lumma | hxxps://www[.]mediafire[.]com/file/tap5g88pj4tz0l3/Launcher_x64[.]zip/file

Analysis

max time kernel
310s
max time network
309s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
05-01-2025 00:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/tap5g88pj4tz0l3/Launcher_x64.zip/file

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

Extracted

Family

lumma

https://abruptyopsn.shop/api

https://wholersorie.shop/api

https://framekgirus.shop/api

https://tirepublicerj.shop/api

https://noisycuttej.shop/api

https://rabidcowse.shop/api

https://cloudewahsj.shop/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

Executes dropped EXE 2 IoCs

pid	Process
5024	Launcher_x64.exe
3460	Launcher_x64.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 5024 set thread context of 3460	5024	Launcher_x64.exe	126

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Launcher_x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Launcher_x64.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133805120625157055"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\SniffedFolderType = "Generic"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\SniffedFolderType = "Generic"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = 00000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0 = 6200310000000000255ae70610004c41554e43487e3100004a0009000400efbe255ae506255ae7062e0000005e1d0200000002000000000000000000000000000000ea3e72004c00610075006e0063006800650072005f00780036003400000018000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 = 200000001a00eebbfe23000010009bee837d4422704eb1f55393042af1e400000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 14002e8005398e082303024b98265d99428e115f0000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\NodeSlot = "6"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\MRUListEx = 00000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616193"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3528	chrome.exe
3528	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

