lumma | hxxps://github[.]com/darwin86johnsoneei/Xeno-executor/releases/tag/Release

Analysis

max time kernel
107s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
10-01-2025 23:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/darwin86johnsoneei/Xeno-executor/releases/tag/Release

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

https://whisperusz.biz/api

https://fraggielek.biz/api

https://grandiouseziu.biz/api

https://littlenotii.biz/api

https://marketlumpe.biz/api

https://nuttyshopr.biz/api

https://punishzement.biz/api

https://spookycappy.biz/api

https://truculengisau.biz/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3144 set thread context of 2272	3144	Xeno-executor.exe	114

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2784	3144	WerFault.exe	110

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Xeno-executor.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Xeno-executor.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133810248481709114"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
736	chrome.exe
736	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
736	chrome.exe
736	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe

Suspicious use of FindShellTrayWindow 41 IoCs

pid	Process
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 736 wrote to memory of 4084	736	chrome.exe	83
PID 736 wrote to memory of 4084	736	chrome.exe	83
PID 736 wrote to memory of 4760	736	chrome.exe	84
PID 736 wrote to memory of 4760	736	chrome.exe	84
PID 736 wrote to memory of 4760	736	chrome.exe	84
PID 736 wrote to memory of 4760	736	chrome.exe	84
PID 736 wrote to memory of 4760	736	chrome.exe	84
PID 736 wrote to memory of 4760	736	chrome.exe	84
PID 736 wrote to memory of 4760	736	chrome.exe	84
PID 736 wrote to memory of 4760	736	chrome.exe	84
PID 736 wrote to memory of 4760	736	chrome.exe	84
PID 736 wrote to memory of 4760	736	chrome.exe	84
PID 736 wrote to memory of 4760	736	chrome.exe	84
PID 736 wrote to memory of 4760	736	chrome.exe	84
PID 736 wrote to memory of 4760	736	chrome.exe	84
PID 736 wrote to memory of 4760	736	chrome.exe	84
PID 736 wrote to memory of 4760	736	chrome.exe	84
PID 736 wrote to memory of 4760	736	chrome.exe	84
PID 736 wrote to memory of 4760	736	chrome.exe	84
PID 736 wrote to memory of 4760	736	chrome.exe	84
PID 736 wrote to memory of 4760	736	chrome.exe	84
PID 736 wrote to memory of 4760	736	chrome.exe	84
PID 736 wrote to memory of 4760	736	chrome.exe	84
PID 736 wrote to memory of 4760	736	chrome.exe	84
PID 736 wrote to memory of 4760	736	chrome.exe	84
PID 736 wrote to memory of 4760	736	chrome.exe	84
PID 736 wrote to memory of 4760	736	chrome.exe	84
PID 736 wrote to memory of 4760	736	chrome.exe	84
PID 736 wrote to memory of 4760	736	chrome.exe	84
PID 736 wrote to memory of 4760	736	chrome.exe	84
PID 736 wrote to memory of 4760	736	chrome.exe	84
PID 736 wrote to memory of 4760	736	chrome.exe	84
PID 736 wrote to memory of 1912	736	chrome.exe	85
PID 736 wrote to memory of 1912	736	chrome.exe	85
PID 736 wrote to memory of 3936	736	chrome.exe	86
PID 736 wrote to memory of 3936	736	chrome.exe	86
PID 736 wrote to memory of 3936	736	chrome.exe	86
PID 736 wrote to memory of 3936	736	chrome.exe	86
PID 736 wrote to memory of 3936	736	chrome.exe	86
PID 736 wrote to memory of 3936	736	chrome.exe	86
PID 736 wrote to memory of 3936	736	chrome.exe	86
PID 736 wrote to memory of 3936	736	chrome.exe	86
PID 736 wrote to memory of 3936	736	chrome.exe	86
PID 736 wrote to memory of 3936	736	chrome.exe	86
PID 736 wrote to memory of 3936	736	chrome.exe	86
PID 736 wrote to memory of 3936	736	chrome.exe	86
PID 736 wrote to memory of 3936	736	chrome.exe	86
PID 736 wrote to memory of 3936	736	chrome.exe	86
PID 736 wrote to memory of 3936	736	chrome.exe	86
PID 736 wrote to memory of 3936	736	chrome.exe	86
PID 736 wrote to memory of 3936	736	chrome.exe	86
PID 736 wrote to memory of 3936	736	chrome.exe	86
PID 736 wrote to memory of 3936	736	chrome.exe	86
PID 736 wrote to memory of 3936	736	chrome.exe	86
PID 736 wrote to memory of 3936	736	chrome.exe	86
PID 736 wrote to memory of 3936	736	chrome.exe	86
PID 736 wrote to memory of 3936	736	chrome.exe	86
PID 736 wrote to memory of 3936	736	chrome.exe	86
PID 736 wrote to memory of 3936	736	chrome.exe	86
PID 736 wrote to memory of 3936	736	chrome.exe	86
PID 736 wrote to memory of 3936	736	chrome.exe	86
PID 736 wrote to memory of 3936	736	chrome.exe	86
PID 736 wrote to memory of 3936	736	chrome.exe	86
PID 736 wrote to memory of 3936	736	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/darwin86johnsoneei/Xeno-executor/releases/tag/Release
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff84a7cc40,0x7fff84a7cc4c,0x7fff84a7cc58
  2⤵
  PID:4084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1936,i,10371939456901195465,4292129920348749054,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1928 /prefetch:2
  2⤵
  PID:4760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2156,i,10371939456901195465,4292129920348749054,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  PID:1912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2236,i,10371939456901195465,4292129920348749054,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2436 /prefetch:8
  2⤵
  PID:3936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,10371939456901195465,4292129920348749054,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3140 /prefetch:1
  2⤵
  PID:4124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3128,i,10371939456901195465,4292129920348749054,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:3616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4708,i,10371939456901195465,4292129920348749054,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4572 /prefetch:8
  2⤵
  PID:1944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4368,i,10371939456901195465,4292129920348749054,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4924 /prefetch:8
  2⤵
  PID:4244

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2020

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2696

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2212

C:\Users\Admin\Downloads\Xeno-executor\Xeno-executor.exe
"C:\Users\Admin\Downloads\Xeno-executor\Xeno-executor.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:3144
- C:\Users\Admin\Downloads\Xeno-executor\Xeno-executor.exe
  "C:\Users\Admin\Downloads\Xeno-executor\Xeno-executor.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2272
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 172
  2⤵
  - Program crash
  PID:2784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 3144 -ip 3144
1⤵
PID:4148

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\095c884a-01b2-4221-b36d-532e692dbc40.tmp

Filesize
9KB

MD5
1d73a2e1428f900d76618c6247f7f2fa

SHA1
6aadf8bfc9b65a8ed58da3bd3a497ee7ba9a5c20

SHA256
4276545adeb0b595e6f77f0bc025d05342b6da0d7a9cf25a6fb29b973d84e2f1

SHA512
e19b4a41884f0a38be3d862dd519954c0674bfa981a4d4c213b17f6f4a05be86cfc117dc75bad61dad07568400a5104c70289b7cde7573852eb7e442a25d1282

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\1e709802-87e3-4732-a039-c9af1e815a87.tmp

Filesize
9KB

MD5
fa373883d2e7a52ebcfd80e364b6029c

SHA1
218c92b7aa925825e75ed69fb685092a594b2bbe

SHA256
9a5813a6fabaa0e61c79db949bce25fae6668f654e686e58b38ab87e6d5b8112

SHA512
0eb398be7afc96c41cdbcfab1fb6ede0bbac5e54c590cdb72c4cb7628611b084c09de0807f2b3fec2ea47a3fd5d48479a04d9c299ea6e416faad68d92b1673ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
ed164d27ffbc74890ef1ee956c327947

SHA1
a82df5c10d445ea222e69f58d6118f91ce466da3

SHA256
e179ece3c336954e3666f60f9a7c866c4d95371f024e8915ba4ccb8a54d48c45

SHA512
d8ef32c5b34c78640dfa175c9e9ffac189c75767c9bd3db766e1f7324d179d134c35127cae1f19297eff4297a52b239dff2e55c33bbdb91927c9ccf1ac71ae29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
1KB

MD5
5f2dfc052d4348ca372ce21c39cae1bd

SHA1
51a5c3b44e51570ca19d55b97bb9cbcb35cef2e6

SHA256
ef91b6a34f959fab17ae11dc65bf7846fb8ad5c6935568419135e9b3d2d80209

SHA512
c0275910aa41ed27a40943a9cd421e721032bf830b658b6a3ed3ff03dde8aeb5ea70af4f0a1211fa90c79923ffab78d5e33e4679fba7267763e6a485b7033e8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
db38e0e4037c00d636f77754e1fba9cb

