lumma | hxxps://drive[.]google[.]com/file/d/1fwJdsnnK8CE52uB6ttf5BOyA6_zlBL57/view?usp=drive_link

Analysis

max time kernel
140s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240729-en
resource tags

arch:x64arch:x86image:win10v2004-20240729-enlocale:en-usos:windows10-2004-x64system
submitted
30-07-2024 15:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1fwJdsnnK8CE52uB6ttf5BOyA6_zlBL57/view?usp=drive_link

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

https://flyyedreplacodp.shop/api

https://horizonvxjis.shop/api

https://effectivedoxzj.shop/api

https://parntorpkxzlp.shop/api

https://stimultaionsppzv.shop/api

https://grassytaisol.shop/api

https://broccoltisop.shop/api

https://shellfyyousdjz.shop/api

https://bravedreacisopm.shop/api

Extracted

Family

lumma

https://flyyedreplacodp.shop/api

https://horizonvxjis.shop/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma

Executes dropped EXE 1 IoCs

pid	Process
4844	main.exe

Loads dropped DLL 1 IoCs

pid	Process
4844	main.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
6	drive.google.com
9	drive.google.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 1 IoCs

pid	pid_target	Process	procid_target
536	4844	WerFault.exe	102

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	main.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133668258133408562"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-735441492-2964205366-2526932795-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4648	chrome.exe
4648	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4692	7zG.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4648 wrote to memory of 3896	4648	chrome.exe	83
PID 4648 wrote to memory of 3896	4648	chrome.exe	83
PID 4648 wrote to memory of 5048	4648	chrome.exe	85
PID 4648 wrote to memory of 5048	4648	chrome.exe	85
PID 4648 wrote to memory of 5048	4648	chrome.exe	85
PID 4648 wrote to memory of 5048	4648	chrome.exe	85
PID 4648 wrote to memory of 5048	4648	chrome.exe	85
PID 4648 wrote to memory of 5048	4648	chrome.exe	85
PID 4648 wrote to memory of 5048	4648	chrome.exe	85
PID 4648 wrote to memory of 5048	4648	chrome.exe	85
PID 4648 wrote to memory of 5048	4648	chrome.exe	85
PID 4648 wrote to memory of 5048	4648	chrome.exe	85
PID 4648 wrote to memory of 5048	4648	chrome.exe	85
PID 4648 wrote to memory of 5048	4648	chrome.exe	85
PID 4648 wrote to memory of 5048	4648	chrome.exe	85
PID 4648 wrote to memory of 5048	4648	chrome.exe	85
PID 4648 wrote to memory of 5048	4648	chrome.exe	85
PID 4648 wrote to memory of 5048	4648	chrome.exe	85
PID 4648 wrote to memory of 5048	4648	chrome.exe	85
PID 4648 wrote to memory of 5048	4648	chrome.exe	85
PID 4648 wrote to memory of 5048	4648	chrome.exe	85
PID 4648 wrote to memory of 5048	4648	chrome.exe	85
PID 4648 wrote to memory of 5048	4648	chrome.exe	85
PID 4648 wrote to memory of 5048	4648	chrome.exe	85
PID 4648 wrote to memory of 5048	4648	chrome.exe	85
PID 4648 wrote to memory of 5048	4648	chrome.exe	85
PID 4648 wrote to memory of 5048	4648	chrome.exe	85
PID 4648 wrote to memory of 5048	4648	chrome.exe	85
PID 4648 wrote to memory of 5048	4648	chrome.exe	85
PID 4648 wrote to memory of 5048	4648	chrome.exe	85
PID 4648 wrote to memory of 5048	4648	chrome.exe	85
PID 4648 wrote to memory of 5048	4648	chrome.exe	85
PID 4648 wrote to memory of 4400	4648	chrome.exe	86
PID 4648 wrote to memory of 4400	4648	chrome.exe	86
PID 4648 wrote to memory of 5112	4648	chrome.exe	87
PID 4648 wrote to memory of 5112	4648	chrome.exe	87
PID 4648 wrote to memory of 5112	4648	chrome.exe	87
PID 4648 wrote to memory of 5112	4648	chrome.exe	87
PID 4648 wrote to memory of 5112	4648	chrome.exe	87
PID 4648 wrote to memory of 5112	4648	chrome.exe	87
PID 4648 wrote to memory of 5112	4648	chrome.exe	87
PID 4648 wrote to memory of 5112	4648	chrome.exe	87
PID 4648 wrote to memory of 5112	4648	chrome.exe	87
PID 4648 wrote to memory of 5112	4648	chrome.exe	87
PID 4648 wrote to memory of 5112	4648	chrome.exe	87
PID 4648 wrote to memory of 5112	4648	chrome.exe	87
PID 4648 wrote to memory of 5112	4648	chrome.exe	87
PID 4648 wrote to memory of 5112	4648	chrome.exe	87
PID 4648 wrote to memory of 5112	4648	chrome.exe	87
PID 4648 wrote to memory of 5112	4648	chrome.exe	87
PID 4648 wrote to memory of 5112	4648	chrome.exe	87
PID 4648 wrote to memory of 5112	4648	chrome.exe	87
PID 4648 wrote to memory of 5112	4648	chrome.exe	87
PID 4648 wrote to memory of 5112	4648	chrome.exe	87
PID 4648 wrote to memory of 5112	4648	chrome.exe	87
PID 4648 wrote to memory of 5112	4648	chrome.exe	87
PID 4648 wrote to memory of 5112	4648	chrome.exe	87
PID 4648 wrote to memory of 5112	4648	chrome.exe	87
PID 4648 wrote to memory of 5112	4648	chrome.exe	87
PID 4648 wrote to memory of 5112	4648	chrome.exe	87
PID 4648 wrote to memory of 5112	4648	chrome.exe	87
PID 4648 wrote to memory of 5112	4648	chrome.exe	87
PID 4648 wrote to memory of 5112	4648	chrome.exe	87
PID 4648 wrote to memory of 5112	4648	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/file/d/1fwJdsnnK8CE52uB6ttf5BOyA6_zlBL57/view?usp=drive_link
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe3cc7cc40,0x7ffe3cc7cc4c,0x7ffe3cc7cc58
  2⤵
  PID:3896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2060,i,11600077767162655956,8042478745889952415,262144 --variations-seed-version=20240729-050126.230000 --mojo-platform-channel-handle=2052 /prefetch:2
  2⤵
  PID:5048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1908,i,11600077767162655956,8042478745889952415,262144 --variations-seed-version=20240729-050126.230000 --mojo-platform-channel-handle=2144 /prefetch:3
  2⤵
  PID:4400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2248,i,11600077767162655956,8042478745889952415,262144 --variations-seed-version=20240729-050126.230000 --mojo-platform-channel-handle=2532 /prefetch:8
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,11600077767162655956,8042478745889952415,262144 --variations-seed-version=20240729-050126.230000 --mojo-platform-channel-handle=3132 /prefetch:1
  2⤵
  PID:3560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3120,i,11600077767162655956,8042478745889952415,262144 --variations-seed-version=20240729-050126.230000 --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:3980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3612,i,11600077767162655956,8042478745889952415,262144 --variations-seed-version=20240729-050126.230000 --mojo-platform-channel-handle=4484 /prefetch:1
  2⤵
  PID:1948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4652,i,11600077767162655956,8042478745889952415,262144 --variations-seed-version=20240729-050126.230000 --mojo-platform-channel-handle=4788 /prefetch:8
  2⤵
  PID:764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5108,i,11600077767162655956,8042478745889952415,262144 --variations-seed-version=20240729-050126.230000 --mojo-platform-channel-handle=5076 /prefetch:8
  2⤵
  PID:4592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4924,i,11600077767162655956,8042478745889952415,262144 --variations-seed-version=20240729-050126.230000 --mojo-platform-channel-handle=4928 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:1092

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:4828

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4492

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1772

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap12368:76:7zEvent25444
1⤵
- Suspicious use of FindShellTrayWindow
PID:4692

C:\Users\Admin\Downloads\main.exe
"C:\Users\Admin\Downloads\main.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:4844
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4844 -s 844
  2⤵
  - Program crash
  PID:536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 4844 -ip 4844
1⤵
PID:3356

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
5349cee9fe95c64379a310c8f20a79db

SHA1
58f58fe078c1f0a5fa672e2b779ce7af0edf9d5f

SHA256
328564dabc968efb62931ddeba32cfe7f5dabcb5a28f0ab61e0a03770e1e7537

SHA512
14e2b3e7b183dca07753c005ddfd90da6a03a2add3d9336e366a28a695f5a2110469f39d0984243bcaba6e18a2122167d75ed8cd6165aff4ec1729502bf81fc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
e846b9a14fd780746a3afb9338510426

SHA1
98033d685ecbf79676d9954ab7a810f71a15c517

SHA256
fca950132e3862bcc0b4b48076979ad31398450c1e7bb3c1e1194927b47e2895

SHA512
a9ffd7a6d6a849bec87c4ea8872ef7a580ee51c2290fbc7cb380b0e428d2b6a7079c35d65823197afb26bb4d2c9102a0ab21fa65199778db7d0dd23c413e4b9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
4f358149349d83d92d76d065363aa3f1

SHA1
47495b2d70e8ddd02f8c90c03728d4e70957a935

SHA256
1c23eceb53d34e601914ca1c2889badb5bb852c74810d4859ca0b634413a2840

SHA512
fa75f07ded9a3b313339c33993e287820c9e8fb276f769b1d4e339d4da55d81f1dd2cda5f2d2c76a2929bace86e1459f757c2ab23b4683008558cd8fcdf6fb43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1024B

MD5
dde5569520ee9b9093712a023a3c787b

SHA1
1061e68c405d308798e83e8b10efedc0c70dfb32

SHA256
5135620e0913cf2fdb07c266839d55f90307bc1ee606f81fe11d01e14f19f44d

SHA512
59a5fc36030b815f3c80304e10dbee5aafa4bde1d520cd68cd39f2519c220ca4c16db15252d58138f412ceb755210d29be72333de1a0cbb06b7ebf315b068f82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
dea606c499d387a7b071cbda6c0b263d

SHA1
f47f6099ef2dbe8f9a363f0e5229ff915269d0fb

SHA256
4318dcfd979d6c4410c97917d225da23433d6252e59ff31c6957af2824c833ce

SHA512
01a0d0961629aa275a7a40ea351b8a96cf2f314eeeadeedf4436dc6d72588195461ddc574a633574f46e5b2afc85d9d25abaeec1cae357253fa6fce16f2152fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
6976bd05419ce3b58d74f0e535f0d46d

SHA1
b3925a10e768866fba8e2250c3b6007d63b39177

SHA256
c0fd6debca6d5f4ec1e84beca1c43768d2574c9daab2d042c4fafa2ca114374d

SHA512
1eb3c5f7edfae3a42518635b3d12db0a3e1e04d01f8d614aa7b51e2dae5c663f57660a40c83b263c8488417ac4fc49a3e2ffbacbdd523369143ce52fa62a463e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9f727ed3b7c38c89d6cb53a428848c95

SHA1
f0f7305e2c2be695185a9cf43330648faebeaffd

SHA256
7a2fef7bfed0d6656f4b43f32d2bd055244439eb4b4794b3fbfacc1c39bed14c

SHA512
e9b0e912fe27142f3990a058f8acbdf74bf26dfa8b8d8abf0536e9ca56b93737ab74e74e8f5bda5e846539e3190e648b5c2d0c30558cb08b53521bee69510b44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0779bc83e39abb27ef5fbe4c4c776d8f

SHA1
c83c50fc37df161f41ba4eb948b1da53efea6545

SHA256
6b39d69b8b1d2e76c81a4444f874a84adb1430886c9c8225352684f6292b2dbd

SHA512
81317a7c7c4e48eac1e55c6acc7dcf99c309e7447e006eb64a7d1b77f11140d2e96890949c04e6282108a304732384406feca0119fd3f4bdebcd2fee5d493482

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f546075459bb0d5e0c094563f5e6b8f8

SHA1
4c2a6b18a277ad1331a06bc79fd293c84b49e9ca

SHA256
0655158543bf4e79405d6dde206bbef388b9de2ce43fa799d9855aaed690ceae

SHA512
bfb21962ab35c9750e1225d52233fb240a66a4ca5e5389750b14c0f11380a2f721897407ba9d812fd724c23d92bd7651f8edb9874ddc61068ec8a1398ed67916

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6487e941add6e3d51a78937bb51c2514

SHA1
f9ac89e2a4722f84843fed19555d7f8014714344

SHA256
3d1724f033c2904b71f4f82951681bb77270b09bbd365e55ccd5868082f6b558

SHA512
41e0d5f6542343bde49331b52012d84d51e9de07ef1c9de1c699418ca4ae98e168ad116185e89cbe811f3eb74cefc6cce5550fb13816e56b89f78f4e18ef3cdb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d14168d38a33b80a2a2cd752a6a17b20

SHA1
d6d9bf67ac12ff8ca1271794fa098682fb2f84c1

SHA256
e9e1b272966206225eb58e26c8aae27899b8969510b9cea5cbe9211ae422588d

SHA512
8eb3d46acaf7572de2a103f97c6888675cbce48f76051fbeb0f31be65b5c691e474199298dcf876c8b4bc32c581147d992af5cfeb49926bcf18d48d882ccdaec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
100KB

MD5
ae74c2afb33980694667a18ca717ba47

SHA1
1b2e7ab71b05fca7c19e09455824dbde9e39f940

SHA256
4e0ad32a50f720e5ecddd5a0ae94b8008947c8fbf77ba06858671753a606f7e3

SHA512
f4a77908be8e3f3252e6f65afe84645482a6c1009e0e494ed2332b592d7ae8b0ea618040dd70a57ab3b59f97d50848bc4e900da8772c54a852f7d16628dd7859

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
100KB

MD5
dc4809b797cf27d34bc67ec7767fd380

SHA1
fd6b051c82111cd0cce70050c04713c0f2b6b073

SHA256
be5ba0fb0495beee79ed98c846c5608210837b87bf0e90132d4c6ab6a528a550

SHA512
a73b368f76a3d2c5302634466b53742d454a9166552a3d7fc57f98d934558149219c5dc5375677909da6cc41c37aff02ce1b7b01bc80bfeab1eaa8c2e35bdfaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
100KB

MD5
d2c3ee6c65f86f0ebc515d04073cf20b

SHA1
47b32b421e1143c5e9326caa18e106323222ca2d

SHA256
f21429ed4d59c9a27fa3516f6ab58e6b76bfe170ffec5ab2f21566e77bd84443

SHA512
384f4793d44909aa49a8501ef224473d43d53674e236c694e478209ab945e00bf960b155fced2253ab794023b7c27793b07a77107b0701aad8803f694c71b68c

Download Submit
C:\Users\Admin\Downloads\install.rar.crdownload

Filesize
448KB

MD5
4564a9a35d9e7e7883faa2ed3361e0e4

SHA1
79a611b96bc0cdab0bea30423814b4ad7245800c

SHA256
06ce088beb65731be6268934f89d44a00d386e517ad88f8e28a8968c0a43b7e0

SHA512
efcec8c64edc5e23a7d24610c4a7e7facd3c682eb42875bc0b19e95ffc3479749d044a78f274cbdabd4252a07ef3da567aabe995abf2f5790da139203075fa51

Download Submit
memory/4844-150-0x0000000075860000-0x00000000759C4000-memory.dmp

Filesize
1.4MB

Download
memory/4844-149-0x0000000000C00000-0x0000000000C0D000-memory.dmp

Filesize
52KB

Download
memory/4844-156-0x0000000000D40000-0x0000000000D95000-memory.dmp

Filesize
340KB

Download
memory/4844-157-0x0000000000D40000-0x0000000000D95000-memory.dmp

Filesize
340KB

Download
memory/4844-159-0x0000000075860000-0x00000000759C4000-memory.dmp

Filesize
1.4MB

Download