lumma | c532482e6d90a766b487be5f1396cad74dc56a62d984c841cdd54bc5df89dde4

Resubmissions

02-01-2025 17:39

250102-v793dszlcx 10

02-01-2025 17:29

250102-v2k63szjf1 10

Analysis

max time kernel
273s
max time network
269s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
02-01-2025 17:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Installer.exe
Size

668.5MB
MD5

723c255e1f4f984e4988d41212968d5c
SHA1

d30649a096bdf3fad96174a02e53f816bff0c7fd
SHA256

c532482e6d90a766b487be5f1396cad74dc56a62d984c841cdd54bc5df89dde4
SHA512

0afbcbf730b51fc08bb4e3b568cbe88118e6e55c57b33f40b01ed41ab24751ce44efc66284a2da31d76670892d1fae49e783935928a6bf41544a7501fcebdf5d
SSDEEP

24576:Ftch9W5WcyXGvFQF/Huroeuof5sdnWy0:Ft5WcyXGvF7o57JWy

Score

10^/10

lumma discovery phishing stealer

Malware Config

Extracted

Family

lumma

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

Extracted

Family

lumma

https://cloudewahsj.shop/api

https://abruptyopsn.shop/api

https://wholersorie.shop/api

https://framekgirus.shop/api

https://tirepublicerj.shop/api

https://noisycuttej.shop/api

https://rabidcowse.shop/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation	Installer.exe

Executes dropped EXE 2 IoCs

pid	Process
2584	cryptedd.exe
1468	services.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2584 set thread context of 2044	2584	cryptedd.exe	101

