lumma | 74464112df33bed8840ec9006a3362d8b2065a24bcc03d6a602988e2babc10ed

Analysis

max time kernel
269s
max time network
270s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21-11-2024 07:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

LummaC2 PDFGTR 30.09.2023 03_35_44.zip
Size

269KB
MD5

59cb6190cdf3d4a5bd3237b2593f670c
SHA1

0be7918891ad8c911b4cdbbc0cf2ffe5375c0460
SHA256

74464112df33bed8840ec9006a3362d8b2065a24bcc03d6a602988e2babc10ed
SHA512

20643cfb6999db20a5e7981c3b4f4809e1cad099cfbd2990c4afa52049450b1627c9cabe84ae5fccef622120f88e87e1541d537e03bde6bf9d20fc4ec12f0d62
SSDEEP

6144:+YN2GVwVAT2tn70RKcxA+Ixx2zmtsqBD7zlnazZZK:+YN2GVQtyq3Jsq1nlnaznK

Score

10^/10

lumma discovery stealer

Malware Config

Signatures

Detect Lumma Stealer payload V4 1 IoCs

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\LummaC2.exe	family_lumma_v4

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma
Executes dropped EXE 1 IoCs

Processes:

LummaC2.exe

pid process

1412 LummaC2.exe
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

LummaC2.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language LummaC2.exe

pid	process
1412	LummaC2.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	LummaC2.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133766484487418812"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

2316 chrome.exe
2316 chrome.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

7zFM.exe

pid process

1940 7zFM.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

Processes:

chrome.exe

pid process

2316 chrome.exe
2316 chrome.exe
2316 chrome.exe
2316 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

7zFM.exechrome.exe

description	pid	process
Token: SeRestorePrivilege	1940	7zFM.exe
Token: 35	1940	7zFM.exe
Token: SeSecurityPrivilege	1940	7zFM.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe

Suspicious use of FindShellTrayWindow 29 IoCs

Processes:

7zFM.exechrome.exe

pid	process
1940	7zFM.exe
1940	7zFM.exe
1940	7zFM.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2316 wrote to memory of 3532	2316	chrome.exe	chrome.exe
PID 2316 wrote to memory of 3532	2316	chrome.exe	chrome.exe
PID 2316 wrote to memory of 2000	2316	chrome.exe	chrome.exe
PID 2316 wrote to memory of 2000	2316	chrome.exe	chrome.exe
PID 2316 wrote to memory of 2000	2316	chrome.exe	chrome.exe
PID 2316 wrote to memory of 2000	2316	chrome.exe	chrome.exe
PID 2316 wrote to memory of 2000	2316	chrome.exe	chrome.exe
PID 2316 wrote to memory of 2000	2316	chrome.exe	chrome.exe
PID 2316 wrote to memory of 2000	2316	chrome.exe	chrome.exe
PID 2316 wrote to memory of 2000	2316	chrome.exe	chrome.exe
PID 2316 wrote to memory of 2000	2316	chrome.exe	chrome.exe
PID 2316 wrote to memory of 2000	2316	chrome.exe	chrome.exe
PID 2316 wrote to memory of 2000	2316	chrome.exe	chrome.exe
PID 2316 wrote to memory of 2000	2316	chrome.exe	chrome.exe
PID 2316 wrote to memory of 2000	2316	chrome.exe	chrome.exe
PID 2316 wrote to memory of 2000	2316	chrome.exe	chrome.exe
PID 2316 wrote to memory of 2000	2316	chrome.exe	chrome.exe
PID 2316 wrote to memory of 2000	2316	chrome.exe	chrome.exe
PID 2316 wrote to memory of 2000	2316	chrome.exe	chrome.exe
PID 2316 wrote to memory of 2000	2316	chrome.exe	chrome.exe
PID 2316 wrote to memory of 2000	2316	chrome.exe	chrome.exe
PID 2316 wrote to memory of 2000	2316	chrome.exe	chrome.exe
PID 2316 wrote to memory of 2000	2316	chrome.exe	chrome.exe
PID 2316 wrote to memory of 2000	2316	chrome.exe	chrome.exe
PID 2316 wrote to memory of 2000	2316	chrome.exe	chrome.exe
PID 2316 wrote to memory of 2000	2316	chrome.exe	chrome.exe
PID 2316 wrote to memory of 2000	2316	chrome.exe	chrome.exe
PID 2316 wrote to memory of 2000	2316	chrome.exe	chrome.exe
PID 2316 wrote to memory of 2000	2316	chrome.exe	chrome.exe
PID 2316 wrote to memory of 2000	2316	chrome.exe	chrome.exe
PID 2316 wrote to memory of 2000	2316	chrome.exe	chrome.exe
PID 2316 wrote to memory of 2000	2316	chrome.exe	chrome.exe
PID 2316 wrote to memory of 3624	2316	chrome.exe	chrome.exe
PID 2316 wrote to memory of 3624	2316	chrome.exe	chrome.exe
PID 2316 wrote to memory of 2536	2316	chrome.exe	chrome.exe
PID 2316 wrote to memory of 2536	2316	chrome.exe	chrome.exe
PID 2316 wrote to memory of 2536	2316	chrome.exe	chrome.exe
PID 2316 wrote to memory of 2536	2316	chrome.exe	chrome.exe
PID 2316 wrote to memory of 2536	2316	chrome.exe	chrome.exe
PID 2316 wrote to memory of 2536	2316	chrome.exe	chrome.exe
PID 2316 wrote to memory of 2536	2316	chrome.exe	chrome.exe
PID 2316 wrote to memory of 2536	2316	chrome.exe	chrome.exe
PID 2316 wrote to memory of 2536	2316	chrome.exe	chrome.exe
PID 2316 wrote to memory of 2536	2316	chrome.exe	chrome.exe
PID 2316 wrote to memory of 2536	2316	chrome.exe	chrome.exe
PID 2316 wrote to memory of 2536	2316	chrome.exe	chrome.exe
PID 2316 wrote to memory of 2536	2316	chrome.exe	chrome.exe
PID 2316 wrote to memory of 2536	2316	chrome.exe	chrome.exe
PID 2316 wrote to memory of 2536	2316	chrome.exe	chrome.exe
PID 2316 wrote to memory of 2536	2316	chrome.exe	chrome.exe
PID 2316 wrote to memory of 2536	2316	chrome.exe	chrome.exe
PID 2316 wrote to memory of 2536	2316	chrome.exe	chrome.exe
PID 2316 wrote to memory of 2536	2316	chrome.exe	chrome.exe
PID 2316 wrote to memory of 2536	2316	chrome.exe	chrome.exe
PID 2316 wrote to memory of 2536	2316	chrome.exe	chrome.exe
PID 2316 wrote to memory of 2536	2316	chrome.exe	chrome.exe
PID 2316 wrote to memory of 2536	2316	chrome.exe	chrome.exe
PID 2316 wrote to memory of 2536	2316	chrome.exe	chrome.exe
PID 2316 wrote to memory of 2536	2316	chrome.exe	chrome.exe
PID 2316 wrote to memory of 2536	2316	chrome.exe	chrome.exe
PID 2316 wrote to memory of 2536	2316	chrome.exe	chrome.exe
PID 2316 wrote to memory of 2536	2316	chrome.exe	chrome.exe
PID 2316 wrote to memory of 2536	2316	chrome.exe	chrome.exe
PID 2316 wrote to memory of 2536	2316	chrome.exe	chrome.exe

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\LummaC2 PDFGTR 30.09.2023 03_35_44.zip"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1940

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1296

C:\Users\Admin\AppData\Local\Temp\LummaC2.exe
"C:\Users\Admin\AppData\Local\Temp\LummaC2.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1412

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa2106cc40,0x7ffa2106cc4c,0x7ffa2106cc58
  2⤵
  PID:3532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1700,i,9885895928947882207,3343387558889727946,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1780 /prefetch:2
  2⤵
  PID:2000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2064,i,9885895928947882207,3343387558889727946,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1756 /prefetch:3
  2⤵
  PID:3624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2128,i,9885895928947882207,3343387558889727946,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2408 /prefetch:8
  2⤵
  PID:2536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3152,i,9885895928947882207,3343387558889727946,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3252,i,9885895928947882207,3343387558889727946,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3144,i,9885895928947882207,3343387558889727946,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3720 /prefetch:1
  2⤵
  PID:3060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4848,i,9885895928947882207,3343387558889727946,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4860 /prefetch:8
  2⤵
  PID:3604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4988,i,9885895928947882207,3343387558889727946,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4872 /prefetch:8
  2⤵
  PID:2072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4772,i,9885895928947882207,3343387558889727946,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:1296

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2596

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2504

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
0a32f4a5bc29fd573308966dff62010e

SHA1
07471a51fb482a356e6c55cf9a613c195dc9c6c8

SHA256
08b7bdd16560124608532400eb5d0b26d7d8d8eb7a3caefa756202f126cd954d

SHA512
6fbe199a72caa092f0a6bf805642ebd90a3c80d9eb72044a677934752cdd6019267ee7bdcdba09cd9e43c05d25271b02fcf17b24b82e01bc86860f5a09227358

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
e579aca9a74ae76669750d8879e16bf3

SHA1
0b8f462b46ec2b2dbaa728bea79d611411bae752

SHA256
6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf

SHA512
df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
f9c131ebe99465797f6103187822da73

SHA1
fe55f088c90f0755c80cf75e2398fa682c324a06

SHA256
2cd1874edb626e33822dcb86669185dcc2f9760b885ed278a790746b23e5222a

SHA512
f5ad5c4654089e6828999a45d881af6ebd0f26678bef604faf86ca612611da3e5ebd485ba96c86ba74a4ca5af5c430c999285d184d5007f41847dce18f45eaf7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
7c3a1751871db7098659513da792692b

SHA1
71ad4e782d4d88362c2d48f39de9c30c076c11c5

SHA256
00545b154638a45238efb4bc11bcc3629564cf4ff95e4453c22653d6ab0b3571

SHA512
ef92d3d9329dc5fa35a91e789581510ae24618a041f2f4297421c580eaa54725597ee12d114574f74ea7fe7a0f329d87797c42398ec0c93cea4e44a20ebf7dac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
a76ee5b81ca31c1061ae324adddad0e0

SHA1
48b02100ab0c28c409252d87988f9f6b72a16cf6

SHA256
374f81a2333a092d48ac03924f41768c4a2f3a20b52139760278621d1d953927

SHA512
03517219b23bb92ef2246b5bec98ea84b6fc76dc5239a277f7b200fcf91685a013ee8ace409432cf3c233bb264b8244d6e5963748be8c7c399c40ad4e8a19a57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
3e676ac047b6d44579dea27dde92062c

SHA1
674d4ebb545d5a166ea1008bcba9d2617d01b69d

SHA256
466a8c1e0c340e71ae8244d099d64c596ce6118e4aaa95ebc9b8697f5cbe92ab

SHA512
6e77041a8aae2470fe575ba79f5fcabcb3722475658c7e2b7998078835b03c2baa4fe97d1af767ab6e9e6698f7090a4641f6a66ed285bc51e757c4253a4f0b45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
6b8971fc2e8108abaed7461deb5f5b1c

SHA1
0cb4108a914ddd16a519ed82a4add2d5e5926320

SHA256
c6210596ae1c5aad0fb28ba6bc53776c6b029c010e6d6f8d2220c13a24a0fc08

SHA512
535fb2993aa914e823f1ff436856052332d55e8e3cddbbd89c7c120585848d6481de5135be39a01fb15734b972c465a2fef0439815ca56320d3c0439098ba15c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fbbc5fb2523924431323410376f26d8f

SHA1
8f13d090ea95137c93ce1918d2dcc2f91035ddfb

SHA256
9252351d60b1045cea563bfd6d4a4ec11ba27ab05c6d21e53c3c09938ddeed38

SHA512
1b73458dd67855cec107a64012a31344bfb672b23dafad246d485221e6d23bb5c85929119b872efe6767f5b444b7d39b14ee8fe25dd94de399b1ee86def3430f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
246fc9dd81fafb78053a0abba98cbb85

SHA1
4bb2c7893069e3be6c9eca565b884e29844f9ee8

SHA256
a12d6e66fb5856144fb0ed92b89133c6939d74ce8272e046b0703571220c32a8

SHA512
106b5809134ddfa600717fcb4732b1d2a171e9c643264e0b8913477d744bf86ccf99162ac94b64afe43fea557873257cf066474db849b5a3dd23366ec79a6c00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cdcca013a2bc3a3c3453f08a0ebc9ca5

