lumma | hxxps://worldofpcgames[.]com/modern-pink-elf-rpg-free-download/

Analysis

max time kernel
182s
max time network
181s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
05-01-2025 09:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://worldofpcgames.com/modern-pink-elf-rpg-free-download/

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

https://movespendys.sbs/api

Extracted

Family

lumma

https://movespendys.sbs/api

https://abruptyopsn.shop/api

https://wholersorie.shop/api

https://framekgirus.shop/api

https://tirepublicerj.shop/api

https://noisycuttej.shop/api

https://rabidcowse.shop/api

https://cloudewahsj.shop/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

Executes dropped EXE 4 IoCs

pid	Process
3452	setup.exe
4560	setup.exe
1580	setup.exe
3792	setup.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
49	discord.com
52	discord.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133805443747326133"	chrome.exe

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 30 IoCs

pid	Process
4776	chrome.exe
4776	chrome.exe
3452	setup.exe
3452	setup.exe
3996	chrome.exe
3996	chrome.exe
1588	7zFM.exe
1588	7zFM.exe
3996	chrome.exe
3996	chrome.exe
4420	taskmgr.exe
4420	taskmgr.exe
4420	taskmgr.exe
4420	taskmgr.exe
4420	taskmgr.exe
4560	setup.exe
4560	setup.exe
4420	taskmgr.exe
4420	taskmgr.exe
4420	taskmgr.exe
1588	7zFM.exe
1588	7zFM.exe
4420	taskmgr.exe
4420	taskmgr.exe
4420	taskmgr.exe
4420	taskmgr.exe
1580	setup.exe
1580	setup.exe
3792	setup.exe
3792	setup.exe

Suspicious behavior: GetForegroundWindowSpam 5 IoCs

pid	Process
64	OpenWith.exe
2460	OpenWith.exe
4280	7zFM.exe
1588	7zFM.exe
2980	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4280	7zFM.exe
2068	7zG.exe
1588	7zFM.exe
1588	7zFM.exe
1588	7zFM.exe
4420	taskmgr.exe
4420	taskmgr.exe
4420	taskmgr.exe
4420	taskmgr.exe
4420	taskmgr.exe
4420	taskmgr.exe
4420	taskmgr.exe
4420	taskmgr.exe
4420	taskmgr.exe
4420	taskmgr.exe
4420	taskmgr.exe
4420	taskmgr.exe
4420	taskmgr.exe
4420	taskmgr.exe
4420	taskmgr.exe
4420	taskmgr.exe
4420	taskmgr.exe
4420	taskmgr.exe
4420	taskmgr.exe

Suspicious use of SendNotifyMessage 62 IoCs

pid	Process
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4420	taskmgr.exe
4420	taskmgr.exe
4420	taskmgr.exe
4420	taskmgr.exe
4420	taskmgr.exe
4420	taskmgr.exe
4420	taskmgr.exe
4420	taskmgr.exe
4420	taskmgr.exe
4420	taskmgr.exe
4420	taskmgr.exe
4420	taskmgr.exe
4420	taskmgr.exe
4420	taskmgr.exe
4420	taskmgr.exe
4420	taskmgr.exe
4420	taskmgr.exe
4420	taskmgr.exe
4420	taskmgr.exe
4420	taskmgr.exe
4420	taskmgr.exe
4420	taskmgr.exe
4420	taskmgr.exe
4420	taskmgr.exe
4420	taskmgr.exe
4420	taskmgr.exe
4420	taskmgr.exe
4420	taskmgr.exe
4420	taskmgr.exe
4420	taskmgr.exe
4420	taskmgr.exe
4420	taskmgr.exe
4420	taskmgr.exe
4420	taskmgr.exe
4420	taskmgr.exe
4420	taskmgr.exe
4420	taskmgr.exe
4420	taskmgr.exe

Suspicious use of SetWindowsHookEx 20 IoCs

pid	Process
64	OpenWith.exe
2460	OpenWith.exe
2460	OpenWith.exe
2460	OpenWith.exe
2460	OpenWith.exe
2460	OpenWith.exe
2460	OpenWith.exe
2460	OpenWith.exe
2460	OpenWith.exe
2460	OpenWith.exe
2460	OpenWith.exe
2460	OpenWith.exe
2460	OpenWith.exe
2460	OpenWith.exe
2180	OpenWith.exe
3452	setup.exe
4560	setup.exe
1192	OpenWith.exe
1580	setup.exe
3792	setup.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4776 wrote to memory of 548	4776	chrome.exe	85
PID 4776 wrote to memory of 548	4776	chrome.exe	85
PID 4776 wrote to memory of 2184	4776	chrome.exe	86
PID 4776 wrote to memory of 2184	4776	chrome.exe	86
PID 4776 wrote to memory of 2184	4776	chrome.exe	86
PID 4776 wrote to memory of 2184	4776	chrome.exe	86
PID 4776 wrote to memory of 2184	4776	chrome.exe	86
PID 4776 wrote to memory of 2184	4776	chrome.exe	86
PID 4776 wrote to memory of 2184	4776	chrome.exe	86
PID 4776 wrote to memory of 2184	4776	chrome.exe	86
PID 4776 wrote to memory of 2184	4776	chrome.exe	86
PID 4776 wrote to memory of 2184	4776	chrome.exe	86
PID 4776 wrote to memory of 2184	4776	chrome.exe	86
PID 4776 wrote to memory of 2184	4776	chrome.exe	86
PID 4776 wrote to memory of 2184	4776	chrome.exe	86
PID 4776 wrote to memory of 2184	4776	chrome.exe	86
PID 4776 wrote to memory of 2184	4776	chrome.exe	86
PID 4776 wrote to memory of 2184	4776	chrome.exe	86
PID 4776 wrote to memory of 2184	4776	chrome.exe	86
PID 4776 wrote to memory of 2184	4776	chrome.exe	86
PID 4776 wrote to memory of 2184	4776	chrome.exe	86
PID 4776 wrote to memory of 2184	4776	chrome.exe	86
PID 4776 wrote to memory of 2184	4776	chrome.exe	86
PID 4776 wrote to memory of 2184	4776	chrome.exe	86
PID 4776 wrote to memory of 2184	4776	chrome.exe	86
PID 4776 wrote to memory of 2184	4776	chrome.exe	86
PID 4776 wrote to memory of 2184	4776	chrome.exe	86
PID 4776 wrote to memory of 2184	4776	chrome.exe	86
PID 4776 wrote to memory of 2184	4776	chrome.exe	86
PID 4776 wrote to memory of 2184	4776	chrome.exe	86
PID 4776 wrote to memory of 2184	4776	chrome.exe	86
PID 4776 wrote to memory of 2184	4776	chrome.exe	86
PID 4776 wrote to memory of 32	4776	chrome.exe	87
PID 4776 wrote to memory of 32	4776	chrome.exe	87
PID 4776 wrote to memory of 456	4776	chrome.exe	88
PID 4776 wrote to memory of 456	4776	chrome.exe	88
PID 4776 wrote to memory of 456	4776	chrome.exe	88
PID 4776 wrote to memory of 456	4776	chrome.exe	88
PID 4776 wrote to memory of 456	4776	chrome.exe	88
PID 4776 wrote to memory of 456	4776	chrome.exe	88
PID 4776 wrote to memory of 456	4776	chrome.exe	88
PID 4776 wrote to memory of 456	4776	chrome.exe	88
PID 4776 wrote to memory of 456	4776	chrome.exe	88
PID 4776 wrote to memory of 456	4776	chrome.exe	88
PID 4776 wrote to memory of 456	4776	chrome.exe	88
PID 4776 wrote to memory of 456	4776	chrome.exe	88
PID 4776 wrote to memory of 456	4776	chrome.exe	88
PID 4776 wrote to memory of 456	4776	chrome.exe	88
PID 4776 wrote to memory of 456	4776	chrome.exe	88
PID 4776 wrote to memory of 456	4776	chrome.exe	88
PID 4776 wrote to memory of 456	4776	chrome.exe	88
PID 4776 wrote to memory of 456	4776	chrome.exe	88
PID 4776 wrote to memory of 456	4776	chrome.exe	88
PID 4776 wrote to memory of 456	4776	chrome.exe	88
PID 4776 wrote to memory of 456	4776	chrome.exe	88
PID 4776 wrote to memory of 456	4776	chrome.exe	88
PID 4776 wrote to memory of 456	4776	chrome.exe	88
PID 4776 wrote to memory of 456	4776	chrome.exe	88
PID 4776 wrote to memory of 456	4776	chrome.exe	88
PID 4776 wrote to memory of 456	4776	chrome.exe	88
PID 4776 wrote to memory of 456	4776	chrome.exe	88
PID 4776 wrote to memory of 456	4776	chrome.exe	88
PID 4776 wrote to memory of 456	4776	chrome.exe	88
PID 4776 wrote to memory of 456	4776	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://worldofpcgames.com/modern-pink-elf-rpg-free-download/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff99a8cc40,0x7fff99a8cc4c,0x7fff99a8cc58
  2⤵
  PID:548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1928,i,3676967363021750581,2703969710887363212,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1932,i,3676967363021750581,2703969710887363212,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1972 /prefetch:3
  2⤵
  PID:32
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2244,i,3676967363021750581,2703969710887363212,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2256 /prefetch:8
  2⤵
  PID:456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3088,i,3676967363021750581,2703969710887363212,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3096 /prefetch:1
  2⤵
  PID:872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3044,i,3676967363021750581,2703969710887363212,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:2936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4436,i,3676967363021750581,2703969710887363212,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4520 /prefetch:1
  2⤵
  PID:3240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4516,i,3676967363021750581,2703969710887363212,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:2064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3992,i,3676967363021750581,2703969710887363212,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3680 /prefetch:1
  2⤵
  PID:2096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4832,i,3676967363021750581,2703969710887363212,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4952 /prefetch:8
  2⤵
  PID:4392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5200,i,3676967363021750581,2703969710887363212,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4952 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5248,i,3676967363021750581,2703969710887363212,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:3592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5508,i,3676967363021750581,2703969710887363212,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:2460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5504,i,3676967363021750581,2703969710887363212,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5628,i,3676967363021750581,2703969710887363212,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5316 /prefetch:1
  2⤵
  PID:244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5264,i,3676967363021750581,2703969710887363212,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5664,i,3676967363021750581,2703969710887363212,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=208,i,3676967363021750581,2703969710887363212,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5624 /prefetch:8
  2⤵
  PID:3808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=6024,i,3676967363021750581,2703969710887363212,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5604 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=300,i,3676967363021750581,2703969710887363212,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1116 /prefetch:1
  2⤵
  PID:1004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6080,i,3676967363021750581,2703969710887363212,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6108 /prefetch:1
  2⤵
  PID:2180

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3860

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4720

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4280

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:64

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_!Ǵe𝔱-Set_𝓤p--4416__Pǎ$$w0ɾD#!!.zip\Pa$S___4416.txt
1⤵
PID:4868

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2460

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:4280

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap14073:126:7zEvent14131
1⤵
- Suspicious use of FindShellTrayWindow
PID:2068

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2180

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\#Sat-Up__4416--!K𝕖yP𝓪S$!##.7z"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:1588
- C:\Users\Admin\AppData\Local\Temp\7zO4365E769\setup.exe
  "C:\Users\Admin\AppData\Local\Temp\7zO4365E769\setup.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:3452
- C:\Users\Admin\AppData\Local\Temp\7zO436CCCA9\setup.exe
  "C:\Users\Admin\AppData\Local\Temp\7zO436CCCA9\setup.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:4560

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4420

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1192

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\#Sat-Up__4416--!K𝕖yP𝓪S$!##.7z"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:2980

C:\Users\Admin\Desktop\Setup-EN-US_3264bit\setup.exe
"C:\Users\Admin\Desktop\Setup-EN-US_3264bit\setup.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1580

C:\Users\Admin\Desktop\Setup-EN-US_3264bit\setup.exe
"C:\Users\Admin\Desktop\Setup-EN-US_3264bit\setup.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3792

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\70dc6ad0-3f87-4d2a-a20d-e362a4186fd1.tmp

Filesize
10KB

MD5
5064e601a7bb5177c08d406b1e12051c

SHA1
216cab3e2d76f13f5185999051f2143d782d68e1

SHA256
205445ce44e2218f02200af69a762fc8027fb8eca2f23bb1c749a17eb6571541

SHA512
7a617aabf389fb19798e67b08c80dbe20b5dd17054fbcd313c8a2d5492dab24fb86aa935804d6b6f62b99211485eda1211aabf997abfa2f66bce1cf392731051

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
1a406830d01a87d507bd15d9267a2e75

SHA1
f24bc72cd32bdbed7e3155853c4df61bbe3ebde3

SHA256
abf5143e6052c12c7ca0ca73652e1d8e3334fe3ea37d8561a9cf06868ebcf277

SHA512
d0f8a99fecdf264fa424ce1a8c61a28be3caf0d1085d9c62b4bc5c53cea6848a4bc90cd7b46eeb690bf791c2d3649251d5cfdd8b510311e52a4ad52ed5f92eb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
768B

MD5
485769363ccbcd7f094f368fca537d86

SHA1
f7848a4611f473fd466b8f2eb702f447fb8863a8

SHA256
27942abf2d726df844bd9a3e2a8af0ee925cd1269b56ff6c5b24a8a210a72ce7

SHA512
76d991f4086e06f5691d675016fd3cb23a68d91d3abf3c1e21b12bf716976f4da7cc51c69ecf7d6f69112c9e48788d0f5cd1ee1c4cea0f551cdb89092a6d0a84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
11KB

MD5
a64075192d45819d08a39d9d4ff74743

SHA1
f549639193b38c0395e59c1f93a04bf338504906

SHA256
439055b24b85ab3a323f82c15b6bf18f16234690c48fa9a99c17d2314e31a57b

SHA512
de3f8e9b9873b49c2d80616c66cff7a0be4a6d859f2703dc570a39b54f506260a619913b397c6c3371593ecefac2558eefc059265c6c2151c78fed2643943517

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
265832b15402a257754c8c9b60a73448

SHA1
1426237726ee4fdcf165c01ab11968a0153da650

SHA256
ddbf84d92553194b1c6d9e5f173c1a67195778cb1ce77579eb40779d87c04de1

SHA512
82a6ddb1701b44f329c4ad54791e9ca0d68e71dce1903be0b6f265b5986b2b34364ef1476dca723c7ce213676ffaecc9fcc5b19465fbdec7c3b69b777e6735c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
8a76ed44aeb7285bb1cbf11f52aba947

SHA1
6a394e55259bd2009024182d0c33d73051cc23e2

SHA256
0f6c51dffccd8eec10551013bad779684d3ae5a1fc1678dedb0b20e8b3680d1c

SHA512
006ff9923c785f53f094b70c86a8335537bc9ea2b8faf33f98f73c11dfdd3340e191a2870135c436b9a5fb5b9dd0f3d9be31c0a868b1a9f0cff846fbd15be0a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ee2cde23ce1722d8a6198fb4a5223fea

SHA1
c0686eda529c323c601c8c7d4bce338f995b722c

SHA256
bca673797ba3cb35bfa8d61a5123b1b865d75844c16eece5cd99eb6f142516ba

SHA512
3f76543564fb06d91c05dc00e5a5de3bb6556c24450fbf7769c08110d69443acf44acd90d2d429dbc2a337655b8611e0c4d8ccd8327328e6d6958b6a1abb3f6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e50d014e4e1f7b2c9335e3f7690d11c7

SHA1
d08e9800faf7e0fffb8ae8e38a70a8a7511f669c

SHA256
ec989d0730944aae9123b9fc887285144f18ad4d172e3913db9a3fdfeb8b92f2

SHA512
3bcf5f35c42e248cf2b410d57f22a80646ba0b19493a2e5f9783dfbc752a224760ff3c73fe9272fb48708089102205b8fd7e1fa18bfe2b1d9fbf9dcdab4e1a5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4dca9121a0d62112706618ff4d2a7b16

SHA1
67bb2c469c4270d62eca02b7892e68774e1cb7eb

SHA256
04e7841f43d25ac076aba3712ab37eb9ad1aec7e4b341d62a9e19b4f37d37c75

SHA512
a9e6ccff7dbf665ac55b43f342325eb5ab9dd9be912d94ed76c076146f985e11a4355a8302e71425d0c17beae4060fe2995267cd772d402a652c2855bfb623e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
47234538df08f405e642b4f13ee51e78

SHA1
bd1737d32843217f8681c192900015c88870a65c

SHA256
5ddd4e5d36d1d60248bc45ce9b82f505814d40a8605c577774c75c68260e3532

SHA512
e4275701da8e815ac3914167788f40f9251b12d29a9ceadceaffea4c81bc7d3f421b593f72adead4712cf1b6c3b99a307f82fa591cfa294ae0000694f37be701

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e9c7dfd5d0b49d1a3ca13f248d753974

SHA1
31028c81609559d9f88e00e5846b0aef46576719

SHA256
a9f5d20f793612ea7fa3cd620c6ebfcb39edbc6f51b70ba67d6435d09f2ed81d

SHA512
7f043629148e1743a490785b19c251bfed64aedfa165c317af7ed32bba9b9e61b39b6f95e42c8fb70dc2a4c24ad9fd641f52f35353af1bd10c04d8ff5017e2c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
45cc76373f2ad6b3c128181550dbcd1a

SHA1
1d28b60c465b0aaf163c17803db2bd1a2913f903

SHA256
5d844aebbfe4545b7914e9d14f46ab651974e17cc45e8581ff561db889f953d4

SHA512
f7cd55c44e1de51a2fdf34e0d84172223fb3c705b90dbe5c8f246fb4b823f443f1f4c014e5a392560de15075680a5ca6c206c01531f8cc2f9e7983032cee13ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
957e3044a379fcf60488a4d000edae3e

SHA1
dc598ab27b5d7f5d324c3ab1c1291f032e5ae9cb

SHA256
c8828859245004634d2dc6322d3ec97ef776d7d55dec5ff69cb03abc17292922

SHA512
50fafcb361f349dc9d710193f5b420180417466b08c17983c7a5d3cb855c4f501723b7cbb316eda797c25009d8753bff8536d075f7d363beafdf554748898ed8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
cbc36be4ada35be82ac85d5b8ae7c904

SHA1
e24bb74efc00847518fc1755fbfddf3f9f37a8f2

SHA256
84ac699f99add79571688e8d2e7a59c583aeeb7e2531b104f620eaf4698d28af

SHA512
376cade2d48c7fd8214d63191aab19886d2904899cc57491a388b1eb271d07b5234fc3997fe146c6d8f95a533b418480dcff4424bb134c325d39a222a7a4c594

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c5c0b4f42cb5ad3151702448548d0e70

SHA1
5c1748cae8e88d2705bf488a97f884b9c468fec2

SHA256
98f277e187d293d9a585f33b909885757320a14d41f37670be8a3b3e6ee89838

SHA512
bc35cd7e1d4b7f5ed3e8d38542049db79e6c960f14fc9d6391a786e4e906e07238385c12e591ccc4c04eb9d9f86df21f3bee01c4e01256a962960df1f81b1d18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1b1941a3c965a64976ab767372d1ad1d

SHA1
d128fb796e8516e95cb60f1d7a6fda7787e42064

SHA256
f15dac1df7535239d8301bec2a24e3971570b01c65b7465fe8c5c41e66852798

SHA512
96cd9148e2f6bfd5b5ed74c7e6c356b4e471a8beb4858e109cf3089d8a8035d001143cf95725f8c9082e115d37b0acc87d7827fd5e8407aef7c20cbbf80621cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
10f7be08b9a2c939428e76b21e37a7cc

SHA1
468db5122f03a15c6d8e28af4f4013280b791378

SHA256
63a9879fd39a48f1de9fa81c3d581b91bd4ca0ea963ee4b090f6be08b8c54e78

SHA512
0252db092e68167d4cd9d90ef0fd08ce88eab71a5bee75e218b4960972407e6f98c76f33de2446c75c497b918b20ea6385e6b83d74b09bd0ed65b7f695710b26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6cac2a24f317dc34caf82075491aab62

SHA1
75654b8df536c9b333920ad7ef1e9edf1a9b9f78

SHA256
360141bdb3553e80a52d93dd32fe70a3d61c4521412f2970c817b46f2955756f

SHA512
5f1627430106a86a1e3d3d7577836afa219ca2b9794ac4a5ba95a5b714e8bcfcbb52b0551b34b5132d902abc9eb9bf481d602759d5ef7b6a5141e7ef0faeaf65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
2a76e5652bd0444a099a65832c65c97f

SHA1
4db35af01344ad4895cecccbc3266fd2383afbd4

SHA256
f68293d9c0b974c7caad300573ccab142dd5ae6aed99e526184dc3f751b206fd

SHA512
50769a7d683d21a770acd4d3bf60eafd44a34f9c8e6f86351a08608139b0340ded1292565ed35adeec520940f98c7a1e361176da35a8abef077672cf9ad44f75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
395b9b73a26a8dd8938df9809711f4f4

SHA1
4145091d035f6a77f221c14bf7e9245006ae3e24

SHA256
7fe90a341e51e41e0e57109969d8dac889668261dfbe2dbceba56542d3c48924

SHA512
20fd9de6cdc01da056f45d2453f247f31b0be979ad133a0f2c1914e41f7152aae1b5a2b3028df6d19cf4a13796ab1aaf260bb05f25b67e222147e19996699699

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
f6e1feaf7796bf3b8b539c9427fe8567

SHA1
793b60fb1050ccc9b2119418e4fdd3eefd745bc5

SHA256
c05e86584a0054553472900bd0dee9a1740e176c51a9d7858762cbbdfd397f1a

SHA512
8a1f8cc240e4a9606c90b86cba464511fe7aa8fff45fac7538d1b2361208c514c1272a2f6c6303faafff611c331201d80205eeb1452f37f352683bd66c77a50b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
a41c8e41b0d99ce13c38aa0d5e44232f

SHA1
d2ffd0e233b1f06f7fd922d6ab4c5eb85d0d470a

SHA256
cacf8395e3d59dd728858f6eee47b55aeb4f919250c2431d7f52eee13e67c1c0

SHA512
14f05881b1aff3d95f56ec4dac3ab8d5083dcee33da412a30b967adf15562d923ea2cf40ec0e049cc14241ed03a52829a5329d94ea004a85d4dff7f5117682e9

Download Submit
C:\Users\Admin\Downloads\!Ǵe𝔱-Set_𝓤p--4416__Pǎ$$w0ɾD#!!.zip

Filesize
3.4MB

MD5
73b33e338973f3423b7d8b8375565013

SHA1
aebd3435cf8d16ab2fb40f0efe73974ff292e7aa

SHA256
b3f8b0d7b3623f98e1986c3f334652ef19c6b1a80239c96fafffbbe466870afe

SHA512
cb040f7baae61656a4a2604b4cb836d5c77a2c223e70e2f4778709045782b14c08fd1be0372c74784497c4f8e2faa42a54c21027436b7a47d08006b2b092098d

Download Submit
C:\Users\Admin\Downloads\#Sat-Up__4416--!K𝕖yP𝓪S$!##.7z

Filesize
646KB

MD5
8d01c5f847ced9f5aa6d76a65e53af4c

SHA1
06adcea070200587cfe242853fa9252252ff43bb

SHA256
eaf25234d7ee7350cadbb20d46cf45610adf9998691a77df379efc3b632c93b0

SHA512
61e06bb6ecd2238e6e4104cafa8491844626858bc8d555bb71f1e2f8ab8073dbd62b8935f19365ff93e09528ad3c8ebad5ab2fcd3de94818d79f5e3c8437cd08

Download Submit
memory/3452-474-0x0000000003090000-0x00000000030E6000-memory.dmp

Filesize
344KB

Download
memory/4420-516-0x00000152F7190000-0x00000152F7191000-memory.dmp

Filesize
4KB

Download
memory/4420-521-0x00000152F7190000-0x00000152F7191000-memory.dmp

Filesize
4KB

Download
memory/4420-520-0x00000152F7190000-0x00000152F7191000-memory.dmp

Filesize
4KB

Download
memory/4420-519-0x00000152F7190000-0x00000152F7191000-memory.dmp

Filesize
4KB

Download
memory/4420-518-0x00000152F7190000-0x00000152F7191000-memory.dmp

Filesize
4KB

Download
memory/4420-517-0x00000152F7190000-0x00000152F7191000-memory.dmp

Filesize
4KB

Download
memory/4420-515-0x00000152F7190000-0x00000152F7191000-memory.dmp

Filesize
4KB

Download
memory/4420-509-0x00000152F7190000-0x00000152F7191000-memory.dmp

Filesize
4KB

Download
memory/4420-510-0x00000152F7190000-0x00000152F7191000-memory.dmp

Filesize
4KB

Download
memory/4420-511-0x00000152F7190000-0x00000152F7191000-memory.dmp

Filesize
4KB

Download