lumma | e17bf83e09457d8cecd1f3e903fa4c9770e17e823731650a453bc479591ac511

Resubmissions

04-01-2025 20:01

250104-yryk7swqhl 10

Analysis

max time kernel
141s
max time network
203s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
04-01-2025 20:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SmokeySpoofer.exe
Size

550KB
MD5

ee6be1648866b63fd7f860fa0114f368
SHA1

42cab62fff29eb98851b33986b637514fc904f4b
SHA256

e17bf83e09457d8cecd1f3e903fa4c9770e17e823731650a453bc479591ac511
SHA512

d6492d3b3c1d94d6c87b77a9a248e8c46b889d2e23938ddb8a8e242caccb23e8cd1a1fbeffee6b140cf6fd3ea7e8da89190286a912032ce4a671257bd8e3e28a
SSDEEP

12288:SQ5vTleU6iA6AiJ/uJxZjUXUxYcuORWETWOORGzbZr4QClJJRJAr6Ok:SQ5pexaALoXe4

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

https://covvercilverow.shop/api

https://surroundeocw.shop/api

https://abortinoiwiam.shop/api

https://pumpkinkwquo.shop/api

https://priooozekw.shop/api

https://deallyharvenw.shop/api

https://defenddsouneuw.shop/api

https://racedsuitreow.shop/api

https://roaddrermncomplai.shop/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

Loads dropped DLL 1 IoCs

pid	Process
4720	SmokeySpoofer.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4720 set thread context of 1980	4720	SmokeySpoofer.exe	84

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aspnet_regiis.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SmokeySpoofer.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133804946598817695"	chrome.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
4044	chrome.exe
4044	chrome.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe

Suspicious behavior: LoadsDriver 10 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
660	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe

Suspicious use of AdjustPrivilegeToken 13 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeDebugPrivilege	2648	taskmgr.exe
Token: SeSystemProfilePrivilege	2648	taskmgr.exe
Token: SeCreateGlobalPrivilege	2648	taskmgr.exe
Token: 33	2648	taskmgr.exe
Token: SeIncBasePriorityPrivilege	2648	taskmgr.exe

