Overview

overview

10

Static

static

1

Untitled design.png

windows11-21h2-x64

10

Analysis

  • max time kernel
    450s
  • max time network
    451s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    10-01-2025 23:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Untitled design.png

  • Size

    183KB

  • MD5

    bd8092e24f639ed1fbaa87745db569d0

  • SHA1

    15f7c9d155057a2660985157d464a733eea9c395

  • SHA256

    76fe2a70d764e2dec6639ba33f9f6fa1e94b7be3108b1b08022ea768a158fd84

  • SHA512

    1ddd6b9a8053a4e3033abb20617e999c9d4c7546123191ff4fc3813f0a7bb66d820fd8ec36de5c7234fd9f689b2def217550ba161966d9afed26586edf24ec73

  • SSDEEP

    3072:OOJbFhztEHNFIwY8zTsP2Q83cTPxoDepexSGhDMKGNQJYW1lWQrTyBLwLL6:OitWiwY8zAPo+PxoDosDhgKGCSW1F6th

Score
10/10
lummadefense_evasiondiscoveryexecutionstealer

Malware Config

Extracted

Family

lumma

C2

https://robinsharez.shop/api

https://handscreamny.shop/api

https://chipdonkeruz.shop/api

https://versersleep.shop/api

https://crowdwarek.shop/api

https://apporholis.shop/api

https://femalsabler.shop/api

https://soundtappysk.shop/api

https://bashusolici.sbs/api

Signatures

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Lumma family
    lumma
  • Command and Scripting Interpreter: PowerShell 1 TTPs 4 IoCs

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution
  • Executes dropped EXE 2 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

    When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

    defense_evasion
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 11 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 35 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Untitled design.png"
    1⤵
      PID:1452
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe"
      1⤵
      • Drops file in Windows directory
      • Enumerates system info in registry
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:2524
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb601ecc40,0x7ffb601ecc4c,0x7ffb601ecc58
        2⤵
          PID:3076
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1764,i,13951108930064784174,14734911354730590171,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1752 /prefetch:2
          2⤵
            PID:1184
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2104,i,13951108930064784174,14734911354730590171,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2116 /prefetch:3
            2⤵
              PID:3644
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2196,i,13951108930064784174,14734911354730590171,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2208 /prefetch:8
              2⤵
                PID:4964
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3096,i,13951108930064784174,14734911354730590171,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3224 /prefetch:1
                2⤵
                  PID:3432
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3168,i,13951108930064784174,14734911354730590171,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3404 /prefetch:1
                  2⤵
                    PID:4368
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3576,i,13951108930064784174,14734911354730590171,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3544 /prefetch:1
                    2⤵
                      PID:3056
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4864,i,13951108930064784174,14734911354730590171,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4892 /prefetch:8
                      2⤵
                        PID:2460
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4652,i,13951108930064784174,14734911354730590171,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4880 /prefetch:8
                        2⤵
                          PID:4536
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5080,i,13951108930064784174,14734911354730590171,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4596 /prefetch:8
                          2⤵
                            PID:3948
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4856,i,13951108930064784174,14734911354730590171,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4840 /prefetch:8
                            2⤵
                              PID:1516
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4736,i,13951108930064784174,14734911354730590171,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4588 /prefetch:8
                              2⤵
                                PID:4840
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4328,i,13951108930064784174,14734911354730590171,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4696 /prefetch:8
                                2⤵
                                  PID:4064
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4896,i,13951108930064784174,14734911354730590171,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4660 /prefetch:2
                                  2⤵
                                    PID:3840
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5296,i,13951108930064784174,14734911354730590171,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4740 /prefetch:1
                                    2⤵
                                      PID:4204
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3420,i,13951108930064784174,14734911354730590171,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3440 /prefetch:8
                                      2⤵
                                        PID:1356
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5272,i,13951108930064784174,14734911354730590171,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5528 /prefetch:8
                                        2⤵
                                          PID:4848
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3464,i,13951108930064784174,14734911354730590171,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3508 /prefetch:8
                                          2⤵
                                          • Subvert Trust Controls: Mark-of-the-Web Bypass
                                          • NTFS ADS
                                          PID:4420
                                      • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                        "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                        1⤵
                                          PID:1392
                                        • C:\Windows\system32\svchost.exe
                                          C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                          1⤵
                                            PID:3080
                                          • C:\Windows\System32\rundll32.exe
                                            C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                            1⤵
                                              PID:2596
                                            • C:\Users\Admin\Downloads\Bootstrapper_V2.14.exe
                                              "C:\Users\Admin\Downloads\Bootstrapper_V2.14.exe"
                                              1⤵
                                              • Executes dropped EXE
                                              • System Location Discovery: System Language Discovery
                                              PID:4728
                                              • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                "powershell.exe" -NoProfile -ExecutionPolicy Bypass -Command " Add-MpPreference -ExclusionPath 'C:\TawcbXwcX' Add-MpPreference -ExclusionPath 'C:\Users\Public\Desktop' "
                                                2⤵
                                                • Command and Scripting Interpreter: PowerShell
                                                • System Location Discovery: System Language Discovery
                                                • Suspicious behavior: EnumeratesProcesses
                                                PID:4312
                                              • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                "powershell.exe" -NoProfile -ExecutionPolicy Bypass -Command " Add-MpPreference -ExclusionPath 'C:\TawcbXwcX' Add-MpPreference -ExclusionPath 'C:\Users\Public\Desktop' "
                                                2⤵
                                                • Command and Scripting Interpreter: PowerShell
                                                • System Location Discovery: System Language Discovery
                                                • Suspicious behavior: EnumeratesProcesses
                                                PID:4824
                                              • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                "powershell.exe" -NoProfile -ExecutionPolicy Bypass -Command " Add-MpPreference -ExclusionPath 'C:\TawcbXwcX' Add-MpPreference -ExclusionPath 'C:\Users\Public\Desktop' "
                                                2⤵
                                                • Command and Scripting Interpreter: PowerShell
                                                • System Location Discovery: System Language Discovery
                                                • Suspicious behavior: EnumeratesProcesses
                                                PID:5032
                                              • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                "powershell.exe" -NoProfile -ExecutionPolicy Bypass -Command " Add-MpPreference -ExclusionPath 'C:\TawcbXwcX' Add-MpPreference -ExclusionPath 'C:\Users\Public\Desktop' "
                                                2⤵
                                                • Command and Scripting Interpreter: PowerShell
                                                • System Location Discovery: System Language Discovery
                                                • Suspicious behavior: EnumeratesProcesses
                                                PID:1604
                                              • C:\TawcbXwcX\NiTXAnhFdQ.exe
                                                "C:\TawcbXwcX\NiTXAnhFdQ.exe"
                                                2⤵
                                                • Executes dropped EXE
                                                • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                • System Location Discovery: System Language Discovery
                                                • Suspicious use of SetWindowsHookEx
                                                PID:1160