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cryptedd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133803127140371669"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings	taskmgr.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2584	cryptedd.exe
2584	cryptedd.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2496	chrome.exe
2496	chrome.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2300	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1468	services.exe
Token: SeBackupPrivilege	1468	services.exe
Token: SeSecurityPrivilege	1468	services.exe
Token: SeSecurityPrivilege	1468	services.exe
Token: SeSecurityPrivilege	1468	services.exe
Token: SeSecurityPrivilege	1468	services.exe
Token: SeBackupPrivilege	1468	services.exe
Token: SeSecurityPrivilege	1468	services.exe
Token: SeSecurityPrivilege	1468	services.exe
Token: SeSecurityPrivilege	1468	services.exe
Token: SeSecurityPrivilege	1468	services.exe
Token: SeBackupPrivilege	1468	services.exe
Token: SeSecurityPrivilege	1468	services.exe
Token: SeSecurityPrivilege	1468	services.exe
Token: SeSecurityPrivilege	1468	services.exe
Token: SeSecurityPrivilege	1468	services.exe
Token: SeBackupPrivilege	1468	services.exe
Token: SeSecurityPrivilege	1468	services.exe
Token: SeSecurityPrivilege	1468	services.exe
Token: SeSecurityPrivilege	1468	services.exe
Token: SeSecurityPrivilege	1468	services.exe
Token: SeBackupPrivilege	1468	services.exe
Token: SeSecurityPrivilege	1468	services.exe
Token: SeSecurityPrivilege	1468	services.exe
Token: SeSecurityPrivilege	1468	services.exe
Token: SeSecurityPrivilege	1468	services.exe
Token: SeBackupPrivilege	1468	services.exe
Token: SeSecurityPrivilege	1468	services.exe
Token: SeSecurityPrivilege	1468	services.exe
Token: SeSecurityPrivilege	1468	services.exe
Token: SeSecurityPrivilege	1468	services.exe
Token: SeBackupPrivilege	1468	services.exe
Token: SeSecurityPrivilege	1468	services.exe
Token: SeSecurityPrivilege	1468	services.exe
Token: SeSecurityPrivilege	1468	services.exe
Token: SeSecurityPrivilege	1468	services.exe
Token: SeBackupPrivilege	1468	services.exe
Token: SeSecurityPrivilege	1468	services.exe
Token: SeSecurityPrivilege	1468	services.exe
Token: SeSecurityPrivilege	1468	services.exe
Token: SeSecurityPrivilege	1468	services.exe
Token: SeBackupPrivilege	1468	services.exe
Token: SeSecurityPrivilege	1468	services.exe
Token: SeSecurityPrivilege	1468	services.exe
Token: SeSecurityPrivilege	1468	services.exe
Token: SeSecurityPrivilege	1468	services.exe
Token: SeBackupPrivilege	1468	services.exe
Token: SeSecurityPrivilege	1468	services.exe
Token: SeSecurityPrivilege	1468	services.exe
Token: SeSecurityPrivilege	1468	services.exe
Token: SeSecurityPrivilege	1468	services.exe
Token: SeBackupPrivilege	1468	services.exe
Token: SeSecurityPrivilege	1468	services.exe
Token: SeSecurityPrivilege	1468	services.exe
Token: SeSecurityPrivilege	1468	services.exe
Token: SeSecurityPrivilege	1468	services.exe
Token: SeDebugPrivilege	2584	cryptedd.exe
Token: SeBackupPrivilege	1468	services.exe
Token: SeSecurityPrivilege	1468	services.exe
Token: SeSecurityPrivilege	1468	services.exe
Token: SeSecurityPrivilege	1468	services.exe
Token: SeSecurityPrivilege	1468	services.exe
Token: SeBackupPrivilege	1468	services.exe
Token: SeSecurityPrivilege	1468	services.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 556 wrote to memory of 2584	556	Installer.exe	82
PID 556 wrote to memory of 2584	556	Installer.exe	82
PID 556 wrote to memory of 2584	556	Installer.exe	82
PID 556 wrote to memory of 1468	556	Installer.exe	83
PID 556 wrote to memory of 1468	556	Installer.exe	83
PID 2584 wrote to memory of 4680	2584	cryptedd.exe	100
PID 2584 wrote to memory of 4680	2584	cryptedd.exe	100
PID 2584 wrote to memory of 4680	2584	cryptedd.exe	100
PID 2584 wrote to memory of 2044	2584	cryptedd.exe	101
PID 2584 wrote to memory of 2044	2584	cryptedd.exe	101
PID 2584 wrote to memory of 2044	2584	cryptedd.exe	101
PID 2584 wrote to memory of 2044	2584	cryptedd.exe	101
PID 2584 wrote to memory of 2044	2584	cryptedd.exe	101
PID 2584 wrote to memory of 2044	2584	cryptedd.exe	101
PID 2584 wrote to memory of 2044	2584	cryptedd.exe	101
PID 2584 wrote to memory of 2044	2584	cryptedd.exe	101
PID 2584 wrote to memory of 2044	2584	cryptedd.exe	101
PID 2496 wrote to memory of 2936	2496	chrome.exe	108
PID 2496 wrote to memory of 2936	2496	chrome.exe	108
PID 2496 wrote to memory of 1040	2496	chrome.exe	109
PID 2496 wrote to memory of 1040	2496	chrome.exe	109
PID 2496 wrote to memory of 1040	2496	chrome.exe	109
PID 2496 wrote to memory of 1040	2496	chrome.exe	109
PID 2496 wrote to memory of 1040	2496	chrome.exe	109
PID 2496 wrote to memory of 1040	2496	chrome.exe	109
PID 2496 wrote to memory of 1040	2496	chrome.exe	109
PID 2496 wrote to memory of 1040	2496	chrome.exe	109
PID 2496 wrote to memory of 1040	2496	chrome.exe	109
PID 2496 wrote to memory of 1040	2496	chrome.exe	109
PID 2496 wrote to memory of 1040	2496	chrome.exe	109
PID 2496 wrote to memory of 1040	2496	chrome.exe	109
PID 2496 wrote to memory of 1040	2496	chrome.exe	109
PID 2496 wrote to memory of 1040	2496	chrome.exe	109
PID 2496 wrote to memory of 1040	2496	chrome.exe	109
PID 2496 wrote to memory of 1040	2496	chrome.exe	109
PID 2496 wrote to memory of 1040	2496	chrome.exe	109
PID 2496 wrote to memory of 1040	2496	chrome.exe	109
PID 2496 wrote to memory of 1040	2496	chrome.exe	109
PID 2496 wrote to memory of 1040	2496	chrome.exe	109
PID 2496 wrote to memory of 1040	2496	chrome.exe	109
PID 2496 wrote to memory of 1040	2496	chrome.exe	109
PID 2496 wrote to memory of 1040	2496	chrome.exe	109
PID 2496 wrote to memory of 1040	2496	chrome.exe	109
PID 2496 wrote to memory of 1040	2496	chrome.exe	109
PID 2496 wrote to memory of 1040	2496	chrome.exe	109
PID 2496 wrote to memory of 1040	2496	chrome.exe	109
PID 2496 wrote to memory of 1040	2496	chrome.exe	109
PID 2496 wrote to memory of 1040	2496	chrome.exe	109
PID 2496 wrote to memory of 1040	2496	chrome.exe	109
PID 2496 wrote to memory of 1824	2496	chrome.exe	110
PID 2496 wrote to memory of 1824	2496	chrome.exe	110
PID 2496 wrote to memory of 5064	2496	chrome.exe	111
PID 2496 wrote to memory of 5064	2496	chrome.exe	111
PID 2496 wrote to memory of 5064	2496	chrome.exe	111
PID 2496 wrote to memory of 5064	2496	chrome.exe	111
PID 2496 wrote to memory of 5064	2496	chrome.exe	111
PID 2496 wrote to memory of 5064	2496	chrome.exe	111
PID 2496 wrote to memory of 5064	2496	chrome.exe	111
PID 2496 wrote to memory of 5064	2496	chrome.exe	111
PID 2496 wrote to memory of 5064	2496	chrome.exe	111
PID 2496 wrote to memory of 5064	2496	chrome.exe	111
PID 2496 wrote to memory of 5064	2496	chrome.exe	111
PID 2496 wrote to memory of 5064	2496	chrome.exe	111
PID 2496 wrote to memory of 5064	2496	chrome.exe	111