SHA1
8aecc889071ea99c35e1e627e8ade0dd904af620

SHA256
b6a8c29a2b6dace0d461c605b2b9245a12c25a49569b1ecfa818e4d5ba2f31f9

SHA512
000c70ecbd55bf941abc8d273f552e610177c985b8f4102f8e0f593a005ab17bd22a3cb80a6eabaf2010081bbf22deb99593c01d81c98ffd53556c6969c8fde5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d8856cf3a9e42c90d9f05d922009d269

SHA1
1a0a473a8e4b839c59c512f40db1df2f334225ba

SHA256
9c3053f8030ee39d285c4df11e9a2595cfe89989be16a34deefb93ae667a3b7e

SHA512
0f56ab9a7caef718107e9b51aef54d4d992a4828fbb360fb871d64199412f9b6d2270a0a21d7ad3ea9b332ddf5bcd1049b4b636f3b3e3e378d0476920c44094f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0d7a93a84e63e56d4be457c0ca5635f8

SHA1
3146711bec9579a0d6d652f7a9d1cc7b1abe1317

SHA256
95e266bb0e8e77bba30cfb1e36d0ec0d884ad28aab05b8eff98a6f586346ef45

SHA512
3034985f39ef14f068cff8ade1d664fdecdbe9bc45e8c3cc62e50214cffc6a1851110ef8e97af339f3531c373f8d88ea2c73134dd33cff79deebc49eda6b3957

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
deabe5b5e5d0e210522d3d746ccaf1f1

SHA1
48119d9db53d7f73af9a8d8656dee9cde719e851

SHA256
9633b09d7ea624ea7d8e04bab4e3f7376ab2db263854ac2d6dfd99f224ab43bc

SHA512
c4b383fb48042d9912acacc91e6bb65840035ef6762add6200a85b3b55be612d8309e8db6380f09a196e96972d438449364133e3b2b6047ca92b26153dd7bcf2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
222f22ab3b098a969e631462c1a00782

SHA1
cb5c938c21e3332ab5645843732dbf795042d155

SHA256
5ecd62dd1a7cf38ce8d9b750fd0b9957ccddbfa36667bd480fc73309dfd2727a

SHA512
6afbc996d9364b60ebe20d51efed4c73198ce5475d4bb0b2e3cdbf6f10bda0b1b07063295745214a6078205b879f88d3d2af1c2fcee00f84101e852f09a41d08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c93220b977c5352fc5376fea31765766

SHA1
0a35d08dd65350d7591861b46eef9ddc7dc48c61

SHA256
08010f47060887511c9e932d74f9c575a643f4596676a7c4db8056a6ead72d54

SHA512
e69993b1bc6f920d833dbed77f4fe935a26d8f63beab6f7740a6cfddfcbe0260eb8925ec056c9863f48aadecc1b3e382297ed1acc50744fd71b0312d109c3afc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
cbf3ff54b6bc08a08b12938ea4ad3c41

SHA1
7919fde79dc09834675d8c6be876799e7223b7af

SHA256
3b830a0b3d5b66f61f085476751f00d4990d507d01cbbb6c3c951049b0ac81e7

SHA512
b8c03ca4bedcd95f87e39bfe4633c7313bde64bbda7844cf47087694532b38e8683a5eba2788edce9746ca31577e48e00848952709e5bd212b2fdf5fa93c775c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
f5ff329c7d996aaf223e21fd9bd54702

SHA1
067e6c40c7e47e4c4b7e190f87193791dc5031c9

SHA256
e638db1f95bcc6ca09952d73642f3640720be0d01bf12e507133b09494a20bcf

SHA512
24b32d0230a75f50a1cdd27b94e9238a21cddef16cd34e953720867c8c2a647b2774141d1c5122fbfc15991893336b8032cd25a83b094fb92d7091ceb1beb1c4

Download Submit
memory/2272-172-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/2272-170-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/2272-174-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/3144-168-0x0000000005310000-0x00000000058B4000-memory.dmp

Filesize
5.6MB

Download
memory/3144-173-0x00000000746D0000-0x0000000074E80000-memory.dmp

Filesize
7.7MB

Download
memory/3144-167-0x00000000003D0000-0x000000000042A000-memory.dmp

Filesize
360KB

Download
memory/3144-166-0x00000000746DE000-0x00000000746DF000-memory.dmp

Filesize
4KB

Download