latrodectus | hxxps://www[.]youtube[.]com/redirect?event=backstage_event&redir_token=QUFFLUhqbU1PSWd2UGpJRC1FRzRXcXJvR2Z3enN0WnFmUXxBQ3Jtc0tsbGlCM08yWURTNm1RLTNMVEtzUzhhM3JnQ1REN1VCVTc4d0N4dnlsLVFjNzB1SE84M1YxZFJlcVp4U2M3LWIwLWEtOVJkb2NneGVycUZlb2U5OUZKQXk2ZGVGVkVuN0ZQc0Z0UzNlNzRSd3N4SjRHYw&q=https%3A%2F%2Fsites[.]google[.]com%2Fview%2Fdrcheats5

Analysis

max time kernel
143s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
14/03/2025, 18:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/redirect?event=backstage_event&redir_token=QUFFLUhqbU1PSWd2UGpJRC1FRzRXcXJvR2Z3enN0WnFmUXxBQ3Jtc0tsbGlCM08yWURTNm1RLTNMVEtzUzhhM3JnQ1REN1VCVTc4d0N4dnlsLVFjNzB1SE84M1YxZFJlcVp4U2M3LWIwLWEtOVJkb2NneGVycUZlb2U5OUZKQXk2ZGVGVkVuN0ZQc0Z0UzNlNzRSd3N4SjRHYw&q=https%3A%2F%2Fsites.google.com%2Fview%2Fdrcheats5

Score

10^/10

latrodectus lumma discovery loader spyware stealer

Malware Config

Extracted

Family

lumma

https://hingehjan.shop/api

https://featureccus.shop/api

https://mrodularmall.top/api

https://jowinjoinery.icu/api

https://wlegenassedk.top/api

https://htardwarehu.icu/api

https://cjlaspcorne.icu/api

https://.bugildbett.top/api

https://latchclan.shop/api

Extracted

Family

latrodectus

Version

1.4

https://remustarofilac.com/test/

https://horetimodual.com/test/

Attributes

group
Ferrary
user_agent
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)

aes.hex

Signatures

Latrodectus family
latrodectus
Latrodectus loader
Latrodectus is a loader written in C++.
loader latrodectus
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

Downloads MZ/PE file 1 IoCs

flow	pid	Process
367	2680	svchost.exe

Executes dropped EXE 1 IoCs

pid	Process
2168	Setup.exe

Loads dropped DLL 11 IoCs

pid	Process
2168	Setup.exe
2168	Setup.exe
2168	Setup.exe
2168	Setup.exe
2168	Setup.exe
2168	Setup.exe
2168	Setup.exe
2168	Setup.exe
3952	rundll32.exe
4056	rundll32.exe
1532	rundll32.exe

Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
30	sites.google.com
31	sites.google.com
29	sites.google.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2168 set thread context of 3108	2168	Setup.exe	125

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	more.com
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 30 IoCs

pid	Process
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
2168	Setup.exe
2168	Setup.exe
2168	Setup.exe
3108	more.com
3108	more.com
3108	more.com
3108	more.com
2680	svchost.exe
2680	svchost.exe
2680	svchost.exe
2680	svchost.exe
2680	svchost.exe
2680	svchost.exe
2680	svchost.exe
2680	svchost.exe
5972	chrome.exe
5972	chrome.exe
3996	taskmgr.exe
3996	taskmgr.exe
3996	taskmgr.exe
3996	taskmgr.exe
3996	taskmgr.exe
3996	taskmgr.exe
3996	taskmgr.exe
3996	taskmgr.exe
3996	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
2224	OpenWith.exe
4980	OpenWith.exe

Suspicious behavior: MapViewOfSection 2 IoCs

pid	Process
2168	Setup.exe
3108	more.com

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5752	chrome.exe
Token: SeCreatePagefilePrivilege	5752	chrome.exe
Token: SeShutdownPrivilege	5752	chrome.exe
Token: SeCreatePagefilePrivilege	5752	chrome.exe
Token: SeShutdownPrivilege	5752	chrome.exe
Token: SeCreatePagefilePrivilege	5752	chrome.exe
Token: SeShutdownPrivilege	5752	chrome.exe
Token: SeCreatePagefilePrivilege	5752	chrome.exe
Token: SeShutdownPrivilege	5752	chrome.exe
Token: SeCreatePagefilePrivilege	5752	chrome.exe
Token: SeShutdownPrivilege	5752	chrome.exe
Token: SeCreatePagefilePrivilege	5752	chrome.exe
Token: SeShutdownPrivilege	5752	chrome.exe
Token: SeCreatePagefilePrivilege	5752	chrome.exe
Token: SeShutdownPrivilege	5752	chrome.exe
Token: SeCreatePagefilePrivilege	5752	chrome.exe
Token: SeShutdownPrivilege	5752	chrome.exe
Token: SeCreatePagefilePrivilege	5752	chrome.exe
Token: SeShutdownPrivilege	5752	chrome.exe
Token: SeCreatePagefilePrivilege	5752	chrome.exe
Token: SeShutdownPrivilege	5752	chrome.exe
Token: SeCreatePagefilePrivilege	5752	chrome.exe
Token: SeShutdownPrivilege	5752	chrome.exe
Token: SeCreatePagefilePrivilege	5752	chrome.exe
Token: SeShutdownPrivilege	5752	chrome.exe
Token: SeCreatePagefilePrivilege	5752	chrome.exe
Token: SeShutdownPrivilege	5752	chrome.exe
Token: SeCreatePagefilePrivilege	5752	chrome.exe
Token: SeShutdownPrivilege	5752	chrome.exe
Token: SeCreatePagefilePrivilege	5752	chrome.exe
Token: SeShutdownPrivilege	5752	chrome.exe
Token: SeCreatePagefilePrivilege	5752	chrome.exe
Token: SeShutdownPrivilege	5752	chrome.exe
Token: SeCreatePagefilePrivilege	5752	chrome.exe
Token: SeShutdownPrivilege	5752	chrome.exe
Token: SeCreatePagefilePrivilege	5752	chrome.exe
Token: SeShutdownPrivilege	5752	chrome.exe
Token: SeCreatePagefilePrivilege	5752	chrome.exe
Token: SeShutdownPrivilege	5752	chrome.exe
Token: SeCreatePagefilePrivilege	5752	chrome.exe
Token: SeShutdownPrivilege	5752	chrome.exe
Token: SeCreatePagefilePrivilege	5752	chrome.exe
Token: SeShutdownPrivilege	5752	chrome.exe
Token: SeCreatePagefilePrivilege	5752	chrome.exe
Token: SeShutdownPrivilege	5752	chrome.exe
Token: SeCreatePagefilePrivilege	5752	chrome.exe
Token: SeShutdownPrivilege	5752	chrome.exe
Token: SeCreatePagefilePrivilege	5752	chrome.exe
Token: SeShutdownPrivilege	5752	chrome.exe
Token: SeCreatePagefilePrivilege	5752	chrome.exe
Token: SeShutdownPrivilege	5752	chrome.exe
Token: SeCreatePagefilePrivilege	5752	chrome.exe
Token: SeShutdownPrivilege	5752	chrome.exe
Token: SeCreatePagefilePrivilege	5752	chrome.exe
Token: SeShutdownPrivilege	5752	chrome.exe
Token: SeCreatePagefilePrivilege	5752	chrome.exe
Token: SeShutdownPrivilege	5752	chrome.exe
Token: SeCreatePagefilePrivilege	5752	chrome.exe
Token: SeShutdownPrivilege	5752	chrome.exe
Token: SeCreatePagefilePrivilege	5752	chrome.exe
Token: SeShutdownPrivilege	5752	chrome.exe
Token: SeCreatePagefilePrivilege	5752	chrome.exe
Token: SeShutdownPrivilege	5752	chrome.exe
Token: SeCreatePagefilePrivilege	5752	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
2868	7zG.exe
5752	chrome.exe
3996	taskmgr.exe
3996	taskmgr.exe
3996	taskmgr.exe
3996	taskmgr.exe
3996	taskmgr.exe
3996	taskmgr.exe
3996	taskmgr.exe
3996	taskmgr.exe
3996	taskmgr.exe
3996	taskmgr.exe
3996	taskmgr.exe
3996	taskmgr.exe
3996	taskmgr.exe
3996	taskmgr.exe
3996	taskmgr.exe

Suspicious use of SendNotifyMessage 59 IoCs

pid	Process
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
3996	taskmgr.exe
3996	taskmgr.exe
3996	taskmgr.exe
3996	taskmgr.exe
3996	taskmgr.exe
3996	taskmgr.exe
3996	taskmgr.exe
3996	taskmgr.exe
3996	taskmgr.exe
3996	taskmgr.exe
3996	taskmgr.exe
3996	taskmgr.exe
3996	taskmgr.exe
3996	taskmgr.exe
3996	taskmgr.exe
3996	taskmgr.exe
3996	taskmgr.exe
3996	taskmgr.exe
3996	taskmgr.exe
3996	taskmgr.exe
3996	taskmgr.exe
3996	taskmgr.exe
3996	taskmgr.exe
3996	taskmgr.exe
3996	taskmgr.exe
3996	taskmgr.exe
3996	taskmgr.exe
3996	taskmgr.exe
3996	taskmgr.exe
3996	taskmgr.exe
3996	taskmgr.exe
3996	taskmgr.exe
3996	taskmgr.exe
3996	taskmgr.exe
3996	taskmgr.exe

Suspicious use of SetWindowsHookEx 36 IoCs

pid	Process
2224	OpenWith.exe
2224	OpenWith.exe
2224	OpenWith.exe
2224	OpenWith.exe
2224	OpenWith.exe
2224	OpenWith.exe
2224	OpenWith.exe
2224	OpenWith.exe
2224	OpenWith.exe
2224	OpenWith.exe
2224	OpenWith.exe
2224	OpenWith.exe
2224	OpenWith.exe
2224	OpenWith.exe
2224	OpenWith.exe
2224	OpenWith.exe
2224	OpenWith.exe
4980	OpenWith.exe
4980	OpenWith.exe
4980	OpenWith.exe
4980	OpenWith.exe
4980	OpenWith.exe
4980	OpenWith.exe
4980	OpenWith.exe
4980	OpenWith.exe
4980	OpenWith.exe
4980	OpenWith.exe
4980	OpenWith.exe
4980	OpenWith.exe
4980	OpenWith.exe
4980	OpenWith.exe
4980	OpenWith.exe
4980	OpenWith.exe
4980	OpenWith.exe
4980	OpenWith.exe
4980	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5752 wrote to memory of 4524	5752	chrome.exe	84
PID 5752 wrote to memory of 4524	5752	chrome.exe	84
PID 5752 wrote to memory of 1008	5752	chrome.exe	86
PID 5752 wrote to memory of 1008	5752	chrome.exe	86
PID 5752 wrote to memory of 1008	5752	chrome.exe	86
PID 5752 wrote to memory of 1008	5752	chrome.exe	86
PID 5752 wrote to memory of 1008	5752	chrome.exe	86
PID 5752 wrote to memory of 1008	5752	chrome.exe	86
PID 5752 wrote to memory of 1008	5752	chrome.exe	86
PID 5752 wrote to memory of 1008	5752	chrome.exe	86
PID 5752 wrote to memory of 1008	5752	chrome.exe	86
PID 5752 wrote to memory of 1008	5752	chrome.exe	86
PID 5752 wrote to memory of 1008	5752	chrome.exe	86
PID 5752 wrote to memory of 1008	5752	chrome.exe	86
PID 5752 wrote to memory of 1008	5752	chrome.exe	86
PID 5752 wrote to memory of 1008	5752	chrome.exe	86
PID 5752 wrote to memory of 1008	5752	chrome.exe	86
PID 5752 wrote to memory of 1008	5752	chrome.exe	86
PID 5752 wrote to memory of 1008	5752	chrome.exe	86
PID 5752 wrote to memory of 1008	5752	chrome.exe	86
PID 5752 wrote to memory of 1008	5752	chrome.exe	86
PID 5752 wrote to memory of 1008	5752	chrome.exe	86
PID 5752 wrote to memory of 1008	5752	chrome.exe	86
PID 5752 wrote to memory of 1008	5752	chrome.exe	86
PID 5752 wrote to memory of 1008	5752	chrome.exe	86
PID 5752 wrote to memory of 1008	5752	chrome.exe	86
PID 5752 wrote to memory of 1008	5752	chrome.exe	86
PID 5752 wrote to memory of 1008	5752	chrome.exe	86
PID 5752 wrote to memory of 1008	5752	chrome.exe	86
PID 5752 wrote to memory of 1008	5752	chrome.exe	86
PID 5752 wrote to memory of 1008	5752	chrome.exe	86
PID 5752 wrote to memory of 1008	5752	chrome.exe	86
PID 5752 wrote to memory of 1516	5752	chrome.exe	87
PID 5752 wrote to memory of 1516	5752	chrome.exe	87
PID 5752 wrote to memory of 5708	5752	chrome.exe	88
PID 5752 wrote to memory of 5708	5752	chrome.exe	88
PID 5752 wrote to memory of 5708	5752	chrome.exe	88
PID 5752 wrote to memory of 5708	5752	chrome.exe	88
PID 5752 wrote to memory of 5708	5752	chrome.exe	88
PID 5752 wrote to memory of 5708	5752	chrome.exe	88
PID 5752 wrote to memory of 5708	5752	chrome.exe	88
PID 5752 wrote to memory of 5708	5752	chrome.exe	88
PID 5752 wrote to memory of 5708	5752	chrome.exe	88
PID 5752 wrote to memory of 5708	5752	chrome.exe	88
PID 5752 wrote to memory of 5708	5752	chrome.exe	88
PID 5752 wrote to memory of 5708	5752	chrome.exe	88
PID 5752 wrote to memory of 5708	5752	chrome.exe	88
PID 5752 wrote to memory of 5708	5752	chrome.exe	88
PID 5752 wrote to memory of 5708	5752	chrome.exe	88
PID 5752 wrote to memory of 5708	5752	chrome.exe	88
PID 5752 wrote to memory of 5708	5752	chrome.exe	88
PID 5752 wrote to memory of 5708	5752	chrome.exe	88
PID 5752 wrote to memory of 5708	5752	chrome.exe	88
PID 5752 wrote to memory of 5708	5752	chrome.exe	88
PID 5752 wrote to memory of 5708	5752	chrome.exe	88
PID 5752 wrote to memory of 5708	5752	chrome.exe	88
PID 5752 wrote to memory of 5708	5752	chrome.exe	88
PID 5752 wrote to memory of 5708	5752	chrome.exe	88
PID 5752 wrote to memory of 5708	5752	chrome.exe	88
PID 5752 wrote to memory of 5708	5752	chrome.exe	88
PID 5752 wrote to memory of 5708	5752	chrome.exe	88
PID 5752 wrote to memory of 5708	5752	chrome.exe	88
PID 5752 wrote to memory of 5708	5752	chrome.exe	88
PID 5752 wrote to memory of 5708	5752	chrome.exe	88

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.youtube.com/redirect?event=backstage_event&redir_token=QUFFLUhqbU1PSWd2UGpJRC1FRzRXcXJvR2Z3enN0WnFmUXxBQ3Jtc0tsbGlCM08yWURTNm1RLTNMVEtzUzhhM3JnQ1REN1VCVTc4d0N4dnlsLVFjNzB1SE84M1YxZFJlcVp4U2M3LWIwLWEtOVJkb2NneGVycUZlb2U5OUZKQXk2ZGVGVkVuN0ZQc0Z0UzNlNzRSd3N4SjRHYw&q=https%3A%2F%2Fsites.google.com%2Fview%2Fdrcheats5
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff4740dcf8,0x7fff4740dd04,0x7fff4740dd10
  2⤵
  PID:4524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1976,i,4128611948670332566,1948929850219944686,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=1972 /prefetch:2
  2⤵
  PID:1008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1592,i,4128611948670332566,1948929850219944686,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  PID:1516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2364,i,4128611948670332566,1948929850219944686,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2788 /prefetch:8
  2⤵
  PID:5708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3204,i,4128611948670332566,1948929850219944686,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:5396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3212,i,4128611948670332566,1948929850219944686,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:3196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4268,i,4128611948670332566,1948929850219944686,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4288 /prefetch:2
  2⤵
  PID:4672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5164,i,4128611948670332566,1948929850219944686,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5184 /prefetch:8
  2⤵
  PID:5020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5180,i,4128611948670332566,1948929850219944686,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3232,i,4128611948670332566,1948929850219944686,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3468 /prefetch:1
  2⤵
  PID:5368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3320,i,4128611948670332566,1948929850219944686,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:5788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5996,i,4128611948670332566,1948929850219944686,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6020 /prefetch:1
  2⤵
  PID:5596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5476,i,4128611948670332566,1948929850219944686,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6084 /prefetch:1
  2⤵
  PID:3380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5956,i,4128611948670332566,1948929850219944686,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:1364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5500,i,4128611948670332566,1948929850219944686,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5960 /prefetch:1
  2⤵
  PID:4656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=6112,i,4128611948670332566,1948929850219944686,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:5908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=6152,i,4128611948670332566,1948929850219944686,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6160 /prefetch:1
  2⤵
  PID:2964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=6312,i,4128611948670332566,1948929850219944686,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6344 /prefetch:1
  2⤵
  PID:4168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=6528,i,4128611948670332566,1948929850219944686,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6484 /prefetch:1
  2⤵
  PID:4140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6668,i,4128611948670332566,1948929850219944686,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6724 /prefetch:8
  2⤵
  PID:1092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6676,i,4128611948670332566,1948929850219944686,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6760 /prefetch:8
  2⤵
  PID:4652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6708,i,4128611948670332566,1948929850219944686,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6800 /prefetch:8
  2⤵
  PID:5916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5656,i,4128611948670332566,1948929850219944686,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6764 /prefetch:8
  2⤵
  PID:1684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=6724,i,4128611948670332566,1948929850219944686,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4868 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5972

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:5028

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3936

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5024

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2224

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4980

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Setu4_w_a_s_d\" -an -ai#7zMap16084:116:7zEvent17990
1⤵
- Suspicious use of FindShellTrayWindow
PID:2868

C:\Users\Admin\Downloads\Setu4_w_a_s_d\Setup.exe
"C:\Users\Admin\Downloads\Setu4_w_a_s_d\Setup.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:2168
- C:\Windows\SysWOW64\more.com
  C:\Windows\SysWOW64\more.com
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: MapViewOfSection
  PID:3108
- - C:\Windows\SysWOW64\svchost.exe
    C:\Windows\SysWOW64\svchost.exe
    3⤵
    - Downloads MZ/PE file
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2680
  - - C:\Windows\SysWOW64\rundll32.exe
      rundll32 "C:\Users\Admin\AppData\Local\Temp\XGSXHYVVLCPARKPOI.dll",Editor
      4⤵
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:3952
    - - C:\Windows\system32\rundll32.exe
        
        rundll32 "C:\Users\Admin\AppData\Local\Temp\XGSXHYVVLCPARKPOI.dll",Editor
        5⤵
        Loads dropped DLL
        
        PID:4056
      - C:\Windows\system32\rundll32.exe
        
        rundll32.exe "C:\Users\Admin\AppData\Roaming\Custom_update\Update_94e37919.dll", Editor
        6⤵
        Loads dropped DLL
        
        PID:1532

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
da7f47b4cf9038b38109538ab8dff665

SHA1
6649d2e72f37cd3e5f9a77c901c22cc0d5cb1a4f

SHA256
8da66a7b8a67293020903af9ccb96057dfb2dc2dd6acb8e22640752181cd143f

SHA512
4cead15c1f649eadae9f21f976b8fe5d97c8403ac7b0cb8526f0968c06d6ab702757a7a303d7f3c75a28657c38eead749f34ad448439fd29b74cd6c5148297ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\24d34aaf-6e63-4838-9fc5-92ed8618bd28.tmp

Filesize
10KB

MD5
8b08e5d0a7a30bfd4cd224e0c2710a97

SHA1
19eb1815f44a128bf1dc6dc368a2c20344f93b1b

SHA256
cd75f14bc3dce83215d1748e7726e237b64310e406412ce72f8103c031774ba8

SHA512
acffbad7ed62d39c155bdf4e85dfcb1904b8577d1f61bf26377701352cc77791ed3eddf9bef64c2c0d7ae7c5d373807df7de08d53d93daf5229de799c10a0b1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
414B

MD5
b4c1d7b331d799643b1d5758752a459d

SHA1
c253d231fe6012c72af4abf80fa59d66aaa19631

SHA256
4c67bb12bb4725015f79ad46347c2360de1c409c3b50762e7688a643d50ad594

SHA512
56bc6ff9e9e43c25fc7ff7a5b6737772e575138a3c05245506702ea136c9193e1e5d9b3c9b57d1e3755a2980237a0d1a95ee77ebdcb3c0e1582f93fa1b6993c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
a0d2acbd4d83e67df16a98a4d78963bc

SHA1
f0bd0546980b78c5acf8d223c500366dd2f5d46b

SHA256
72adf08028518a67f53f368d2820cd76e6a1c9ea6be5b816b381b3d6e0fef93c

SHA512
373877d86be22848ba0144610c9dd04265904638d949b94ce0a4d414e29935919819d5209327abf74afb30a8fee37f00828ae6ab19a26d938f5fa4b1342a550e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnGraphiteCache\data_1

Filesize
264KB

MD5
8c69dd3f31cdd5893c4438c712a2d4d1

SHA1
f9ed50d24760e69beb44e8be644624e4481ddc5c

SHA256
4302fb02f5c8431c1b4217cf13383549e3327d1fbecf2227ede601620bc9ee89

SHA512
b620a679b93a4c0bd79c2c837ed20153b14a10b31e36be9845d957eb12b8a441e6f6e181391369da8077318a954267abec79feb77daef30ab96b0e09f6f5d909

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
160KB

MD5
1d0495219cae64948c626c09d438bec0

SHA1
1b42338cf2e165c23fa8109fc75697394d1254ee

SHA256
22b182c0ce3148948989e0fd92d7eb6f20aef5f6e375ac3fa948d64221a728e8

SHA512
af04789f302f6843c7d700674a40716f986d2f28ebeb3a5819dda7f16a515371c6a22d7cc94582b7ff93deab582aa1067a131d4079d66c8df49947e6269f8d26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Filesize
40KB

MD5
88e7e0338504e38c8508f6fa6056aaa8

SHA1
6d1a4c6cf77748522c73238372ed4d43f66055b3

SHA256
c8dee64e1aff8076a80c24d23c2142234679db788b72d4b02901c02cccc269e2

SHA512
e3cea10f8da178bf8ac6557b5b5303beda0787df644d20385c4884d6a1de4b075e9bdfcc9d73920a29f3b8e32e3e938b4e259a992a16ec5de8eba186e0a7411f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
21KB

MD5
c1a85422c450be0acf612396db15aeec

SHA1
ecbc121133c1357a68f5ed23090b6f229af760bf

SHA256
c20bedcaf09d7950f30114ee71c0f902b652411f463371d8144fd214e39fd5b3

SHA512
a6c1ca485ddd94b30e981d37fdc18540ba021ddcb0e261b5daa851c7beafa443a63b4b0a70eb8e3c093ff104840b550c7a2f70b83f397ab5bfceac37fd4a2ca4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
23KB

MD5
7405e61e112e5a600774a8b686fbed1c

SHA1
4fb02e027fab1f1536700d71b6444561f97e0b3e

SHA256
acdd1f5f0889b91f955111379fe14068c8986417f9ef58a5a1ee371d027be0c6

SHA512
0aba39fd858318520f54d0c357dc4fcc4a4a33785dc7c38a2e951f8995d7e76cd35c2075b7efeefa864c54882acff0b9437abf44e52db0bf760c90e8385d6a76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
7527b8bda98eeabfb386c85ad7e0b161

SHA1
e999ce12e770f0141fe9337b4841de6c9e29e427

SHA256
ba9a0fb23d5b1af4d1a49ddd31b7fe4f899b94faf425cacd436f8e078ddf5689

SHA512
ea86afc61055cef9f0c5a458467bd5c1c679f563e4f54530cf8c4ab297dd31bc5a46516f0f55731f6bdca8b0a72943e8f72e6269fb7b4f25db7a9f0b26f6d2f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
19575273eac21588cacb4af8a171cbea

SHA1
ad3c852d17eb845a21b32f0088dcd00e43ecb9c6

SHA256
af797aece63be6caf3bec2e9f66d3235b2ad3730bdb73e71e1c5f955b5a9ef99

SHA512
6a3546df3e26a3f5ee7c6fe81240db70b489c12857fae8d33c3f61d94e82160fcd75b8fe238fa2f56e201cdbd64c89bd7836466b8b790d3becc2b6d3e35eca62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a6d806f9468172757005d0986d031925

SHA1
233520330cff6ac8e45fb03b382b4672f5b74e5f

SHA256
43485513e47594b021a9d18d36fd11eaf1d36760754249cb401c8667eac8649f

SHA512
37c924126de8067453cb449d3b707078db6a1662b56c227df965b4d2010dfc27ba1c5b05a1a59ab0d2046230f86203e8ec2ade472d9099893a2f94e968ab80d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
161934900b4a1af98e249e5c5c5c401b

SHA1
a7a5a4602bf79a34d116d97fe4ab6a6d3363eb48

SHA256
976506548867ba24653e6f39ce68dff75495194d32c719bf76b87ba56b2d9fd9

SHA512
bce0ac295f55ccd4ce45a763a114b139366faaf2bf5b231fdd9355293102cbcf561232120276a0225d671a0d58205566fc31604955ef458c5155dd903c5d50cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
21f8d4f4b950bd6960ffbb24dec30928

SHA1
b3dc45773323845a4147c235c5288c2be112831d

SHA256
a38630cd2e515258258d630861c7602eb0f6c91007a1fa7d37f40a93a6b40bd9

SHA512
22e6d436305652d813aeaa614b63eba2a540d820ac1c30516b66acf6c11f4e9834607415ff072584d355c0e5e2fd1c04c631c3f36cc495d918849fdfcecd741c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
479bdb9e053135eba15da92973663bc8

SHA1
04445d497687d5f8af0490206114184230bebcd9

SHA256
260e6af3ae7ea680290e6459f4535b9e5e046330c8b7b739730a45b014f5ba47

SHA512
399cd2bef7fae6f9534462d0f5a0a254c85ecaa373633ec0aecedf5a0305a1582544961102be698ec97c59d998786b1114b69b199570305d38c944db3370d8d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
8bef1c5d955769d002a0975c12bca630

SHA1
3adc73cb61eba9666bdcde173b6f898e6daa1bc8

SHA256
8378660a007460882cef1e5f62739f56893ec3927461a7b6f1eb59c28e419b0a

SHA512
77276beafd6b7f9470c3edd5c3301444ea9533d28c9c02e5a8092f0cf72482a9ca2d146d23e1469ce475ef62efe020c263947c806c04e2fdc9423c4f83402259

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57c4b7.TMP

Filesize
48B

MD5
c1302b9b79c65b4368cfe62011af64d5

SHA1
9db0691c7893275c9dce6061e2b92b40786cface

SHA256
9c7a03893f325a04706837209073e685274882fd83b1e41513c60966f90ad423

SHA512
3d6473b5426588311dd0ca6ba9e675b5979f651a3a3d79eb298e45a709394bd3d0f318fa632dcdbbd5fdaa15271ca2fbc257b0832c6bebc715bcb840365db3c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary\cache\index-dir\the-real-index

Filesize
72B

MD5
e8567faed4764405aeeaee8eb7843c6b

SHA1
683b744e9ffcd9919fccefe4bd38fb6e8317c664

SHA256
75eae60d21d98ece9918eefd392470f943230d3a0a1352847a9ad6e48600959a

SHA512
e07d28836acb9e580159241df462fd34bd941dd2adb56655fd1aefe99f42c181e59281ffb4047e4af507bf48bab13e7b3679b118b25fca8f273cf07022fe0e4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data

Filesize
130KB

MD5
8c30ac0e5a4995a1c0f972efef59b56b

SHA1
81aa8ebf35636b847302bb895cb3e82b0003ae85

SHA256
7d08ff8574782830e16442cc3f63182af123175e2a480d6374b38be518771c33

SHA512
4f29a3d933337fad9dc2a68259e308ce65d4e9b8559d1ce54d2992b977455eee7f660a24e3fd32cca0924321fd44d942452282e18c614fe4809086d89b5cfe86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
13B

MD5
a4710a30ca124ef24daf2c2462a1da92

SHA1
96958e2fe60d71e08ea922dfd5e69a50e38cc5db

SHA256
7114eaf0a021d2eb098b1e9f56f3500dc4f74ac68a87f5256922e4a4b9fa66b7

SHA512
43878e3bc6479df9e4ebd11092be61a73ab5a1441cd0bc8755edd401d37032c44a7279bab477c01d563ab4fa5d8078c0ba163a9207383538e894e0a7ff5a3e15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
bcfe02b7c78c3d6cf9023b7ef830c66e

SHA1
eb9471d9bbe3ceca7658f2b87a8bee5bad94d5f4

SHA256
78bdc993ef77400a0eb1a038ba328d8d3e2a5ad7201e4f6b2481f1ab2674d11d

SHA512
cf1932011826566eab0672ab480c24b6c8f829e31f4432e5eda882276f7acaa58e3b59ea4a2d8e28e817471e462e870756323b99537dc55779c71c81239daa3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
cd731559dca07a3b2b8719db290269d9

SHA1
22de9bd1d21b2348a2ec6e6f3de372be6c9c637d

SHA256
957f74dc75c5c8b738b172d53479c3a650d076644746ce5062bf6b3ba4e3de92

SHA512
c2d7d4aa2d909106c1f811f0a61303aecdf5edcadd13165f16e92083bd7f6f7d3468c2bdce96744ac9df7467b745efedf68ba3fb24d87829f85f5c74445d6c8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
7d439584b57ff77eae50891fb0e18915

SHA1
3f7ffa8d6e3b508c5db69f5d56f88c543b331fc1

SHA256
5472b5db3e997db4a82d4d8aeee732ca1790edc042327579c7e11040012daf36

SHA512
7d4d5bc4be63b5ba539a3f889a2add7d3f25603cb1a425029742939d51f3d1e37d2fc7d245fecc5f546abf5c082164415d525736c19f19f99ab8283838e27f8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
2b1e9c47f3d6c6c13740853b34197418

SHA1
0086e81d2f409e955a0046f3b5e114a29575e3fa

SHA256
4beeba76a575bbe240efe9e30bbf7724c60152486b2ee71a6f3eb23232555299

SHA512
c89984ed39d63315ff45249651667f85d07ce12f512e671b5d06c8cdf8348d93863b543e409c2deebbe361725dffd49b820dbf457ef4241a543ba6a48fa3c1e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
04e67308fe27e15855284624c4a05a52

SHA1
30e96b52a6af1df7741a7573ae82858e63e4729f

SHA256
4c2479721088a15e2fc98b237bfc4602f688c7aee98e74edaf1b188195533429

SHA512
d0b42f700e768b7c4ca716330da38f826cbcd40eaa5c2c94557f6da8a921799af9c9901039f4ecf96ded0c5913aeb1031703967c6a179420064dc5d2f0057464