SHA1
de39fca645896c358b68681ce6a50c5b2909c5cb

SHA256
81eb0665e238884b215225ef8aa8d21cac60643242ee63c5ffef5f3d91a75bcc

SHA512
5b7a4b8680010b99c484c9c169fd7b6038978d31015061dce6b4e8c9523a164a7895d0230446f3fc3be875fe4884a6e5f602e0ee9f5f489cfc39cd1b0526072e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c9494f5c605f2c1bfea70f5edc09de39

SHA1
56c61b48c008ae44a8e32a3b715370eee2dbd35c

SHA256
ef2da04604a3e1958d056de7b10efd09337a081abc6b0f44680fdb5aacc7c4ce

SHA512
a986385cd274910f4327d2bc8bd7395d155f219beb8f6ee84bdebcb190fc5d3726f9cc7dfa68964780e11bdac926dff74742b307a8d9e57c707c5c869dcbf0e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
00eb5bc636b4dcc321bbc2616f8a15e9

SHA1
7e10be43a439070e4f3a854a25be774b44756b7b

SHA256
475f074820f68c732b42da67b9b65909f8326104ccf6398a3765ed81875282b5

SHA512
679631ca913fd8acbf92cc4105d9b7df59e4100079012ad29e285b329cf820ac6e73829d8ad8cc2183f6f4c6f9703570145e0fbd750f5ebc926671d894b13c69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
a6b681826ddf5b21efde52ce2f8fa203

SHA1
1ae330058a6a80d18194ac64f3a9454fe5d33868

SHA256
3a90c7b6d54ff34c488fd54de200a68d7ef58608f0a6e5f36ce62cd64b6a5d1e

SHA512
2c9012ac4b2a14d55eb0bf9d2e8227a62c81499cba83570b9457a8487ab147ef09eba6eaf578120ca367f852ac9ef6a1dd8bf40f5113afbbc247e21046fce9f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\a92cf656-1305-492d-a045-06557b63d1d4.tmp

Filesize
9KB

MD5
7e1adab1ba0c58120e88b31872da8b0e

SHA1
3eb7e3c6c47cc1d68afabda332978057404b6ecf

SHA256
80a59d466766f86aab55e2b635d0d78ad2cf00941a38b002abbc774dd84bf922

SHA512
8987780f7aec767a478bd79d1e0af2fda585ff4fa37d2a19bc057add2047a871d610c0d049bceba17b99699fd99709094871398b5a103e07f5d6e2202715e963

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
be69ae23296f8cc15473fef6713cd6e0

SHA1
044d9dcede2fe838b09e10cbed80bbda5cd18ede

SHA256
adf6453151e038ea577e018687d2170d232d7cf634c2280b09a06f254b08ba07

SHA512
e7a96c361d171b0113e78bfc5f5ed6d3e682337587f2f3e64edcd3db760dc0352991cfdecc6afead2a8c1b0c709d16a2b89c52d9af81b36c741624e8d50eda2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
34dd0cc8320dfcb324c50cab53a80a45

SHA1
833440f989b63e8b4c2cf7d75ea329d12ea1a662

SHA256
2a0e96c05208b362bda12c3a4bea13051e13789991acb9cf94b6afea201846ab

SHA512
92fe8bf68a2879bc8fe5bc57848bbfff521703a51df44565c52305ee688a7b70f1321f927bacc016ff3470b4f6a918c2d09fa60b04ff255b9eb9dcba3153e674

Download Submit
C:\Users\Admin\AppData\Local\Temp\LummaC2.exe

Filesize
464KB

MD5
c31a6c985125a3aaab3c47bc5dd4017b

SHA1
e5de8e428613592d8fca3bffdc0a034e2888504e

SHA256
6a9f26cbde375242e55e273a2643c74215baca8951726fc20e47b3e5df887f6b

SHA512
007966c6b361eafee15fd7c454545da0098d3dfe1202dedaf95d4783dfa91ec71f87fa67c0fa684292ded75c8a05cfa0a0908570921a14ab24d88c9ffc4d343f

Download Submit
\??\pipe\crashpad_2316_GYOCZZYAUHIDHXIS

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit