lumma | 1e43362597cdf2d0f61ab555a4069b7c788ab135d45bf76898adc87f158a4715

Analysis

max time kernel
300s
max time network
298s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
03/01/2025, 05:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Release-x86.zip
Size

19.7MB
MD5

db1a46d6a06fdbb2a8b2e2a857c3816a
SHA1

c4817795ba83e1e4ce5d62355b2417177de0e489
SHA256

1e43362597cdf2d0f61ab555a4069b7c788ab135d45bf76898adc87f158a4715
SHA512

ecdb95d05cb5e34494abaa347fe7ac24b6747b736ab1d9f5a27f3044014866decc89e4391d0e76fd27c29b9ff1669243ced366a74d293642b8bf2d0b1e301572
SSDEEP

393216:IBckwqPnIgGV/r1NgeJaUv2HrmiOD7m9mHi9rPhkHmUffAi81AAT:IBcKNGV/jhCSR3HiPUmUg

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

Extracted

Family

lumma

https://abruptyopsn.shop/api

https://wholersorie.shop/api

https://framekgirus.shop/api

https://tirepublicerj.shop/api

https://noisycuttej.shop/api

https://rabidcowse.shop/api

https://cloudewahsj.shop/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

Executes dropped EXE 2 IoCs

pid	Process
5088	BootstrapperUI.exe
1800	BootstrapperUI.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 2 IoCs

pid	pid_target	Process	procid_target
4768	5088	WerFault.exe	101
2540	1800	WerFault.exe	112

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BootstrapperUI.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BootstrapperUI.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133803576460871762"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-493223053-2004649691-1575712786-1000\{BFEE7C7E-D66B-40B4-B415-D48E02FBC2A3}	chrome.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3532	7zFM.exe
3532	7zFM.exe
3532	7zFM.exe
3532	7zFM.exe
2500	chrome.exe
2500	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3532	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeRestorePrivilege	3532	7zFM.exe
Token: 35	3532	7zFM.exe
Token: SeSecurityPrivilege	3532	7zFM.exe
Token: SeSecurityPrivilege	3532	7zFM.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe

Suspicious use of FindShellTrayWindow 29 IoCs

pid	Process
3532	7zFM.exe
3532	7zFM.exe
3532	7zFM.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3532 wrote to memory of 5088	3532	7zFM.exe	101
PID 3532 wrote to memory of 5088	3532	7zFM.exe	101
PID 3532 wrote to memory of 5088	3532	7zFM.exe	101
PID 3532 wrote to memory of 1800	3532	7zFM.exe	112
PID 3532 wrote to memory of 1800	3532	7zFM.exe	112
PID 3532 wrote to memory of 1800	3532	7zFM.exe	112
PID 2500 wrote to memory of 3384	2500	chrome.exe	117
PID 2500 wrote to memory of 3384	2500	chrome.exe	117
PID 2500 wrote to memory of 2324	2500	chrome.exe	118
PID 2500 wrote to memory of 2324	2500	chrome.exe	118
PID 2500 wrote to memory of 2324	2500	chrome.exe	118
PID 2500 wrote to memory of 2324	2500	chrome.exe	118
PID 2500 wrote to memory of 2324	2500	chrome.exe	118
PID 2500 wrote to memory of 2324	2500	chrome.exe	118
PID 2500 wrote to memory of 2324	2500	chrome.exe	118
PID 2500 wrote to memory of 2324	2500	chrome.exe	118
PID 2500 wrote to memory of 2324	2500	chrome.exe	118
PID 2500 wrote to memory of 2324	2500	chrome.exe	118
PID 2500 wrote to memory of 2324	2500	chrome.exe	118
PID 2500 wrote to memory of 2324	2500	chrome.exe	118
PID 2500 wrote to memory of 2324	2500	chrome.exe	118
PID 2500 wrote to memory of 2324	2500	chrome.exe	118
PID 2500 wrote to memory of 2324	2500	chrome.exe	118
PID 2500 wrote to memory of 2324	2500	chrome.exe	118
PID 2500 wrote to memory of 2324	2500	chrome.exe	118
PID 2500 wrote to memory of 2324	2500	chrome.exe	118
PID 2500 wrote to memory of 2324	2500	chrome.exe	118
PID 2500 wrote to memory of 2324	2500	chrome.exe	118
PID 2500 wrote to memory of 2324	2500	chrome.exe	118
PID 2500 wrote to memory of 2324	2500	chrome.exe	118
PID 2500 wrote to memory of 2324	2500	chrome.exe	118
PID 2500 wrote to memory of 2324	2500	chrome.exe	118
PID 2500 wrote to memory of 2324	2500	chrome.exe	118
PID 2500 wrote to memory of 2324	2500	chrome.exe	118
PID 2500 wrote to memory of 2324	2500	chrome.exe	118
PID 2500 wrote to memory of 2324	2500	chrome.exe	118
PID 2500 wrote to memory of 2324	2500	chrome.exe	118
PID 2500 wrote to memory of 2324	2500	chrome.exe	118
PID 2500 wrote to memory of 1188	2500	chrome.exe	119
PID 2500 wrote to memory of 1188	2500	chrome.exe	119
PID 2500 wrote to memory of 3228	2500	chrome.exe	120
PID 2500 wrote to memory of 3228	2500	chrome.exe	120
PID 2500 wrote to memory of 3228	2500	chrome.exe	120
PID 2500 wrote to memory of 3228	2500	chrome.exe	120
PID 2500 wrote to memory of 3228	2500	chrome.exe	120
PID 2500 wrote to memory of 3228	2500	chrome.exe	120
PID 2500 wrote to memory of 3228	2500	chrome.exe	120
PID 2500 wrote to memory of 3228	2500	chrome.exe	120
PID 2500 wrote to memory of 3228	2500	chrome.exe	120
PID 2500 wrote to memory of 3228	2500	chrome.exe	120
PID 2500 wrote to memory of 3228	2500	chrome.exe	120
PID 2500 wrote to memory of 3228	2500	chrome.exe	120
PID 2500 wrote to memory of 3228	2500	chrome.exe	120
PID 2500 wrote to memory of 3228	2500	chrome.exe	120
PID 2500 wrote to memory of 3228	2500	chrome.exe	120
PID 2500 wrote to memory of 3228	2500	chrome.exe	120
PID 2500 wrote to memory of 3228	2500	chrome.exe	120
PID 2500 wrote to memory of 3228	2500	chrome.exe	120
PID 2500 wrote to memory of 3228	2500	chrome.exe	120
PID 2500 wrote to memory of 3228	2500	chrome.exe	120
PID 2500 wrote to memory of 3228	2500	chrome.exe	120
PID 2500 wrote to memory of 3228	2500	chrome.exe	120
PID 2500 wrote to memory of 3228	2500	chrome.exe	120
PID 2500 wrote to memory of 3228	2500	chrome.exe	120

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Release-x86.zip"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:3532
- C:\Users\Admin\AppData\Local\Temp\7zOCCD9A197\BootstrapperUI.exe
  "C:\Users\Admin\AppData\Local\Temp\7zOCCD9A197\BootstrapperUI.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5088
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5088 -s 820
    3⤵
    - Program crash
    PID:4768
- C:\Users\Admin\AppData\Local\Temp\7zOCCDF5078\BootstrapperUI.exe
  "C:\Users\Admin\AppData\Local\Temp\7zOCCDF5078\BootstrapperUI.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1800
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 1412
    3⤵
    - Program crash
    PID:2540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 5088 -ip 5088
1⤵
PID:2612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 1800 -ip 1800
1⤵
PID:3284

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffb6740cc40,0x7ffb6740cc4c,0x7ffb6740cc58
  2⤵
  PID:3384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2112,i,8973749125634295733,8262987321240982144,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:2324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1924,i,8973749125634295733,8262987321240982144,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2152 /prefetch:3
  2⤵
  PID:1188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2264,i,8973749125634295733,8262987321240982144,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2536 /prefetch:8
  2⤵
  PID:3228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,8973749125634295733,8262987321240982144,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3196,i,8973749125634295733,8262987321240982144,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:1296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4248,i,8973749125634295733,8262987321240982144,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4596 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4736,i,8973749125634295733,8262987321240982144,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4760 /prefetch:8
  2⤵
  PID:1648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4832,i,8973749125634295733,8262987321240982144,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4828 /prefetch:8
  2⤵
  PID:4668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5088,i,8973749125634295733,8262987321240982144,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4824 /prefetch:8
  2⤵
  PID:352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4812,i,8973749125634295733,8262987321240982144,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4880 /prefetch:8
  2⤵
  PID:3000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5108,i,8973749125634295733,8262987321240982144,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4760 /prefetch:8
  2⤵
  PID:2748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5044,i,8973749125634295733,8262987321240982144,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4184 /prefetch:8
  2⤵
  PID:2336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5324,i,8973749125634295733,8262987321240982144,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5344 /prefetch:2
  2⤵
  PID:3984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5200,i,8973749125634295733,8262987321240982144,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5436,i,8973749125634295733,8262987321240982144,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5344 /prefetch:8
  2⤵
  PID:4448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5400,i,8973749125634295733,8262987321240982144,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5636 /prefetch:8
  2⤵
  - Modifies registry class
  PID:544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1124,i,8973749125634295733,8262987321240982144,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5100 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2072

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2252

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\23c827e1-4d31-4aaa-b81c-ee57ef688e9a.tmp

Filesize
231KB

MD5
afc7da8ce5ccbbffa51d1af29c0d4a14

SHA1
9219017bab60395d00f8dce5dda430b6b8ec884c

SHA256
4d65dfb0a68de76801279abf0ba1ccc454df3a26bb9b70c13e621ef98f496981

SHA512
7fa91154ec1e593fc1e5273f85e6759cbc6ca1de38fa4c8f1568b08efa2c2a75ddae15128e1ca146c79d32e681446f9655d69357dfb137b6570d82a608b5f802

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\42dc5c83-8b40-47ec-afef-ea46af9416da.tmp

Filesize
9KB

MD5
384d75a9d912171c50f40094ed8ceea2

SHA1
23277eafb4bb982c54a39fc45694502841c50eb7

SHA256
a7f2b1cbe77934d15db1f937a1f35480b601981a71da401e41b1a66de390b796

SHA512
278e6775d332f2041d3314ffcf01e018928133ca2876edc69f5da948075261b9c79d7be61d4997aa7405f000cbf297a23f176be45b87e4b84699338dca1de475

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
e7f80b3bc97b168c385145ad01277dd2

SHA1
0966f8c86e1996853d00a286e111de3122e71043

SHA256
2a9357c35176c3839e0e2fc222d87fcf6d92af57eeff91415e71aaf5dfc2945a

SHA512
2f64aeb6ae4f0c5675177979403b5c5b700369f2d5e545e2239e644698341c8455682a95a2dc0bc45a40013414099b15c8a2f05c68161a79d8e689baf9acf234

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
102KB

MD5
9c8e03ff5e5e23428d6836d054fe53d5

SHA1
c7022d3e7bf3239a7e17ff7d256fe22671429474

SHA256
65e4c37ad21da5c824f916a7aba8569bb6fd6ab6b21e160ebf4bca33e944a1b9

SHA512
dd5425066f3a47d6cacb4f189f21cec93f3e234a38e37a5fe404026cd4d571e8a0966854ffb31dd651d3956eb044bfde227f74fa2da3c574e8a37d7e6f87231f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
e1f9acc71582071263231142bf414869

SHA1
9bda4651927f67e1a0d86180767bd725b12f68b9

SHA256
94c7ef3830fb4b1b5fb82e32299c01391e43b8c22af8176add857055e356bdb1

SHA512
ec81b5d7c73e0323ef6c7bed74669ad682bc74fedaa78ba6bec73c4113d0be2f73bdef0cc84098ab52cde7178b08aa70d5f5402e7b01215a06ca52570798394d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
bfae7765bc3dfa65000b1c42051b1e3a

SHA1
8c5d3fa2fce84d5eef15d67faa2cd078f207bd55

SHA256
decba77ca5b3bd18aa272ce6add37bedf462aa00c2d2e847a4ebee6f85c386b8

SHA512
9dc9e234f4dcf3baa44845098ce1f86a859d6319864bff9d2b05b49c06ce95bcb759b36ee3a0ac2d1374175a005df62264654e7061110f232762a9ffe54efed2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
11e1f1cd755883c7b36e7dc110c04bc7

SHA1
4dd615f23ca72d9a0496c597c25e464b66b98f0e

SHA256
bf248a92cc27241e59056fbf82c0085562b9b9656f974fbd7d215fd36b83e585

SHA512
0fc829f6add9fa08271bfe12b791313be22ce524e2829be1b081676de62fe0356034a8a9fb7e1b0bdc8c960d11cdb2844d89bc63461c1628a15215bc33600fda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
1b6919cbd1bc40e099163ef4185b17f1

SHA1
223ee13edde3dbf225b8bc2f05fb7557bf643b54

SHA256
3f75537e104d1b5e1e395c3251fc39c5c4a7b88d1a27f60b06c1db25530c0cda

SHA512
7311fdbc938664d9cb5f9c26768dcae130fdeae19d7e4b91083730039c7b3fb17ff121b917ddcc046a0b358143edfc1441e0c8f54535c990fde000c9502ced45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
06c3f09e7c275fbf096b9bb13f172d64

SHA1
a43ebb17ae630a55891fa4f4fef8b0a979b29a77

SHA256
25a0a214d83be126b3bc9a0b9f28faa4192c6fe1753d594e2be5ec976eca95a0

SHA512
8eed43a47da2b7e93829536a27e477725310bfec7fbccd5c67838a8d70bf34ab1c9329305aa56566f10cbe43c5c4e1b97e83e4fd354c1807d2cdf0ce35d75ad8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5180fcce05d063d563dea8dfa40f1491

SHA1
f1a05fe8e5b15fbfa81f069741802a840e963576

SHA256
dd811da14c7aab2c2264027f3aa0a89907c5b5519b2c16a54a7595ff9630b99f

SHA512
4f3db8d87378d8b01b760ff63111be51177a490113421e2127f7825b5a78b6a7f4a4d589b55d3177cacda64ed26f2062607d423f747530b21ca947235a89f9ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3406bfc924892636f4036ca9912c5508

SHA1
71037ca88f0a16290cb426dd797eff23a5212cde

SHA256
1b0160c036c99deb08dfb26e290defcea5ae2fd153bba80f75842bfb36b7a542

SHA512
59374b51283d93bca7dc37fca516a299ef586068b95618a0c71e2cd5cff0aa935634ffc44c63f6a2b992a180b287f29f02ee7318125941f74cb9dc533f1a96a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
78abc29638540900b0e8536f843fdcb2

SHA1
6e887ae43f49d7f44c1c0debc9fda92a45f7f7b0

SHA256
5a9e01e2552e9e012c3390a25364cab619a90c31bfb548c061d1f7a649d7a15d

SHA512
fd55c1dba326fbc9e2a077b8636230705220517c84293ed1e34cc52e4464ea7f26205ab86ee6cdb0d003a6eb7051ef3f94d07575930b81d098650f829c1cdedb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
a22d398af8f22e0d20e8459c2122847e

SHA1
a2a5d6ce6d82a00c32054816685110a8d45beced

SHA256
6b37f57a5d017fde6ac8e1445681a84ccf678bad125ab122a6e99e11b5f72d17

SHA512
d1f8b6e79339d8e85c37e68f59ce87a0ca1562c8ba2e343d59224bd1e4e1b34c4f018fc5907790930577cb935373feff72153cf0cad624e8a870e4bfd5e666eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0913eaef8ac54f7238b3749241a74f25

SHA1
3571819330ec72200658316552dd5f7122bf040a

SHA256
4f3ff0f8ba1b578a069018c12fd03c8872779feeb04d1e4436d191100bea3284

SHA512
ed9c38f5da5d0327574c04d102196af20d16572e8ee960be97e70841d58d69bee12d3a9e71e38149021194d623bc7cb079dd8e74b46463ff2a2ab0965c06f86f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
43852d72b98ff096f280f53f74732d32