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\b1d5f1f9-0d45-4370-a284-bd25cabb81c8.tmp

Filesize
80KB

MD5
b7b786546d3844de6c4dc0251719f1e1

SHA1
6463bed51168a1d2197696e44b5298d83f8d0204

SHA256
08ca0386ac096e9c52dae14fce1ae9e8a8b919e50fb58adc92004d30e14e994b

SHA512
ded796eb08db0caa2fe3b07c24eafff7c4cdb1d9573dd36405dacf574195f655d61bb67e906b7899dcb78ca1895c6d69e3529d2a9578831371b125b3be73dbea

Download Submit
C:\Users\Admin\AppData\Local\Temp\2e1f2690

Filesize
1.1MB

MD5
d0132188ae28a9a2a0b69b234413415f

SHA1
57a951851ea76d96774ea4e1b2e5b2e639b964cc

SHA256
779fe679507354a315e71404f4fa60b5c47fdc0df778aea67c7be4e68c46bc75

SHA512
6eb4790dc825a365715385630ed6c71e9b9c8cb4e8b412f5b9f8ae63c19910cbe9460870f1cefaa6c5d916d624fc8f211921e8e8a37ee9cda02e89c635bfff4a

Download Submit
C:\Users\Admin\AppData\Local\Temp\XGSXHYVVLCPARKPOI.dll

Filesize
1.8MB

MD5
56f403ded2a31f25592afcc131cf378a

SHA1
3d7c8aa50ecc650ba161234272c532ec1d502145

SHA256
5e9b53207cb53c38217fb443e9a84c0fa745fa7fc62ace3673a2c49c6e873749

SHA512
653abb63d0e35ecb214daa27bea025df11ed5bf03183cdf17dc1e492e41831fbb99efaf921be120b7d8740f8d5faad8c64511b3ab589d11b40d3ad5c66cc1289

Download Submit
C:\Users\Admin\Downloads\Setu4_w_a_s_d\Setup.exe

Filesize
1.2MB

MD5
e69917fa99f750a6c4e19523c3f2014b

SHA1
4b0185f38b668d7332d411f4824de2d111b3e670

SHA256
51de0b104e9ced3028a41d01dedf735809eb7f60888621027c7f00f0fcf9c834

SHA512
2f3b3f878fcae51a718d5ae2c12b4d98372c7aab46ed93cd567e66a1b45a96fb79ad66b7aaf0e9383905f46e4f639597af4914640d23596583057112d94a22c4

Download Submit
C:\Users\Admin\Downloads\Setu4_w_a_s_d\carryon.aspx

Filesize
931KB

MD5
2c513ce20b7c60597112d4fde89974f7

SHA1
064055239f662a483ff15ec17074ab462d17a325

SHA256
96335863584f848a33915247a93aa458aac5841361b6337e8e52a272bbaf6620

SHA512
32e8191697f6346a63978fbeed7f0819661ec4ef7d3d961563cd9a39a74581575934201a1c3b928d28dfdcf3b0b69e0b0b1a89713e24191d281e9e2242303c4a

Download Submit
C:\Users\Admin\Downloads\Setu4_w_a_s_d\jpeg8.dll

Filesize
684KB

MD5
e4e335ea9f7d5824a1aa3abcbc5f7dc9

SHA1
2c840163497d6db2ad9aa0cf92fe990d8b7f8074

SHA256
66c5fddaf6af0c0ecd0ce6923010c9d4f5eab184e6b6cb3f5453d405281366a4

SHA512
082550fe52adb0a1a25809484e95c02b175c63c8b03dc68655a331d2369c4b79276a4338571a605814862ede8a6673ad781ea3f0c9b5372e0df60f07b3205587

Download Submit
C:\Users\Admin\Downloads\Setu4_w_a_s_d\lib-strings.dll

Filesize
125KB

MD5
5ae0bda29f1387fbb266c12daea57d03

SHA1
154c999a371af12b80782e3012934f1f1edbf80b

SHA256
762620c3e241e8da462311bec8ae87c9a01089ac028f77384a8ea2ba3854dac1

SHA512
063cb0ab3a29c73be01fd07070e27613b185c0b67ede20f3df1e5c63a3e9ce2a9996eb7864e6f13e7088339d9dd162b2a19c44d4b761711051961424c9e49930

Download Submit
C:\Users\Admin\Downloads\Setu4_w_a_s_d\libpng16.dll

Filesize
216KB

MD5
7895937099678ccf369519179b223016

SHA1
d08fee6de6e04e9a6df35e64de0082d6dbd4ff6f

SHA256
c162ed44fe43320ebeea325eb25c6b33d5411dfba9a260d186ebcb95478ef13c

SHA512
e51c717529b289e4af7bfe0ff0036f2d17ebc21678d3f8231e976a07de1a1d03b6b183a7544a562cedbf609b188e707264ff38d4307755a9c5f5e4510eb6a57c

Download Submit
C:\Users\Admin\Downloads\Setu4_w_a_s_d\msvcp140.dll

Filesize
439KB

MD5
4d157073a891d0832b9b05fb8aca73a8

SHA1
551efcdd93ecafc6b54ebb6f8f38c505d42d61ca

SHA256
718812adb0d669eea9606432202371e358c7de6cdeafeddad222c36ae0d3f263

SHA512
141563450e4cdf44315270360414f339fc3c96ebdaa46e28a1f673237c30f5e94e6da271db67547499c14dc3bd10e39767c3b6a2a3c9cec0a64a11f0263e0c5d

