lumma | hxxps://www[.]mediafire[.]com/folder/knvicu2u7wnxv/forth@k

Analysis

max time kernel
362s
max time network
365s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
05-01-2025 01:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/folder/knvicu2u7wnxv/forth@k

Score

10^/10

lumma discovery phishing stealer

Malware Config

Extracted

Family

lumma

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

https://begguinnerz.biz/api

Extracted

Family

lumma

https://begguinnerz.biz/api

https://abruptyopsn.shop/api

https://wholersorie.shop/api

https://framekgirus.shop/api

https://tirepublicerj.shop/api

https://noisycuttej.shop/api

https://rabidcowse.shop/api

https://cloudewahsj.shop/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma
A potential corporate email address has been identified in the URL: forth@k
phishing
A potential corporate email address has been identified in the URL: httpswww.mediafire.comfolderknvicu2u7wnxvforth@k
phishing

Executes dropped EXE 4 IoCs

pid	Process
1708	Loader.exe
2524	Fix.exe
768	Fix.exe
116	Fix.exe

Loads dropped DLL 4 IoCs

pid	Process
1708	Loader.exe
2524	Fix.exe
768	Fix.exe
116	Fix.exe

Suspicious use of SetThreadContext 4 IoCs

description	pid	Process	procid_target
PID 1708 set thread context of 816	1708	Loader.exe	142
PID 2524 set thread context of 1080	2524	Fix.exe	150
PID 768 set thread context of 4224	768	Fix.exe	154
PID 116 set thread context of 2828	116	Fix.exe	158

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 1 IoCs

pid	pid_target	Process	procid_target
652	1708	WerFault.exe	138

System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Fix.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aspnet_regiis.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Loader.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aspnet_regiis.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Fix.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aspnet_regiis.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Fix.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aspnet_regiis.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133805143156717244"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3492	chrome.exe
3492	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
1080	7zG.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe

Suspicious use of SendNotifyMessage 34 IoCs

pid	Process
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3492 wrote to memory of 2680	3492	chrome.exe	84
PID 3492 wrote to memory of 2680	3492	chrome.exe	84
PID 3492 wrote to memory of 3056	3492	chrome.exe	85
PID 3492 wrote to memory of 3056	3492	chrome.exe	85
PID 3492 wrote to memory of 3056	3492	chrome.exe	85
PID 3492 wrote to memory of 3056	3492	chrome.exe	85
PID 3492 wrote to memory of 3056	3492	chrome.exe	85
PID 3492 wrote to memory of 3056	3492	chrome.exe	85
PID 3492 wrote to memory of 3056	3492	chrome.exe	85
PID 3492 wrote to memory of 3056	3492	chrome.exe	85
PID 3492 wrote to memory of 3056	3492	chrome.exe	85
PID 3492 wrote to memory of 3056	3492	chrome.exe	85
PID 3492 wrote to memory of 3056	3492	chrome.exe	85
PID 3492 wrote to memory of 3056	3492	chrome.exe	85
PID 3492 wrote to memory of 3056	3492	chrome.exe	85
PID 3492 wrote to memory of 3056	3492	chrome.exe	85
PID 3492 wrote to memory of 3056	3492	chrome.exe	85
PID 3492 wrote to memory of 3056	3492	chrome.exe	85
PID 3492 wrote to memory of 3056	3492	chrome.exe	85
PID 3492 wrote to memory of 3056	3492	chrome.exe	85
PID 3492 wrote to memory of 3056	3492	chrome.exe	85
PID 3492 wrote to memory of 3056	3492	chrome.exe	85
PID 3492 wrote to memory of 3056	3492	chrome.exe	85
PID 3492 wrote to memory of 3056	3492	chrome.exe	85
PID 3492 wrote to memory of 3056	3492	chrome.exe	85
PID 3492 wrote to memory of 3056	3492	chrome.exe	85
PID 3492 wrote to memory of 3056	3492	chrome.exe	85
PID 3492 wrote to memory of 3056	3492	chrome.exe	85
PID 3492 wrote to memory of 3056	3492	chrome.exe	85
PID 3492 wrote to memory of 3056	3492	chrome.exe	85
PID 3492 wrote to memory of 3056	3492	chrome.exe	85
PID 3492 wrote to memory of 3056	3492	chrome.exe	85
PID 3492 wrote to memory of 4852	3492	chrome.exe	86
PID 3492 wrote to memory of 4852	3492	chrome.exe	86
PID 3492 wrote to memory of 4828	3492	chrome.exe	87
PID 3492 wrote to memory of 4828	3492	chrome.exe	87
PID 3492 wrote to memory of 4828	3492	chrome.exe	87
PID 3492 wrote to memory of 4828	3492	chrome.exe	87
PID 3492 wrote to memory of 4828	3492	chrome.exe	87
PID 3492 wrote to memory of 4828	3492	chrome.exe	87
PID 3492 wrote to memory of 4828	3492	chrome.exe	87
PID 3492 wrote to memory of 4828	3492	chrome.exe	87
PID 3492 wrote to memory of 4828	3492	chrome.exe	87
PID 3492 wrote to memory of 4828	3492	chrome.exe	87
PID 3492 wrote to memory of 4828	3492	chrome.exe	87
PID 3492 wrote to memory of 4828	3492	chrome.exe	87
PID 3492 wrote to memory of 4828	3492	chrome.exe	87
PID 3492 wrote to memory of 4828	3492	chrome.exe	87
PID 3492 wrote to memory of 4828	3492	chrome.exe	87
PID 3492 wrote to memory of 4828	3492	chrome.exe	87
PID 3492 wrote to memory of 4828	3492	chrome.exe	87
PID 3492 wrote to memory of 4828	3492	chrome.exe	87
PID 3492 wrote to memory of 4828	3492	chrome.exe	87
PID 3492 wrote to memory of 4828	3492	chrome.exe	87
PID 3492 wrote to memory of 4828	3492	chrome.exe	87
PID 3492 wrote to memory of 4828	3492	chrome.exe	87
PID 3492 wrote to memory of 4828	3492	chrome.exe	87
PID 3492 wrote to memory of 4828	3492	chrome.exe	87
PID 3492 wrote to memory of 4828	3492	chrome.exe	87
PID 3492 wrote to memory of 4828	3492	chrome.exe	87
PID 3492 wrote to memory of 4828	3492	chrome.exe	87
PID 3492 wrote to memory of 4828	3492	chrome.exe	87
PID 3492 wrote to memory of 4828	3492	chrome.exe	87
PID 3492 wrote to memory of 4828	3492	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.mediafire.com/folder/knvicu2u7wnxv/forth@k
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff92db7cc40,0x7ff92db7cc4c,0x7ff92db7cc58
  2⤵
  PID:2680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1576,i,679288277468963643,8289661209208487445,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1940 /prefetch:2
  2⤵
  PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1860,i,679288277468963643,8289661209208487445,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  PID:4852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2272,i,679288277468963643,8289661209208487445,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2280 /prefetch:8
  2⤵
  PID:4828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,679288277468963643,8289661209208487445,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:3516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,679288277468963643,8289661209208487445,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:2848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4868,i,679288277468963643,8289661209208487445,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4816 /prefetch:8
  2⤵
  PID:1176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4812,i,679288277468963643,8289661209208487445,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4368 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5304,i,679288277468963643,8289661209208487445,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5288 /prefetch:1
  2⤵
  PID:3476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=728,i,679288277468963643,8289661209208487445,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=724 /prefetch:8
  2⤵
  PID:3876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5184,i,679288277468963643,8289661209208487445,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:1616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5868,i,679288277468963643,8289661209208487445,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=6000,i,679288277468963643,8289661209208487445,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5300,i,679288277468963643,8289661209208487445,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4788,i,679288277468963643,8289661209208487445,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:2164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=6188,i,679288277468963643,8289661209208487445,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6212 /prefetch:1
  2⤵
  PID:3016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5344,i,679288277468963643,8289661209208487445,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:1296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5356,i,679288277468963643,8289661209208487445,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4424,i,679288277468963643,8289661209208487445,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6232 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5704,i,679288277468963643,8289661209208487445,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6116,i,679288277468963643,8289661209208487445,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6140 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5348,i,679288277468963643,8289661209208487445,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5824 /prefetch:8
  2⤵
  PID:872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5688,i,679288277468963643,8289661209208487445,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5744 /prefetch:8
  2⤵
  PID:3032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6376,i,679288277468963643,8289661209208487445,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5880 /prefetch:8
  2⤵
  PID:3632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5436,i,679288277468963643,8289661209208487445,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4740 /prefetch:1
  2⤵
  PID:3416

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1080

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3708

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2652

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Files\" -spe -an -ai#7zMap10624:72:7zEvent3518
1⤵
- Suspicious use of FindShellTrayWindow
PID:1080

C:\Users\Admin\Downloads\Files\Loader.exe
"C:\Users\Admin\Downloads\Files\Loader.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:1708
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:816
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 1028
  2⤵
  - Program crash
  PID:652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 1708 -ip 1708
1⤵
PID:4860

C:\Users\Admin\Downloads\Files\Fix.exe
"C:\Users\Admin\Downloads\Files\Fix.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:2524
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1080

C:\Users\Admin\Downloads\Files\Fix.exe
"C:\Users\Admin\Downloads\Files\Fix.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:768
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4224

C:\Users\Admin\Downloads\Files\Fix.exe
"C:\Users\Admin\Downloads\Files\Fix.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:116
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2828

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
1fd21a5228803360e7498b21377bd349

SHA1
c028d9a423b995bb2f9d9b56ef09e5a4f9535b38

SHA256
920270c469d0fdd572881597d30bae6f24faec32c8a1e7e689186947ac7958d3

SHA512
c2324e1b0a32c3d4abdac5ee1c2e663d1e49c24c17f0b5a5dac56cc867f67d2665f29148de2773f2e048292b189d136876b557ae9837517f612155633cbb09b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
8f3ef35322477c31cd0992b4f8a18eb9

SHA1
7b849b8174494c5b305119d7b15f299b85c7f71f

SHA256
bbb40e558a1244a6ea9a9781a2d696e94d017464e8500a16dc82048f1a4c20a2

SHA512
d649a3034886636767a6ad3da21bdf76b9cc71d12693a503cee8c8c90cf98f91387cdfb6a0a8b85d37e47f54dca93fc432d5e9ac2c8de32628f6685b7276e655

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
7ceb7f2e15f7d57b22c055a336a2cd93

SHA1
472e701611823ec4d08cb700f842cb630d346272

SHA256
9c7fccd69afbf94a80165e2680efe9f38bf1abb54da4bd1869a45c6e1aa83af1

SHA512
ab99d769eadb6fbf896b4ce38b96e5e9f073f70b8c4b848d773d5c8d8eb602910a94d68d59dacb7c33ce0d8569502cd679d9a527639f0f77bc2ee6ac051df151

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c3cd0b03a9d33c2b6451ca4d029c3334

SHA1
382daea78ec632c954dcbb8a1cecbad61ddee755

SHA256
aa8c55152845e85bbfc9d276741bc76a2aafd992cc1419184000a5b1ede74aeb

SHA512
89a478250f0fd1f05b91be8e18f20dbac7afb8645a79dfc4ee6519fe4b2719ba338ed8b06b2c2ffe35e9fab72d5ac168fbf4225ff3e0f1262f7c5d340d53ec42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
0ed7293910c74f56c72785dcdfd10832

SHA1
7210e5f98f7ec0be026c62caa16a669f0b18d628

SHA256
693c43ba056091e577f36239cede21c352e627f37f51ea2d44cf1682e6c1f76b

SHA512
607b278cbf1032f016a089144f8c70f8dbb8530d68b66b45b8a32f801931714cc870462e3782d4ffe0ba428bf4823b3aa3e354a7e02e3a5a942fb4315109be94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
858f64616e429151ec8c780847beec08

SHA1
f17a37a66d5146fe55a267b8ad9e13a3f2e926b3

SHA256
85d1e8d8a6ee43fa277ed3c774628dad2b6b649d54ab05d190fc84d35dd92fc7

SHA512
27795b78352d267e2621e368520f8e0bb9750efdd21759b7c0bed5b0a2ba05354ef32f3044b1386ffd28b7b985c582bdea8b9a77e897b45aa4b3579c21bed7c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
efb1e06b969d4dd474aa1ee91de86526

SHA1
cd4d106434eee1d0598114eff51d449468ea138d

SHA256
6ec3e40b1cfae6da42621042ef0819f68a860da0a5578df047f7f44e45609f3e

SHA512
221fa42fdb647d67c907931ebc5396e9e3d90a8e9f10d25d0f782e478a7f94277bda387d3ea2e1e2938f3b696c9a0187bde316a826c8e0d4db25d836d561d2b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ce1a16ecb503f077d1b3b760ca54dc90

SHA1
b5bb62f6c2175faa6b23feaae17e28d825534876

SHA256
ec242389fbf9a19bc8e258da0a1b29bcec788221d57a9968fd3c32efdad95297

SHA512
79b24219c4ab9debe7f95deb8a53c222db7e5808d7605bc1317fa3f20e29e475bdd9bd7ee073c9f99aa5950a8619d53ff4f633bd33473ed29b9a1fd732591fd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
11KB

MD5
fe35e961a62f158cb23795b0ec47c5f2

SHA1
655ee73a8a36802f1acebc8eb0233a82e7a176d5

SHA256
6ef26821fb37be528bf673b3abc5da064e3a0aa3ed71a281b10919594608c5cc

SHA512
0011c4324c6d3fc35692ea6724d885be312714f1321ecde607492eff3cc2950837b6847d1fd0685743c4ae20911aca4b9868dfa8ad0227d4993b3aed41f74ed3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
bffd02c94b42058a805a1c9bcd4ab380

SHA1
2c112d2cfdeb4b9396be94c94b7a5d9696d055b0

SHA256
d73d9502969a2d606e50bcda8d6cc79b98aad4251881be289a500d81fd6135dc

SHA512
a3a47cfbaf0d03138978191c375ee17a8deafb5c86f5c5910d014534169d5ddcb5d0d4295a7b33ca7d78b085b35260564668c7a6abe9acde1ed5a513a67d1470

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
48c189e42573ddcb4caa6cd4a30f30f7

SHA1
284e74c63a5435e04fd92ffaaac0e7592e174cea

SHA256
0cd2ffa868fb1c45c86f874bab55f1dc5c5e11368ed8b3dede6cf0c5d21e7072

SHA512
cb1ccfbddbff6387a840b22d5189e18966048114eb2569a0df0f8c07a433d54a5c901cfd68183e776d231bf3e2d240f14c3314fa14e46125b316f558fb3beb25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7fc7a4b2d9e5fed305b882a77f059b1d

SHA1
9adf0ca4dd548fc33144b3106ec5f9e1179b6b8f

SHA256
5fae295c0395a4fa9ffdf5fdc37dae44427745e0e7a559a5b38f2e3084053f78

SHA512
a5e72b92da6d7f0691d990c5871f79f03db6045c2456446b02a8ae63d4c9806531d9a70e81cd8979bf9547d9fdaae122912729148c2ee052cd1132f9f1cf4a40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3e76179f36651f907c9b1413b3ae3cd3

SHA1
5d8a27d0b0fcef2267a150788cf4cfd398898cbc

SHA256
42550307ad054a44aee2d8edaa0ae844e18788c7b7d08b82f91146d79cd638cc

SHA512
915639976e108f56ef737c53cba109756a434948d137b1a9353bec12b72a4482962540f6c1d9762e8f864c547dc099c0d4f2d9810b6b09acb721fa1ed4581ba4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
74ed6e33c89b40c0a127c66e3f068d44

SHA1
594d5caf415e9e07d7d564f46bbca4768e573463

SHA256
1b4dfa2b4a8576287b2c071d102b189ab7077f2ee4dbd4c6f651f692de94c51d

SHA512
76f458f9cff64c235e87760bf108db86e7c2f0ef6c691552cf3090bfad6dbaaebf72c70b4ba31375fbd388a51f2e0be9a0b1f1e0584983ed8b1ffbe043e5c0e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5b468b721dde2999fa1870dca08446fa

SHA1
7abeb27bc7109fba41b1f75a1b76fa2256b9bcfc

SHA256
f406c18b59a3a2ef64d75aca8860a396137efda0e35916d3eea04e27ab61e0fb

SHA512
c2678b7ab887eece08546f79333ffaa3fa85a4f627eee735950e97e8881516e67584db2a0cd2b9093866d69512b8abe42b527ec516da166427ef507c87a81f5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
06caf870f9aec77453b30ba1711c6bc0

SHA1
85909caa971e41c5d4c054b08c7a5dca2bd7e7dc

SHA256
af363e6d61845e11df3ca4ac5a4f1ea65302ecd168b7ebc60f9b53feba501595

SHA512
674ad4c9a2a19fb4e1a30ef220f72e4705ce5e0d31de7b79bdab3c8f2555ccda4b794e8fe992e74d351cdbb37ae307b46766abc7bf314bde937f74d1f2ea382f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
63a439b78d3fc2494c17d6ce1233b78c

SHA1
7d3df3f7ad4df1766bc0327ed11a201986be3b40

SHA256
afa97abe1cfaaf497b2dcbdecc1ea4e5f2d20fc66e3021d8fcd31b7b6dabbf8b

SHA512
e8cc53d0ed9eb7aacbd9a2c0a87e81685e08025f3ba25550f93867f04dd35a919ad26c7431f57652d3210702e6b7084b13c35f5726589b8a26b0305bd2f5fe52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
85199aa0d69b4847b56122689c8bb891

SHA1
1862f6a05198435fe41af8dbf662ed6ff874b26d

SHA256
1f78a8ab74b8b09bf130d67d5ba68dd3bd9b48fcfa5c237adf39c77413799287

SHA512
6140e7a99bf249ec28f36d6aa29c301ed19c4fad94ac29d4a1877662a467d54d73450ae052ffa1306b9839f1ae3c6055ca8866a6fd6543fdd4d792b59b525d47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0864f2a74f1e421e945696a3ad50613f

SHA1
364a8a4e274a9f1af1af279e911d2654e3bd26f0

SHA256
3de4cedae07b28fb41397ec8f6b3b274c66dad470f6497f9dcbc507ceb814f2a

SHA512
d23ee1fe303ecef276a19fd8108cdda373be0cb9277a4d8adf4f96b68178ac23d993f8663155af1249251bf51a350bf04df521257480d47646ac1535afba3e75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
74b4d9bdf5845857652702cbe1780ba0

SHA1
e370e4386ef51eff55cca1f7a472660c87c1c976

SHA256
48c574890e3553fd324bc676395c1eea0ebcf967bfc25c52bed192bc3576414b

SHA512
e5ef56f345908a2601975c8bbcc3bd6c692e8abb03663527d7d323eff87d4f05671c31919516fb22fb3d8bee4456f493b09cb531fa7eb6c9b48dd03b6996e430

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
28ba92beac42c3f58a2da5cbd9da56ce

SHA1
2265d26a3f75a432af2af5712d4b7139d977cc94

SHA256
345406a99d4dc141bc9a299fe306608427d6ff708f2c8edd2a55a08f536201bb

SHA512
3d923792e463832acdd3b21f9c303648419627a6e1a0773b48706db2d3b0d2eacb788ba4763f11cb6c4bb94ddb6b6102f0c53ae8689be4e0986a688b49829781

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e935456cafa76c2dd278c8e96394d032

SHA1
6b61f2231835fb12f37252b459cd58c2117c20dd

SHA256
96cdc29f76adc694c41e69dc8d6669b4fb4b34ba21d7466849f8be8132e2aa4a

SHA512
07fe533025786f0df26add25201fd3910a8431285fcca77a32ab279c07bc54c4cb01a2b9c2d77a238517d1021663836028b422f2db20ba11bc563f4224701331

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
2b9e85dbbaaae9384a4dc769807a7f66

SHA1
8575a2b9a0696c20f6b00eaf3666df70f9cf6156

SHA256
b91b47b0ab01bce722f55d5dce145488d6d63a0f3bc4bcddd66218b4ebbd5733

SHA512
1f04d6c6b83e9efe1ff851d62fcb2c102fd27e29f7d7e3b242982ec532e9892d708782122b007e4c01dcb754c581508b07374905980e306ec3bc952f4c3e0fe7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d127afbd93d3d73f14f7d2e1b61fb2c7

SHA1
2d5ab40c077e56ab00ff20066a6516b52053deb0

SHA256
a923eaeb08bcd747f0fdf33c180d42f6bbc6d87b5f659a51bbbff2191b632409

SHA512
3991c7f7f03a8bd8ee2d904c234c707a78518fa40e5e8fdf1a411533b57c7910c65b43da55d9679dddfbdaaaf01e585a0903285e3a807e475bef912f584e78af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
a8691894e73620d813a7836a4e6b8cfc

SHA1
b03ba5196a54711be627755c4fb74a979a4257ac

SHA256
6814ac9710aa7bef8f19911c902de67db6df1f47096899f6687580308b7c992d

SHA512
ef5c86a47b919c0bbef6a298e4ffcf0a7313a4a93b3077e7d13d80b19056678d480b6d75d277affccd7c121a89917fcb92a6d2d5df9d34d61186b35c08557cef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
59e6f888b197fea85a3956b90b458be8

SHA1
0c2bf421d882f64630a9e2178101d88586ebe053

SHA256
c4927e0eeee3661546db5f6ed09b542b6c713b1a4aae96d2d36e30c05a94176e

SHA512
5e292f58da598fe1505ebd8f6e829f41543ab6f910993427197b37e6d8b7fc398b569b31bb9ff7e38da222d23d50f83dc66d4be6ede3f23124671b5acbc7eb32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
78892daea40a26b11f06715c2d432fda

SHA1
64be0c69ab05490ab8507977afbd1d85ffdc9c02

SHA256
1d240590260a826093ab38503cd3f31c484d8bd51d2be2feaee0be5e26347419

SHA512
0f6b28162017baa0042b41d77aabc6fe9d512b634da5249beb04f0c03aea0f43d9c69b839f8e91a20e827e677c8643c87d2c6bdc733e3f47508d39750e821476

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cf8a69d15353c36051996f8f07e58c14

SHA1
8196b27f081132d6bfbfb5c1cfbaf3f04bfe8d22

SHA256
4483150f9a9986797d3b6fa017194cfee48bdc0e7b548a55419f40849b05b098

SHA512
518339efa4d1b13982a11099163fa7cbc944067f3f88dc8f9fa71e7faa9de2332cb076f24301166171294b3ce49499d15699b2511a446fb52afe0278c7e9529a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
813a98faea8b01d7aa148d33ec051e82

SHA1
f2c21c588b97f7f54d550dac99066dd514e38bca

SHA256
8cc69b9af58902516cd3dbb9e9f849861c033b11b3ad8da00f40c383e38c52b3

SHA512
59a7cd2f70eb82876778a61375f7bcccc0730f82e866a6142435c5ada6dd6d60e168232f1eb494dcc0ff5207f317e6e5ec5541a2e625c1e70466ffed6971fd2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6172b5c48d00643e573c76e6272a3553

SHA1
221e6002141ea3fb2f8947f3a52ba1658891beb0

SHA256
452b2ca93cb2559f8df81f966b58b84d13b0daddc0c0d75334a3439038ec2e07

SHA512
9f85fc39f21b91f72d53e8563d02b9c58fa49e8388c932c0dc152376e7a28e7c5c37d279e9801a45a98ab453906c258607e89be2e284fa49eaadf45a76b09a10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
ebb4100dd9c8efe104f65994fd3d275e

SHA1
f45aed6a90e56e4246d303a25acca0b5e63383bf

SHA256
56c5315f18a4407cc0234f5ef90244a4881fdd4bc665550121a335d03efddff9

SHA512
9bf5200cc19c5ecf7d44aec26b46ea54767e64dfa14b6ebf4b81915bca4db64402182450ee39527b8155f8885d9a9c4ea4cd25db7e7c6b99540da5866dd776e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
e73a6ac0f18bf9b9a06889fcc67606ad

SHA1
7c70979eb6a66f9d0f350a953c2a280443774c5a

SHA256
3ea2853a9f3384551104f2733f9b6260076b2af38fbb090622e60f5c2b633625

SHA512
376343048eb091532a9181ab89213c76a23e840f9aa2ca8a834d5eacd7d8cd8880c1f977938fd06a9986a38342a69e8e15a9d508952fdd0ad61f297c2dd61df9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b232529caad7115f4c28763eadf8cff4

SHA1
4cb9ddfb56c7b583334885cbf24ac50963460690

SHA256
df63aac21e335470be6f31861c86360bd55dfe81de04dc399dda45425140e8bf

SHA512
9722822dd316b94f54b3ea07ae95799444ecec1e959bbc29a1fe7a9232a2c991cb8c7b8c1247339cc068d2b3f7082dfb5c48b0af58dbcf5ec41e7e87f0d734fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
eae600b0295611be82a891c1ab160cfd

SHA1
7c75e0713ea071bf510028e93620a2e1a706a4ba

SHA256
92d6dc8b959dda611b0b3f52719584356f10768f1ff5e7a812c7e2a1cac2b0c1

SHA512
33991cbc279207d92092c71827acf9a2837ba60796b89cf032315200a4ebf681ceb720ca4e68452cbec178b238deeb76714072f091e17982a8d3b065733296f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
958ef7760d4640765aaadc74e1ef1979

SHA1
7b4a1c487f70b4ea5347649d3a3cad36902e727a

SHA256
5215b665272e81eb865c3cc9f68423e751cf252eb9821f2608e40210907011e8

SHA512
530063ae5d5433bf85c2edbeb4872fc868d7f3f9366728f14547d4efcc8f9d02fd1b38dba13c4a7690e4f9ed3e72d7a7e4f49df620625c281478bce6e8c6c4ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
3cb4f5211fe0413ac800283e09adbb57

SHA1
2bd9e22b0abdeb9bff39d0c99d7fc7f35ca67bbd

SHA256
2eb4031b94dddeb1844efcb7a899cd2b15bb1830f0dd3553989a89bfdebda070

SHA512
602dbf8c03f0f221d2f8a761396672e6aa9b3809198b96be137bb1736a1aca5360ac920501e184a01ac400879bb8e9e801a17604d9da8b1240f3cd673cfa8e98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
1e4e19a7e279664ac9c9ed3b1e8ad1d5

SHA1
e26428cd7d0b21225113ef26276b38f2399228e7

SHA256
5e3ba07bf2abb3d37a67bf45f908ef621745a98457ec5195180b7090b31c966b

SHA512
ba5cdc12f2d667d4b9c44a9c7bfd012fd6440cafc540c40958f9324e5eda2b567f5daee6d59c1b681af54d2c4203f28e62964cd17b66d99a978559a5935c7180

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
217a96c7f45c2da815d4736de513fcee

SHA1
83e45e8419414a9e713bdb327413461281724db2

SHA256
07c81ca0c4ac94b931e2c1160f7727ce9e095a062f28b5f5019567e04ee0e8cb

SHA512
47256a5b9d3f78eaae952d684de7010c968a6474a7d27c3d853a448a427fb549c8c33c22361bf4a4fb41541ef9d8c0bf0472285165328be86efe7e10925eb4ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
61f1cfd79e555f466569f7313965f241

SHA1
c01da8f51c1c3f96d3c74695fe0d3c1688f24e3d

SHA256
6053bfd62cc344924e84db9a5edf01ec9abe601bc39df4dec90a8dee354435a1

SHA512
cb8785185ffc998f818dd2025463728097ee22a92651633945ccb0b2ee998044382db86ed0a84ee6f55b0ecb91cf66accb0ecb72c83ade76782dbd72bdf635e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
50d9d53941ee5e5b0949d95da967bd3a

SHA1
17f3d34c9f2527cb84e1197fb62b2ae9c3fbe9bf

SHA256
b8ff2726ff4ecaff474150b6875c66b45f006fc7ca30efcef4cdba64c25155f9

SHA512
5aae752a7f5ebc3a0c6bc47cbba7a65d60a28fffc746fa8c4076981b31a5f637ac01d61a321a7b36ea48c4c8defcd5e14bb4f1a13ed79e4b9d32ff0f9ef8b066

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Fix.exe.log

Filesize
42B

MD5
84cfdb4b995b1dbf543b26b86c863adc

SHA1
d2f47764908bf30036cf8248b9ff5541e2711fa2

SHA256
d8988d672d6915b46946b28c06ad8066c50041f6152a91d37ffa5cf129cc146b

SHA512
485f0ed45e13f00a93762cbf15b4b8f996553baa021152fae5aba051e3736bcd3ca8f4328f0e6d9e3e1f910c96c4a9ae055331123ee08e3c2ce3a99ac2e177ce

Download Submit
C:\Users\Admin\AppData\Roaming\gdi32.dll

Filesize
456KB

MD5
2402543355d3e6f984849df74309ed3d

SHA1
79086088f99647e3ee90c845800781e35a871a81

SHA256
a8f1f6a4276d2218e4745967f2c3a3cc4d249637b83c1ca6a31430c5de8f5b47

SHA512
b6b4213d28052395c0ee2c0e9f69615726ff368b040d4460f302f4240b6b1c316c8bd69ef5d12119671a4699cf7b58bdf28faeefc3d87b83d214e831734a8d26

Download Submit
C:\Users\Admin\AppData\Roaming\gdi32.dll

Filesize
452KB

MD5
b54976a94f370b6d76895bec930a8514

SHA1
d9a0a14c6fab708fe75936074a7b056591e43425

SHA256
9b02ff00a1608c7c8267b3d8d43524212fe3509f6e40ec35f58f0c5981bf9837

SHA512
b8a970f5ffa0b34d6c9e18913e9b4b2dcb408f7499adf12f304d1eecf8435b170bce5ebf151689f83c428b5ca082b29bde2adc93362803c314063239b82d9e54

Download Submit
C:\Users\Admin\Downloads\Files.rar

Filesize
12.5MB

MD5
b2ddc933b609995ced17ac73790ff579

SHA1
0fcc3324a3a9e338dc110150b04c97ea53f54047

SHA256
5320e90d0300b7d4f0aebf3c2ff0fe52c148e1670ea6e0024e53761ea6d61f74

SHA512
7aab0629e452eff189052fca6a400a99be36e366bd4a66660f81c05460d150bce7131728fb4ed1b822f89209a3dcf0bb3028c4f76e9d8f21ec6a1968296fcfad

Download Submit
C:\Users\Admin\Downloads\Files\Fix.exe

Filesize
515KB

MD5
a3c2c6d623bb939f6c9dfdb58b7d4bde

SHA1
0735720e6bb157af7a56c69ab24a8d77c0eee7c2

SHA256
209804097804b2e037fb7363a9125b8ea6ba03f256e8db97822e658edd5c896d

SHA512
b82611dd192e4e57f40c87dc940324b1e2eaefdb2af566d7ea90db55f653a41f7fff8e1a398f9c2be33d8e40930d72993eefcd39333e23c7b1d14aaa59204d0e

Download Submit
C:\Users\Admin\Downloads\Files\Loader.exe

Filesize
764KB

MD5
4a334ecb977d57fac43ca7aa98c0ac68

SHA1
8f6d86c657cdb67f1c23f03889a7c361f6ca04c0

SHA256
3e77af19b19a513614829a3036434c9a62711d155715d57fdaff3de692b2e9f4

SHA512
1d01932429966ddd36b1a848d2c80f8da68a08ed441c637639dc8ad46291736253600ac6bcc304490265f51b95a0c3350477175d590974738a5d82e9ae1bbf31

Download Submit
memory/816-1273-0x00000000008F0000-0x0000000000959000-memory.dmp

Filesize
420KB

Download
memory/816-1275-0x00000000008F0000-0x0000000000959000-memory.dmp

Filesize
420KB

Download
memory/816-1277-0x00000000008F0000-0x0000000000959000-memory.dmp

Filesize
420KB

Download
memory/1080-1292-0x00000000009C0000-0x0000000000A2B000-memory.dmp

Filesize
428KB

Download
memory/1080-1289-0x00000000009C0000-0x0000000000A2B000-memory.dmp

Filesize
428KB

Download
memory/1080-1287-0x00000000009C0000-0x0000000000A2B000-memory.dmp

Filesize
428KB

Download
memory/1708-1266-0x0000000002A00000-0x0000000002A06000-memory.dmp

Filesize
24KB

Download
memory/1708-1265-0x00000000004A0000-0x0000000000568000-memory.dmp

Filesize
800KB

Download
memory/2524-1279-0x00000000007B0000-0x0000000000836000-memory.dmp

Filesize
536KB

Download
memory/2828-1335-0x0000000000EF0000-0x0000000000F5A000-memory.dmp

Filesize
424KB

Download
memory/2828-1332-0x0000000000EF0000-0x0000000000F5A000-memory.dmp

Filesize
424KB

Download
memory/2828-1331-0x0000000000EF0000-0x0000000000F5A000-memory.dmp

Filesize
424KB

Download
memory/4224-1301-0x0000000000B00000-0x0000000000B5B000-memory.dmp

Filesize
364KB

Download
memory/4224-1302-0x0000000000B00000-0x0000000000B5B000-memory.dmp

Filesize
364KB

Download
memory/4224-1305-0x0000000000B00000-0x0000000000B5B000-memory.dmp

Filesize
364KB

Download