                                            Network

                                            MITRE ATT&CK Enterprise v15

                                            Replay Monitor

                                            Loading Replay Monitor...

                                            Downloads

                                            • C:\TawcbXwcX\NiTXAnhFdQ.exe
                                              Filesize

                                              1.2MB

                                              MD5

                                              65603619eb82fd12a1b8c82a3bc16380

                                              SHA1

                                              def49e0455ecbc5fa4b61c55f6ff089fbb680e68

                                              SHA256

                                              b718474c3629c566251c0b37096d090bf307a88f04e94753a72840ffe669ff3e

                                              SHA512

                                              d3b678bb5a272a035c34585d735bb409b75b7478ac84f544660edbeb3cc8995809b496d8ee2ab30432390b494c16312f600db1da9db56489b4010766acc08863

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
                                              Filesize

                                              649B

                                              MD5

                                              a0ee84fd3516c2c89de5158b33f60f06

                                              SHA1

                                              3064951e75170d18e2ec14c116ebe4fb0b41b35b

                                              SHA256

                                              2a3af2832415118e662bc3acd257f5cb38db1074d1c14db21d41da6a9ea4696d

                                              SHA512

                                              8c079f71b90f90bf3bbe549da0442e8fbbdd1b8911edbb9fc576801fe4653a1023b59b96fd52db4c4ca857418eda2be23e43aa86b9d6de010c4479aa9e2cdae5

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013
                                              Filesize

                                              60KB

                                              MD5

                                              28db026b539941c963443cea87bff761

                                              SHA1

                                              644b9ff64b45f847b2d454138304255018ac77df

                                              SHA256

                                              c4cd63ecc67cefb717d747a5e7f3461161bc51298fc507afca86ce59e70e2129

                                              SHA512

                                              641c7e39183010e163145b239fcb0728575aeb41e4f02ee3fd09afd6e34ce0777432f6f18e93e657d01c3aecef340c9000597dafc32b6928068e7421a6dc00e5

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
                                              Filesize

                                              120B

                                              MD5

                                              c67021b49ecb13f57033b2e4a100c555

                                              SHA1

                                              f69c7ca273d148b72fa4e4951d5c4d5064ca447b

                                              SHA256

                                              e7264f813a8b024f40a32d14bbb32127889fc41c11742a39ddf33600a2b8dc13

                                              SHA512

                                              b20c9140d54622c24f45e463bc2b1261610d949acd4b0bbead5bd356a5cf29c02c68a92589f786f7461191781aede55450c4834030487c5706734978aa85053a

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json
                                              Filesize

                                              851B

                                              MD5

                                              07ffbe5f24ca348723ff8c6c488abfb8

                                              SHA1

                                              6dc2851e39b2ee38f88cf5c35a90171dbea5b690

                                              SHA256

                                              6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

                                              SHA512

                                              7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json
                                              Filesize

                                              854B

                                              MD5

                                              4ec1df2da46182103d2ffc3b92d20ca5

                                              SHA1

                                              fb9d1ba3710cf31a87165317c6edc110e98994ce

                                              SHA256

                                              6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

                                              SHA512

                                              939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                              Filesize

                                              2KB

                                              MD5

                                              cc58770ea93e24eedc3a75503418927e

                                              SHA1

                                              41c6b3014f93386864288be0c2f00ba1c42e7ebe

                                              SHA256

                                              cbc650d25ce0cecf5d2d501ed088cbcd07cbe08201e3e1de63a2a2779566b0b7

                                              SHA512

                                              4c1f8b8dc7179e39426e5f1a83a95af346fa023fd6e68153b52a1f5f177a9e193a970f6cec812db2279c35dd2aa1685ba72e2e18fa7e4fc17c2ba40875c8401b

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                              Filesize

                                              2KB

                                              MD5

                                              46130269f7475f0a72611c9364f6ce4b

                                              SHA1

                                              846531f0ff011f35e585636122705a245a022730

                                              SHA256

                                              92f903c33059025d62cd4e961555ec6aa04ad78216d73e7108b2338cba11bac4

                                              SHA512

                                              03312dbfb18a79cdd74838fcb2e68564ba2e80f245d362620f3db1114966aefe8c53195b0ab6fefe218c2df210325db165e64cca1c8dadfd87fdbc31dec3111b

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
                                              Filesize

                                              2B

                                              MD5

                                              d751713988987e9331980363e24189ce

                                              SHA1

                                              97d170e1550eee4afc0af065b78cda302a97674c

                                              SHA256

                                              4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                              SHA512

                                              b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                              Filesize

                                              691B

                                              MD5

                                              02c13e30c6e1d2be352245d9b889e8e5

                                              SHA1

                                              05cd22d2f5882fb21ffd7bea879bb9dc1fe6c9f7

                                              SHA256

                                              c0ac5783079e3ca4805fa3410071c73b8b4032292953aafdbb55c9f9a0198106

                                              SHA512

                                              30de942624eaf3d30c93c0247ad9b0fac7e63b2a8460df2ba68b812d34eaa894a36f3a0bfcaf3dfda455ea223b01f4b015cadf6488a72c9fe736d4287b68a3e6

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                              Filesize

                                              356B

                                              MD5

                                              831457d2d23b72f6f9b7904a25c3e27d

                                              SHA1

                                              d41c207179770488c8f4bc830b137f3e97bec5e4

                                              SHA256

                                              8ce9fdaf6af8caa1ecaa59df9af7e4b988b33b67ee1aa445a73d690efa1c8ad5

                                              SHA512

                                              373887acc3e9a3d4dced3f4cf3a702116681072aa796f34944030dcd22e3f81f11a1a0457a68713b00f84f39f1e62fbc2883de1e047f093f48af32dab5b3f7fe

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                              Filesize

                                              9KB

                                              MD5

                                              a7e1b26bbf6dca75506216d6fb4a1da7

                                              SHA1

                                              8971b60cc3b8c92ca2e0a0f9c6a2afe421202550

                                              SHA256

                                              d135ffee6fde955c2e7f76df930e4f77c6525b7af2a1324673a2233bd2bbc419

                                              SHA512

                                              753bf46c79f8f24764cd66bffab04ccb241f464dbefa92a5565cfb5b620c51fec76be55f5d5312ab428bd8913b8db93600995807bc01e6cf1222c79999b16e4c

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                              Filesize