SHA1
4080d636ca96addb906154f20e9476372ceaf1a6

SHA256
20cd091178882c338d983bcd4140896fc91c3735b7226b6f734f91af5e5cb670

SHA512
db80a1deafe7fab46e8ae379f924a184425caed544d74a5e4b904c85f91fed7c97bdee467ea587e0fedb3a99c306b99530eac615b3f46f81927974aff06dbfcb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
bb2382c1d2572fdbffb1f461257b5f20

SHA1
cc06ec741717dda1d5a178e3dff33052995e1abe

SHA256
ae01f0fd005add05ca40c3e5cfaf804e78ab2d18ee4d73fcc6ccf9dcb5827c90

SHA512
a6922725e8fe81b384a11e1bd6d50f0a36da99bd07ae7fb95f81a836673a2d99f03c41fe2ae2c2225e4674b6693b74704a53b2aa089acff0d1669afac0057688

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
943c1746d1a28ffa39fddf68abcacff5

SHA1
33781e780cbd9fac95902ebeb8710d72ec819d12

SHA256
244b9919430b0790a39a13b609e6ff21d4505d0a01d94f5093984eb44c9453e4

SHA512
3048a8482a6dfc716cd28b62f565911bd4422552c4341ec16d8c81ab049b7e0f12714bf1a67d88639d800e012519d20fb5cb506b424754e92e6ed8992270365d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
8ee24ea5b138028e99f08e413d45224a

SHA1
16aec463d24ded9be739a8c95fd8570764d42566

SHA256
4b335e609ed2ec6aeaccee30c341de7c21ffd179c3777d4920793417488b4649

SHA512
20924c1bff6489cb1d784f3202299bdab04e9b66b2d660aaf59d082fea48c749e3b9cdc9b735856210ee07e299fe08a5c599bed543e2012ac0e9a8d7201c1fc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b2634bd2a7a0268841312e9f9393d63b

SHA1
644dcccf8e2274c2131a5e3f6ed65f946affcd9d

SHA256
96bcf9fe2da01b31ee09e7de307aef7c262d75f79276889cb58e69f09e3c4be8

SHA512
2acb895457e42ffcde4d9f7076423f247515ea23bd316329f252585c2863c6d8286f50fc0cc933b5b3c8fe062e2b36776eefca889efdbb83b7cebdc5cf17246a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
87dd78d89fe76441e8b0a6fdd269cbfd

SHA1
c67275bbd5b00a9d8a2f4b802f0f188ee710411f

SHA256
d044e2484b0f904a32cc8561e05b725270c32f0ee55e80d9c1ef4b43b7ee0ee7

SHA512
e50f13215f481203d10a039593e3db00a83507198a55ffb08cc552e686af87bda0f179aad5c7d3fb2605e2e7833b78beaaba98fabc1c56964ba4a8efaf08ec7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
dd70464f660f40ea9ddbe28afb3973eb

SHA1
23d7d32ed90cec9f4d15fc32726820049e7a6a6a

SHA256
0622236662d13bca0b4964afd4de1e235eccfb17c3fe3d2d1b8523ba81f00fa0

SHA512
3e619c508cc957ff790538dcac3e14bbca8f27bd61dab6ffac7efed4c8faec986268f6ac7c2bd91026d670755ae83b080cd8806659953381b6a24809614df4da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
dc8cbeaa24cf869319f8a2f029e7ace3

SHA1
53c336029c11a54c49f083b3b32cebae7cd44151

SHA256
daa994a23709eff9381d986cc2d28232d2ecc12a479ba6f52f3e4abe3cf9f44f

SHA512
0d362b6e45f90c805aef1a3890cc3063fd811d6f6a8ae39ee5c22af3b0d8d5ef26b79d53b418dbbb711aa07e22e069adbb479a677e6333c856666c7938bff1c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d89b63b52eb33fe0838347e6da120da8