pid	Process
3216	chrome.exe
2656	chrome.exe
2828	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3528	chrome.exe
Token: SeCreatePagefilePrivilege	3528	chrome.exe
Token: SeShutdownPrivilege	3528	chrome.exe
Token: SeCreatePagefilePrivilege	3528	chrome.exe
Token: SeShutdownPrivilege	3528	chrome.exe
Token: SeCreatePagefilePrivilege	3528	chrome.exe
Token: SeShutdownPrivilege	3528	chrome.exe
Token: SeCreatePagefilePrivilege	3528	chrome.exe
Token: SeShutdownPrivilege	3528	chrome.exe
Token: SeCreatePagefilePrivilege	3528	chrome.exe
Token: SeShutdownPrivilege	3528	chrome.exe
Token: SeCreatePagefilePrivilege	3528	chrome.exe
Token: SeShutdownPrivilege	3528	chrome.exe
Token: SeCreatePagefilePrivilege	3528	chrome.exe
Token: SeShutdownPrivilege	3528	chrome.exe
Token: SeCreatePagefilePrivilege	3528	chrome.exe
Token: SeShutdownPrivilege	3528	chrome.exe
Token: SeCreatePagefilePrivilege	3528	chrome.exe
Token: SeShutdownPrivilege	3528	chrome.exe
Token: SeCreatePagefilePrivilege	3528	chrome.exe
Token: SeShutdownPrivilege	3528	chrome.exe
Token: SeCreatePagefilePrivilege	3528	chrome.exe
Token: SeShutdownPrivilege	3528	chrome.exe
Token: SeCreatePagefilePrivilege	3528	chrome.exe
Token: SeShutdownPrivilege	3528	chrome.exe
Token: SeCreatePagefilePrivilege	3528	chrome.exe
Token: SeShutdownPrivilege	3528	chrome.exe
Token: SeCreatePagefilePrivilege	3528	chrome.exe
Token: SeShutdownPrivilege	3528	chrome.exe
Token: SeCreatePagefilePrivilege	3528	chrome.exe
Token: SeShutdownPrivilege	3528	chrome.exe
Token: SeCreatePagefilePrivilege	3528	chrome.exe
Token: SeShutdownPrivilege	3528	chrome.exe
Token: SeCreatePagefilePrivilege	3528	chrome.exe
Token: SeShutdownPrivilege	3528	chrome.exe
Token: SeCreatePagefilePrivilege	3528	chrome.exe
Token: SeShutdownPrivilege	3528	chrome.exe
Token: SeCreatePagefilePrivilege	3528	chrome.exe
Token: SeShutdownPrivilege	3528	chrome.exe
Token: SeCreatePagefilePrivilege	3528	chrome.exe
Token: SeShutdownPrivilege	3528	chrome.exe
Token: SeCreatePagefilePrivilege	3528	chrome.exe
Token: SeShutdownPrivilege	3528	chrome.exe
Token: SeCreatePagefilePrivilege	3528	chrome.exe
Token: SeShutdownPrivilege	3528	chrome.exe
Token: SeCreatePagefilePrivilege	3528	chrome.exe
Token: SeShutdownPrivilege	3528	chrome.exe
Token: SeCreatePagefilePrivilege	3528	chrome.exe
Token: SeShutdownPrivilege	3528	chrome.exe
Token: SeCreatePagefilePrivilege	3528	chrome.exe
Token: SeShutdownPrivilege	3528	chrome.exe
Token: SeCreatePagefilePrivilege	3528	chrome.exe
Token: SeShutdownPrivilege	3528	chrome.exe
Token: SeCreatePagefilePrivilege	3528	chrome.exe
Token: SeShutdownPrivilege	3528	chrome.exe
Token: SeCreatePagefilePrivilege	3528	chrome.exe
Token: SeShutdownPrivilege	3528	chrome.exe
Token: SeCreatePagefilePrivilege	3528	chrome.exe
Token: SeShutdownPrivilege	3528	chrome.exe
Token: SeCreatePagefilePrivilege	3528	chrome.exe
Token: SeShutdownPrivilege	3528	chrome.exe
Token: SeCreatePagefilePrivilege	3528	chrome.exe
Token: SeShutdownPrivilege	3528	chrome.exe
Token: SeCreatePagefilePrivilege	3528	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
3528	chrome.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe
2828	taskmgr.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
3216	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
5072	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3528 wrote to memory of 1660	3528	chrome.exe	82
PID 3528 wrote to memory of 1660	3528	chrome.exe	82
PID 3528 wrote to memory of 3648	3528	chrome.exe	83
PID 3528 wrote to memory of 3648	3528	chrome.exe	83
PID 3528 wrote to memory of 3648	3528	chrome.exe	83
PID 3528 wrote to memory of 3648	3528	chrome.exe	83
PID 3528 wrote to memory of 3648	3528	chrome.exe	83
PID 3528 wrote to memory of 3648	3528	chrome.exe	83
PID 3528 wrote to memory of 3648	3528	chrome.exe	83
PID 3528 wrote to memory of 3648	3528	chrome.exe	83
PID 3528 wrote to memory of 3648	3528	chrome.exe	83
PID 3528 wrote to memory of 3648	3528	chrome.exe	83
PID 3528 wrote to memory of 3648	3528	chrome.exe	83
PID 3528 wrote to memory of 3648	3528	chrome.exe	83
PID 3528 wrote to memory of 3648	3528	chrome.exe	83
PID 3528 wrote to memory of 3648	3528	chrome.exe	83
PID 3528 wrote to memory of 3648	3528	chrome.exe	83
PID 3528 wrote to memory of 3648	3528	chrome.exe	83
PID 3528 wrote to memory of 3648	3528	chrome.exe	83
PID 3528 wrote to memory of 3648	3528	chrome.exe	83
PID 3528 wrote to memory of 3648	3528	chrome.exe	83
PID 3528 wrote to memory of 3648	3528	chrome.exe	83
PID 3528 wrote to memory of 3648	3528	chrome.exe	83
PID 3528 wrote to memory of 3648	3528	chrome.exe	83
PID 3528 wrote to memory of 3648	3528	chrome.exe	83
PID 3528 wrote to memory of 3648	3528	chrome.exe	83
PID 3528 wrote to memory of 3648	3528	chrome.exe	83
PID 3528 wrote to memory of 3648	3528	chrome.exe	83
PID 3528 wrote to memory of 3648	3528	chrome.exe	83
PID 3528 wrote to memory of 3648	3528	chrome.exe	83
PID 3528 wrote to memory of 3648	3528	chrome.exe	83
PID 3528 wrote to memory of 3648	3528	chrome.exe	83
PID 3528 wrote to memory of 4648	3528	chrome.exe	84
PID 3528 wrote to memory of 4648	3528	chrome.exe	84
PID 3528 wrote to memory of 468	3528	chrome.exe	85
PID 3528 wrote to memory of 468	3528	chrome.exe	85
PID 3528 wrote to memory of 468	3528	chrome.exe	85
PID 3528 wrote to memory of 468	3528	chrome.exe	85
PID 3528 wrote to memory of 468	3528	chrome.exe	85
PID 3528 wrote to memory of 468	3528	chrome.exe	85
PID 3528 wrote to memory of 468	3528	chrome.exe	85
PID 3528 wrote to memory of 468	3528	chrome.exe	85
PID 3528 wrote to memory of 468	3528	chrome.exe	85
PID 3528 wrote to memory of 468	3528	chrome.exe	85
PID 3528 wrote to memory of 468	3528	chrome.exe	85
PID 3528 wrote to memory of 468	3528	chrome.exe	85
PID 3528 wrote to memory of 468	3528	chrome.exe	85
PID 3528 wrote to memory of 468	3528	chrome.exe	85
PID 3528 wrote to memory of 468	3528	chrome.exe	85
PID 3528 wrote to memory of 468	3528	chrome.exe	85
PID 3528 wrote to memory of 468	3528	chrome.exe	85
PID 3528 wrote to memory of 468	3528	chrome.exe	85
PID 3528 wrote to memory of 468	3528	chrome.exe	85
PID 3528 wrote to memory of 468	3528	chrome.exe	85
PID 3528 wrote to memory of 468	3528	chrome.exe	85
PID 3528 wrote to memory of 468	3528	chrome.exe	85
PID 3528 wrote to memory of 468	3528	chrome.exe	85
PID 3528 wrote to memory of 468	3528	chrome.exe	85
PID 3528 wrote to memory of 468	3528	chrome.exe	85
PID 3528 wrote to memory of 468	3528	chrome.exe	85
PID 3528 wrote to memory of 468	3528	chrome.exe	85
PID 3528 wrote to memory of 468	3528	chrome.exe	85
PID 3528 wrote to memory of 468	3528	chrome.exe	85
PID 3528 wrote to memory of 468	3528	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.mediafire.com/file/tap5g88pj4tz0l3/Launcher_x64.zip/file
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8dee0cc40,0x7ff8dee0cc4c,0x7ff8dee0cc58
  2⤵
  PID:1660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1916,i,14879645772478767189,1301549317709381696,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1912 /prefetch:2
  2⤵
  PID:3648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2124,i,14879645772478767189,1301549317709381696,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  PID:4648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2228,i,14879645772478767189,1301549317709381696,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2408 /prefetch:8
  2⤵
  PID:468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,14879645772478767189,1301549317709381696,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3128 /prefetch:1
  2⤵
  PID:216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3112,i,14879645772478767189,1301549317709381696,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:2136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4984,i,14879645772478767189,1301549317709381696,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4356 /prefetch:1
  2⤵
  PID:824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=5188,i,14879645772478767189,1301549317709381696,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:4540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4664,i,14879645772478767189,1301549317709381696,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5356 /prefetch:1
  2⤵
  PID:4524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5556,i,14879645772478767189,1301549317709381696,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:2828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5296,i,14879645772478767189,1301549317709381696,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:3712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5856,i,14879645772478767189,1301549317709381696,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5868 /prefetch:8
  2⤵
  PID:2236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5328,i,14879645772478767189,1301549317709381696,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:2368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4860,i,14879645772478767189,1301549317709381696,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4656 /prefetch:8
  2⤵
  PID:976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5444,i,14879645772478767189,1301549317709381696,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4004 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5276,i,14879645772478767189,1301549317709381696,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4464 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5292,i,14879645772478767189,1301549317709381696,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5268 /prefetch:8
  2⤵
  PID:1156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4840,i,14879645772478767189,1301549317709381696,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4848 /prefetch:8
  2⤵
  PID:3220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4808,i,14879645772478767189,1301549317709381696,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4552 /prefetch:8
  2⤵
  PID:4908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4804,i,14879645772478767189,1301549317709381696,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6272 /prefetch:8
  2⤵
  PID:428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6460,i,14879645772478767189,1301549317709381696,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6456 /prefetch:8
  2⤵
  PID:2844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4952,i,14879645772478767189,1301549317709381696,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5092 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:5004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5136,i,14879645772478767189,1301549317709381696,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5080 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:3216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4784,i,14879645772478767189,1301549317709381696,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6420 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4916,i,14879645772478767189,1301549317709381696,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5080 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:2656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=968,i,14879645772478767189,1301549317709381696,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5840 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:5072

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4160

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3864

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2664

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Launcher_x64\" -spe -an -ai#7zMap3437:86:7zEvent27518
1⤵
PID:2236

C:\Users\Admin\Downloads\Launcher_x64\Launcher_x64.exe
"C:\Users\Admin\Downloads\Launcher_x64\Launcher_x64.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:5024
- C:\Users\Admin\Downloads\Launcher_x64\Launcher_x64.exe
  "C:\Users\Admin\Downloads\Launcher_x64\Launcher_x64.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3460

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
PID:2828

C:\Windows\System32\8zj1cq.exe
"C:\Windows\System32\8zj1cq.exe"
1⤵
PID:116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
1fd2bcf7be677e004a5421b78e261340

SHA1
4e5abd04329ee1ffaebe9c04b67deef17f89ff84

SHA256
f539c848f584add20b43d5daefd614526b67adbf22b0c89eaa7802a8a653cd31

SHA512
929499946e38281bd808b37b362c4a86f3b6382eb1ecd5fc094410d3688906d14a114ca930a2cf38b6241ab734bc5959e6fe541270d47ca9538e82a68c99cc77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
a810a5de0bd39322b8feea95f6104f37

SHA1
659e1f8748b1d4d02f4eedd9800305e327d24c2d

SHA256
e36adfc07952381518d57532b94770a84a1908258d3366d89b94fd268db68551

SHA512
52ca80c7ee3be5cf425d26a8c7f03bf27e54b70adbb15b203042a0b77f06ca8e770469e39f1892939dd2c1ecabf31e6adccebf47aef389fb4d57caf8a0262de7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
2c691ae746ff7a514eec3934ea44b433

SHA1
b0b8dadb88c39e042a6b61d9b4b1084d25507f05

SHA256
0c723fd37641c3005c91789c5bc13ada168d0d61a542c685571311ea00757eab

SHA512
ff277a68d6f6aea02cc8f30c962522785f2d6dde666387c056729549b205099094edf02af1b7e54dfa77d26c0117318cdfdce8b2f0495e27c2c79570cc44538c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
9385dad5721b91faeb7ce8e416e064f0

SHA1
92b613a78e9abc26793013c2e5104597e3d3eaed

SHA256
db32c9e06bf3043b1dd460ece4d5b61d68cc31a397a13a239e06a137a73f7c3c

SHA512
23b07fa9cd9f046004ad2541e9fd7b2976dd722fa1a9b1ffafee99984ae562db82261b30af2dc6df31c44bed68abe207e6780cb202911b0b24191384b5ab75e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
9134c29145cb992260161fce9f464f80

SHA1
dc91a6064f720c46b298deb3a1a023f65b5411db

SHA256
e4f3fcb71903a0fceb6b9a1981e38fdb49a0c169c979f21a9fdb30fe3bf1127a

SHA512
c3e5a6ec127c2c2872d81c5593b8b2a4a4537be9366d50d9f367d592cbbdb0bd9b2057cf2ac8236115d56b234dfa660d7aa84d7204b252088670d61a5fd75ede

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
912B

MD5
3d3ce81bba3bc203d1cdd1a950f5baff

SHA1
ef6c8c6fca4ab8888c2e4f94f6f0924b4cb3c6a3

SHA256
a7a8bd43cf7e0cb8e384372f0c4686055bacef6259e183d30eec26255c470a1a

SHA512
9758454f730c7a1b029d2fc42f242dfc1670857261e389ee52d6cd3b5976a4c31392704559851a46c9378b757879a3c496e067dc63ac3183cefe45c85dc3641c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
9968211fec7230851e39ea9ab74ac9ac

SHA1
7b31dd70bae10ed119e27917c0713bfae2e0ce32

SHA256
2ca0d9995a6c2a49ed37660a45bad15fe99af2f46b7957867ff7fe119247ffcb

SHA512
80cd86e250374aed8a21f1e1416cc7298655cd598a302889bf4d7216fc21d565a99750f5e0d5e6dcfd9c9514b9acb9eed10d17ef705f51a4a1909f681c2c1450

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\60dbe2c9-f88f-4ad2-afb2-2fee2043a26b.tmp

Filesize
1KB

MD5
322dececf801fcc2431e4f5d211dfdcd

SHA1
48c57f1109b70928ae18b28a0b9bed1eb4d99c34

SHA256
776cd6ca7b650b281b21cd0f1a950816320f69d7587f66a6c4b4fbed0b672467

SHA512
d9c25faf2868b5dd24e567f79bc69cc04ce0ab22a793b9ce606e123d1a7166c69b18bdfde0e81c46f021c29a3e73d8c6da5ffbe4e57e52bb6576cb23ad59839f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
11KB

MD5
009ba5b5cd274f4f9f2edbdab14665ba

SHA1
3e0393875a97f426f22d551bf91d7f765750e937

SHA256
fc41025151f1329ea2e9f836aef74b78c0147f7d246acc74b9ff866e4fa6b304

SHA512
c07d85962dac53d649c956d3c23ebaf09db317ce6671823f670c79d1f078140b1adced7c4249223ef3094f6422bb0c599820d19a22047c74dcc1b1b2a8c9d532

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
fefba75f4c3c56eff7fad4f57ca806dd

SHA1
ef8346ee7aeb361e44e6ec6e8f2c2be0e5935cc7

SHA256
0e0c6adeada18321fa57008b8569c58a69c034af3f905eb211b20d5b1084b38e

SHA512
8bcac0e5ad3401bd49ea685ec0ada2c205124dd3a42d60a8c180cfbbd070143a2152af6204322dfa89c43ab991ebae677aa2ac6694171843f1262476bab2275e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
56b47f759dab24dd6d48e5f334460358

SHA1
c8b6d87c6f9b5838233df9967abb8b53590e49d3

SHA256
2cbd3b5760f702a829218835475d27737bdbb59f39dc122c3d9d3e8fe8c1451e

SHA512
c4be87833a0118b4b2d7fa5d395ad1ec650a9a07812c35d296801ce90080e5bce4b8d9b595b1b0275c7358a6d45b0c5655e929e719dd1c1567a0b7610f134e12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1b9fb10b0433c9dd09243e0bd46e696b

SHA1
b806b31882034dd59b6e490ae76e1314dff257c2

SHA256
bf4da4cf5c3fafe5acbea2001d48c6424b29e89c49d837f379c6aee965f7a83e

SHA512
77bac269ca8bd608198675799fae71fced7f2770a8be04da5da8d86cd2ab2aed64bdb994b80f6330bdd2b683bca2308e2abfcc8b58206c9c4ce978970e373fb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
68372785e7f3ea8257d83d45d00dd035

SHA1
36ecf65b82d01afb148ee9a34f8e1fcdc80e8120

SHA256
ffc8b8a0ee7c9826b0859d02a74313632ae9bc3939a54475db4caec3907702b8

SHA512
3200d7db6740bdf8923a1a90a9446ccf39d9df076486af47fad014bd58690accc9ce59417b30fa05fb0add9bb56cf5cf16b192246db6a40a9fe1541c143e4e24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
30a48b41e0bf6cf1c838ece5da40d9ab

SHA1
7fdaaca06f53dc25beb4006694c3533fcba45704

SHA256
0b31f58a46591c3cff9112259c3eb36aafcd51d6207b9c5a2cfc1c66fdd2e126

SHA512
d666e440fed91b056c6c599a1a6e3dac912f08365f2494edc930d189c392d792b4a517eff5c4ac78422f77218e9b94c8329a0df58d43ff86e94d40c8b2b56b12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
74af966e807554a116cd6a4a96b72347

SHA1
f2ce4adf962196a47e4c89e5d58b3d6166d4d513

SHA256
4ca8a26780b5e6ebd689a5c878ad52e7b9a981152fa7170b727cc916b6e8651e

SHA512
b6f59bf84443a964ca56b8fb151362ca3986e034df9603dec09c277479a9239d9487b82198e256347bbfdbe632d74d095d878b9cb2c4c1a318686d1b76b034ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
6b1a1425b4b7cd1f5c7a59408f9a8b59

SHA1
b4acbfbac9f3d74e4e641bab992a5f070735fa19

SHA256
b02f47e9f56c3fd03bdc07a23cdeb3adf916a47f2ead4823b61ec4af5d81f4d7

SHA512
b1e15dc0ab955db7a86a30d9298feb3506d75cfbc6b44e8e472b428bd644780a4fdd0a25b94dc21a131ba49360668dfbe82da1136ff18591399c75105277441c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d03f835b71744a120fdc294e650c66f6

SHA1
716645153b09c5a5da0d152e1e7eb478cba0f742

SHA256
e34ad13e95bc779f0213cfe4d1e496eb9025f9312fc887146d186ea7765dc669

SHA512
217e4c44725e4a20913d3461d5b79e404ff41bfbf291a46f63bcb28e33fa4b02f8c5bbc7246d166a6cceaaac4df80e261ea688f06dd08fd7a139a787cf0665f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
902f922c146c542e989cf71676355846

SHA1
43008ef56a6f370a3a712270a34f7c4bb727c9b7

SHA256
18ae16d23cb72b109717857073c61322b424ea9df68311e77a2802a590249aca

SHA512
ea93541ddcbd4f0a16a560406c0ca763af869f7d1e9113d04a85da3ef6beec6dc0925d2269bd2f46fd5d0bde5791921e509051f0e0edffdd2732ba987ee8d3e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
3825ba8edbc9f30e614a0d8ff88dfa7c

SHA1
f86c0ebaed8d00129876d12bdf2db74a3d363d47

SHA256
1e04595d9d543895b8ac3831a147d2c1fefad1e881d95b67f63f957c30c8ea98

SHA512
e750202e1aa16c5e68d08250eb2137734150f0b69aa6ab47d01b7a0269fc6301c30bd0f8f8528ab8e2909f6a45b5b041d841c1a7a33fcaf7f0d85d90cd7e3de9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
3eace5304bc6db9af799ce74fd4f1cee

SHA1
a4052c05659c764636ae501512545e8edca8da91

SHA256
f4dfde9bf15a32d61714664654c78185209b40e91db6ae456d1e6477ba9e6eb4

SHA512
17c75e2ea67ec3e683d845ceafb39087961296079bde30d8d2fd337d607af3d911b5b01687c0a9afb1e5f88a8206a5d2ed1a20735b9436272cb449de30402af0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
201c871d38b65a8da037af452c684445

SHA1
87f0a1b1a9d78b95cb3598a3b788c071ff922031

SHA256
62a380c890fc331d1d2086a6bea2090f5d74b4ccc75f2c67bdd581db1ae795b4

SHA512
c74123b115b3c576f8f05f086588e7788a7b50c8fac768c37a544961881a2c33ccedc80dbca227a05e0e2f33c7545f69a9a263ea60ae1b82f1aca2b89bd7e9c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
466a0de14560c2cf9a288776d9dbc032

SHA1
27f1083988789fd950540aef64604b2684ffd461

SHA256
d16ce598411b3eaf9d003456438c45f247459f3df6ffa9cc51050d2d56cadead

SHA512
0d8f1fc16dd050434afa209d3228db8a7cb37065655aeebe82d14ccdc2d0cf1835af1f3e1411177da8958fd6cad6763c9f89d40cca463f15eecb4ffc8fcd7e0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b987cbd84bc44274062a36e6d0ce190e

SHA1
acc8615fe4fedebee91ebaec35da99c70252cc74

SHA256
0b4ee03f7ceecb00a441d3b1c1e05db53a444463301a76eb9de5d2707e176027

SHA512
a34d08a649be6226d971ee520d6dadf5cafabf8d0a9ab5d76f9aa31ae7951c4cd2c3c44522c9dafca10fd7457a77897e03bdf7889eb303792c9a8df349c87908

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
481699a8b3c499e437010c4d9e8bc7e7

SHA1
d4dafcfa4c0c79de11cc61c9b7be2c6dadbf9041

SHA256
c71b88b80dcbe8a7f907d79e5dfdc79f7a69a250ae35e519c39ff232c760a4c3

SHA512
aea33697f6973dcf7192fba49609d7166bda867fcb459bb60be85c55b3a862af6058eff754863395410d90d5fd4dd3cea70729ce70e51ffdcae0dd91918a1b27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b2f775485c8668d067fc56da24fae064

SHA1
0cfa05708596fce468b1b39ca23786d05160027c

SHA256
b0230cc0278e9ad5fdb0cbad551af06e290abecc07ea99ebdd0a73cfcbe10c47

SHA512
cedb486c5eee60dcdd36deab081eacfd8810f79d0ff45ec07701764e53663d3adde590a58ac98c601a0f6d21a04e27754f5a367083d2b6199d8c39311ad43016

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
33bfbfd7dabf29a401cb40f4f14894cb

SHA1
ac2a5d4ab3739059978f84680112ef9901c67289

SHA256
d5528a3f90b541f5204d00f70fc19835b084133fee00c4f7595de32ea9a1d75e

SHA512
f4f2f1e51157e496eef27d6971d83d4fa01a085e22389319a50ae50cd7f81a7ea86bde36eb2f913c23f4196dbf845ab5fcba03eb6d5a38a0d8f83929086cedd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
77d1c079d1bac466c2d617ff69398f42

SHA1
f4c522f176dc98c6c4ff9cbb92a3e5b6913bea3b

SHA256
4877aeb125ff26ff0dbb7bba7e4720bfb1ed003de97f93be2e7fabd2ea7dcedb

SHA512
b4b5dd62240064653e01c15adb83bbed27e0efc22d0bd356e14e54e33b9b2cd258308b3c148f19e06ac160072403db4285656e8868782033543931f7c79885a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
1fb0e9f1f5cbec81c310d8a40f132676

SHA1
3603896bd4256b28f20fc8ce85ef1a3fa62d9e7b

SHA256
5ba589b750e9dfa262ad47bac5709881ea870d2368280162d77e5575cf168a9d

SHA512
4731c39eaeb3f1b8c1e5698ea1939f998d824b96b5e2dc332c8640c8aa85b732b91089e683e25fb4b41832e31fb2176f7633d14567f16e0fb41c4bda3eca7678

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
3b88826fc63798ca329b495358250c56

SHA1
764214334a1c25d9a0c747846d57f306bc0544fc

SHA256
3b9ac9f8dd2a76fec50b9b309df316393c1e4864022fd6621ce5ef299d3d51f1

SHA512
926eb6e96c62c423d4ce1216c5cd1ecb0f4264bb422156860045ae53386f782f26e2e82ceb66dfd66ff1f502563e43546efdc89b6dc9920e038e62420c37f8e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
87d6d41012024894bfbeb675791d27d3

SHA1
afdbb98b24b73f9ead0f08e3446e5c577a45a479

SHA256
ba42b75032aa46035f8266a335681fbc29eff6b21a2ae3d25c4bf3e2726e522f

SHA512
4f72c6b86ba8288b232303db8900a52d961e9f29a9d0ca9e156dc3cc74e40c98b47d2b833013cfa7b745ee776b63f246f3266e4a3671e83811ed9a8069ca7c22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b84fae0eed453b3feadc0dd1c72212a2

SHA1
73be20596ebbb7cdd1c1fda954f269e688785177

SHA256
e3e731d5098e198911333aace013bd5cad8e5bccc4d87a0c6d35b40a2706af38

SHA512
9fab5c1ebc116c658141126e544f0315b4a9ba60ce37f71f1dd8d0190857a5fbc6969f2418a64164ff4cf52ea0bc6f97ea0398ca28a91b98d64ed1e08f9b135d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
bd899e94feb1a2b98e0ca3ea70697ac1

SHA1
b125b9ec7bb01e33b5ca7276bc7607b625b4f2ad

SHA256
8c9a8b8b803990c478c7bd9a07a466a51c7a676356081d4acec2e10e72bf5441

SHA512
bdab9c5e749f96cbc538c6f96c75ab5e3f24b1f0d399985e3da376116fc5d537bcaf6ab94a654242f55f4db57f0d704eb743b4f21d280fe42b3df3e90018b15a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
a213337cfb56bab5d8045f2b7e1eda4a

SHA1
2aaccdbbb7416b66e2a74514b10c86f04ce47e97

SHA256
e5db2d4fadea0fcdcd6ecb4ab701f0033a6dc808da0e8e97e5104ef2890ca756

SHA512
9ddbe0f9f4851f7b645360b9d75131807b4383114f11e216a03da550db21cfc2f9f0012b86f64930f35d5cd42ab3c46daf670d18721e7667c0b0d1c1b044451f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
3519244ad26e45a7c9dc187716b37c9a

SHA1
a2488ad6481bc3a5b37fb5388d6760ee693ee5c8

SHA256
6127f3c741124a4d17a25b228edaedb0b12e8bf68a6b1f2fdb5e0865d2bd638f

SHA512
727713d912acd9078dd38ca7b79fd0269763c2f8274fa9c6359e54020075b2889e134f95a66c24f752e52342201e5f93273318889f424e16c9b29f12c3b1b925

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
690b8fcd4cac98faf670c2fd163c236a

SHA1
35f7ae5113af018073b3d816b8c888589650739f

SHA256
69b2faef157ea0ffa4a23bebb5f6b9d7dafff948f0a5aa3e31fc9028314f3ddc

SHA512
c73fe5a2063dd627942bbb8e8090ade8b7e00f1511cd89c77636e2982bfa7420517e40b7302ab9be3da79690959316c5263d034f2ae561fb615b83969d4b22cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
296d2cf741ffe3084986320d289a3402

SHA1
2d2dbecdd0c9b657518c245912aa1fed7e016f86

SHA256
f2d68ec5cb08da9dd35fe494dae5e6d015199c1dbc10b831215af65b9a26e756

SHA512
71ff8962391eb92d62528316e743fc974b5bd851f660878e1bbd3edc793e48a058c2cee895541c8fadbfe9b3244432124fc3885cb1042bef99fc39d798efb74d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
9a9d956d3c23f3f1c3f6bba9e9daf7a3

SHA1
faade9a2b2aaf84451c2b948e380c60b2ca40ff7

SHA256
247015e1f27d35fd6bfe81d2176d359892eac30e212994a33a0fa0a024220f61

SHA512
14a15c79214c4ec94bcc8267f9621323ed17a6523e6a5ed95627018214c0a93efd7748402081bd1454742ee7c76491002c5605b0ebed71356a01a9f72a261456

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
d541bffa55af68a74f325ee0ede86be3

SHA1
2e8a8f497eacad053820ba04e83ff91fb45f34d4

SHA256
358e6356dfa98b05475ff3729de32a55bda439e9457cd8cd00dc0c364122b113

SHA512
d59d5b21619c049901c7e1ba3834994a2e2ff493608162c1f77cbf736eaf7715216441089ae43f2e6c58320a1fc1dabb3e1a9b8288db148810dcdc839b5cff7d

Download Submit
C:\Users\Admin\Downloads\Launcher_x64.zip

Filesize
24.5MB

MD5
edb46ae0aa8b0549723f8ac6a98c192d

SHA1
0741db6c61f7ef5df3a17a553b60b97d2ef15708

SHA256
e4d16d211e131c3b0c96ec5091e43ae0a30908bf41ca51d1ef29dd138b2ead09

SHA512
6da837616418206ed915d61eaba109de18a8f65f772d04609800178a876e549df26f74a137f9262834a5c2d1fa273cdb95a467bbea99051fe2ab68ef4c3c7ec8

Download Submit
C:\Users\Admin\Downloads\Launcher_x64\Launcher_x64.exe

Filesize
503KB

MD5
11826b24855d06d7b8537e3cab5d6576

SHA1
7d93036dc0dae2974e9c9109025bc118edf8b6af

SHA256
d0ebc61709c863328dcd1be83d1810325477e99ba53b088a8c6df4d31b7ab614

SHA512
24d470fd899428a929eb8d0225dbfb1900d30ae158a9549b641373c6cb6162bb56999f3a4b725f9562995a7e504b79f60ca361f220cf39242ee7a16da5058234

Download Submit
C:\Users\Admin\Downloads\Launcher_x64\README.txt

Filesize
98B

MD5
31d33dbf9246b5986291436d1dbeb1d7

SHA1
98f9c9ea3da8d1e895efad58871280e6380c9ca3

SHA256
a74ca78655aac9e0972474e5f83c8b17f8870fd6a35082f53b3a4471fd3e207c

SHA512
fe866c8ea3446ce89258cf724ef431d5decfba73fab985de0dabcfe240292d3a51186f9a6a49788991d84ff83f0699a9b6157426d23c1957f24a704b4f2ffbd4

Download Submit
C:\Users\Admin\Downloads\Launcher_x64\Serilog.dll

Filesize
125KB

MD5
181f3e3d0c509566283156816eb317ca

SHA1
400debdd4fb9ae24719157132a87c4bfeff7fa6c

SHA256
db0a4c4a21a1ba0937d1c22095c2b0702422efd4c7a41aaa577608288a2e69fc

SHA512
039d5a0013d6f0e916a86baa95452d79d4524f5c83b913170daa73e1333b2d424c0d9a74193e71ede3a0866b778781c57993806baa08833d11df825626e6d667

Download Submit
C:\Users\Admin\Downloads\Launcher_x64\archivelog.dll

Filesize
49KB

MD5
11eb138db53f5896f3cf95144d04132a

SHA1
204fd914b84630366c3a656254f39a99a884d8d4

SHA256
f80c92ce064a19d514cdaaf1838244f203c188462d26119df7b408291d68f8b8

SHA512
da60124b8c95e6bc7d123def35e61041f567df57401737ad3fdaeef12140d2a6410eedf6cd29889f401cae4cff7b6c0bdd71507b2885e06cb39d75da42bd63d5

Download Submit
memory/2828-472-0x00000208F7060000-0x00000208F7061000-memory.dmp

Filesize
4KB

Download
memory/2828-476-0x00000208F7060000-0x00000208F7061000-memory.dmp

Filesize
4KB

Download
memory/2828-477-0x00000208F7060000-0x00000208F7061000-memory.dmp

Filesize
4KB

Download
memory/2828-478-0x00000208F7060000-0x00000208F7061000-memory.dmp

Filesize
4KB

Download
memory/2828-479-0x00000208F7060000-0x00000208F7061000-memory.dmp

Filesize
4KB

Download
memory/2828-480-0x00000208F7060000-0x00000208F7061000-memory.dmp

Filesize
4KB

Download
memory/2828-481-0x00000208F7060000-0x00000208F7061000-memory.dmp

Filesize
4KB

Download
memory/2828-482-0x00000208F7060000-0x00000208F7061000-memory.dmp

Filesize
4KB

Download
memory/2828-470-0x00000208F7060000-0x00000208F7061000-memory.dmp

Filesize
4KB

Download
memory/2828-471-0x00000208F7060000-0x00000208F7061000-memory.dmp

Filesize
4KB

Download
memory/3460-458-0x0000000000400000-0x0000000000457000-memory.dmp

Filesize
348KB

Download
memory/3460-460-0x0000000000400000-0x0000000000457000-memory.dmp

Filesize
348KB

Download
memory/3460-456-0x0000000000400000-0x0000000000457000-memory.dmp

Filesize
348KB

Download