lumma | hxxps://preachlock12[.]cyou/api

Analysis

max time kernel
149s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
25-11-2024 21:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://preachlock12.cyou/api

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

https://preachlock12.cyou/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133770436134511548"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid	Process
1240	chrome.exe
1240	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

Processes:

chrome.exe

pid	Process
1240	chrome.exe
1240	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	Process
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	Process
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	Process
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	Process	procid_target
PID 1240 wrote to memory of 2276	1240	chrome.exe	82
PID 1240 wrote to memory of 2276	1240	chrome.exe	82
PID 1240 wrote to memory of 544	1240	chrome.exe	83
PID 1240 wrote to memory of 544	1240	chrome.exe	83
PID 1240 wrote to memory of 544	1240	chrome.exe	83
PID 1240 wrote to memory of 544	1240	chrome.exe	83
PID 1240 wrote to memory of 544	1240	chrome.exe	83
PID 1240 wrote to memory of 544	1240	chrome.exe	83
PID 1240 wrote to memory of 544	1240	chrome.exe	83
PID 1240 wrote to memory of 544	1240	chrome.exe	83
PID 1240 wrote to memory of 544	1240	chrome.exe	83
PID 1240 wrote to memory of 544	1240	chrome.exe	83
PID 1240 wrote to memory of 544	1240	chrome.exe	83
PID 1240 wrote to memory of 544	1240	chrome.exe	83
PID 1240 wrote to memory of 544	1240	chrome.exe	83
PID 1240 wrote to memory of 544	1240	chrome.exe	83
PID 1240 wrote to memory of 544	1240	chrome.exe	83
PID 1240 wrote to memory of 544	1240	chrome.exe	83
PID 1240 wrote to memory of 544	1240	chrome.exe	83
PID 1240 wrote to memory of 544	1240	chrome.exe	83
PID 1240 wrote to memory of 544	1240	chrome.exe	83
PID 1240 wrote to memory of 544	1240	chrome.exe	83
PID 1240 wrote to memory of 544	1240	chrome.exe	83
PID 1240 wrote to memory of 544	1240	chrome.exe	83
PID 1240 wrote to memory of 544	1240	chrome.exe	83
PID 1240 wrote to memory of 544	1240	chrome.exe	83
PID 1240 wrote to memory of 544	1240	chrome.exe	83
PID 1240 wrote to memory of 544	1240	chrome.exe	83
PID 1240 wrote to memory of 544	1240	chrome.exe	83
PID 1240 wrote to memory of 544	1240	chrome.exe	83
PID 1240 wrote to memory of 544	1240	chrome.exe	83
PID 1240 wrote to memory of 544	1240	chrome.exe	83
PID 1240 wrote to memory of 4936	1240	chrome.exe	84
PID 1240 wrote to memory of 4936	1240	chrome.exe	84
PID 1240 wrote to memory of 424	1240	chrome.exe	85
PID 1240 wrote to memory of 424	1240	chrome.exe	85
PID 1240 wrote to memory of 424	1240	chrome.exe	85
PID 1240 wrote to memory of 424	1240	chrome.exe	85
PID 1240 wrote to memory of 424	1240	chrome.exe	85
PID 1240 wrote to memory of 424	1240	chrome.exe	85
PID 1240 wrote to memory of 424	1240	chrome.exe	85
PID 1240 wrote to memory of 424	1240	chrome.exe	85
PID 1240 wrote to memory of 424	1240	chrome.exe	85
PID 1240 wrote to memory of 424	1240	chrome.exe	85
PID 1240 wrote to memory of 424	1240	chrome.exe	85
PID 1240 wrote to memory of 424	1240	chrome.exe	85
PID 1240 wrote to memory of 424	1240	chrome.exe	85
PID 1240 wrote to memory of 424	1240	chrome.exe	85
PID 1240 wrote to memory of 424	1240	chrome.exe	85
PID 1240 wrote to memory of 424	1240	chrome.exe	85
PID 1240 wrote to memory of 424	1240	chrome.exe	85
PID 1240 wrote to memory of 424	1240	chrome.exe	85
PID 1240 wrote to memory of 424	1240	chrome.exe	85
PID 1240 wrote to memory of 424	1240	chrome.exe	85
PID 1240 wrote to memory of 424	1240	chrome.exe	85
PID 1240 wrote to memory of 424	1240	chrome.exe	85
PID 1240 wrote to memory of 424	1240	chrome.exe	85
PID 1240 wrote to memory of 424	1240	chrome.exe	85
PID 1240 wrote to memory of 424	1240	chrome.exe	85
PID 1240 wrote to memory of 424	1240	chrome.exe	85
PID 1240 wrote to memory of 424	1240	chrome.exe	85
PID 1240 wrote to memory of 424	1240	chrome.exe	85
PID 1240 wrote to memory of 424	1240	chrome.exe	85
PID 1240 wrote to memory of 424	1240	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://preachlock12.cyou/api
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd1ad1cc40,0x7ffd1ad1cc4c,0x7ffd1ad1cc58
  2⤵
  PID:2276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1876,i,12192647983594226171,17645151414459514993,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1832 /prefetch:2
  2⤵
  PID:544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2140,i,12192647983594226171,17645151414459514993,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2152 /prefetch:3
  2⤵
  PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2220,i,12192647983594226171,17645151414459514993,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2260 /prefetch:8
  2⤵
  PID:424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,12192647983594226171,17645151414459514993,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,12192647983594226171,17645151414459514993,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4592,i,12192647983594226171,17645151414459514993,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4600 /prefetch:8
  2⤵
  PID:3568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4736,i,12192647983594226171,17645151414459514993,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4672 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3664