SHA1
75d3817fb54466a3b5d119ccaa65d7f39f8af5a2

SHA256
a6c906f65b02f73c0c32d473148d8c9168b02967736ed06fd5edce44629d12f0

SHA512
c511fdbe462404de9320567ee123495f041f8748b851c87c85e3e7fb6e8fb8d1f3bbb608e126c156255e0f0acbca743843c03019e8ccec2867e241cdc350d59c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
eacb737a0db974602b668a4bb8d42d76

SHA1
8abaa79101788e7decb47fa77a394416cc0ef818

SHA256
4be8f413c8ecf8220f0763574427b6d1220d847e43c41d6b6a28c56f13f947d0

SHA512
fd74f7284f890b37f864041f0587bbbf0e3f1d1dad99274d8c91930febd7ee74860f2dc2b1bb8b11d2ac20ac6154034021b5120f22f90a00f06bbe44ca34c80e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d5f2a6e2481fcdacbf4f45d7bdceda7e

SHA1
8e2fe7a5afbba54db0bc7daf4a761ac70e38386f

SHA256
fb8840fc3ae7e90ab56c4e044ed20f774785d3a068e9d9ceec0bf5a2cd3c8a37

SHA512
d1abf392aef8cf0a51170d1a1b285b614813d253858fccdff965b5db29a4f92ba6409e765d5d08a6e4a5c488c8f2c3d73ffa6d5e4f37d1bf67bbf9750c8f9a13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
52a5b1fe8bd2dc0a1d6c7cda22e23091

SHA1
068e794a85578ab3102710a4ab791989e9043b3d

SHA256
168b27a5965ea4acf73fb817c1f75ce4ea80ea32407c46e10dc9cd1f831b3ada

SHA512
fbe01b30cd8d0b31d5e3e8e7cdf6846f45de71300ca350f2e47283b07ef41ce70d24194f4b85d1294be806c0486653fc7586f348ca23adf8281837dda11d5cdc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
57a3b2209fe0a2b0d7d0891588698cd8

SHA1
11d76d1d1b0d65c0ecefee1f12ff8d3b530ca2c8

SHA256
ab0260e54c17fee022665c2ad549ef16f13ce297dbc5a9977703a22088acd052

SHA512
901f3cd85f1d564f3d05bf261e212043f8ba389e638d3e43a39a7222cc30a139a94e0a3d4ce4bfc30088f097a9b3273da3ed45998847688387220df00bd2e25c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
487477f1f561cf80554476d41783e782

SHA1
7d1aa8a8035a0fcbab4da458c565b1b38faa6f71

SHA256
06ca80aa03c24356b3ea94d7332076d7b9962e333898c2f5fa4fbaa7f26e964b

SHA512
445227386215c6ef5caea85f747dc1f1797c260219510f24d303f2e5c550622adaa82967948c2f00e2004e6138d43ef350c12c549dbb317a5f39a5017664862c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
61e1602c2c26f428550c133c219014f2

SHA1
98d62b451bd8aebed9d620bc43da12776112b762

SHA256
cb8678018a4c9cedb09dffc4ff60a60c0b0ac25e4d6e55b3073b383e29b07a79

SHA512
589c135a01976b1c67c3b7a73c96a5446a68e89441c06cb7e83a94e4f12237fd0ab6ea0b24390eb43822a82c5b9e5c2e55704cf0019862ca8ffb55838e1f6142

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
18e3e4bc6063b3b4b10dea70592a412b

SHA1
5431d98d2162702042aee230ffb07128900104e3

SHA256
0ba48a182a95ea2aeee49626ae0ee9b3ff76225ef24c062317bfc91917060253

SHA512
3942d923dba29f2b8da7aabbc71e02bd93003340735cb2d86cd5cda3ea9a8d3e9648e91fa5120030de04bbf646ff9fdb31d8694b5afc53c9aee64e59e8bf7c0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2f61c824fafac4a398de21bbd358f638

SHA1
a3197c63568994ea140c8a0a8f653de3a296717a

SHA256
aa518cd03290235bb2053423920c4cf17eee6fccfa9e7e51fc3c98a5720aff10

SHA512
413fe1d726369cc4784907f2d9c2d0e129991997f83c65e71ff7df3e90bf7d117c7ffc26749ec312013358c882a9f858f1948276f45b3492118e294152d77b1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
49b8770e19516c901f5d7cfbb43abd5d

SHA1
3a60426143cfdbbfeae4a1e4ce277d9651953008

SHA256
67df79358b5541821bc43032c9315b15eb2b4a85ce4e9d83fa3164d57314a015

SHA512
53b060aff5cf6bfaffbd3828929f3db07c21d61b8e40db4eeaadf6ee9ae19ffd7b08458f93dcf7e1e1c10582f8f4f5a2ba56066fb3a79d863fc87b93ee56ae22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
302db25a5e7673949a981e105aea3265

SHA1
94b77410604321079283447ad2af22450efa9d5d

SHA256
ed1b6a8f7245632a38b263098aeee1f5eaa766b1fbb608cc1f33d163560aefc1

SHA512
cdca7721fc9531307c8556f3f37b0b01471e62c7878939d19b62de84f134c6ea99831c05e481059c82c1c6de7a76284de89b9082432ae0bc4d8461308cdb44b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
e1cf5ac0feb2c4407f364172793e68ae

SHA1
9380034ebd3680969e8df18ba04322580f42b0db

SHA256
b34bed60007a044c011453d67545973121fc7771dda87773b34964ad6083095d

SHA512
9b09eca207e4a9daecba4f6bc273546eeaf0951f62c5228679460c0e95a8ce08a66c941bff4b567b6b450c9d447a23d4a27dc56b5a1e1d8c4cc095ffa0c6470a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
57e0b7db766725bcb0f2730fb19edc39

SHA1
bd8061716d40888451df90cda152c5259138a8f6

SHA256
5b994671c962140ac15970bf6f5c10f97d765e7055600d18e4f45bb70ed96411

SHA512
69f3f3fddac29b5132b67aae3c5a94d942430c4264c75673d474b97282a30c124f8579512edb12e8db40917172e51a0a8f5e9a0c34fd0797ac51b9fe64b8ab49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
ae56e3ca9811bc0fd30be1dc3e653cd1

SHA1
467eef54ee79c817d883d95cc52a3281d9abe4a4

SHA256
196d28b47579755cf9947c0389926ffb082e71e61d9040154c30d51f0ef2ad35

SHA512
ef26311821d82954f0d0c6503dc81e53619c51c82d555ecc93f8f2f7a208d7e9623a971be6d148d2406a56cbe1ad287369b1fc633fcb14650426b6c37794eced

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zOCCD9A197\BootstrapperUI.exe

Filesize
334KB

MD5
b8707d5c712788bef83bb6b114761980

SHA1
f06d73138c9d5130968c53c8e83ee129a09ff17e

SHA256
01859764e1398422d1bac65752ed02cfe0c8fdb603b763fcafe329e27eeb3aac

SHA512
a17821bc36f8c0a3d1017004c1286ac530eb145f0ce0798c26ec9751a37d349b843d0cd3ae8d8b5b7dfd5d7361ab96c12a86c9dffd4559afea4a65ece28d39ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2500_1075688400\7b36e235-1f15-4537-9e44-2c7d26f81f6e.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2500_1075688400\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
memory/1800-26-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/1800-25-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/1800-27-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/5088-14-0x0000000002220000-0x000000000226D000-memory.dmp

Filesize
308KB

Download
memory/5088-10-0x0000000002220000-0x000000000226D000-memory.dmp

Filesize
308KB

Download
memory/5088-11-0x0000000000400000-0x0000000000457000-memory.dmp

Filesize
348KB

Download
memory/5088-12-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/5088-15-0x0000000000400000-0x0000000000457000-memory.dmp

Filesize
348KB

Download
memory/5088-9-0x00000000021A0000-0x00000000021CE000-memory.dmp

Filesize
184KB

Download
memory/5088-13-0x00000000021A0000-0x00000000021CE000-memory.dmp

Filesize
184KB

Download