Download Submit
C:\Users\Admin\Downloads\Setu4_w_a_s_d\pyjama.log

Filesize
57KB

MD5
ca3b4303b1fc32f8b79c88b41b1fe5a0

SHA1
12beed6d0b67dd1b3f1053d8f319dce4827d28d1

SHA256
f58d07cafa6957644c8bf567f0a4f1aa52be699d097a4a5482d166c3a2239a24

SHA512
09d75114dd938cd1a50ca24a989d281c08a8fe80f0ce3fa16c564a261c1e15a223185971752bae602855a933ea6b886c894ac1b96aaa64d9f3b888785aed320b

Download Submit
C:\Users\Admin\Downloads\Setu4_w_a_s_d\vcruntime140.dll

Filesize
88KB

MD5
e4ed441f0f6afb0d8d55af87900ec48f

SHA1
ac5bd77fd06ed29bebceb65371387555658870d9

SHA256
09d1e604e8cdd06176fcc3d3698861be20638a4391f9f2d9e23f868c1576ca94

SHA512
dec6d693aa2d6c043ef8ae35f7f613cf9366aeb8a5903e8e0c54644f799262229b91953c65d39f8535ce464c75bf34b3b23ddb50a9fc5f171d36d6bfa1e4d7dd

Download Submit
C:\Users\Admin\Downloads\Setu4_w_a_s_d\wxbase313u_vc_custom.dll

Filesize
3.3MB

MD5
c8387768960f1fbbec655a37213e8e08

SHA1
cd3bc4da7a6cdabad3cef44e4fe69f1f554bcd95

SHA256
f4f837de4b1fff88dfe7ab0bf1190c76d63c8a864ff6f12c3a26f21ce0e5e0db

SHA512
9fd39da83c1fe4fd2ceb65dfb4959bb5ac09f2d00820638fbed18a96d58227a3681fb20909f316f1d15d83db79ac208787472acfe772d689e0e9d1c5dbff9143

Download Submit
C:\Users\Admin\Downloads\Setu4_w_a_s_d\zlib1.dll

Filesize
109KB

MD5
dfd95d4f4160f0756f2898144ba9e300

SHA1
f6b426ce6f17255956637834105af3a403eda36c

SHA256
964cbd05e4e8cfc1ba7f1fa17625b1ce7e539e519f725f8cb7f2f342641bf03d

SHA512
d414ec8a53f972ef2fb5f2b94a4cf417ceefba9a09a4677de6c376f3a27e435cf57e8c997695971d6d99c4ef705eb803994426d3da81ef6061a276bd4b762d4f

Download Submit
memory/2168-695-0x00007FFF64A90000-0x00007FFF64C85000-memory.dmp

Filesize
2.0MB

Download
memory/2168-706-0x00000000732B0000-0x000000007342B000-memory.dmp

Filesize
1.5MB

Download
memory/2168-694-0x00000000732B0000-0x000000007342B000-memory.dmp

Filesize
1.5MB

Download
memory/2680-715-0x00007FFF64A90000-0x00007FFF64C85000-memory.dmp

Filesize
2.0MB

Download
memory/2680-736-0x0000000000C70000-0x0000000000C7E000-memory.dmp

Filesize
56KB

Download
memory/2680-735-0x0000000000BD0000-0x0000000000C4E000-memory.dmp

Filesize
504KB

Download
memory/2680-714-0x0000000000BD0000-0x0000000000C4E000-memory.dmp

Filesize
504KB

Download
memory/3108-710-0x00000000732B0000-0x000000007342B000-memory.dmp

Filesize
1.5MB

Download
memory/3108-709-0x00007FFF64A90000-0x00007FFF64C85000-memory.dmp

Filesize
2.0MB

Download
memory/3996-891-0x00000290D8550000-0x00000290D8551000-memory.dmp

Filesize
4KB

Download
memory/3996-890-0x00000290D8550000-0x00000290D8551000-memory.dmp

Filesize
4KB

Download
memory/3996-889-0x00000290D8550000-0x00000290D8551000-memory.dmp

Filesize
4KB

Download
memory/3996-897-0x00000290D8550000-0x00000290D8551000-memory.dmp

Filesize
4KB

Download
memory/3996-901-0x00000290D8550000-0x00000290D8551000-memory.dmp

Filesize
4KB

Download
memory/3996-900-0x00000290D8550000-0x00000290D8551000-memory.dmp

Filesize
4KB

Download
memory/3996-899-0x00000290D8550000-0x00000290D8551000-memory.dmp

Filesize
4KB

Download
memory/3996-898-0x00000290D8550000-0x00000290D8551000-memory.dmp

Filesize
4KB

Download
memory/3996-895-0x00000290D8550000-0x00000290D8551000-memory.dmp

Filesize
4KB

Download
memory/3996-896-0x00000290D8550000-0x00000290D8551000-memory.dmp

Filesize
4KB

Download
memory/4056-732-0x00007FFF361A0000-0x00007FFF36373000-memory.dmp

Filesize
1.8MB

Download
memory/4056-726-0x0000000180000000-0x0000000181CB2000-memory.dmp

Filesize
28.7MB

Download