C:\Users\Admin\AppData\Local\Temp\Installer.exe
"C:\Users\Admin\AppData\Local\Temp\Installer.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:556
- C:\Users\Admin\AppData\Roaming\cryptedd.exe
  "C:\Users\Admin\AppData\Roaming\cryptedd.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2584
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
    3⤵
    PID:4680
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2044
- C:\Users\Admin\AppData\Roaming\services.exe
  "C:\Users\Admin\AppData\Roaming\services.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:1468

C:\Windows\system32\notepad.exe
"C:\Windows\system32\notepad.exe"
1⤵
PID:4412

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2300

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3736

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffcce9bcc40,0x7ffcce9bcc4c,0x7ffcce9bcc58
  2⤵
  PID:2936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1924,i,15700216630991216546,10564493232319021922,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:1040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2236,i,15700216630991216546,10564493232319021922,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  PID:1824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2308,i,15700216630991216546,10564493232319021922,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2476 /prefetch:8
  2⤵
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3196,i,15700216630991216546,10564493232319021922,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:1020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3240,i,15700216630991216546,10564493232319021922,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:2236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3736,i,15700216630991216546,10564493232319021922,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4644 /prefetch:1
  2⤵
  PID:724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4456,i,15700216630991216546,10564493232319021922,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4920 /prefetch:8
  2⤵
  PID:2372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4944,i,15700216630991216546,10564493232319021922,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4924 /prefetch:8
  2⤵
  PID:1744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5196,i,15700216630991216546,10564493232319021922,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5204 /prefetch:8
  2⤵
  PID:3568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4948,i,15700216630991216546,10564493232319021922,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4924 /prefetch:8
  2⤵
  PID:4932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4984,i,15700216630991216546,10564493232319021922,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5208 /prefetch:8
  2⤵
  PID:1628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3784,i,15700216630991216546,10564493232319021922,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5224 /prefetch:8
  2⤵
  PID:4248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4428,i,15700216630991216546,10564493232319021922,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5500 /prefetch:2
  2⤵
  PID:5672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5604,i,15700216630991216546,10564493232319021922,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:5872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1160,i,15700216630991216546,10564493232319021922,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3416 /prefetch:8
  2⤵
  PID:1048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4104,i,15700216630991216546,10564493232319021922,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:6088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5696,i,15700216630991216546,10564493232319021922,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:5504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5068,i,15700216630991216546,10564493232319021922,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4508 /prefetch:1
  2⤵
  PID:232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4576,i,15700216630991216546,10564493232319021922,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5588 /prefetch:8
  2⤵
  PID:2272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=2432,i,15700216630991216546,10564493232319021922,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5988 /prefetch:1
  2⤵
  PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5128,i,15700216630991216546,10564493232319021922,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:4456