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3684

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3672

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
67eacebd003fba13b6a6f380d1a493ed

SHA1
8d7681165e6320ca65e368928ee7068ea292c241

SHA256
c403dc0b9a0c0d2a4034c91e61f15f30fc69132b5d80e824f79fbeba6a3d7ab2

SHA512
88c28488ea84802d60c6cb67e8891d87e2c6e03c20f3c3647cc4c67fa3920238c3199641fabdc3d70de0871dcbb3e866cdfede9dfc9c2ba74fe34ebb0318cb9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
7905e5b9672c1008a484d9ad18b0dac4

SHA1
5e0e44a3771d9604c1b2aad3492eecb88583ba82

SHA256
33dc7acfe6c77a850c62f9ef18cbd0de69f059c3d280f2cc666b35623b1fd261

SHA512
8ffd3451a9c4fd275e15e75b2733b4329508faeb3b55f34baf9a04bad61fff34b0ae48c455937ba4dac47d66bd53127320c305c11a45c38001ef32adccc095ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ad2d10b32b9097a0bd661a25ac88ab0e

SHA1
430d46204b9e60136f16eee789a6776752463493

SHA256
7978dfda15c35af582a1865338d523a6dd3793ed0ce23d6d33671bbcffb25a9f

SHA512
20bbdcd53d43e4c8026cb7c0104d0f70b69b344ed1379d1faa84f4f7e3b88d9301b7878aa1846eda698c4bb66d2bfe4f5291363e74a09b55b88271c9de1a16a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1503aa4d518b3ce4d297b9b464090dab

SHA1
a8b0dc432cb15643e9393062b7de3b01dcaed4b5

SHA256
b97685246b4f90ad51054939ecf95622a535a13425fa76ef7e256340eaa3b5f7

SHA512
d475fcff1435c6f5f47d2647d0bd71f4110b401b158492d491c616576c0d6a1d220bbe6d2130c7b226dbbef5e0d9f47a781a3f876164deb2a5ab284b7febe9bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
42b453ad8996f1bbdac7a20315b9ea69

