lumma | hxxps://www[.]transfernow[.]net/en/bld?utm_source=20250103vGDv4OyT

Analysis

max time kernel
138s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
05-01-2025 17:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.transfernow.net/en/bld?utm_source=20250103vGDv4OyT

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

https://liftgoodus.cfd/api

Extracted

Family

lumma

https://liftgoodus.cfd/api

https://abruptyopsn.shop/api

https://wholersorie.shop/api

https://framekgirus.shop/api

https://tirepublicerj.shop/api

https://noisycuttej.shop/api

https://rabidcowse.shop/api

https://cloudewahsj.shop/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

Executes dropped EXE 1 IoCs

pid	Process
2224	ExLaµnch3r.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ExLaµnch3r.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133805719816407123"	chrome.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1732	chrome.exe
1732	chrome.exe
2224	ExLaµnch3r.exe
2224	ExLaµnch3r.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1988	7zG.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1732	chrome.exe
1732	chrome.exe
1732	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1732	chrome.exe
Token: SeCreatePagefilePrivilege	1732	chrome.exe
Token: SeShutdownPrivilege	1732	chrome.exe
Token: SeCreatePagefilePrivilege	1732	chrome.exe
Token: SeShutdownPrivilege	1732	chrome.exe
Token: SeCreatePagefilePrivilege	1732	chrome.exe
Token: SeShutdownPrivilege	1732	chrome.exe
Token: SeCreatePagefilePrivilege	1732	chrome.exe
Token: SeShutdownPrivilege	1732	chrome.exe
Token: SeCreatePagefilePrivilege	1732	chrome.exe
Token: SeShutdownPrivilege	1732	chrome.exe
Token: SeCreatePagefilePrivilege	1732	chrome.exe
Token: SeShutdownPrivilege	1732	chrome.exe
Token: SeCreatePagefilePrivilege	1732	chrome.exe
Token: SeShutdownPrivilege	1732	chrome.exe
Token: SeCreatePagefilePrivilege	1732	chrome.exe
Token: SeShutdownPrivilege	1732	chrome.exe
Token: SeCreatePagefilePrivilege	1732	chrome.exe
Token: SeShutdownPrivilege	1732	chrome.exe
Token: SeCreatePagefilePrivilege	1732	chrome.exe
Token: SeShutdownPrivilege	1732	chrome.exe
Token: SeCreatePagefilePrivilege	1732	chrome.exe
Token: SeShutdownPrivilege	1732	chrome.exe
Token: SeCreatePagefilePrivilege	1732	chrome.exe
Token: SeShutdownPrivilege	1732	chrome.exe
Token: SeCreatePagefilePrivilege	1732	chrome.exe
Token: SeShutdownPrivilege	1732	chrome.exe
Token: SeCreatePagefilePrivilege	1732	chrome.exe
Token: SeShutdownPrivilege	1732	chrome.exe
Token: SeCreatePagefilePrivilege	1732	chrome.exe
Token: SeShutdownPrivilege	1732	chrome.exe
Token: SeCreatePagefilePrivilege	1732	chrome.exe
Token: SeShutdownPrivilege	1732	chrome.exe
Token: SeCreatePagefilePrivilege	1732	chrome.exe
Token: SeRestorePrivilege	1988	7zG.exe
Token: 35	1988	7zG.exe
Token: SeSecurityPrivilege	1988	7zG.exe
Token: SeShutdownPrivilege	1732	chrome.exe
Token: SeCreatePagefilePrivilege	1732	chrome.exe
Token: SeShutdownPrivilege	1732	chrome.exe
Token: SeCreatePagefilePrivilege	1732	chrome.exe
Token: SeShutdownPrivilege	1732	chrome.exe
Token: SeCreatePagefilePrivilege	1732	chrome.exe
Token: SeShutdownPrivilege	1732	chrome.exe
Token: SeCreatePagefilePrivilege	1732	chrome.exe
Token: SeShutdownPrivilege	1732	chrome.exe
Token: SeCreatePagefilePrivilege	1732	chrome.exe
Token: SeSecurityPrivilege	1988	7zG.exe
Token: SeShutdownPrivilege	1732	chrome.exe
Token: SeCreatePagefilePrivilege	1732	chrome.exe
Token: SeShutdownPrivilege	1732	chrome.exe
Token: SeCreatePagefilePrivilege	1732	chrome.exe
Token: SeShutdownPrivilege	1732	chrome.exe
Token: SeCreatePagefilePrivilege	1732	chrome.exe
Token: SeShutdownPrivilege	1732	chrome.exe
Token: SeCreatePagefilePrivilege	1732	chrome.exe
Token: SeShutdownPrivilege	1732	chrome.exe
Token: SeCreatePagefilePrivilege	1732	chrome.exe
Token: SeShutdownPrivilege	1732	chrome.exe
Token: SeCreatePagefilePrivilege	1732	chrome.exe
Token: SeShutdownPrivilege	1732	chrome.exe
Token: SeCreatePagefilePrivilege	1732	chrome.exe
Token: SeShutdownPrivilege	1732	chrome.exe
Token: SeCreatePagefilePrivilege	1732	chrome.exe

Suspicious use of FindShellTrayWindow 43 IoCs

pid	Process
1732	chrome.exe
1732	chrome.exe
1732	chrome.exe
1732	chrome.exe
1732	chrome.exe
1732	chrome.exe
1732	chrome.exe
1732	chrome.exe
1732	chrome.exe
1732	chrome.exe
1732	chrome.exe
1732	chrome.exe
1732	chrome.exe
1732	chrome.exe
1732	chrome.exe
1732	chrome.exe
1732	chrome.exe
1732	chrome.exe
1732	chrome.exe
1732	chrome.exe
1732	chrome.exe
1732	chrome.exe
1732	chrome.exe
1732	chrome.exe
1732	chrome.exe
1732	chrome.exe
1732	chrome.exe
1732	chrome.exe
1732	chrome.exe
1732	chrome.exe
1732	chrome.exe
1732	chrome.exe
1732	chrome.exe
1732	chrome.exe
1732	chrome.exe
1732	chrome.exe
1732	chrome.exe
1732	chrome.exe
1732	chrome.exe
1732	chrome.exe
1988	7zG.exe
1988	7zG.exe
3820	7zG.exe

Suspicious use of SendNotifyMessage 28 IoCs

pid	Process
1732	chrome.exe
1732	chrome.exe
1732	chrome.exe
1732	chrome.exe
1732	chrome.exe
1732	chrome.exe
1732	chrome.exe
1732	chrome.exe
1732	chrome.exe
1732	chrome.exe
1732	chrome.exe
1732	chrome.exe
1732	chrome.exe
1732	chrome.exe
1732	chrome.exe
1732	chrome.exe
1732	chrome.exe
1732	chrome.exe
1732	chrome.exe
1732	chrome.exe
1732	chrome.exe
1732	chrome.exe
1732	chrome.exe
1732	chrome.exe
1732	chrome.exe
1732	chrome.exe
1732	chrome.exe
1732	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1732 wrote to memory of 1724	1732	chrome.exe	82
PID 1732 wrote to memory of 1724	1732	chrome.exe	82
PID 1732 wrote to memory of 2692	1732	chrome.exe	84
PID 1732 wrote to memory of 2692	1732	chrome.exe	84
PID 1732 wrote to memory of 2692	1732	chrome.exe	84
PID 1732 wrote to memory of 2692	1732	chrome.exe	84
PID 1732 wrote to memory of 2692	1732	chrome.exe	84
PID 1732 wrote to memory of 2692	1732	chrome.exe	84
PID 1732 wrote to memory of 2692	1732	chrome.exe	84
PID 1732 wrote to memory of 2692	1732	chrome.exe	84
PID 1732 wrote to memory of 2692	1732	chrome.exe	84
PID 1732 wrote to memory of 2692	1732	chrome.exe	84
PID 1732 wrote to memory of 2692	1732	chrome.exe	84
PID 1732 wrote to memory of 2692	1732	chrome.exe	84
PID 1732 wrote to memory of 2692	1732	chrome.exe	84
PID 1732 wrote to memory of 2692	1732	chrome.exe	84
PID 1732 wrote to memory of 2692	1732	chrome.exe	84
PID 1732 wrote to memory of 2692	1732	chrome.exe	84
PID 1732 wrote to memory of 2692	1732	chrome.exe	84
PID 1732 wrote to memory of 2692	1732	chrome.exe	84
PID 1732 wrote to memory of 2692	1732	chrome.exe	84
PID 1732 wrote to memory of 2692	1732	chrome.exe	84
PID 1732 wrote to memory of 2692	1732	chrome.exe	84
PID 1732 wrote to memory of 2692	1732	chrome.exe	84
PID 1732 wrote to memory of 2692	1732	chrome.exe	84
PID 1732 wrote to memory of 2692	1732	chrome.exe	84
PID 1732 wrote to memory of 2692	1732	chrome.exe	84
PID 1732 wrote to memory of 2692	1732	chrome.exe	84
PID 1732 wrote to memory of 2692	1732	chrome.exe	84
PID 1732 wrote to memory of 2692	1732	chrome.exe	84
PID 1732 wrote to memory of 2692	1732	chrome.exe	84
PID 1732 wrote to memory of 2692	1732	chrome.exe	84
PID 1732 wrote to memory of 4416	1732	chrome.exe	85
PID 1732 wrote to memory of 4416	1732	chrome.exe	85
PID 1732 wrote to memory of 2816	1732	chrome.exe	86
PID 1732 wrote to memory of 2816	1732	chrome.exe	86
PID 1732 wrote to memory of 2816	1732	chrome.exe	86
PID 1732 wrote to memory of 2816	1732	chrome.exe	86
PID 1732 wrote to memory of 2816	1732	chrome.exe	86
PID 1732 wrote to memory of 2816	1732	chrome.exe	86
PID 1732 wrote to memory of 2816	1732	chrome.exe	86
PID 1732 wrote to memory of 2816	1732	chrome.exe	86
PID 1732 wrote to memory of 2816	1732	chrome.exe	86
PID 1732 wrote to memory of 2816	1732	chrome.exe	86
PID 1732 wrote to memory of 2816	1732	chrome.exe	86
PID 1732 wrote to memory of 2816	1732	chrome.exe	86
PID 1732 wrote to memory of 2816	1732	chrome.exe	86
PID 1732 wrote to memory of 2816	1732	chrome.exe	86
PID 1732 wrote to memory of 2816	1732	chrome.exe	86
PID 1732 wrote to memory of 2816	1732	chrome.exe	86
PID 1732 wrote to memory of 2816	1732	chrome.exe	86
PID 1732 wrote to memory of 2816	1732	chrome.exe	86
PID 1732 wrote to memory of 2816	1732	chrome.exe	86
PID 1732 wrote to memory of 2816	1732	chrome.exe	86
PID 1732 wrote to memory of 2816	1732	chrome.exe	86
PID 1732 wrote to memory of 2816	1732	chrome.exe	86
PID 1732 wrote to memory of 2816	1732	chrome.exe	86
PID 1732 wrote to memory of 2816	1732	chrome.exe	86
PID 1732 wrote to memory of 2816	1732	chrome.exe	86
PID 1732 wrote to memory of 2816	1732	chrome.exe	86
PID 1732 wrote to memory of 2816	1732	chrome.exe	86
PID 1732 wrote to memory of 2816	1732	chrome.exe	86
PID 1732 wrote to memory of 2816	1732	chrome.exe	86
PID 1732 wrote to memory of 2816	1732	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.transfernow.net/en/bld?utm_source=20250103vGDv4OyT
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd64e1cc40,0x7ffd64e1cc4c,0x7ffd64e1cc58
  2⤵
  PID:1724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1856,i,9377290849668253287,13631070110486337969,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1852 /prefetch:2
  2⤵
  PID:2692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2148,i,9377290849668253287,13631070110486337969,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2268,i,9377290849668253287,13631070110486337969,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2484 /prefetch:8
  2⤵
  PID:2816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3084,i,9377290849668253287,13631070110486337969,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3112 /prefetch:1
  2⤵
  PID:2224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3092,i,9377290849668253287,13631070110486337969,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:1856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4728,i,9377290849668253287,13631070110486337969,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:3260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4956,i,9377290849668253287,13631070110486337969,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3656 /prefetch:8
  2⤵
  PID:5080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5196,i,9377290849668253287,13631070110486337969,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3392 /prefetch:8
  2⤵
  PID:3408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4836,i,9377290849668253287,13631070110486337969,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5140 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1784

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1568

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5072

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\ExLaµnch€r\" -ad -an -ai#7zMap26816:78:7zEvent20004
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1988

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4264

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\ExLaµnch€r\" -an -ai#7zMap16511:100:7zEvent18983
1⤵
- Suspicious use of FindShellTrayWindow
PID:3820

C:\Users\Admin\Desktop\ExLaµnch€r\ExLaµnch3r.exe
"C:\Users\Admin\Desktop\ExLaµnch€r\ExLaµnch3r.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:2224

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
e12945802dfe4732a2db9d36c39414cf

SHA1
79588f41d97cc2cceae07e79531d22faf23b241e

SHA256
ba72da585131aaecc9910c99f1195d2d9945a31c60710555f8534d8a02865ae3

SHA512
b463db6dd958c048d7c0e472b7a4160189ed3097db07477086fd4a9e5ef8715b9d7f71fc531c48b4fe4e7d4cdca3db354e7ca7df82192b7c67f3a6054c568bf1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
984B

MD5
3dfacaddfaa498f1e80ac9f5cd80cd1f

SHA1
8c6debe9e4f6d684d49f342da461beda1998d562

SHA256
3b7d299ad404bf54231446eef16d70eb6844a274b2534a352379d569a36689ab

SHA512
27590eee4e86064cb233d6ca8b5640c070f474f0b91d3d6b20e1f74e498072d9cf07fe5edcb2656adb5c2ecbf8fd456023dee5906aba184ba4380317f7b8c0d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
175a2d6b6ed056a4e0dcbc5956b11dcf

SHA1
3df9fc44644441920deeb816216584f4246ee3dd

SHA256
4dd712c6c68d113214c4d1a265d261852c7e4cf485fffbe5505587a0cf326b1c

SHA512
b2a2dde3211798f94985fd21332578c0c536da89b213eb9e2fac74ba16764f63d00c3b5127b86c3595c4ef53462f97cb1b86bc60bf2fa0dc27542bbc4e6509b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
ea2be00b5fcbfc4c234093e130ddf57c

SHA1
a6b11e201e0cf3d05170e3f85c2c3493901290d5

SHA256
a9cc479e7ca76a8adf138b5232c7efc29d03da031992cc74d655e0d1fafc5368

SHA512
b689612e6aa95995b67d9f43b7afe7c9383905121f3d13b0200cda81ce3bfafc8f5ff2ca8964101e7a37f47df7e67215cedbdd764b1207e0ff1c3444df3e5530

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3086324b34a538b17a1a4cbc0a2a874a

SHA1
250e6a59f7a2438f6444fcdffd7606d959af09c4

SHA256
5d609dd95855b4078f7d904976a3b0b3521b8ee63bf0ce4b5eb40654c4893c12

SHA512
4135e3f4d2ce345cb3219b701d09c2f7182bda49c94357287386ee4029bb5574236fb730a75aaa450614872344f95944c339211dd2819781cda85593bfbcef00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
be4d168ff22dca0c854924cbfbc0a1a3

SHA1
ef536bc816d9d7b852630bffb6998408e915d924

SHA256
3d4d7fbc561d9631a3ea720ab840200eda89a0f33d5039e69dccdc9e7b13582a

SHA512
6326412a176eb98287de33f6ae4dba82d65d0ac494a06d963a70a2309ae638eb82d62fa732266d29705ccc252c6bc0a1c12cc1c1fcfd5a04034333c7fe759890

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f29eef5c4a0f1f46c8ac171a60e52c85

SHA1
71a1ec4bd26c8353587fa2c4fb2ee007b443f4c8

SHA256
0cf5738d2a88d012d2230e3e6b69ff3c0310184cecb1c38cc4a345192475b429

SHA512
a25362c7fcc7175e2dc7b3acd46311f21ecec76a7eb941e02b921fecf0bdb38dd93a4aa8ca21f4e8aa22c3a32259bbdfdc938a0ae2e51879a1228a3b88bd4558

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1d1c0c78d989aa73fa951836f1f0ef88

SHA1
0542a398580a80fd9a1d3fa73b11d5567ceabfe4

SHA256
e71c3bd21680c64a5b5baeca3c6504e0ffd150ce730e67184364b2fdacab77eb

SHA512
74c3cc5d4cacf2bb1ac7afb470381a04232addd48e2758a4defc63a5a96385a8f0866bb0cf226ab3dbae7e3044f2f1d48f2048850d05a5feefbb00c79414ef05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fb42ab70adbad144bfd33645d71cf9c7

SHA1
23405639f8ba6b52f5397128efe1193539e5d805

SHA256
aeb7fd4f88e123151ec16f986e2a0b5fd9a71da48ed4d2991300b89369b8b39d

SHA512
836d3009a3ad49e7997c8b387cf53a8906150ddd4f5a3d0577c72d8752b8abf6e5ef10b83540d906c4e31b3fe1af736b9c8c804f4dc830ed009bc496b57944b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
529362b6f7404b8df0f66873ebf7e889

SHA1
81aecae61953ec52d4f30b12bca6ea178e1b3293

SHA256
45dd203bf954103f3546cdf8d34af75341a4be2cdcaccaae4c06dffa002b38b7

SHA512
7832cf6a77355987253c5aa457bc3c045e3dbbb0ffd8b6550c417ca1f82b93c3aa55c92227c3d093972a1e88db17e20e7f54221294460edcf6be3020f2c2acce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0fe2154db81c9eb4792f84f504b747f2

SHA1
40df255c006ff03f0d076bd83a0f8d1210e6ef8c

SHA256
e9239f4f6460eaa62a661a43999c152801e48e45c0d9dbb1dc15a84341622afe

SHA512
c8b45e49d5f297f3d32efe9e361fe2922de451ba81c4e95c940802763c7701dd76872d09806899ba6683ebe184cff06863b0a8454df86196a2b9450fe0e1f539

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
16c03c88f8fbe36682700bd7b9ab09b4

SHA1
f2c90a76990bf41781ad32a39ecae927b03aa094

SHA256
16e4fa537b360315c6e796e53da7647ca63e26685bd3ac34a72094afbc5ce5bd

SHA512
0ab30c78970251ab9127df573562693dacbec686e256182c5cb6d5031591b33c0a7c5074f2709355aee420b2550516414f5caab63397b78280fef8974fbc8b83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5434b0df59fbbce6d713ebffebf4b0c7

SHA1
0dd0c9023a3d60cc805d1447b8fc7010e079862c

SHA256
9615f80735bba695898d09362cb728952ae40d1818290de8e2a7385128ef4d54

SHA512
85fb82a535bd67fc49e060615ccaa87506f71727b27dff00352ac18c380ea24efa23bf4ea658512988558a60d5c19b7b3e8f854119095cd92580e041d0cee7f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8425ddacc3e33ab2309567e82e2c64ff

SHA1
6858c9baaa69ba8b1a4680bd79d2c01eaaaf3920

SHA256
3fd3b2fb2bcc52dc9c7335e2d27a7a9ee93d606c4001ba90d4f727a12b3f15fe

SHA512
de3c22306612f2b88d274504177c0f520ae7ab6edbf3011a8fea7bc3b451806d4a9ce68ac3497a1284b3704d2eb344e1fc4b3f12a0a5cd52010fc0c52e37136b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
cf0291d647b22d1b9d69773cbc720dd9

SHA1
6dc2a54043f70b30a7561eaa875464cae460976f

SHA256
8a1b9e0f98bac438f4fb711d0bff3147e95421c270868c8b66048d3933fd134d

SHA512
d8b14b2b18b64fb53e06f34004ef213581dbb03a672ffb6e7b539d2b83b8a670987e43865dea927503afefdcd5302476e164a141d253c3f7a96ca0ea6d71af29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
099b220cb882d65c64765f01dee1ae19

SHA1
8981467ef5e845752f23cea357bf7f628f055fde

SHA256
11b70bcdd9cfdf4f31a1cff4135a06b5ea6c592190d13b81de68e7fcafa89ddf

SHA512
bb10e5bc02a2339eca41960e26ec8e23ba002474283af7d976e99249a2e158035f61e6cbd92128220cc75bf34f274ad8e7e1796c836f9d1ed3aad17213f06ef1

Download Submit
C:\Users\Admin\Desktop\ExLaµnch€r\ExLaµnch3r.rar

Filesize
4.5MB

MD5
e093489d66344fc4822c1c1b5ae9bc55

SHA1
f42565defcc01a82fd59c87618c3c3f8d5e4292f

SHA256
cfb46f6fdebeb8be818ba859e1bc679b0494ae3ce499c1c534cf361d6cfda95e

SHA512
9a5c161c3ce85736ad744e012db9ceefd595d917245e1d76040e8c23b7aa96ce444bdb49a54c0cd58e27c7297abd1b5c342da67fcc1e1e5b3271c1458f462ff9

Download Submit
C:\Users\Admin\Downloads\ExLaµnch€r.zip.crdownload

Filesize
4.5MB

MD5
110c90e8f694fc6d62ce5bc380027349

SHA1
ba4c3dc1235fc0a98a8e624370facfdd0b8cab18

SHA256
706cde45950657f169c57dc3a413079cf2a69d0ffadb5ce2dd3b8fff5d4f8b19

SHA512
7b0ad8271660821168441e2063094bdeb2cf33c607aa63bf4054c4ad366a6940b58d4ca534a3b8ae0e04798116b32669a23846f27892d4cf913c1a0714ed1025

Download Submit
memory/2224-449-0x0000000000880000-0x00000000008D6000-memory.dmp

Filesize
344KB

Download
memory/2224-451-0x0000000000400000-0x00000000005A8000-memory.dmp

Filesize
1.7MB

Download