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3104

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:468

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\c9e2a7beaf9443599fd0b066bf7d5c38 /t 4300 /p 1468
1⤵
PID:5552

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x538 0x528
1⤵
PID:4828

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\7a87409e-0088-4de4-a860-ab62d35c66b7.tmp

Filesize
10KB

MD5
a84c2ad1d6818f09ff717023c4ecef96

SHA1
c2cc07779bae442d0ba7b275eaea2e379ffff082

SHA256
b5c3b7633fe07878c0acd07524683c4dcace5bfebf191bdd8bf2a24ac9b98cd2

SHA512
5ceca3b30c6b4be226f59627dbc6d0ab3b60e76500f72f98e483a49efcddff3f42e71afdcc854f8d1f02b851e43ca94baa6e3fffa314bb03bc53aa8fa11f1407

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
8c72e59c320a72ee9912e6f370c1e8db

SHA1
0a851a5c1bbceaf58adbef37afc5ad5dc181e78b

SHA256
04442ea0fb3f451f6509bb61041299ec34c3e6df6d82f9431c507f157b377d44

SHA512
32e357014aa793278a2c4e3cc977c93b18982209a6c9c1afe01fb554ff8cc7b1ceb4132c213fb7f9cf93381bb08c8bf32db9e1a213e5278d4caf6aecfc064566

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
08b52363024673703eb2421e38950d8c

SHA1
a3b78bd89cb4f6f4bdce5fdd97d8a8817f9d6761

SHA256
12f7dc5d9c21eb513b034ce0c5dec3d86bc92cdcdd3cca422ef883f5c885dd02

SHA512
ccf92e6f3deb2b6718c73f457c528f3b2e217d028bb1759f2b6f111fc5535ba9a6af37a09dff8c296941bcc88804e9f3899ebaaf60063907d882c65910b6a8c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
54b7db042fa25925f59380c3d5208ecc

SHA1
f3d014796636792df6401d750a7c9915471c6f88

SHA256
0a495c56ee005b5f97d7cd9b5e428ce15915b1ebe1a378279c40500cbc68367a

SHA512
2f33cf82a19e638e84fc51e4e51a8d3f34e7925c1b8c3a354bc5816093aeb0be0741af5720cc2bcc9de7a0f6ea449e4e22def7f3019d08d1e6edf413d487c536

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
956888d7adf6a511e4f3fe5f30d380bf

SHA1
5c02ddfaf08d164c8a1ebb800911eea735b4829f

SHA256
845dce8b9ae202fe14f31f53def4a9caaa4da532f8c5738d4af6d7856d90ac50

SHA512
015ff33d0e4e517f5fdc970cd145d8eac3030323a94bbd42355310d4b825d223b22026c6b48ae7839c2c2bf88f5494cd3478206f346f45a18d041c698d42bd1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
4fa3a5ea1dbfa63121b477ae70791bba

SHA1
895fa4adff0aedde2f6dad8559427a5673bffcbf

SHA256
1f4bf2e69139c4f2981ee56b47e6748c4ee347881a3d375a2b6596bb6a09c398

SHA512
16494d1be9908da4398d30e8c725c0754f918f6ac16c0090d1d7c88e8c6a9295b8333a0a1f6590f6c79ce19e2e6691e08460afe8ab81deb9fa4b5f936a46a917

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
cd4a638567411219538f1f09ec01ac34

SHA1
49589d09ea76184e89813abd6460febb4331686d

SHA256
fb5c895666709992fbc14bff05d0d4900ffb08cbbc6d4b848622e6b14b6543a8

SHA512
9617a8702b524494a4fa47e7b095c700fde94acd4832c4ac7c1f09b088daaf6a1ce2e638317a288453fc51e7afd1d5fe8c90468db244f033b3ebb71f8a27d06f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
72f3ab4ceed8193d7d606a03a0e0696e

SHA1
69248776ff67d5684d6753b0f5c579a7d5faa1cf

SHA256
37888d19ab82787b24571377cfc067c28b222150bb895fabc26dc58485f494e8

SHA512
2215ae113e6cf6041f6184aa9877a508c435bcb3c5bfea6df7eb63f398e64d73a92e552f80a4fc4fff15a0b57232e14cfbc0832334bf7535372f9a6e0e2748c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
d6bcec553b3a3bdcf193d2e8f41bef3a

SHA1
392dbb81290cd3d6109a3afa0d8b7c67ab1195d4

SHA256
3157942f476033c36ee424b26cd13bfd6665f7e29c05e43e9f7289eca849b87d

SHA512
82523ed6e1599dcb4d67ded4078b6aac5e4023dd0702a066e8b0b43e0ac310f392b1e8849e31f8890d513570a3315970f25647acf2f99a675d4dd4fbcf6b5a3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
db4a258f39375d5e1234d17e5a573f00

SHA1
170cd719fe5715b6d18bfa18176d2fe5836c9e7b

SHA256
bc0f2da2e941536a9c86dc5303857e35dd4ee251745957c891497106cf02dfe3

SHA512
3c295d10946fa6dc1ff3bd29e1485d096a59582194662f8e3e3c91e513f07338f3546ae52aff1dff375e5f076bcd5096f1a209478f7e306296b7636c240aa932

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
68217a8ad7954c8c363fd5e518879ef1

SHA1
b940e64b4ad9951b20bf125c8623cf368c0063a1

SHA256
cb41be7a3d3b340ef2d5beff5c224ca529fae4984f740fa0d7b51af5c16604b8

SHA512
0860dc8a7137bfc355e10c7123dd2d9d9b44435a0bc17bf77a93cb956f951b87e8e13920f8c1434f2965d82c90a62688ccd33cdefd2b81e869677e57dbcc59a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
39f56768ddc406124350e4d8e9f18779

SHA1
ceb7d7338512494f218970f71e9f6a9d4a8495cd

SHA256
e047118d5fd1c437c383f3174ea830d5bf0a5b2297dccc9495cbc99b555687bd

SHA512
16756ac8cda14db89c21d9ffae11f71967941e6da038bc00c252546b9563a23cf018a367d0f9d008f6e94c0f546c3bf4f15078188a5f787078510e86cd27d142

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4b53cbcfde528834fbaf1bf2b2c53727

SHA1
58c99153d57a5b89dbd0434a87622d93da8b60b0

SHA256
4895bc41558aac1f6ca417a753b21bf3c5d355e4065111d22c4e994ba56451d9

SHA512
dd8f2719d3e44de9e7321262e95de4bb16d2b5208135e84e6aae886e8eefd0e90a2b5cdd9b4c5aa9f55b616673aa992a38ad9d5511c274333a75125028ab223d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
04e72b62d86c711d07a679ede23cc448

SHA1
4c521a84affc53fc36991de8aea11f334c14c556

SHA256
0cbf71466ada41c2acac37b752a17d04e59ed0e30be01016be1f5a8d2d9315ec

SHA512
d1cb18cdfe75ad668be531f48a7eb917ca45e6cfe91c7a84497705738e5dfa8516545b39e68ce88632111c9451a53012b71111616c099cd92ab3216fcc7974d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1d7bf564156726abbd43ff2d83f1f335

SHA1
ee2237f0f62cf3b60295570d220a6176b0807ba6

SHA256
098c53628504e0a3bd8b7c7a04b2134ef94f2458b051047b8ea35d0287f29cab

SHA512
640e5269e235f1356c0c382ba3229c7231fb77ed9b8a52acc0f5a210ee77bf0baa885d8ee8fb11174098c3066d7709199c7aa6e7f14bd4f562509cae3c019215

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
af899651697c64b86bb614f9093d31ed

SHA1
6ecf1d45ebb6efdebe3928cb8b841f55352204a2

SHA256
4ddcc564c4bff0f0907c79273cbc78d90c92e5c8faf13b08dc9c461612bef157

SHA512
6ffbc8aff459ce0d75cba93999c369f934b0947cffc6ba56e83ff0184c28560b191b9d122327bcf58430896505ff9b8719eb767c05e9cf676fef437085008957

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a3bd93c19f36f9cbdb54fec3b5dc4c22

SHA1
a0e7fe73a4083cb25c14e912ce7464059e9bb4ac

SHA256
e097654eb2325f79f6589b2f810259fa52fe603bd0c9b42596b997bfc9da430d

SHA512
421c7a7be20104692cfa4a3456a03ca4a1fdb3bdeeb3309eae083ab2e0c6df3ebe67c02dfd62c1c44b4227140a34616a09354b6a7deb9ac6e8d5c188e8ee0e6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a0b3f53b45c071692ea2c84cd8333f73

SHA1
8e28b4a88bbc53ad8958bdece75d6680fff45490

SHA256
ea98d20774efbddea82db7862c2648a2e812ce52f16add5e6e2bddda1023d03f

SHA512
49717f0a7ab08a95fbaad658841ee21cd1aed242ff84e81d80ead9c21a6a6061b2667b3ea71cf7eb924dfbf30778175c1a966928df6a2faf9e42b2b5b903eeb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6171c93c3bbcebefcb66ee14aa6da9c6

SHA1
d96aa2cc6c65b335d86cb88afee419ebeb799bde

SHA256
038f141137c9a70fd46eb9e69175b5d22fe42f66aa6d0bdee735dc1b02c11445

SHA512
c9c7a516c7f5133fbedaf8fa5ff8c9a87eefe2a5d3efe4d074fa2f443d712287ec07c35e214fb77de501de722b2641408406c1666c589a18b6c38a6969492480

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e78d1d800b3cc38447de649d58169b62

SHA1
bacc896617e80ec70fdf8fa75e072eb2b7521f9b

SHA256
0b237127693ce9770f5c27ab25fd61cd5c83410af579cc38950bdf15a1a8ba5d

SHA512
d058b1d2c2ef09e788a967ce96ed43321e0d06aa3ffa9ecc11fcaf4e2d771a55507e4cdbe6de313db940664759d85595e6a90917a84d508c8874aeef7b37f69d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
baf4ab011be375d0c41a8dc0ac1ac7ad

SHA1
ca08eabdef8b98d0b6cef5fba55c1d4b98070f5c

SHA256
543686f52117509ad7c1b37e3632bc4dda6918213b6c02b3a997f2c589c6b430

SHA512
ea04a7c5824d6a7c53b2d7b7d7d0bd8ababd2e08ba4b78bd82aa2d6ef8b39670b377a5be5333b13ed59c2fca7df93b496a59c3f68d37bb2077b6a728caea4b74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fae3d2780503787d160d99321c39d5ef

SHA1
f4ab022240a801ae7e29626a00d27969116c3051

SHA256
4b8d9e5ebd47de2eab5f503667000cd6efc742d6b70a210f8879fe8a07c4bc0e

SHA512
0c1271e438033b750b8d4e848e3e4ffd1dd051b06816b2ddca6926b716ba78a39087f63a27efde2a8bd1c15884092710880715d6337d007041d1ec621e128566

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
729ac479e82dce5154ec1b94dbd89319