Suspicious use of FindShellTrayWindow 62 IoCs

pid	Process
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe

Suspicious use of SendNotifyMessage 59 IoCs

pid	Process
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4720 wrote to memory of 1980	4720	SmokeySpoofer.exe	84
PID 4720 wrote to memory of 1980	4720	SmokeySpoofer.exe	84
PID 4720 wrote to memory of 1980	4720	SmokeySpoofer.exe	84
PID 4720 wrote to memory of 1980	4720	SmokeySpoofer.exe	84
PID 4720 wrote to memory of 1980	4720	SmokeySpoofer.exe	84
PID 4720 wrote to memory of 1980	4720	SmokeySpoofer.exe	84
PID 4720 wrote to memory of 1980	4720	SmokeySpoofer.exe	84
PID 4720 wrote to memory of 1980	4720	SmokeySpoofer.exe	84
PID 4720 wrote to memory of 1980	4720	SmokeySpoofer.exe	84
PID 4044 wrote to memory of 4956	4044	chrome.exe	126
PID 4044 wrote to memory of 4956	4044	chrome.exe	126
PID 4044 wrote to memory of 1624	4044	chrome.exe	127
PID 4044 wrote to memory of 1624	4044	chrome.exe	127
PID 4044 wrote to memory of 1624	4044	chrome.exe	127
PID 4044 wrote to memory of 1624	4044	chrome.exe	127
PID 4044 wrote to memory of 1624	4044	chrome.exe	127
PID 4044 wrote to memory of 1624	4044	chrome.exe	127
PID 4044 wrote to memory of 1624	4044	chrome.exe	127
PID 4044 wrote to memory of 1624	4044	chrome.exe	127
PID 4044 wrote to memory of 1624	4044	chrome.exe	127
PID 4044 wrote to memory of 1624	4044	chrome.exe	127
PID 4044 wrote to memory of 1624	4044	chrome.exe	127
PID 4044 wrote to memory of 1624	4044	chrome.exe	127
PID 4044 wrote to memory of 1624	4044	chrome.exe	127
PID 4044 wrote to memory of 1624	4044	chrome.exe	127
PID 4044 wrote to memory of 1624	4044	chrome.exe	127
PID 4044 wrote to memory of 1624	4044	chrome.exe	127
PID 4044 wrote to memory of 1624	4044	chrome.exe	127
PID 4044 wrote to memory of 1624	4044	chrome.exe	127
PID 4044 wrote to memory of 1624	4044	chrome.exe	127
PID 4044 wrote to memory of 1624	4044	chrome.exe	127
PID 4044 wrote to memory of 1624	4044	chrome.exe	127
PID 4044 wrote to memory of 1624	4044	chrome.exe	127
PID 4044 wrote to memory of 1624	4044	chrome.exe	127
PID 4044 wrote to memory of 1624	4044	chrome.exe	127
PID 4044 wrote to memory of 1624	4044	chrome.exe	127
PID 4044 wrote to memory of 1624	4044	chrome.exe	127
PID 4044 wrote to memory of 1624	4044	chrome.exe	127
PID 4044 wrote to memory of 1624	4044	chrome.exe	127
PID 4044 wrote to memory of 1624	4044	chrome.exe	127
PID 4044 wrote to memory of 1624	4044	chrome.exe	127
PID 4044 wrote to memory of 2692	4044	chrome.exe	128
PID 4044 wrote to memory of 2692	4044	chrome.exe	128
PID 4044 wrote to memory of 912	4044	chrome.exe	129
PID 4044 wrote to memory of 912	4044	chrome.exe	129
PID 4044 wrote to memory of 912	4044	chrome.exe	129
PID 4044 wrote to memory of 912	4044	chrome.exe	129
PID 4044 wrote to memory of 912	4044	chrome.exe	129
PID 4044 wrote to memory of 912	4044	chrome.exe	129
PID 4044 wrote to memory of 912	4044	chrome.exe	129
PID 4044 wrote to memory of 912	4044	chrome.exe	129
PID 4044 wrote to memory of 912	4044	chrome.exe	129
PID 4044 wrote to memory of 912	4044	chrome.exe	129
PID 4044 wrote to memory of 912	4044	chrome.exe	129
PID 4044 wrote to memory of 912	4044	chrome.exe	129
PID 4044 wrote to memory of 912	4044	chrome.exe	129
PID 4044 wrote to memory of 912	4044	chrome.exe	129
PID 4044 wrote to memory of 912	4044	chrome.exe	129
PID 4044 wrote to memory of 912	4044	chrome.exe	129
PID 4044 wrote to memory of 912	4044	chrome.exe	129
PID 4044 wrote to memory of 912	4044	chrome.exe	129
PID 4044 wrote to memory of 912	4044	chrome.exe	129
PID 4044 wrote to memory of 912	4044	chrome.exe	129
PID 4044 wrote to memory of 912	4044	chrome.exe	129

C:\Users\Admin\AppData\Local\Temp\SmokeySpoofer.exe
"C:\Users\Admin\AppData\Local\Temp\SmokeySpoofer.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4720
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1980

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:804

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\ProtectGroup.cmd" "
1⤵
PID:3988

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x518 0x2ec
1⤵
PID:3976

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffaac69cc40,0x7ffaac69cc4c,0x7ffaac69cc58
  2⤵
  PID:4956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1824,i,16397939112045858352,1194521449663622887,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1816 /prefetch:2
  2⤵
  PID:1624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2108,i,16397939112045858352,1194521449663622887,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2152 /prefetch:3
  2⤵
  PID:2692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2292,i,16397939112045858352,1194521449663622887,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2312 /prefetch:8
  2⤵
  PID:912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3152,i,16397939112045858352,1194521449663622887,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:2400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3400,i,16397939112045858352,1194521449663622887,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4508,i,16397939112045858352,1194521449663622887,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4552 /prefetch:1
  2⤵
  PID:2188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4848,i,16397939112045858352,1194521449663622887,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4860 /prefetch:8
  2⤵
  PID:1152

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1088

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4544

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2648

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
2f88f963fd5d3cac55f6bc2a3438673f

SHA1
8376627ba508a47678f0ecdf3601ce0f2ea58fb5

SHA256
e8ad9bff25fb2d7be4b86dfa27f1a0de76c9641265b57da39c1a7c254da08173

SHA512
7407204346af5eb5766a2ddc51473e2a0afc455e779e45ab52b2a00786be1c6259b32ce9e9c76be1dad52f6d3d5a9b995da8b870c3d69e23290150bea6369665

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
e284f39dceb8673463acfecb30c766a0

SHA1
db6803346843747ca0d4f1ce58fa44b18c2a44e4

SHA256
2cb2c5fd21d258656bcc883fb8f4c1fb2d56a8c2a3138b096a6a10a05d28cbbe

SHA512
850cfc2661f0668662e9df3bc0d81018f0d0b0b3c42e66774fc9b71faceaba95f1a34e0ceb30086233e2120837d026436a2e33855f6df5df3aa96b2ba023a6f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
3b0cb610783c3be1560d02838ad399a5

SHA1
e30d803dab16b86ca75196b6ca639142f05bd3a9

SHA256
99187c3224c73bad368dfe35bd1cd80f8a3a3a7c27ec2f674c293d798f846f7f

SHA512
f467b187d0af10a1e68350a6e184ebefc345f78a54a25fd7ff92c0faf66513f79b2e431041320a595b166e98ecaf544778ae22048d9b4ddbc211c9cee1a9c364

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
20b0885d828b39e169d1d8e7a0bfd754

SHA1
60bdfdd3d1373b4fee089002cca97f81fd40ee3f

SHA256
ba7f2d448d8a21a83c75a7b235b89f57970887830e6e2fbbe08f164d4f18514d

SHA512
643892cf74dcca39ebecb7d44ee97ce7145cc270ecba090c37a125cb33653658454012da7cd082856ce4e2e9814e423969ee50a55e4684677a0ff31228bf5817

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
73cfbb35eea7e0e1e8fc7311b647c1ea

SHA1
82e6d7843b2fa5d79aed4b10d3d10c7e029f125f

SHA256
e1c2e61e9e74fab6aa619a0294239b67daf38075c5da3e0e604a37789f345175

SHA512
7d4e0abfdcf93e515f8d25f0d059f59a4f6c1ce2060b0081e24bc9e617b6b79cf709b0f1bac7cbf4a5bc99131b703d54900d2f3faea2f81d83c40fdeedb64729

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Roaming\msvcp110.dll

Filesize
642KB

MD5
9bc424be13dca227268ab018dca9ef0c

SHA1
f6f42e926f511d57ef298613634f3a186ec25ddc

SHA256
59d3999d0989c9c91dae93c26499f5a14b837a0fe56e6fc29f57456f54a1f8a2

SHA512
70a1abb35bd95efc40af6653d5db2e155fab9a8575b7ae5b69ab3fbcd60925c66a675dac6cba57564a430e9b92f1a2ea9e912c4d7f356b82696ed77e92b52715

Download Submit
memory/1980-14-0x0000000000400000-0x0000000000465000-memory.dmp

Filesize
404KB

Download
memory/1980-12-0x0000000000400000-0x0000000000465000-memory.dmp

Filesize
404KB

Download
memory/1980-16-0x0000000000400000-0x0000000000465000-memory.dmp

Filesize
404KB

Download
memory/1980-9-0x0000000000400000-0x0000000000465000-memory.dmp

Filesize
404KB

Download
memory/2648-134-0x000001F2BC0C0000-0x000001F2BC0C1000-memory.dmp

Filesize
4KB

Download
memory/2648-142-0x000001F2BC0C0000-0x000001F2BC0C1000-memory.dmp

Filesize
4KB

Download
memory/2648-138-0x000001F2BC0C0000-0x000001F2BC0C1000-memory.dmp

Filesize
4KB

Download
memory/2648-139-0x000001F2BC0C0000-0x000001F2BC0C1000-memory.dmp

Filesize
4KB

Download
memory/2648-140-0x000001F2BC0C0000-0x000001F2BC0C1000-memory.dmp

Filesize
4KB

Download
memory/2648-141-0x000001F2BC0C0000-0x000001F2BC0C1000-memory.dmp

Filesize
4KB

Download
memory/2648-132-0x000001F2BC0C0000-0x000001F2BC0C1000-memory.dmp

Filesize
4KB

Download
memory/2648-133-0x000001F2BC0C0000-0x000001F2BC0C1000-memory.dmp

Filesize
4KB

Download
memory/2648-144-0x000001F2BC0C0000-0x000001F2BC0C1000-memory.dmp

Filesize
4KB

Download
memory/2648-143-0x000001F2BC0C0000-0x000001F2BC0C1000-memory.dmp

Filesize
4KB

Download
memory/4720-0-0x00000000747CE000-0x00000000747CF000-memory.dmp

Filesize
4KB

Download
memory/4720-15-0x00000000747C0000-0x0000000074F70000-memory.dmp

Filesize
7.7MB

Download
memory/4720-1-0x00000000008A0000-0x0000000000930000-memory.dmp

Filesize
576KB

Download
memory/4720-2-0x00000000747C0000-0x0000000074F70000-memory.dmp

Filesize
7.7MB

Download
memory/4720-10-0x00000000747C0000-0x0000000074F70000-memory.dmp

Filesize
7.7MB

Download