa79b90c0c7a316ff4b53065

SHA512
077b5765c771f55a359a6407546c20fdba3ee9a2d37bb20e4058543d80c4c86f28639f02d3ec30fc346dc82608cdf6003eb1c2b01c637da3ddc36204650d975e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
fde320111a7956c2f44a536bc59c1942

SHA1
20f40f376bee7b791973c6278a5bd5a4a702c554

SHA256
78255193100f5dcd4e63a683840426aaed7e80f014ded61047c673829d7201a6

SHA512
877451d7b87009b0f97ab59b879a1db67e654ddad100e77a068ff07117941ad350e46d62d4a72617b7a5044b6646c25281382ee4c605488b36ade6706c97a7f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
40a994b219f0467d6bd5ee9027958e86

SHA1
0710f39ae0028d243571fbac8636aacef9d175b7

SHA256
025c02661370a1cad242fc35aabd0bc15e145b91f2a545a3d0e41c048d30229d

SHA512
229f00ec6b9d18e64b228962ff4d82c64ebae04a15b3c968b9846fa9bf7cad67450952086d838d82aabf98bfbf4c9c1466dd0d058f870c67df11f3b5f286f1e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
8805165059cafd6994d350629c97f52f

SHA1
d38df401d74adc0f5cd439fd03b6beccf1dbf75e

SHA256
cdef2b7a4811ae85b97be4c1556f30be2f6fd1781d5bc7bb8bcf6e97553e7a31

SHA512
2862c808cfca8321f04b3b8d37211a21840994615c603a10aa387c171693e927cc4d7b9f47a91ff5bb872183b07ad298e77cde80598de4cb239d2007fa309c1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
fb5f1abe7caf5cfde12e4b9ecaf3fbe7

SHA1
0a369ae3fd414b4ca0d40c3b27aa080b93bebd79

SHA256
6dbdaaf977415e94b239f2e0c55b5a7ca7971d41662520320b959a02902e713c

SHA512
c1c55d7f9b59e18402a41382956a24d9d2bb070e98a57f4d4cbe7a5aebc80910372e8f1b0ee3956ac3c269206278f4384ba3650a89de8ff8acf381acc2014bab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
91df9b9e094c018b5d426caf1c68fcf6

SHA1
b9655c4630d9a0a0c3653b9ed605b3653bd1d020

SHA256
8738d76475f040177634475c36b6cd2ad692d84ecadfa9c8d5a507769511dc20

SHA512
5052bb26fa01e7557ca012259ba88aa048f1de41d1043640ab687d0a0395fcc816629a603a1044b71608bca997cfc8607b7029e2f6b7215de5b23733e10da03b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
79e1075d83e566ec6cddf7735e93c61b

SHA1
6ebced66a5dedf694f17dba1194b1e92a12ade57

SHA256
d75c3276a9dc485c8e82ed214bd46bf48eb4e284d0280e5da98509f84d311cd0

SHA512
60c471710900750d1bc540f3a8a8dae68bb84159b3640da7b8e920e2004a99e6bf63443237e6c271e0493deba545d6b4dd3ee4bc52a20c267999abd8d4639f23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
12KB

MD5
334734b1262792f96fd2052d3f9b9d45

SHA1
361d42cc27058668a7dddeb79020af0227fe34a6

SHA256
220180b648df1ce2e4bc6a36f8aa826557a9ad51fee712112c314bddd8faf4b3

SHA512
cfc78f17c79a55643c30461622767147cbb87ded5bc53ad797b91b306823ef296fab276a0b61e4351859e0d40209a66df84a90bab10318d53babfd5bc42b7aeb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3d537a6ceeddcbe311d3d6403c804c9e

SHA1
632f27d30b864b46e40bb6e4e5a33d977d9bc05a

SHA256
49799ed7a23b70e0238002f7080500544d5bf34cc861a650c7d313ec1e1ffdbc

SHA512
3f8c16dc6b5864d313ee05bd3712e972cfd4284f6fffa6d54bc0ed5c86f8c4e21068b81b87f9b3243353ff18b0aa5cde120ccc3a22aed7c67f9451a0b77d86aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
d387c3819afe3ee4fb691d23f89b1ab7

SHA1
daeb54748df13444550379952245ded66de34ab7

SHA256
62da800b13247bb6002663f75c67478e2b0debe8ca9e5a94e36f9b4fd8125c7e

SHA512
90a4da388effa6bc2a895bcc008f3fbaac6a0a72372e9860cd42fdf3984981d5871677d7ffb21cd252aaa69395ecf4e634870ea27c5bb3d8ebd2953a87dff27d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c1744478748e2cd44e2e63e6d61a6203

SHA1
259aa6a065eb1234c7e5d693ee99d29592c7d745

SHA256
47220f71e7e613206b1dc62b802615f55450786346ba7d4b6cf8a3334ddebf54

SHA512
c6ce8384f5d03dc5a11bd8804df5fd77a3c1e4f0cbe6f35ff0221d97a26fd2c8c26cf5bc32356f60966cb454c915c1a3e24b422b95ec63da1c8eacec6a9e8abb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0c9b72f047e977636016df5b46a8c8bb

SHA1
0471be286843681b2729142040dec594f3a2da6e

SHA256
eb6ff760d8106dc70f4a4ad5212d400b701004bde718624c7932121fc8079cbf

SHA512
9b13e3c7d0fd175865036db31c2c370f9649c0057ae70f8de74c77aee484913d45ee297a0dd898040d72cfbf86e803a68a8f352a07a987d5610d57f7c62902c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9fa17db814d779d9404957e63d095b21

SHA1
e881250de9d48be395640c2146f8f071c92f0c45

SHA256
c272f758d3e825f20e9191a17bfd71e26765b102e1060c3b8f83f3443e39bb99

SHA512
e9ae2c2098a82fbdcd1f5a802de411097f4ece4e9462035e3817b5ef56ef54ab2c042a8ffbee3d5c71625c29768acf737792c49fd93939e574181bd8a7de1872

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3425068f610efeb0e14610d1c79cb428

SHA1
9779f09859e9a17f301c56a982eca1fa90db68a1

SHA256
9c8ab9836dc2e6afe6c6b3f84254e992d2018d87b5c6c0ac773262aaad6345bc

SHA512
a3821ea82f914e933406de84a12409c846b930712b7a5228590458edca36aa1b37f77a716157e9337ded43d6a8e47f1e338346d4b2e77901ac730575b860434b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
cd431f44de29de099d8420950d5c02d5

SHA1
958c884de36b2ab4692e588b93aed0b6ce11bddc

SHA256
345b67b3e3e37aa7a595f7c2afe29125623549f8ce7445935d5f4567773ce2cd

SHA512
e70f9901acdd32cea68af5b3446af1543dcf43ecec83c21508d68dfeb94c22cbcd4255d76e1bc66315130d520a565ea09f0e818450f9f071720756c9c639979d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
11ce0285ed4b7ca7a970553298625a77

SHA1
5f70c20bc06d9bdeeaef62baae8a7e41abc30225

SHA256
b1229c4687feaf3d22e91478c4690e44398fde5552ca33050f1da3a2e798c8d7

SHA512
2171f6978389ebded6c2336a44a2af0ddff96559612fd377055180f1c4336e228109b78762b286977ea58c48f85b0372ba5dac007a85eb81362ee737b454c192

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
3ac57efefe57a1f03f583c5af1cc9b46

SHA1
01df3634341b955a38d3e8ec75fa73e176a130b6

SHA256
e2ea72ac225c6318b30ba98c98f60ca752ad76526514e70ab19b2938daea5f4f

SHA512
b42dde1b733de0092fb4ada4c3ebb3a21a01aac3b38495c2af375abcca512c1760ff3a446fe47e60ba18db08585c468a8c4277e4a7268820ffdd5d7f29cfca75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
b883bfb0603a7d0f8b296cd104eba972

SHA1
cd3d9387e31da466cd7c73a7376d242fc7e8eac8

SHA256
20741ec9c7b7ba2282d999c4dc4cc3a7c63bb070e61f8f644f2bc12474c7cb4e

SHA512
5d8826d9e9d4722477e1166549d369c1cb9e41612f1aae68e5401402759c1e2e2bd41c998af5dea7582c101809f5ea7b3af1d312d993a487811890882bafbf66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
663bd0c5009a6a6b574ce62d8231122d

SHA1
4218c22e2906064ea27951884fa773c4aead4bfa

SHA256
91d2eb592768a4d3ed5442dc63c35077ece2c3e58ca4c48662b1dbb699f72ce7

SHA512
3c00cd7dd96b9dfed68582c4dd7fa7767350f61dda13730442a36e60108486e9deefb38d06417c122f44d2402c57276e0cf4446a4bb21d7644a755d73e3d80c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
a09c1f0d89b5f04da3e9928b1988cf8d

SHA1
054099bf5e7c4aedfa0f3cece11916b46de013f2

SHA256
199a3885d83893b47ba4a31048e2cd7af3e3f299f7b8f14157bd4e9411a57cf7

SHA512
69e4e126c5c9e1b731958556832dc3666aa2d362acca85f786fc57d56b8e0401f5c7b416c671f3b7b1267aaf4dabec2ca0fb3189f25101a1477be3df5df8b59e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
991b65c7ab4773b766c8b0e4a39fbae8

SHA1
54a9d3122ed4215a0837516bac5ade30df9bcda0

SHA256
b1f7a9d85ff7c357b6e606f187d7aea1d32aff0df069f2d11c62f2624fb42e9c

SHA512
59f51e6d0bb4126b93b8da3233d432cab3922eff92d79a213b880c7d2f03bc602a17bfb797401c29b353c9d8a480001923fb718af7a2a347ea4bb07124cd6bc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
28025353256d47ad40a916e705ca0d67

SHA1
b7db33467208d14013c75684e6a79a78c6a52257

SHA256
714900c74ef063781d1a44fd9bc47ff4f1c3ab023764d1caeaea803a14e10320

SHA512
aef8c08045e0b8ede27e8df7533335e82c8bcb1ac3d36e0511e9763682bd5d5c293c3714adc013bb84f7dfd0b27caf31f0b4f0a5ceaed4a81cd04bcde1cd555e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
83cd921329c299412ed3e568ea7f55c8

SHA1
56b539fe27b18a9b797da3884efbe6312e18f4b6

SHA256
f7d4f6c2135413a9bcb01cc44216bb69dea6df8b96daa11d3489bd170b5f3ba0

SHA512
c86372a41e778fad232014e8a3c7f899d24369e2b62226023ca36689c24cb60e8aa941fb321302019e42dfe7d2c8148825aa26fbdb59b6a56e213352b39b6bba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4a42df76c5a732daa51eaa9b868c5703

SHA1
184cc6c5de503e379f1a622fb494b9bb61fa2cbe

SHA256
b7d2745c7944d0c93063b13302415e5db5841b2f9a13016c3a26c8d289693861

SHA512
00a2d391cb425a62f416fe81c6b2948db83cd15dc895b072af1df8af1fd3691a21e068beb90a92b6149e389af21700efc2bc1f997aae74cd41a929f8e28f8962

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
f9633a86b175165119fe839f588d18b8

SHA1
9f9fcc0be79eae678e14031376f5f618428c2c28

SHA256
d2ed40a0afd6c5c6771922c9cdb3ce91fbe752f58b3e965f545b0be9c96718f0

SHA512
4ba0767b25a6262e356547599a5f2c80fb3b26ff646ea77adef553f53e45e25fc0eeaa084d532212411c6b4809d8cada8fcf8b90dbbb8b06a510d485df79bd07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
257edf2b72d72ad8e876abcebd357205

SHA1
6bab1a2af2bc51ac10255046c27e0c8fb8aac6d5

SHA256
15caaefbdb6394d999d6f747cdaa0aa2d1f8b5880e78e8e474911baf1bf9367a

SHA512
1ee95344d336168f8b3e04daa84d788f980f7350af22e5ee9cd696634fd32581c4f3ad8c2b9e0b7ade4077c17438dad44a1d56e878a3d4ec700d49e56bde1894

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
ed09f16d4e6682bab1d7d6c7b2ee29a0

SHA1
30f0623d85fa762103d0f3945bca599cdfd1f7a8

SHA256
dfa9562278372705316c0a1defe6cc61e43c8c4ae0ad75136af9b027ca5585c2

SHA512
067972b8c9344040fa7773ab26a2b71d532ae2fa91afde66de6065af0890db10fb791f3bb33f54f383bd45ba6bbfe1d07c9b729274fb534e998c28f29f4a261c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
7c18ba7a7c5978488dac3a2e2db9d18a

SHA1
0699cbcaa821452bd49d1963fc19de7fff0d7ef0

SHA256
804ef08d0ccf2c11a4c565117e3355243fac2e24bf256935c37680e92d3ef301

SHA512
9ccca368c568f94b37cc754908c5e59de3f001046e1626026e56bd680df6b468654a80aba726e6ba7da88b89913611ebb2e93c3b72233de0e44eed4830ed3b2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
513981173a091b41f3d70411a9ce693c

SHA1
cd43794fadfcf3f385241e8939702f092f15f7b2

SHA256
fb18e74abaa0173f20b2953156032d3fefda9756a05956a0e2df89e66ec37c1d

SHA512
eafa7f61dc1c965d511c53aaf5bf5a075509a4e847c95cd87e297b794984d5e774ea82f530f151ae178a7ec089a34e93f4192752bd51775ccace041630a91290

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
14f71ac17e89790fd54e3e33444261b9

SHA1
055f2a16860d68e53a7d0a3fe09fd877627b88d5

SHA256
4bb9ced3080b35bc34329b0f5456ea34dcba67461ddee0cfd8c472a16d5345c0

SHA512
1b63a691f20dcc78fafbe43eda43b8a8516847465f08d2771fd3fdc4528a195e4593882299ee0ecf96a7a898fbacdcdc619b8348c2c70422fbe401d84214bb18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5b7e29ce59b435cbcbad9e625b80a886

SHA1
46f297900481460849b38842c2208c350a78113f

SHA256
f45f62ecffcbf26d4e206a77ca054d6abe2ba68ea3a7754dded4a3afa3c9aaaa

SHA512
84e601ee9216b31821569cf74504acb0b2df2dd88d1467a22c94b9928bb655e70b3bc0c51138c0274000bc75890b45e943a7ea4d420ecdd206a3ec75fc070ba1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
0c088c2f5a4e0d0e2789b17fae9b900e

SHA1
1243fc16d2cc2780cbb0e8a4d848391adf174648

SHA256
f47dea12b34e4c0a715876acbacefbff1c8521a1ef4e1d7b9a22a148c5278c61

SHA512
73d2d08353035421cec891c1051343357364325c7ae04df52a5ce4804a569a79452ce687ab11393a375dd1f07e3c5a1a575f0d44ca8bdafadaf6cb86a40ec7ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
00e21285d55a747a57190c7e170b0482

SHA1
082845264bc38fe7098ec5f052c1878746fb9bb2

SHA256
0466fa1331d92b2135fc889d09416bb03ce519549ef9bbfc883073cdd8a699e7

SHA512
088095ff1444249477eb663576f5a21e9fea404c5b7ed446391553355f4dfd7a248fa0796d4c3ab328498b561831b2482c2c5220fecd8c468c874c51ffe989fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
4208645d1a0c941591ba977515e45019

SHA1
41702d2e962eeec06eafd3739d3324e15e6cab2b

SHA256
14faa8a64ae4755b8c23199ed1c02e749d58ceb4807bae1827e97ae4dc8861db

SHA512
0facebfc733cd4ebc979d3e8544f6e1eee446b3cf5caa38f83f3ad8270478598ec8337d0198ef13151a2a52dece1deac2cd815b2ba9f954178b3d5068ecc37b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
a617abf0bb214dfec54891526d80ac16

SHA1
8a6e63a406a12afb475825eeb6e615a74a7cc79f

SHA256
b3433b12f575dd04a88fc700c4e551e5d33fdcdd0839dc3a40c3e1050ce4ea94

SHA512
57ddb5d06314c9a21a97a25607eb3bdd42fd1b446ac1d71621495935a18bee883868e7ed74a94d6b25b738c4eb15b2ae0d56189c6a37a58b514caaf6033bcf0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
fab922ca8fc8606340b957bb4443656f

SHA1
a0d9dbec291a9a176e872d040f33c739158bfee0

SHA256
cab3497d7aaab0e39b3cfeb6cee59081bbfe71b16314efb97cf12c9bdb439f93

SHA512
a11ca87a5091787d0a3241ba6300130d65eb78d6421630abcb49f5b5eef7361e9c9f435d084363681535252c27d19dfbca5a02af6e777214a33bf02c8d53dd9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
196ca0db5b4044a0c130a832cb1d48fd

SHA1
9e6c84ce38f83e4a38abde3caaf9b52e3d189390

SHA256
146a7d9abb7737c08737ad2f2f5237a383c6556ef8bb7a5ab7a8b5679f380faa

SHA512
81e0a4e6df572902bec3f264e29f60e9bc04b3b6681be7fa35abc93e3b2dcb8d7e7a25fe546a3b76c7eed00b9e5d82b6d8183bdab255fea65343ad6267028b38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\81cf68ac-0567-49e1-9ee7-de7fd1a309f6\index-dir\the-real-index

Filesize
2KB

MD5
500e63c6bef7057ee67a2c69fd4054fd

SHA1
b70267954c347c0104eeb7fdd7876afc4a835542

SHA256
3484b33a4988f13ef72df165af313b9cead3dfc9f098c180cee7173853d5825b

SHA512
6c410ca21224a3fbe1904fb1c99571a6fafff944fa1062855687fafe026e6c962ab02dfb43d064008112e04807977c733680dfe7a707796d2e0f9e8ecf72396e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\81cf68ac-0567-49e1-9ee7-de7fd1a309f6\index-dir\the-real-index

Filesize
3KB

MD5
5daa8d66d7107fe62d717155fbbed660

SHA1
321545bdd94e225bbf3102858f8c512969cecaeb

SHA256
99eb2cd3a4e28d67e2966cdde78c48400e3dcec1dff43699f4a7e9cf0ff047b6

SHA512
028b4b0965fc38daf9d3dde944baca1023fa66648a2b2e0fc6d8e3d7fc75d3e9091bccfd9ae142297fe0d850a440dc7b86ddca431f49fbcbaa33f82a5774b1ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\81cf68ac-0567-49e1-9ee7-de7fd1a309f6\index-dir\the-real-index~RFe579fca.TMP

Filesize
48B

MD5
1ed4e92a6383680c42235954e9d26983

SHA1
6028301a2a0d6bd4c8e61c1084b02c1c8498f8de

SHA256
b7e701cd58d30fb0ce021dae15f13002ac867947257632a45ed5e7f1caf2c717

SHA512
e950b2fb37a19d61ea7be1f05b8189133df65599a5710b44b625c0c924bf90e336c7c019f7a659e231e0f1d365842d2d48528d193fe371937367340a31324102

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c6fb0bd0-e207-4aba-a440-f2f9c7c9874f\23f39acc884671c2_0

Filesize
2KB

MD5
789e752a8607c1d49827f86468880f29

SHA1
8ac77c0e5061407f9b1f8a236c15651af4b4ab4e

SHA256
0e04d33f30d10912b3a54a41e1dd04463315f9295cf28a1d5216c39f30aaf58a

SHA512
2c8cc3e31065b81c97facc0a425a99758f86d4d867dbb78195d3d54acd3a958acf4d00f9952dbf006575d62bccb64aa50a18d21e7afdbd27b54fc9a372868736

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c6fb0bd0-e207-4aba-a440-f2f9c7c9874f\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c6fb0bd0-e207-4aba-a440-f2f9c7c9874f\index-dir\the-real-index

Filesize
624B

MD5
6a92041d010428cac39c6bda7a9b1a21

SHA1
dd45fb644e51388adf08e85ded5942773a6b3442

SHA256
3995533b74cd465d99b17c7ee945958f225c7766c3a82eef11654b752a621524

SHA512
0a93619ab9b58b9102dbc4e03c24658b380fab04764c5e4e75855cc01f318a2adc7e8a599e7ede2155ed98d016e67dff349ac499a93d6a106d4499d3c30f0d5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c6fb0bd0-e207-4aba-a440-f2f9c7c9874f\index-dir\the-real-index~RFe57fa8c.TMP

Filesize
48B

MD5
879ad7f23c04a984873255a189599bee

SHA1
54c5a7a68fae9943d6ccd6bf0a2c42b40b287424

SHA256
b5dcab05883e91a5ad7f5208e16378d22c18e49ee87e5b85a8d3603ccd9d18fd

SHA512
095192f4204a49ed9fd6423a603fba21e35155a5a0ee1824830048dd68eaf57b490944822cd03308d5f7e40d477a0a8d659def2bd17c64c04dedf9c36867033a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
183B

MD5
908ea9d654a91cc737db8f2a833f6e24

SHA1
5cdbf83140d19cd1634606012291c2a960edf670

SHA256
4fa4958625f11872d9a98daf697b6e5a4b031e7fcb220ff5874f1e83a03c8a66

SHA512
537bbbfe8d94afd924772cf89a1be1abd7be02d1e53ed1be497a24664967fbdf4b1811c1de1171b1158c011e2cc21a805c619ec192ec2ed2edb740d74e6760f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
183B

MD5
741d1b01e3969ef4726bfffb492072b0

SHA1
ba73027a05d6e55e8fa51420090198bf27cccd32

SHA256
5ab81335cda4f379a86764d7e5d428b0bd6ae1d54b991e823d015394366503c4

SHA512
cc82b36d8694ca92e21bee960a22fd28bee281e091af349ff1868291d9052cd87a0c5d5db2fb5538f5bacfab53d2043d70a938420f3c5981755a5491b44673a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
9f603b78b55797f5014b0bba86de06c0

SHA1
79a4c1f8b5a7efa339f950532d156123839ccf18

SHA256
a747cc92b9ceaafd28ec30826e272fb7eee2ee58776aa374961b3540c2b7a314

SHA512
f2615dac2c4b49423e47ec4325ae83f22f37aebfd126303591d057a8f8b184e3f78c0e5e00a0639458e03417f67655d2ab9e09f4570178c420b2d362f7eeb5ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
178B

MD5
da6ecbcf1ee6241c92a50a7fcd01620a

SHA1
a3955fdcb50cbfee784fde137f6f8c7b8d00be30

SHA256
6070637b7670b0f28a1ca095037510a0817b2a5a4572075e67438cfeb4170ba5

SHA512
558a440094e76a478066fb599d03cb7eacc08ebe93c56ad68ec9d215449c169e28196b72f426e6aa5983ced41492385b30ada18579d91c5dc71cd353870ebf7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
0a34f4df21c9e06ca5b3d7e331179e65

SHA1
7e7e9472ad02799ff694a2d4a6832588152f3e8f

SHA256
cb15972318b6399ff65fe3f8d290ab441c74181738cad310a0a99954a69bb758

SHA512
957f80ff207a0516dd377b66a8c97405423f2f3475d9c48ff5620331d052a45eac9d39d1bd186514250d2cd43bcb535e5d21a29e6167c20cbd63248b5ed23dc6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
187B

MD5
0edcf7249f37b5c848f06528917c1a01

SHA1
0dec5db83a01186e5970d7981e42e8a0e4db943c

SHA256
721c143dbc79151280e969880ed685916309f52b71a809ef68987e0e3e89bbd3

SHA512
3c18e488ee42266e2d47d2fc3767084e6dbdd3a9cbfc2792fb849df649f9f7fe2dcf449b4b7e7620e1bb472fe80f8d9c818abb075fa9722eb4bf01cac0cff561

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe579308.TMP

Filesize
119B

MD5
354f506270649208af607f8a5c8ad59d

SHA1
45104766728aa9341f3e49fc4e14aab8e594a2b7

SHA256
c6fb1dc114b8d80a6fb2922559f677415a9a97d222b14cdb2b6fef9da1dc78bd

SHA512
bd32cf18297edb1a698fd59b020fcb187449238da730c6c58e0e4b30eef7983e8b461553e36b5c6c4a1388da009b33e9b513cfdeebfd7d31a85e21ba9c1f3021

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\67a473248953641b_0

Filesize
16KB

MD5
c24cff3a3f7b9a1327b48560dae9f336

SHA1
ca2b6df4c2cf5ddc75d54d60fffeb73614621d31

SHA256
2829eef8af0acff6fb9fa726a35d8052fb181536636f199e04cd89768e3fc98f

SHA512
25bcfa832a36ee43bffbff06c2a6e386ce0f46d74b6f4ba306ce7bba2c1ab7377ca0d993233ef32a2e0f0682d92db9a67584c7c40e2bc0ff27d90c0cc5168bfc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\fa813c9ad67834ac_0

Filesize
163KB

MD5
b0eb91a07e59c9163c24fcb86637b051

SHA1
73a438b78749b61373113ff783990dfc02fc83eb

SHA256
79001ad75dc67c0170bcc345848cfd71a176d0a9ceab319f533dcab3a32410e6

SHA512
ee5a7acba3002c84924fe9f2662d0053e760a7ed7888262245dd3b1b0a451302cb455ea9adb0e6b170b032e0d92058c60734e7272997d524263f1961b6dc1595

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
4f427d1dfebc0792dec3a3a27138b90c

SHA1
36ae3efa9108a56bcf7d8cb3001b63a5831ea42b

SHA256
eb136b35be6531a7743a01005fdfce7de7d8c0204e9f218a4b077ff4d43fe490

SHA512
1ef2b6db527b7b4d5cea8214a6ddb1075732f031b5f90b999db0eb5b22b61558dd3bbf30990ad810da13d3a591afeea00acd29150162ce91b380db589d0ecfb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
144B

MD5
08ad2040805f29981ea2e88258624e4a

SHA1
11737297b11e3d2ec9fe9080f27d43655056ca62

SHA256
9ad542191a94953c0b3e47b1a5d64634e56093d5f6304658049dc170b29005f8

SHA512
8a686917846541bcb420c23fdab42b293852e3a638659daa36d0eceb62e4b2567b404b5d79322c9d73f0eaf9e227c1ac607e263f01f57bf0af79d62c28589221

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir636_461872168\Shortcuts Menu Icons\1\512.png

Filesize
10KB

MD5
529a0ad2f85dff6370e98e206ecb6ef9

SHA1
7a4ff97f02962afeca94f1815168f41ba54b0691

SHA256
31db550eb9c0d9afd316dc85cdfd832510e2c48e7d37d4a610c175667a4599c6

SHA512
d00e2d741a0a6321c92a4aab632f8f3bafd33c0e2875f37868e195ed5e7200a647b4c83358edcef5fc7acbc5c57f70410903f39eac76e23e88a342ac5c9c21cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir636_461872168\Shortcuts Menu Icons\Monochrome\0\512.png

Filesize
2KB

MD5
206fd9669027c437a36fbf7d73657db7

SHA1
8dee68de4deac72e86bbb28b8e5a915df3b5f3a5

SHA256
0d17a989f42bc129aca8e755871a7025acb6292ce06ca2437e95bedbc328fa18

SHA512
2c89878ec8466edf1f214d918aefc6a9b3de46d06ffacff4fdb85566560e94068601b1e4377d9d2eabefdc1c7f09eb46b00cf4545e377cc84a69edf8e57e48b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
52fa21925deaf72be947f53a5b232fa9

SHA1
a508a68ef2592864527c94978598606ae0768f2c

SHA256
4d7612dfceb6c85e4fc8aa48a8b526c1d3d8a6bb60510f44fed8eb9b220abd0d

SHA512
08c4c6a2cc2d3d8894336b4e46214a65be1ea0793940a8459ba03505779fa65c503ea3a3a5bbac4d55580e06c2a9782b087c072e065a623b4c1717e3861e5ce0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
cfdd9577ca98d468e6c11d7230c5375a

SHA1
ead7c3a74d3061014c8b07309c2efd4815b67761

SHA256
9da9fef514657de91f0ddd565788a643b752c4830948393a3df235432222e28f

SHA512
16743d4632b43594d7188bf0418d5128f66efe75e89a8c01489fcdb9f0abd4e7a32021685be31776e9e244e978d851fdacc0ad47ae3c65aaafeca098aceaf5a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
d9244b6e543c370bc6836bceaeb71df7

SHA1
eb0442750aafc8e03af1af9f191f86b65d8550a4

SHA256
61316f45ba238a9ac07ca2153feaf30594b27a4fa4343e3d9cf3f6df28ee5d06

SHA512
9e684edb9afab2887eed58293f6fb07ed361f498914ce8d2f4705c887ecbe8273b3fa608320ab6dd14829bb92da334ff21c2705e7b047fb07efd3f225bc51acd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
caf2aa625e4621772a2081e04626a2e2

SHA1
cdc4b09c4dec70263aac022706dd59a674197133

SHA256
7907f5d17356a1178848d5b1a1bcb3aeac4fbd9637b3b805b409516e486e3e75

SHA512
f04553ae296bec232498f34960c1796da1190160347fc43523401c4bcc00d9229d78fa494791227dcbe56fb889218ce4f29199005fc04bd5f42d65398e2cbc6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
3d47b7f0f48694e59b2114adc50a22a0

SHA1
ca63b9014dd69f6bab3a906aa549b1cb73742325

SHA256
5ab06968e0eb942d5133fb724a4fe5f831b4ecb0c3184975cc51b9b5d8c47c71

SHA512
164acd31210ef726ec87766e5b1588401a99445b8b560af77194ec541a983b9df3a166d81d043c266869aff76c39e447ccc4dee5d6cb96e1b27917577b192d34

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\ExL4unch\ExLaunche3.rar

Filesize
7.8MB

MD5
3682f9e8c4e7d80d15d8e18e98f4ced4

SHA1
c985ff2dacbe3b6bea8cac9835f6eedf18ef398a

SHA256
2fcf1f1b3203b02f17289e5b90d49e988171c91a5c387848223df87338174524

SHA512
8f4d5a6f7ab67a9bb01c292aa973680555783a8bab5cb44e775f1a7378afc7206b464e98350cc865121a3bc59e1e2624562096a1f56944c8ad6a382a874420f5

Download Submit
C:\Users\Admin\Downloads\ExL4unch\ExLaunche3.zip

Filesize
12.3MB

MD5
b475b494ce1e765c290af30c5dbc2fe9

SHA1
5adf1c36edae1d196858b9147fc4d7c7d6a1b6d7

SHA256
2117b202be817e3bb30fb954f13c357b0bcb156f9af7ef05e25e8d43e029a229

SHA512
d0fbb82966f80149f02c7eeac29732a59ccac9f1aca38ed20898b18af74feb13872addd1c7136ed5c72477ea5da35da775f734804f43e1ffa7073c64ec693fb9

Download Submit
C:\Users\Admin\Downloads\ExL4unch\ExLaunche3\Data\Updater.ex

Filesize
414KB

MD5
a341d9bfaae6a784cb9e2ea49c183fb4

SHA1
d061c12dffa6a725f649dae49c99f157e93bb175

SHA256
52416bb8275988aa5145be6359b6c6a92e3c20817544682c2c1978b50ff2052c

SHA512
9dff4ba2abf889c9f9e71da1f91abdde1742a542b53e8c289e011113e1bcb86d4b1aaf5e7aadf97aa5ed36ab50227295e27ce700d30524f7198fd8f3928c36a2

Download Submit
C:\Users\Admin\Downloads\ExL4unch\ExLaunche3\Data\Updater.exe.config

Filesize
1KB

MD5
75e66ab540561a0c7d4160271f518243

SHA1
ad6501e407d216744b6c3de76d7664d9581ebad2

SHA256
091afff3bb63024b5a7b14ea30306b6753858fd1a33fc8c98e3b5e65fe92fbe7

SHA512
fcb55c0fdbb984b06aff2fafcaea2596c175aa5a07d2f1a401305d3441338aa266a53d2de7a7577684884a2e12ce3ee430b2e1d0210684a7eefaf9eaa0de115f

Download Submit
C:\Users\Admin\Downloads\ExL4unch\ExLaunche3\Data\en-US\ActiveXInstallService.adml

Filesize
5KB

MD5
46876b1e6c8ba1fbf3abc838ccf809b0

SHA1
45ce70edd0ca87a5920d43385066087df134e30f

SHA256
f49428cabb6f6671d95ef214133100c268d2ab04dbf0f095dd08b0105ed9d8a7

SHA512
702c319b2d181753be99d99c3dff9f6c578934067c89a614e9e4b0a5da6a0fb3545a3ba4986e12e9da5de8c6af56780982d181a8d949a6e573af725e2505deca

Download Submit
C:\Users\Admin\Downloads\ExL4unch\ExLaunche3\Data\en-US\AddRemovePrograms.adml

Filesize
10KB

MD5
dfe20a0ca8674d6eaea280c139e2688a

SHA1
97027b92d40f5029ff296a9ea3105b775b50c209

SHA256
c97cd236f8be2b235685d3d16632482839208604db3f550f9524eafda33b9ca9

SHA512
120c45bd17045b6f3d4a9295e1888d81ffa99ed0f1d146aa2eec387c1187eef8c718179771bc0cdbe01a37a487d933f55c92f6f37954f392f007cbfaa2aec877

Download Submit
C:\Users\Admin\Downloads\ExL4unch\ExLaunche3\Data\en-US\AppCompat.adml

Filesize
9KB

MD5
93c28840d18ed15af63308926f5aac66

SHA1
5ed7a8056f1e8a68fea17c6ef81b695df8a3ea70

SHA256
0ac43a8df0e8795968c0f9b6ecc6fbf620b761c128545ad689eec5dff21f5f1d

SHA512
653b9905dc0bbde62f06efa1c613f4e4a0823331d31d396db0226fdb41a9ad4d148c1b5dabfa0ca64a74156f5ad446428f3344ffe75828a7c8225d3f0d214758

Download Submit
C:\Users\Admin\Downloads\ExL4unch\ExLaunche3\Data\en-US\AppXRuntime.adml

Filesize
4KB

MD5
bf19db2e91edefe517515ba23b30103e

SHA1
324d98b315d7f8e096d8d61505610706d0c73856

SHA256
42778994d23cdb74c446e70c30942991e89df6aacc1225aebb05464d69da6dec

SHA512
9c193cd9597f90913643cdd2079e36930e60b6ab539d96ba0d5da7ea2b5dde0b78d7451d0a4ac37cbbb8a90c548285fbf640099eda949665e186586d893adb14

Download Submit
C:\Users\Admin\Downloads\ExL4unch\ExLaunche3\Data\en-US\AppxPackageManager.adml

Filesize
3KB

MD5
b182f0b429a84d7e97c3d50eadf154a5

SHA1
87dda04edcfe5e6c22f0224d9ee8375e0920b7f6

SHA256
5cd8b222aecbdeac3df2de6b774af7e02988981136f6e5e9cd3d12735c6a6416

SHA512
c42670fa053734c1b909fbb1ae189d4acf72b290679c1564d78276022bdf0afd279558c608f00953325e5aee47eb93df35c5afdbb29f698e5c8f808610db5055

Download Submit
C:\Users\Admin\Downloads\ExL4unch\ExLaunche3\Data\en-US\AttachmentManager.adml

Filesize
9KB

MD5
156adebca5cd43e0d849f921b26594c3

SHA1
0dcda3a3c5cdb824d7fae9fd2d52638de6bac841

SHA256
6974aebdcb65ab63decd224d3c060f0afca11e00c781657ead44f64073094bf8

SHA512
32dc4890719aaebc7cb5a088ef7c4fd7a86207c36e76c0fa60584e3df0687c2df297cbf82750885bcd42542700bd0d14011d57d9ced9fc32e582f70061c68013

Download Submit
C:\Users\Admin\Downloads\ExL4unch\ExLaunche3\Data\en-US\AuditSettings.adml

Filesize
1KB

MD5
71075fce08402095aeafbe57962a1f5b

SHA1
f76fae255aa5454217fe973c4a8035ec9005b923

SHA256
6928faad9624bbf4c74f6c138496a4c6ae8d04919c3de9591568300c1dd39e59

SHA512
9df7480e584b16d1b504e2503b3c4c8422efc2fa37d9a4aceb8a7aea0561c0d73e8e73cb21fea20c6ec3bbbcb715c155efda7b8e38b7b448bcda5db10d773de4

Download Submit
C:\Users\Admin\Downloads\ExL4unch\ExLaunche3\Data\en-US\AutoPlay.adml

Filesize
4KB

MD5
935c602dad3f4335bd16c269e66dbfaa

SHA1
3df4dc6d55af20f0593d807fb4fdefb23cc3355a

SHA256
8773998440c8d534fa69833174d05d09088f07e6e5c0e41d7c04a229c7903879

SHA512
05abffc0ce836f7438bc711a9d2b5ceb8f3f1c48be2ac9c1a91d286aed6fc4c8d740ae802dcd2cc65d066972dc8daa84ad8a10fa775d66cb5f3de34688d975ec

Download Submit
C:\Users\Admin\Downloads\ExL4unch\ExLaunche3\Data\en-US\Biometrics.adml

Filesize
4KB

MD5
c32f834c78dc4db3c12084ab5115e4a5

SHA1
be211306e8ba801edd43e68e28f98947354a35bc

SHA256
4222d7c39b72f570c01f76ee084278bd32619d039f197a1aae0b508c4e2caf32

SHA512
2551575c490a8b4c36fd0e44b4e7c27693df94c74715bc0f242be2f947ae2af097d574ac1823f3acc71e8d69c17d6257192aab1255b25c3122f4196c10b9f674

Download Submit
C:\Users\Admin\Downloads\ExL4unch\ExLaunche3\Data\en-US\CEIPEnable.adml

Filesize
1KB

MD5
cb1e5dcf00dd4aa26834f7f02ea4aa0e

SHA1
eaebb6a75fe6aeec3afe914df9dad9bcb08702c1

SHA256
7651f59a99180721f39b02391bb51d382b39dbcd15e3e2245b10778b7a8a5d95

SHA512
bc84bd30e99735495803360f061088334736caf9d7ae1c5fad9c484d949991f09c59d6fb818de35f6328e94fedd63c2c6d80d63acdf616bf936762cbf656ae3a

Download Submit
C:\Users\Admin\Downloads\ExL4unch\ExLaunche3\Data\en-US\CipherSuiteOrder.adml

Filesize
5KB

MD5
f7e00a4abe6853a853d65fb722604674

SHA1
9cfd9b20c60fb7024f91a7902d84182081427d7f

SHA256
4e01b6a54c1b3933d33645729af7f69e50d687c37db985a924917e6f8acab15b

SHA512
2adac9cda13b12f0c2b2f7e9c9b943b50be9a217fb32b486f783a5d842a820f2f2928e5336de6e4fca4b5cd9fc4f2d7faa09f6c8285550ca7b3bd19e0ce4ca8b

Download Submit
C:\Users\Admin\Downloads\ExL4unch\ExLaunche3\Data\en-US\WPN.adml

Filesize
7KB

MD5
77c2a2eb749ebca17124b632612ce191

SHA1
3b7f2e4594db1d354755184c0127825f6a81e7d5

SHA256
058509712bf20a49cc276bdf4ab6b0ccdc3550501da0f2c4529e234e9aae6068

SHA512
6fc63b4998c6e746d82f5680fb67be2ceadc227effe5a07dff1e94e69a1711ad207ea4481df25e722d57bbbcfd14f4c395c086d06e3071d1237099c8518ab313

Download Submit
C:\Users\Admin\Downloads\ExL4unch\ExLaunche3\Data\en-US\Winsrv.adml

Filesize
1KB

MD5
76d4b8899387bcd0c081d4301e1b18de

SHA1
ebc1dd18a8893ed391379021941451d89692cdcd

SHA256
41331bf31c4ba79b1ff7169efa27cf37aee5ed269c1c6894af78f3f6fb40ae59

SHA512
629e37a4e24c60a3e34795f17a5e132dbdaef40f43af01b451f6024a4ffc93d36f0381b0b413ce2374778c9d50326345bf0b460d7ccd8f8b5cb1a747cd66f1ff

Download Submit
C:\Users\Admin\Downloads\ExL4unch\ExLaunche3\Data\en-US\WordWheel.adml

Filesize
2KB

MD5
a5fe2005e14e5e7e8792ce0c2bdf53a8

SHA1
d4ee1b57fe5c5387e241b51f6209ddd45a6d5be4

SHA256
8cb5f08bc1d73ee9c83ef7043a8bda0cf250e7bedd1c84e700e6a8a913beaf86

SHA512
332bf547d8883df20aa82d2c6f9e3dcd89e2997ec16436a377f6135df1136b595a9b91eb91c70bd3068f71eba72007c4dae32d3b0584a5fb392a9158a57036b7

Download Submit
C:\Users\Admin\Downloads\ExL4unch\ExLaunche3\Data\en-US\WorkFolders-Client.adml

Filesize
3KB

MD5
f6075fa597f6343205f02cfaf7cf87a7

SHA1
7a1f11393676af8a2b8c95eede05007a6f2db31e

SHA256
b6a4f7ebe7a44f81b7a5d4c7a38fea3fcfcd184fa16e46863c1535323197be1a

SHA512
40358de36bfc342fe314b6fadaca3b1523bb05658f792f1306fc0e4334e50cadd55777069f59e0483c77a5d13c07293909f4bd2596757ef7b2d3504d37522a9a

Download Submit
C:\Users\Admin\Downloads\ExL4unch\ExLaunche3\Data\en-US\WorkplaceJoin.adml

Filesize
1KB

MD5
68e7e1bee13094c1c0f9896f82b4d741

SHA1
5d7f87c220ea3eb57322c9fc0986b2efcaebb01a

SHA256
4754f8a9b020216a0f9ca4c7357a6794d3c98735d9b7857fcbc19ed1401021e3

SHA512
6ccd89b24ac4d9232d45a91e3002f69230ba38a878057abc0a0bd07f3b7a44cc9e97be29267cbb56c9d3304ec9ca75c3e662da1d2e154f3155a029f30c6acf91

Download Submit
C:\Users\Admin\Downloads\ExL4unch\ExLaunche3\Data\en-US\wlansvc.adml

Filesize
1KB

MD5
13e20c78e89e7fc58934bcff584e12a1

SHA1
52dcc829c427ce609034c9106460c7734bebd3ed

SHA256
a59e2ed355ac803474c9ef02a60076bb98adbb33ad6aa6884ab1b4850bac4c02

SHA512
14c6db1dcb97692d561c961a5a1a5f0f25bc6cc3cb28dc878cd46296339e16c36ba8a364be4f80a42d2c27725becded3020dc68be820f0343fe92a961f018966

Download Submit
C:\Users\Admin\Downloads\ExL4unch\ExLaunche3\Data\en-US\wwansvc.adml

Filesize
2KB

MD5
761af87d50f53f0ce9947b5d486c30fa

SHA1
dc926f9449848cce778326607bd4787ed6c80a01

SHA256
8f1f6c7509f5c7c27b8f6e5dcf81fb8c02ae3ffee825f6cfa4171a712be018d4

SHA512
eccf653d5935c3777f14f08c0f5318b927e230c08aaa09debfd09aca23a27b0887fe94a8670b635fd7d7b6accf3d3dfed2bfbcd02298a5b58089d66219a7e366

Download Submit
C:\Users\Admin\Downloads\ExL4unch\ExLaunche3\NAudio.dll

Filesize
507KB

MD5
65839a5c28a0dee380c4eba54e2d941f

SHA1
ac609ea7f86fe533820b801cfe40b22f8a7a3f1b

SHA256
c7a4c035d89716b027f69c2cc98eaf5c44fb15b08c2ea162d793466356a35a2a

SHA512
e6853ff5d10d11b5333f0697dcb660a042ebeae12eebc84427d0b9f896cf100258e7e6d18f531aae700c0f476f91f11da0272e7809728df68da80ee560136aeb

Download Submit
C:\Users\Admin\Downloads\ExL4unch\ExLaunche3\RcClientBase.dll

Filesize
29KB

MD5
f0739e1db958fde4dc6bab9d75865191

SHA1
fedadbf79b594995e6c44108d6b25cdbbf05eb65

SHA256
27faac58c4edc8fb147c9947fc9567afd2f785b11252c2963788fd0f64f7ca42

SHA512
adbf2a0b42c6043ee5c984c02fcc8815b143117fa2ee0286b048f9e90d695f74f0129240e1de36dea2915f1e3d31359953095e6e5497337d01f0004d443aad10

Download Submit
C:\Users\Admin\Downloads\ExL4unch\ExLaunche3\UpdateClient.dll

Filesize
64KB

MD5
760f24f0150a6e8dc15ac793c3172387

SHA1
920d5aafb4b460efc37b99564bd281e63c7eb647

SHA256
e113f8593244c1bb5bcc73fef0f93303c783714162cbd9ef93ddff5709c037ce

SHA512
e5251075164f9cdb154b0b5bf7b775c9720b0744d004b68ce6501a980342f45398505bc26f7cca982bd23a03609b3c78510a5778a93041e7614e17b369a7209f

Download Submit
C:\Users\Admin\Downloads\ExL4unch\ExLaunche3\UpdateCommon.dll

Filesize
143KB

MD5
985f25c1d3144f37f046bc8f3e2b0c83

SHA1
c0b551c51317891d8220ab5a634c15acf8223e88

SHA256
3f71fa4c64376e85486b22de926f61c3e3cde3de6c1d484e041f265534ccd623

SHA512
b0db2c878948922243cc80ab015a954b11c5e08fce7dbe767722bc5082b150f277690acf9da1c657837e7a66059cafa7ba76c3695bba51b44467979f5a9c053b

Download Submit
C:\Users\Admin\Downloads\ExL4unch\ExLaunche3\config.prx

Filesize
364KB

MD5
14934caca84d5fe0288f27efb31dcbf8

SHA1
98c8c659488a5782679112e0ffb089422a664ac5

SHA256
7fa86147035627bae39576bcbe619d045e94a48c4db8ca131968c20bb4de4a36

SHA512
9a239132a46fe578fa04ff727d8c28f9e1d179e7154619670a22a403819f337af0a96ebd7081d04d53910a12bbdc548b3cd2b2a285931c92f1c149ad5d846a6a

Download Submit
C:\Users\Admin\Downloads\ExL4unch\ExLaunche3\opengl64.dll

Filesize
17.7MB

MD5
0a84667145e7efef026c888d4b768126

SHA1
27673e1bd7c55bba6eaa37620d3b3820ce45d46a

SHA256
dd575f3c64382193610815909bd2c52490244ecbbb9bba6eef5fe4f0bb43bb4d

SHA512
3e964c996ed358787c4dfdb965a00b38b4118c804ae1bf8d32aeb7d936584e72c188e3fa0d27d1c2ffd3be13dca8045b08b28b15070812c195d82d1bf23a2604

Download Submit
C:\Users\Admin\Downloads\ExL4unch\Pass$word —-— 1221.txt

Filesize
7B

MD5
02a05c6e278d3e19afaca4f3f7cf47d9

SHA1
c967199bd48c4fc4ccbeeb264f7bdbe3fa2d697f

SHA256
67a619457aae3e869af3e7c92078424a773397c1520a9cec76fde54ee8350137

SHA512
fba611d2b164c2e84c4985df4e259c25c7b0be61a8e383d5e650bdeeab712fcc122887c85850a8ae06e9022eba2c5392f676a14e3c9e1b0e1542bf2d76e43de5

Download Submit
C:\Users\Admin\Downloads\ExL4unch€®.zip.crdownload

Filesize
7.8MB

MD5
9c5d882e64901cdf036e6f3c43eccc5b

SHA1
7606d89d9af151a61d690151ab1f2a00b8413417

SHA256
5457c9f2fe57ec234d71440431c3afaa39c65ccd360c9ec722bbfd50a8f1be15

SHA512
4fe21f53a41464bef73a8f2337ac3d2c9a206479f5d658b65557c2038e7215ff7cb3f689907a6355d485dce034e1fe9c888adbe43a0bdc92f1e7fed64656818a

Download Submit
memory/1076-1726-0x0000027F8B8D0000-0x0000027F8B8D1000-memory.dmp

Filesize
4KB

Download
memory/1076-1736-0x0000027F8B8D0000-0x0000027F8B8D1000-memory.dmp

Filesize
4KB

Download
memory/1076-1735-0x0000027F8B8D0000-0x0000027F8B8D1000-memory.dmp

Filesize
4KB

Download
memory/1076-1734-0x0000027F8B8D0000-0x0000027F8B8D1000-memory.dmp

Filesize
4KB

Download
memory/1076-1733-0x0000027F8B8D0000-0x0000027F8B8D1000-memory.dmp

Filesize
4KB

Download
memory/1076-1732-0x0000027F8B8D0000-0x0000027F8B8D1000-memory.dmp

Filesize
4KB

Download
memory/1076-1737-0x0000027F8B8D0000-0x0000027F8B8D1000-memory.dmp

Filesize
4KB

Download
memory/1076-1731-0x0000027F8B8D0000-0x0000027F8B8D1000-memory.dmp

Filesize
4KB

Download
memory/1076-1725-0x0000027F8B8D0000-0x0000027F8B8D1000-memory.dmp

Filesize
4KB

Download
memory/1076-1727-0x0000027F8B8D0000-0x0000027F8B8D1000-memory.dmp

Filesize
4KB

Download
memory/3764-1721-0x0000000000E50000-0x0000000000E9F000-memory.dmp

Filesize
316KB

Download