SHA1
2da3db6fa03629b444d9c74da56f5f7468b8584a

SHA256
2d60732c2e01692f7ac04b46c1ec37e6c735a70c6a5e918fb495885de171f407

SHA512
be9f7e36283fdc87b44496d7beef44398ee1f36698aae9d6275b370807382885e6d7dd823242a51d220a73a8b25c60a142da83032454100a56cde75b329c030d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1e33e3b9f3f423fc8daf34d370f755ab

SHA1
70233648844874c8e7aa5c2926c284a5f6091df0

SHA256
31a3d362a56c592715c5b48f5ca6fb6130cc2c3e18a71f01f541a6ca43bcdce0

SHA512
79379c738879c9c1f55e2811656ffaedbd154c0d7b60e39801c080966ef82d77aba7fde78fbbe9330b39ad3d093b504261758cc945a226e61286d0c37ab7d499

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
4d7824aeed3541795006bea6ad0829ca

SHA1
90bd1625b5509d31e85adcc6f9a04c276b5f2d63

SHA256
f80f58749cb5b23ebb2a96c9d88acfc7b88e9cd08e212295f015f76b7805f99c

SHA512
61bfe5cc4b0c8bab76a06b7464f220df2419c62848be6119b2ff8f57a5afc7f7ef1c25b5bed48b28c1b657523a1c127fa35f7154c2c0558b785eac6f0d73cb5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
03341de658a8664db5788708689ebf6d

SHA1
ae33aae68c7666b7600d8eb4c3724657bddf4607

SHA256
a7fa20981a5fb8df5acb2864c8a131ff4c3d53dc6750f8ee2e231528405b6bc4

SHA512
ac8220caceb5c6640f49d54e4792109cf061cb7752e3a7d6258815bddfb347ab09aec3f99b5bdd6a87070c1bdd654fe940f4361f8bcb1338d76bd3c2698a7fe6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
c8a3f0ffd68bf20f4123ef6ace896887

SHA1
30381b7d852ffb583803ab7a47d8abd1e498e859

SHA256
d528e3aaf05fcc074a26fbce34faf26620a57e356f277bcf589eb7661affe23d

SHA512
8c2614435b41842d403f15b8a75ee4162efd6f4eb21f9f1f4ab1af534c682a8159c0a6da7cf8021d2f2ab5ff40fe4609f029e36d1e65f162a287985ca1812380

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
b298542a2c0d5e603fef23f132bed88b

SHA1
524d233a4a1ba699e0095b49fd473c25cca74a71

SHA256
daa5f8ec0eacf15ab42d4baa2e26f1da2adec7232a81bb347d114cc55de91705

SHA512
5609384c540ea28b814997e3f37c4eb9e51275d51ba46b83adc9fe23653f3adb787b398f572d48d2e4f21bb00c08379a07fb7bbfb6e65201e48a98db8e83c26d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
b701686a1fb6ec8b00a113f13d4a7f11

SHA1
5593ac64bb9536fef23a6b0f3d069a18c9b67cf0

SHA256
90d0f0fe184972971475ee2c930f797740e8c365d39fe1483a2222b1bd4b03e4

SHA512
cbbf18f5bbc1a9777ec1f1b4691d617c2692338426864ed94f90f16eb4f8a714d2985da8645e1dbb3914a1027b0ba16775497953a4796bac6efa7097a74eae22

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2496_901320001\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2496_901320001\bd162d52-226d-4ef1-8d75-1a3af5bfbb79.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
C:\Users\Admin\AppData\Roaming\cryptedd.exe

Filesize
319KB

MD5
2a545e61ed1ba529dce9dab973c0e6ff

SHA1
6e7249879e839f4ee9e699c4fc4324ee98be2e9e

SHA256
923041aee5730880fc94873eb3b2266423a501643f94ef6c2f4cc03214015102

SHA512
74e9244343ac2ab693a97763b5b413a0ee579fe719d69223a52e6ef89b8dccced9cd0f9b4bd4c441f6b189da6ea7efe29387c27dfc683f19c2c4b6c2ae317472

Download Submit
C:\Users\Admin\AppData\Roaming\services.exe

Filesize
538KB

MD5
ec287b4c475e04bfec8108248abad870

SHA1
e74738ec742f67ff67d4ad49723e321c11727389

SHA256
106e45fadf1d20ef62ce511e9cd20a3f301c19a1398538b40ca80315553ba327

SHA512
017fdc9b15672478032ecc5c24fdb5337200b726519112e6810e58b183db518b2269a38d925dbdc38fb60d78c9e6b57a1b75aa01832cfc1ac7063d8258e05e22

Download Submit
memory/556-0-0x00007FFCD8EA3000-0x00007FFCD8EA5000-memory.dmp

Filesize
8KB

Download
memory/556-1-0x0000000000BE0000-0x0000000000CCC000-memory.dmp

Filesize
944KB

Download
memory/1468-27-0x0000000000700000-0x000000000078C000-memory.dmp

Filesize
560KB

Download
memory/1468-33-0x000000001F510000-0x000000001F61A000-memory.dmp

Filesize
1.0MB

Download
memory/1468-26-0x00007FFCD8EA3000-0x00007FFCD8EA5000-memory.dmp

Filesize
8KB

Download
memory/1468-35-0x000000001F460000-0x000000001F49C000-memory.dmp

Filesize
240KB

Download
memory/1468-34-0x000000001F400000-0x000000001F412000-memory.dmp

Filesize
72KB

Download
memory/1468-37-0x00007FFCD8EA3000-0x00007FFCD8EA5000-memory.dmp

Filesize
8KB

Download
memory/2044-40-0x0000000000400000-0x0000000000457000-memory.dmp

Filesize
348KB

Download
memory/2044-42-0x0000000000400000-0x0000000000457000-memory.dmp

Filesize
348KB

Download
memory/2300-53-0x000002555FEF0000-0x000002555FEF1000-memory.dmp

Filesize
4KB

Download
memory/2300-54-0x000002555FEF0000-0x000002555FEF1000-memory.dmp

Filesize
4KB

Download
memory/2300-50-0x000002555FEF0000-0x000002555FEF1000-memory.dmp

Filesize
4KB

Download
memory/2300-43-0x000002555FEF0000-0x000002555FEF1000-memory.dmp

Filesize
4KB

Download
memory/2300-49-0x000002555FEF0000-0x000002555FEF1000-memory.dmp

Filesize
4KB

Download
memory/2300-45-0x000002555FEF0000-0x000002555FEF1000-memory.dmp

Filesize
4KB

Download
memory/2300-44-0x000002555FEF0000-0x000002555FEF1000-memory.dmp

Filesize
4KB

Download
memory/2300-55-0x000002555FEF0000-0x000002555FEF1000-memory.dmp

Filesize
4KB

Download
memory/2300-51-0x000002555FEF0000-0x000002555FEF1000-memory.dmp

Filesize
4KB

Download
memory/2300-52-0x000002555FEF0000-0x000002555FEF1000-memory.dmp

Filesize
4KB

Download
memory/2584-30-0x0000000005670000-0x0000000005702000-memory.dmp

Filesize
584KB

Download
memory/2584-29-0x0000000005C20000-0x00000000061C4000-memory.dmp

Filesize
5.6MB

Download
memory/2584-28-0x0000000000C20000-0x0000000000C76000-memory.dmp

Filesize
344KB

Download
memory/2584-39-0x00000000059C0000-0x00000000059DE000-memory.dmp

Filesize
120KB

Download
memory/2584-31-0x0000000005820000-0x000000000582A000-memory.dmp

Filesize
40KB

Download
memory/2584-24-0x000000007526E000-0x000000007526F000-memory.dmp

Filesize
4KB

Download
memory/2584-32-0x00000000058C0000-0x0000000005936000-memory.dmp

Filesize
472KB

Download
memory/2584-36-0x000000007526E000-0x000000007526F000-memory.dmp

Filesize
4KB

Download
memory/2584-38-0x0000000005940000-0x0000000005994000-memory.dmp

Filesize
336KB

Download