lumma | hxxps://medicaljummtj[.]shop/api

Analysis

max time kernel
109s
max time network
108s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
17-01-2025 10:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://medicaljummtj.shop/api

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

https://medicaljummtj.shop/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133815847209133434"	chrome.exe

Modifies registry class 4 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\MuiCache	BackgroundTransferHost.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3032	chrome.exe
3032	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3032	chrome.exe
3032	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3032 wrote to memory of 4520	3032	chrome.exe	78
PID 3032 wrote to memory of 4520	3032	chrome.exe	78
PID 3032 wrote to memory of 2172	3032	chrome.exe	79
PID 3032 wrote to memory of 2172	3032	chrome.exe	79
PID 3032 wrote to memory of 2172	3032	chrome.exe	79
PID 3032 wrote to memory of 2172	3032	chrome.exe	79
PID 3032 wrote to memory of 2172	3032	chrome.exe	79
PID 3032 wrote to memory of 2172	3032	chrome.exe	79
PID 3032 wrote to memory of 2172	3032	chrome.exe	79
PID 3032 wrote to memory of 2172	3032	chrome.exe	79
PID 3032 wrote to memory of 2172	3032	chrome.exe	79
PID 3032 wrote to memory of 2172	3032	chrome.exe	79
PID 3032 wrote to memory of 2172	3032	chrome.exe	79
PID 3032 wrote to memory of 2172	3032	chrome.exe	79
PID 3032 wrote to memory of 2172	3032	chrome.exe	79
PID 3032 wrote to memory of 2172	3032	chrome.exe	79
PID 3032 wrote to memory of 2172	3032	chrome.exe	79
PID 3032 wrote to memory of 2172	3032	chrome.exe	79
PID 3032 wrote to memory of 2172	3032	chrome.exe	79
PID 3032 wrote to memory of 2172	3032	chrome.exe	79
PID 3032 wrote to memory of 2172	3032	chrome.exe	79
PID 3032 wrote to memory of 2172	3032	chrome.exe	79
PID 3032 wrote to memory of 2172	3032	chrome.exe	79
PID 3032 wrote to memory of 2172	3032	chrome.exe	79
PID 3032 wrote to memory of 2172	3032	chrome.exe	79
PID 3032 wrote to memory of 2172	3032	chrome.exe	79
PID 3032 wrote to memory of 2172	3032	chrome.exe	79
PID 3032 wrote to memory of 2172	3032	chrome.exe	79
PID 3032 wrote to memory of 2172	3032	chrome.exe	79
PID 3032 wrote to memory of 2172	3032	chrome.exe	79
PID 3032 wrote to memory of 2172	3032	chrome.exe	79
PID 3032 wrote to memory of 2172	3032	chrome.exe	79
PID 3032 wrote to memory of 4236	3032	chrome.exe	80
PID 3032 wrote to memory of 4236	3032	chrome.exe	80
PID 3032 wrote to memory of 2044	3032	chrome.exe	81
PID 3032 wrote to memory of 2044	3032	chrome.exe	81
PID 3032 wrote to memory of 2044	3032	chrome.exe	81
PID 3032 wrote to memory of 2044	3032	chrome.exe	81
PID 3032 wrote to memory of 2044	3032	chrome.exe	81
PID 3032 wrote to memory of 2044	3032	chrome.exe	81
PID 3032 wrote to memory of 2044	3032	chrome.exe	81
PID 3032 wrote to memory of 2044	3032	chrome.exe	81
PID 3032 wrote to memory of 2044	3032	chrome.exe	81
PID 3032 wrote to memory of 2044	3032	chrome.exe	81
PID 3032 wrote to memory of 2044	3032	chrome.exe	81
PID 3032 wrote to memory of 2044	3032	chrome.exe	81
PID 3032 wrote to memory of 2044	3032	chrome.exe	81
PID 3032 wrote to memory of 2044	3032	chrome.exe	81
PID 3032 wrote to memory of 2044	3032	chrome.exe	81
PID 3032 wrote to memory of 2044	3032	chrome.exe	81
PID 3032 wrote to memory of 2044	3032	chrome.exe	81
PID 3032 wrote to memory of 2044	3032	chrome.exe	81
PID 3032 wrote to memory of 2044	3032	chrome.exe	81
PID 3032 wrote to memory of 2044	3032	chrome.exe	81
PID 3032 wrote to memory of 2044	3032	chrome.exe	81
PID 3032 wrote to memory of 2044	3032	chrome.exe	81
PID 3032 wrote to memory of 2044	3032	chrome.exe	81
PID 3032 wrote to memory of 2044	3032	chrome.exe	81
PID 3032 wrote to memory of 2044	3032	chrome.exe	81
PID 3032 wrote to memory of 2044	3032	chrome.exe	81
PID 3032 wrote to memory of 2044	3032	chrome.exe	81
PID 3032 wrote to memory of 2044	3032	chrome.exe	81
PID 3032 wrote to memory of 2044	3032	chrome.exe	81
PID 3032 wrote to memory of 2044	3032	chrome.exe	81

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://medicaljummtj.shop/api
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff70b7cc40,0x7fff70b7cc4c,0x7fff70b7cc58
  2⤵
  PID:4520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1940,i,3952206642177477900,1402818988399423306,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1936 /prefetch:2
  2⤵
  PID:2172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1700,i,3952206642177477900,1402818988399423306,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1972 /prefetch:3
  2⤵
  PID:4236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2120,i,3952206642177477900,1402818988399423306,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2128 /prefetch:8
  2⤵
  PID:2044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3088,i,3952206642177477900,1402818988399423306,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3104 /prefetch:1
  2⤵
  PID:1284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3092,i,3952206642177477900,1402818988399423306,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4384,i,3952206642177477900,1402818988399423306,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4616 /prefetch:8
  2⤵
  PID:1688

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3116

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1068

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:2688

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
70667817f8ed5906dd999162cc37f453

SHA1
6bc02324ffb8e63303551fcef259be6aebfd13e6

SHA256
0033d029e271ad28acd76bff706cdc3c4fdb2ee1578c8b30f2afc334bb033e12

SHA512
bc6b133b8172c0a5872bfbedfc91b805619b0ef55955ea07840791ac20f2339918f9c2e45c62107e4583090ec5f920d895808a9588008b7a23f6448fc4a0a74e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
8c434cc116043db13f67e841b2dea9f4

SHA1
d08efe60a646de1058debd9454788f4135e153a8

SHA256
4f0cc337bcee664e9539eeb8a69022d2ad9ab35bdb8aa09dd2b6c2120d53931b

SHA512
16694770827346ba727b54efb79dceaa53505055d3512279d71a612a08d6f201a9150a4123465bc0b72006ae2d65d10a0056b8d0e6a2dbd6494152762097791d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
287c38e4374d9abefe6ccff8adc928f7

SHA1
375433fcb45679a78f542a1b717b9fe65dc45396

SHA256
ad671ced95d52852e4efbefc59f70d6866a66d6da31ca795d504e1a6efddd61e

SHA512
27cc880a7448d317a616170dd5799c642155847d614e5d16d67ace2bd4dca0b58890c328ff2abbc47b20cc3ae879c40dc79216b55637d4869d0a16002041700d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9f87e3ee3fa04af7c63789a3d3210b9a

SHA1
ef2d724498bddc4385d7974306a348aa592c2b1c

SHA256
4396b38010bbc19e7f84fe471290e1db0b26cd2a36a4cd3c45fd50369537ef5b

SHA512
477f4b056045f8cc8d95cba63dca94bd3208da25c4302e5629ce5df85bded8ef21ba6fe1583aeb9b5fdce021e325662df3ef23c65d5d91e5fead1d33a09c01d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7680e0c10d6ad2093bfc20f2bc51656a

SHA1
43e4584d0a8b8c0adaf776432a2c88e268db7495

SHA256
e5edc264469838740672c9fae0b16c201f49271e4ce7f0992459e32ff6e8a979

SHA512
d77dcbb4e64e377a659177a775d5212d3b6fe2a5ff15978865c0e9f4c4327972f01da88431e2cd7a1f0d05103292af667974d87817fa805873ce79b1acde6e2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b28a25d373b8538d25ca4b9ac17d55e3

SHA1
f0397892d681a8380a005156a4a0d635ccc97c6a

SHA256
8a658975ade41c55966cd8385a8746e7e87a80ab19e73b76f8dac391c0e530f6

SHA512
2a6fccb395c9b794af4f8204914b730ee45599f98bdbebabcf4aacde70f80bf720a96c9bc65ae5c0118504d5f2438c95e863ab29749ae2f71689cde0c0121a79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fafa65dd09fce136d8e0c26aacf4e3ec

SHA1
5d357b0ddad68030044bf4a1d7eb31b6e870714e

SHA256
d0eba20c8104ef3a2a769f89481244da43244b67f4ac40e835b3945b881eaf55

SHA512
b687c33caa7d795bcab75aff7adc489d7f6bf276548b7b54d7e852c3e45c9642841b7ddf27c7f7d843b0348ff904da242dd931ebf3f6e504a12aa240c1ae7a2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c9d0f12ba0be52a81e1052ed9a7b6b2c

SHA1
7c268a9237eb8bc84c888977694fe525f1107f73

SHA256
4614fbe04553ce37e181bf1f92fe596cd64dd375f03eec5e261b0b93dd5951ba

SHA512
85b601ed94b7ae575b691d28c2c06b1d56a454cd05916c701a7b4892aa8c8bfc6bc9c5dc022e3faa3b473caa96d0d434413835286cf2704207dfabda77efbd20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
47b7e47b6354e2cbaf350e8c303206cd

SHA1
0cbebc4433d085d0484a4699a0c3c9da74386f4b

SHA256
366fb8c1eb0cb639e3b58247cc05ef8df62ad41892dd9451f4d8f401dca27620

SHA512
0fe1b5cb447cabdde2d6af6aeaa3cdb73eaa7dd55213b2a691142b8875659bd9b858a24602066f5ebb21494fa60124ef183e9feeb5760c32c8e06448782a3a53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
1973eb61968b5ae66769ab6444947c89

SHA1
ab4626c8d2522f9d456e6720fcc057ffe73332dd

SHA256
459e016f02bfcbed235d3eaa058a26c685994d94c6c7d5d9f8af9ca8cbcbe52e

SHA512
65c8842fb524d2eb0db53add50082cc04dc0c75c7f55db5929f1041368a61e340a38d527a4f7364959ba9e34ba3351bd5afe7676a388a2d9e62ab33cf2716277

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
3a33bc60f3cac0e745978ceccf1b1d2e

SHA1
8fa46e0d9f70c445dd48568f2c7d6fa05922a2ec

SHA256
d71107293378203044be46fc5accc8bfd75859f7a3794184d77a23e275726aee

SHA512
4cc42ececc2319e5893be6708ba5c5e5e9cb814b3961f3cd9057251e5cb12e84ae4705ae1bd5f79a164e262960445a3b408f217c7d781775f3ffb41fd4aa1469

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\17d19d7f-a52b-4b14-bad6-554a8b684e2f.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit