lumma | hxxps://github[.]com/FOXICZECK/Synapse-Free-X

Analysis

max time kernel
75s
max time network
79s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
27-04-2024 22:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/FOXICZECK/Synapse-Free-X

Score

10^/10

lumma stealer

Malware Config

Extracted

Family

lumma

https://auctiongutollyjkui.shop/api

https://productivelookewr.shop/api

https://tolerateilusidjukl.shop/api

https://shatterbreathepsw.shop/api

https://shortsvelventysjo.shop/api

https://incredibleextedwj.shop/api

https://alcojoldwograpciw.shop/api

https://liabilitynighstjsko.shop/api

https://demonstationfukewko.shop/api

Signatures

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma
Executes dropped EXE 2 IoCs

Processes:

Launcher.exeLauncher.exe

pid process

2640 Launcher.exe
452 Launcher.exe

pid	process
2640	Launcher.exe
452	Launcher.exe

Suspicious use of SetThreadContext 2 IoCs

Processes:

Launcher.exeLauncher.exe

description	pid	process	target process
PID 2640 set thread context of 3984	2640	Launcher.exe	RegAsm.exe
PID 452 set thread context of 1108	452	Launcher.exe	RegAsm.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133587293881284370"	chrome.exe

Modifies registry class 2 IoCs

Processes:

chrome.exeOpenWith.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

1616 chrome.exe
1616 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

Processes:

chrome.exe

pid process

1616 chrome.exe
1616 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeCreatePagefilePrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeCreatePagefilePrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeCreatePagefilePrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeCreatePagefilePrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeCreatePagefilePrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeCreatePagefilePrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeCreatePagefilePrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeCreatePagefilePrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeCreatePagefilePrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeCreatePagefilePrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeCreatePagefilePrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeCreatePagefilePrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeCreatePagefilePrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeCreatePagefilePrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeCreatePagefilePrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeCreatePagefilePrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeCreatePagefilePrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeCreatePagefilePrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeCreatePagefilePrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeCreatePagefilePrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeCreatePagefilePrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeCreatePagefilePrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeCreatePagefilePrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeCreatePagefilePrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeCreatePagefilePrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeCreatePagefilePrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeCreatePagefilePrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeCreatePagefilePrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeCreatePagefilePrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeCreatePagefilePrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeCreatePagefilePrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeCreatePagefilePrivilege	1616	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

Processes:

chrome.exe7zG.exe

pid	process
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
4568	7zG.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

OpenWith.exe

pid process

1516 OpenWith.exe

pid	process
1516	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1616 wrote to memory of 3460	1616	chrome.exe	chrome.exe
PID 1616 wrote to memory of 3460	1616	chrome.exe	chrome.exe
PID 1616 wrote to memory of 220	1616	chrome.exe	chrome.exe
PID 1616 wrote to memory of 220	1616	chrome.exe	chrome.exe
PID 1616 wrote to memory of 220	1616	chrome.exe	chrome.exe
PID 1616 wrote to memory of 220	1616	chrome.exe	chrome.exe
PID 1616 wrote to memory of 220	1616	chrome.exe	chrome.exe
PID 1616 wrote to memory of 220	1616	chrome.exe	chrome.exe
PID 1616 wrote to memory of 220	1616	chrome.exe	chrome.exe
PID 1616 wrote to memory of 220	1616	chrome.exe	chrome.exe
PID 1616 wrote to memory of 220	1616	chrome.exe	chrome.exe
PID 1616 wrote to memory of 220	1616	chrome.exe	chrome.exe
PID 1616 wrote to memory of 220	1616	chrome.exe	chrome.exe
PID 1616 wrote to memory of 220	1616	chrome.exe	chrome.exe
PID 1616 wrote to memory of 220	1616	chrome.exe	chrome.exe
PID 1616 wrote to memory of 220	1616	chrome.exe	chrome.exe
PID 1616 wrote to memory of 220	1616	chrome.exe	chrome.exe
PID 1616 wrote to memory of 220	1616	chrome.exe	chrome.exe
PID 1616 wrote to memory of 220	1616	chrome.exe	chrome.exe
PID 1616 wrote to memory of 220	1616	chrome.exe	chrome.exe
PID 1616 wrote to memory of 220	1616	chrome.exe	chrome.exe
PID 1616 wrote to memory of 220	1616	chrome.exe	chrome.exe
PID 1616 wrote to memory of 220	1616	chrome.exe	chrome.exe
PID 1616 wrote to memory of 220	1616	chrome.exe	chrome.exe
PID 1616 wrote to memory of 220	1616	chrome.exe	chrome.exe
PID 1616 wrote to memory of 220	1616	chrome.exe	chrome.exe
PID 1616 wrote to memory of 220	1616	chrome.exe	chrome.exe
PID 1616 wrote to memory of 220	1616	chrome.exe	chrome.exe
PID 1616 wrote to memory of 220	1616	chrome.exe	chrome.exe
PID 1616 wrote to memory of 220	1616	chrome.exe	chrome.exe
PID 1616 wrote to memory of 220	1616	chrome.exe	chrome.exe
PID 1616 wrote to memory of 220	1616	chrome.exe	chrome.exe
PID 1616 wrote to memory of 220	1616	chrome.exe	chrome.exe
PID 1616 wrote to memory of 220	1616	chrome.exe	chrome.exe
PID 1616 wrote to memory of 220	1616	chrome.exe	chrome.exe
PID 1616 wrote to memory of 220	1616	chrome.exe	chrome.exe
PID 1616 wrote to memory of 220	1616	chrome.exe	chrome.exe
PID 1616 wrote to memory of 220	1616	chrome.exe	chrome.exe
PID 1616 wrote to memory of 220	1616	chrome.exe	chrome.exe
PID 1616 wrote to memory of 220	1616	chrome.exe	chrome.exe
PID 1616 wrote to memory of 232	1616	chrome.exe	chrome.exe
PID 1616 wrote to memory of 232	1616	chrome.exe	chrome.exe
PID 1616 wrote to memory of 3944	1616	chrome.exe	chrome.exe
PID 1616 wrote to memory of 3944	1616	chrome.exe	chrome.exe
PID 1616 wrote to memory of 3944	1616	chrome.exe	chrome.exe
PID 1616 wrote to memory of 3944	1616	chrome.exe	chrome.exe
PID 1616 wrote to memory of 3944	1616	chrome.exe	chrome.exe
PID 1616 wrote to memory of 3944	1616	chrome.exe	chrome.exe
PID 1616 wrote to memory of 3944	1616	chrome.exe	chrome.exe
PID 1616 wrote to memory of 3944	1616	chrome.exe	chrome.exe
PID 1616 wrote to memory of 3944	1616	chrome.exe	chrome.exe
PID 1616 wrote to memory of 3944	1616	chrome.exe	chrome.exe
PID 1616 wrote to memory of 3944	1616	chrome.exe	chrome.exe
PID 1616 wrote to memory of 3944	1616	chrome.exe	chrome.exe
PID 1616 wrote to memory of 3944	1616	chrome.exe	chrome.exe
PID 1616 wrote to memory of 3944	1616	chrome.exe	chrome.exe
PID 1616 wrote to memory of 3944	1616	chrome.exe	chrome.exe
PID 1616 wrote to memory of 3944	1616	chrome.exe	chrome.exe
PID 1616 wrote to memory of 3944	1616	chrome.exe	chrome.exe
PID 1616 wrote to memory of 3944	1616	chrome.exe	chrome.exe
PID 1616 wrote to memory of 3944	1616	chrome.exe	chrome.exe
PID 1616 wrote to memory of 3944	1616	chrome.exe	chrome.exe
PID 1616 wrote to memory of 3944	1616	chrome.exe	chrome.exe
PID 1616 wrote to memory of 3944	1616	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/FOXICZECK/Synapse-Free-X
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd50909758,0x7ffd50909768,0x7ffd50909778
  2⤵
  PID:3460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 --field-trial-handle=1916,i,12599265116413583427,13238865912003861165,131072 /prefetch:2
  2⤵
  PID:220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1956 --field-trial-handle=1916,i,12599265116413583427,13238865912003861165,131072 /prefetch:8
  2⤵
  PID:232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2244 --field-trial-handle=1916,i,12599265116413583427,13238865912003861165,131072 /prefetch:8
  2⤵
  PID:3944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3108 --field-trial-handle=1916,i,12599265116413583427,13238865912003861165,131072 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3136 --field-trial-handle=1916,i,12599265116413583427,13238865912003861165,131072 /prefetch:1
  2⤵
  PID:4124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 --field-trial-handle=1916,i,12599265116413583427,13238865912003861165,131072 /prefetch:8
  2⤵
  PID:2140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5052 --field-trial-handle=1916,i,12599265116413583427,13238865912003861165,131072 /prefetch:8
  2⤵
  PID:3772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5584 --field-trial-handle=1916,i,12599265116413583427,13238865912003861165,131072 /prefetch:8
  2⤵
  PID:2064

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:952

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2252

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\ExpLauncher\" -spe -an -ai#7zMap22319:82:7zEvent13908
1⤵
- Suspicious use of FindShellTrayWindow
PID:4568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4116 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:8
1⤵
PID:3324

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1516

C:\Users\Admin\Downloads\ExpLauncher\Launcher.exe
"C:\Users\Admin\Downloads\ExpLauncher\Launcher.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:2640
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  PID:3984

C:\Users\Admin\Downloads\ExpLauncher\Launcher.exe
"C:\Users\Admin\Downloads\ExpLauncher\Launcher.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:452
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  PID:4700
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  PID:1108

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
1KB

MD5
e0631878a354852833e2dfdde6c4680f

SHA1
d6a606bbfd0239309c66d4f551ec12d4e2fddc11

SHA256
d79e88f4091f9468f49eca4b38100fb0385d97fbd7caf952beb49a48215df3e3

SHA512
2faca0eb16a259c021baece5c8dd0c196b23fab849e2520deaf3226cbc11c20e5dcdc16868dce548bcdd6a8eae6baef48ba144eff8097cff524e0b7e5644207e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
bc1baf00b62c79acc6b19b21bbb15fad

SHA1
6741ff8267ebb09b5d464cc01c5f58630889038f

SHA256
1642011cc9422905f36eef76f113d3f957109c74fa9314d38f7c8c2b74448f6e

SHA512
2ce3b6835df00323f89ed7711f9035b469fb5a4955e155df8663582ce6f27842810821863c92ee8374ffbc8cac7d8a6cffcd50a1fd15f3f3223ea9596d9cfcb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b213ca96b436aa6d59b95f9421aa8715

SHA1
399644b057fb6b0cf5b78876f56184ce0a4731c8

SHA256
2c9ec90a64905228d8907c1b6ad1dfd895f28a5b99a1ce10908fea8c81c75cd3

SHA512
8c7a7e0508e495a945d15503e8af05288aea333628a7e2ed7b8cb2d771f2d4cadd5696ac806fe4671358a0d1e84b6790900d52a1dc50e6943fb748abd3521e30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3910930b7d3b4b651d7de816821a238d

SHA1
b47525b43d7f61a9be0a2b7fd8e30f46639250db

SHA256
edf59ff3d6f6a6fd4992e7eb3e62407bb4b5fcb3ae79ce9d234845108c2b4a6f

SHA512
4d20dc7a560412de12d07f54940dc47056b73f3ab993269bb37ef30f2c2998d19468e32701ff541252c6402e97930ca8dbf9ee9e7f4848fbe906fca8207055a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
71d5f9a7fdcabe1dda61193ff52f1949

SHA1
29a1565cfc615cbc9779feda4a13b51f5eda32a8

SHA256
4429aac852cadf5ba32d3897c78c632c9228774a0994481987e3a4fc2674cc13

SHA512
f3499f311a91b7f9c473e7b6bdcf43f9540b2c44092c3b9ea0a3e6bbb4ef5442226566998007cecb38748d7498ae819791c61cec2a32fbaf6ae752d60ddaf0ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
963f0cdfc1f9787cdd588a0a82535aea

SHA1
0a371a4dbfaa9a593d86ed831cb7235762419ab2

SHA256
f72a1d599a9775f769a78fd80fa80cd473985bc6396abad577537ab93713557b

SHA512
d03daa4e1262efb451af704040de4a2c287368a16f76ac2e94feea9cd50cdeba7e9bfebb6eb40063777a52bae24ec6db21f3431000dbfe31c708fad86d3448f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
14ba7468f14adf60405e2d1f5ed4fdaa

SHA1
cde20dd55adfae9d50ec83ab876d1e70370337f9

SHA256
a6fa24f762fb29b3fc7aedad396f3eb8bc195e5d3081a982830e2dacdc8cb946

SHA512
72926c72e695ecf67ac5856c60a5d1a5371cea2acf3b10d25a95d0310ae8f570d9c9690edf9bea3404b11c3cf983fd243f009fb9dea94fd86033706b84aca5c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
75d30eee2f99a8b4f2e5544e96fbe754

SHA1
3564707e5db16f66bd664fee855fb9d8466c2453

SHA256
b4b03edaef08f126810be889f06ef5b6fc44a7095a62900d95aeef25acff3451

SHA512
6f5539e9f29d970f05813b42e910808e1960c0133a7b35723903cae3899569357ab68449c8f6b5a92d63be758a420711595148d1e29eb5ac7ef4a88705abbad7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
e4dc43394657c4dcfbab9c36b3289d19

SHA1
541af12d8bbbd2c9091ac08031407f8f8029a7a0

SHA256
bbdc7923f665f27b0440f05153dcd09f2adaa0044249b279a7c249c808fba807

SHA512
cc81bee028597138e62b5ac02a456dec9163be2f648003243c5272ef9901d95b9eaedea9a847870b46551ef1168f39caf3fe61b97f2c0958d1dbcf64b5522494

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
110KB

MD5
0c16392637d101122642528df91c96b9

SHA1
82baa41cebd0a525c6af431a3fcf001db0071211

SHA256
cd6b6c5b5163fcd555f4cb776dce917f2321bb40f6bf677ac027624a713d8487

SHA512
281f89ad1cf585dad71714e1fff6752ace85368e83099c31777009d12641f04f7014725d7eb8d2fee8876d4b5ef9d2bbed66a05f3accdf2f6dbf7def25c540e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58b10b.TMP

Filesize
101KB

MD5
939bccc3746042202d2ca170a79121f0

SHA1
374172d6f37b199ffc03063665071089acb4e4cd

SHA256
bbca7c4ec5774a216f08c3ed8bd0a9b785366cbe4829698f2efd3a0d2ee8d340

SHA512
dc63153189533a8411e33cf5694e766e0a3af5742953f888f30cd95decbddb7e24c6e5189da2d5adfe3212c55a5bf41de46e35c682fd575f44c87d70a5d8d6ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\ExpLauncher.7z

Filesize
3.5MB

MD5
b8f3a8c03d25b0192ed38b6bea29066f

SHA1
f75d60ce471e17a4f695d729cb71cc10a55f75af

SHA256
2772633702980b7e930b3621526c94fc6951e91bf93697098f1539c5366711e8

SHA512
41fc4aee552edf95f637a55886c914a4b6e02e0f34733bc13d0aadafaa0f1184da2bc6040875892533909c0fd507d8ab79ef8ac68eb1e5b9b1a717fc77aed0cd

Download Submit
C:\Users\Admin\Downloads\ExpLauncher\Launcher.exe

Filesize
507KB

MD5
df1bf2702959ac8ccb6c02baa0ccad6f

SHA1
26c45e7cbd9a6d517a4edf6abb3efdb3a0199905

SHA256
15f1881adb5f4f71fe77e478ff9f7c06e20c3b3d76152f9e7adac192a7cdea86

SHA512
825bc9b3b2593ea9cc39ca22943a24f422f9e26197abcb0fc1fffc5fbd0358083db261e28a16683dede67510287aaa37ec454bf5d4f5cda5986d09105e23f011

Download Submit
\??\pipe\crashpad_1616_OXYUDTBMRAMOVXML

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/452-253-0x0000000000690000-0x0000000000713000-memory.dmp

Filesize
524KB

Download
memory/2640-248-0x0000000000690000-0x0000000000713000-memory.dmp

Filesize
524KB

Download
memory/3984-247-0x0000000000400000-0x000000000044D000-memory.dmp

Filesize
308KB

Download
memory/3984-249-0x0000000000400000-0x000000000044D000-memory.dmp

Filesize
308KB

Download