                                              9KB

                                              MD5

                                              cc9c5e5f74267ca4ebefff4e963113d6

                                              SHA1

                                              15f767c5565ad546f10df1aa05c7bab77324be23

                                              SHA256

                                              fed68c97c0dafb97c6294ab5c51adf8dff9dad33e104da79e505bde4c572f2e6

                                              SHA512

                                              1fd2728a4e1d59de2036c052881ba7090f25a91a147528c8af03eec47605c92053615113c14ebd15b6c524c2d608d1441ee9590743d3ce671babefb8485871dd

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                              Filesize

                                              9KB

                                              MD5

                                              aeebbe360dde6af20003ce311f351f7d

                                              SHA1

                                              6ab421e91bbdef623de34bedbb93e9b7ebe9efa3

                                              SHA256

                                              872c7f1a61d386a7dca4b2b142432e4a1190037ac9454607f22eb22170884fac

                                              SHA512

                                              8473703953e85338677321016dd21df2f5fc841e6bedd4aff81f17cbcdbc1329f69aefb4bd8bfb8d0fab3a8a6e35661dbc7be0f5fbb78839d7f3722e34bad9b4

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
                                              Filesize

                                              15KB

                                              MD5

                                              d69d0517d7319e29ef8136f21d6bd5af

                                              SHA1

                                              87436de36cb8b3de1d8b5035ea5b969dd00f9d77

                                              SHA256

                                              073ef43ddde939df313505587f460b2668d536101552fcb2b77e5c933dfe8659

                                              SHA512

                                              982406f6f5f2ce0ea849bf79b049895d52ea1a5a388210cb7f7b2acb509dab838f57d8685304a6661ff4179a1810bd26c552fe6ec02fd77faa86bec4a2534a9e

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
                                              Filesize

                                              72B

                                              MD5

                                              9ea9be2b46ad41d4d3de7ae647490734

                                              SHA1

                                              8c7e9527c60f108c6d0a81a400edaa567e278707

                                              SHA256

                                              7773a606960455e072a03f98badf43dd8a23033475c79e21c16d86493a2bae50

                                              SHA512

                                              8790f0a88acbdba7dd0bf8c9d57852ff66cb87024ae2f117915c7885335d5f01e5bf3470a0e1fa8a4f48513ab9a20e0edb61f1f9555ac290582d571a48048024

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                              Filesize

                                              231KB

                                              MD5

                                              4323c416cd9bb4277e720e029d2ac1af

                                              SHA1

                                              8e4e0a0de7f3cda7987da1ab62a04a4d02ef4576

                                              SHA256

                                              c26f6f90d9bb69e9a34203c5d3699119804de7f2dad8af3f49ff53ec37dffceb

                                              SHA512

                                              7b8ca1a3e7ab8ba5bb93754bc166e36351c255e3343d3ed4fc39265f878f7e845e13a53e16624e61d187289ca6a88f6c9a4f73ea7a69727d9a8033940320fcb7

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                              Filesize

                                              231KB

                                              MD5

                                              214703c8f3b06e2586083820268bc312

                                              SHA1

                                              347b26290f4ec7ea3a3278ef695f6264b85ec703

                                              SHA256

                                              a915242a175b603eea37a92c2ed637e46801940785cc649393978477b49c0bc5

                                              SHA512

                                              3cff6d2052a47da54edfcd063f98bc5f7543d86a4084dea4cd8e7389fc932778ceea6c38d469a87add7d66cefc9640112c008db4f64b67dea8aeb8e201f607ee

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                              Filesize

                                              231KB

                                              MD5

                                              786b0462698d54d222179fdf460d9334

                                              SHA1

                                              b1688426b812090bd1a8f3a813eff193939685c2

                                              SHA256

                                              448dc13ed04aab0d1712239f9ee155519ff9cb615d1bdde3853ef7814a79f199

                                              SHA512

                                              5d994368421ded7c7bf52c28cd565e10c9dba858b6a87fa690d66142d50fbdbd752bb9a15df6ff9c090bca1ae0040f1a7f21cbad358f0743e9c4322a4137be8d

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
                                              Filesize

                                              264KB

                                              MD5

                                              e830d706091a6834659e2d50cbd56a95

                                              SHA1

                                              d88396780543750cee764489476327eaf1e56d66

                                              SHA256

                                              978b2ba72327dcf3de4e0fc54414b7afd8cd0289bb3a68f26b4347513659fd19

                                              SHA512

                                              ac366f6a05a5bbedfec6c989aec808c1a65186afce9652d7a37899b11c856159973f6d665a88c81501b6b8d4e00314ccefdc5c289e95b65831c4bdd4f4c09946

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log
                                              Filesize

                                              2KB

                                              MD5

                                              d0c46cad6c0778401e21910bd6b56b70

                                              SHA1

                                              7be418951ea96326aca445b8dfe449b2bfa0dca6

                                              SHA256

                                              9600b3fdf0565ccb49e21656aa4b24d7c18f776bfd04d9ee984b134707550f02

                                              SHA512

                                              057531b468f7fbbb2175a696a8aab274dec0d17d9f71df309edcff35e064f3378050066a3df47ccd03048fac461594ec75e3d4fe64f9dd79949d129f51e02949

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                              Filesize

                                              18KB

                                              MD5

                                              4fb38795eaf5bc759ddbaf5ea523c294

                                              SHA1

                                              1bba9d3c4050beab33165bcae458d70172ca03a1

                                              SHA256

                                              9f2272d3653a933c46391e250185816f9e620f1b90435d10143b7eed8290a2c9

                                              SHA512

                                              dbb7bf8d164ae32d29a398cf2786eca12320d71d702a5a71613fa2ad8d25da5102571536e8500838f461f1163012b0282f4cf187b13c3538bb6f42036024a806

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                              Filesize

                                              18KB

                                              MD5

                                              ebd9fd73da1581747cf686dca08d047f

                                              SHA1

                                              aac18dbc2d7946e6db1f3270060a2d02890985b1

                                              SHA256

                                              907e04d2e253ed4544aaf7b72a100bbac7d037799ec3e65a9d34af9490d1913f

                                              SHA512

                                              f074dc84970eab62346acf00204ebc54e00c3150e021211ef316d0af2b0b490f44c3fc56e6e1d45fa949b9bd3f6288c09828d75ae4005f606bbdb2a91dd8b027

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_gxollxdv.0c1.ps1
                                              Filesize

                                              60B

                                              MD5

                                              d17fe0a3f47be24a6453e9ef58c94641

                                              SHA1

                                              6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                              SHA256

                                              96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                              SHA512

                                              5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Temp\scoped_dir2524_382878707\93f7cd84-9363-4395-8bdc-47e3fee468b3.tmp
                                              Filesize

                                              150KB

                                              MD5

                                              14937b985303ecce4196154a24fc369a

                                              SHA1

                                              ecfe89e11a8d08ce0c8745ff5735d5edad683730

                                              SHA256

                                              71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

                                              SHA512

                                              1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Temp\scoped_dir2524_382878707\CRX_INSTALL\_locales\en\messages.json
                                              Filesize

                                              711B

                                              MD5

                                              558659936250e03cc14b60ebf648aa09

                                              SHA1

                                              32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

                                              SHA256

                                              2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

                                              SHA512

                                              1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

                                              Download Submit

                                            • C:\Users\Admin\Downloads\Bootstrapper_V2.14.exe:Zone.Identifier
                                              Filesize

                                              102B

                                              MD5

                                              5b2f3621a0cc1ee2c8441a9ff97e31fa

                                              SHA1

                                              48c4bc78c510d4d1da8cf3fef56cca3027182b64

                                              SHA256

                                              8206cdd06458304843f7840f8440ba4fff69e2c57b70de70e0bd50eab18ea8eb

                                              SHA512

                                              a1ca74994c75f8e66c6a8571cb7acc418b4edc3ecfc331ebc0626b331c1e14584b25c9a507768ceec1556c315e758b0417bef403a26d38c7096f44afbe1ee0c9

                                              Download Submit

                                            • memory/1160-766-0x0000000000BB0000-0x0000000000F6F000-memory.dmp

                                              Filesize

                                              3.7MB

                                              Download

                                            • memory/1160-784-0x0000000000BB0000-0x0000000000F6F000-memory.dmp

                                              Filesize

                                              3.7MB

                                              Download

                                            • memory/1604-753-0x00000000062A0000-0x00000000065F7000-memory.dmp

                                              Filesize

                                              3.3MB

                                              Download

                                            • memory/1604-767-0x000000006C570000-0x000000006C5BC000-memory.dmp

                                              Filesize

                                              304KB

                                              Download

                                            • memory/1604-776-0x0000000007B20000-0x0000000007BC4000-memory.dmp

                                              Filesize

                                              656KB

                                              Download

                                            • memory/1604-777-0x0000000007DE0000-0x0000000007DF1000-memory.dmp

                                              Filesize

                                              68KB

                                              Download

                                            • memory/1604-778-0x0000000007E20000-0x0000000007E35000-memory.dmp

                                              Filesize

                                              84KB

                                              Download

                                            • memory/4312-558-0x0000000006290000-0x00000000062AE000-memory.dmp

                                              Filesize

                                              120KB

                                              Download

                                            • memory/4312-561-0x000000006C570000-0x000000006C5BC000-memory.dmp

                                              Filesize

                                              304KB

                                              Download

                                            • memory/4312-581-0x0000000007C30000-0x00000000082AA000-memory.dmp

                                              Filesize

                                              6.5MB

                                              Download

                                            • memory/4312-582-0x00000000075F0000-0x000000000760A000-memory.dmp

                                              Filesize

                                              104KB

                                              Download

                                            • memory/4312-583-0x0000000007660000-0x000000000766A000-memory.dmp

                                              Filesize

                                              40KB

                                              Download

                                            • memory/4312-584-0x0000000007890000-0x0000000007926000-memory.dmp

                                              Filesize

                                              600KB

                                              Download

                                            • memory/4312-585-0x0000000007800000-0x0000000007811000-memory.dmp

                                              Filesize

                                              68KB

                                              Download

                                            • memory/4312-586-0x0000000007830000-0x000000000783E000-memory.dmp

                                              Filesize

                                              56KB

                                              Download

                                            • memory/4312-587-0x0000000007840000-0x0000000007855000-memory.dmp

                                              Filesize

                                              84KB

                                              Download

                                            • memory/4312-588-0x0000000007950000-0x000000000796A000-memory.dmp

                                              Filesize

                                              104KB

                                              Download

                                            • memory/4312-589-0x0000000007930000-0x0000000007938000-memory.dmp

                                              Filesize

                                              32KB

                                              Download

                                            • memory/4312-570-0x0000000007290000-0x00000000072AE000-memory.dmp

                                              Filesize

                                              120KB

                                              Download

                                            • memory/4312-544-0x0000000002DD0000-0x0000000002E06000-memory.dmp

                                              Filesize

                                              216KB

                                              Download

                                            • memory/4312-571-0x00000000072B0000-0x0000000007354000-memory.dmp

                                              Filesize

                                              656KB

                                              Download

                                            • memory/4312-545-0x0000000005650000-0x0000000005C7A000-memory.dmp

                                              Filesize

                                              6.2MB

                                              Download

                                            • memory/4312-560-0x0000000007250000-0x0000000007284000-memory.dmp

                                              Filesize

                                              208KB

                                              Download

                                            • memory/4312-546-0x0000000005400000-0x0000000005422000-memory.dmp

                                              Filesize

                                              136KB

                                              Download

                                            • memory/4312-559-0x00000000062E0000-0x000000000632C000-memory.dmp

                                              Filesize

                                              304KB

                                              Download

                                            • memory/4312-557-0x0000000005DC0000-0x0000000006117000-memory.dmp

                                              Filesize

                                              3.3MB

                                              Download

                                            • memory/4312-547-0x00000000054A0000-0x0000000005506000-memory.dmp

                                              Filesize

                                              408KB

                                              Download

                                            • memory/4312-548-0x00000000055C0000-0x0000000005626000-memory.dmp

                                              Filesize

                                              408KB

                                              Download

                                            • memory/4728-541-0x000000000B000000-0x000000000B008000-memory.dmp

                                              Filesize

                                              32KB

                                              Download

                                            • memory/4728-526-0x0000000009B60000-0x0000000009B6E000-memory.dmp

                                              Filesize

                                              56KB

                                              Download

                                            • memory/4728-525-0x0000000009B90000-0x0000000009BC8000-memory.dmp

                                              Filesize

                                              224KB

                                              Download

                                            • memory/4728-524-0x0000000000900000-0x0000000000916000-memory.dmp

                                              Filesize

                                              88KB

                                              Download

                                            • memory/4824-603-0x000000006C570000-0x000000006C5BC000-memory.dmp

                                              Filesize

                                              304KB

                                              Download

                                            • memory/4824-593-0x0000000006080000-0x00000000063D7000-memory.dmp

                                              Filesize

                                              3.3MB

                                              Download

                                            • memory/5032-698-0x000000006C570000-0x000000006C5BC000-memory.dmp

                                              Filesize

                                              304KB

                                              Download