SHA1
a44b607722db2f0c94bec046ddc4898a77a6f8f7

SHA256
ca72b942b685f52dfb7b6f1904148081fca3e2cca0a1704689c11c4bbf0f3f55

SHA512
c48ec9063671a5546f22324c03e63d455880993ee66e00dc82f280c72c65983f51a295b5e101f9d0d283504a0dc6b32886c18a3d2ed431e644556805cab69d76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a326f4bab27f1c12ae143b8d2a2263e4

SHA1
31b90d26b747c70ab490f6ef7e595ab334336437

SHA256
2d3ba968df31eaf0060dbc579833935b49885f65d2893fded68802e253f8cb1a

SHA512
52c8da78fca15c0664a083e850ab6b726ffd32a1167fa2bd2d2cc21e52f00fae057c987e766edd3923cb3a3c8c02b373b6eeeaa3d2acafd2b1b1744ed1966434

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8e9adc104fd44e28602b9a8683354b2e

SHA1
d82d3c11a87f609c1c5264bd19530bc9772303a8

SHA256
c544088f3cead6bfa6ca70304a360b3de85c96a8e601caa3f52c1263ce70b588

SHA512
a0fb4cfc943f954824f1cf8580ee3927118d96e5297a2a2589d00159f6f6fe14b7e3bc73d5d68f17d53ed033c5cee0bfcac3140f92a4d17e5df28330b05ecca3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2a4ad855e42f7ba786047f2969e478d5

SHA1
794266c1b52973d8cd0cde27f1abbdfb9e28b649

SHA256
9c9a362cf469e81702ffa25f9463470d65f69f21d706bd1efb029026a7891abc

SHA512
9c0dcefead6587bb161848f26b45e28b0ee9cf9309ca8de2a9cb4f3dbf1a2b6387dd079986174e608cde1c6bacd32f794c2bce300576205544231723ca0d061b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ee6de6d8410a20c805efffa3c168e8df

SHA1
0c6a328786aa80b541914050035d78dbff4b41ec

SHA256
7473f7f0505e863c3b66388cd297809861095365bab34e42d488fd8e4bdd7c5f

SHA512
6777c63189ca4a38be97afe640320acc00a74196efcedf892b032f72c920c4a932729d4c101c321c13aaaf7c65c67707f5e2dab2dced5b2f8fdfec6238b354f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d7ee0f1720ebc596aab8065d2cbe279c

SHA1
3deca97bcdd993d83e532e634bb3e540a9ddcd39

SHA256
c70252d2a401434cfaca570383e19142d5c69918e528dac5b325cd6a57cc34b1

SHA512
668dae49b7e53c9433e62b7626e479dd141d0aa9d040cd22a7e81caab6dc2362d9436f3fac81f5155b5118bf606717792e0f3dff6752245eaad665ec3b3868c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
115KB

MD5
acf35219edae78fdbc7926c273997ab5

SHA1
53b0e6322ad195cd3ab2353fcc0d827f8689c57a

SHA256
6ea79ac2af131f7008e3f50e92c5e0eea9a13a6a26f187ba8143ddb1e07504d9

SHA512
44d5486de49bc7c7992d965b4039492d8711b049fb719edf5965e1ce3d68d521e6511f7b96e2516a56b46b75e7081c8341ec6c327fa531c9d4a8aed855dc4a93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
115KB

MD5
d24a5f42372358352d909adaa1c0b42d

SHA1
124514201726cfe1298aafc0823d8081053753f4

SHA256
1e4664a4d1ee180a3caad998469d570bba8930745e0a78b7f2c1b94d9a58a94c

SHA512
9772b661eb282bb8dca7a69c7b017016ec20fb2e2d313a6c42622077ebc502901ea08736487a331260150810c37aeed0d296918f1fb2a65b9114f57c9ed991d3

Download Submit
\??\pipe\crashpad_1240_UZNYXYLIKDEZCOSO

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit