lumma | hxxps://too-gle[.]com/coco/joas[.]txt

Analysis

max time kernel
103s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20241007-es
resource tags

arch:x64arch:x86image:win10v2004-20241007-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
19/01/2025, 23:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://too-gle.com/coco/joas.txt

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

https://mushyomittel.cyou/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

Executes dropped EXE 1 IoCs

pid	Process
2736	kutikolo.exe

Loads dropped DLL 1 IoCs

pid	Process
2736	kutikolo.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	kutikolo.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	kutikolo.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133818016210099271"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4944	chrome.exe
4944	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
3992	7zG.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4944 wrote to memory of 4784	4944	chrome.exe	84
PID 4944 wrote to memory of 4784	4944	chrome.exe	84
PID 4944 wrote to memory of 5044	4944	chrome.exe	85
PID 4944 wrote to memory of 5044	4944	chrome.exe	85
PID 4944 wrote to memory of 5044	4944	chrome.exe	85
PID 4944 wrote to memory of 5044	4944	chrome.exe	85
PID 4944 wrote to memory of 5044	4944	chrome.exe	85
PID 4944 wrote to memory of 5044	4944	chrome.exe	85
PID 4944 wrote to memory of 5044	4944	chrome.exe	85
PID 4944 wrote to memory of 5044	4944	chrome.exe	85
PID 4944 wrote to memory of 5044	4944	chrome.exe	85
PID 4944 wrote to memory of 5044	4944	chrome.exe	85
PID 4944 wrote to memory of 5044	4944	chrome.exe	85
PID 4944 wrote to memory of 5044	4944	chrome.exe	85
PID 4944 wrote to memory of 5044	4944	chrome.exe	85
PID 4944 wrote to memory of 5044	4944	chrome.exe	85
PID 4944 wrote to memory of 5044	4944	chrome.exe	85
PID 4944 wrote to memory of 5044	4944	chrome.exe	85
PID 4944 wrote to memory of 5044	4944	chrome.exe	85
PID 4944 wrote to memory of 5044	4944	chrome.exe	85
PID 4944 wrote to memory of 5044	4944	chrome.exe	85
PID 4944 wrote to memory of 5044	4944	chrome.exe	85
PID 4944 wrote to memory of 5044	4944	chrome.exe	85
PID 4944 wrote to memory of 5044	4944	chrome.exe	85
PID 4944 wrote to memory of 5044	4944	chrome.exe	85
PID 4944 wrote to memory of 5044	4944	chrome.exe	85
PID 4944 wrote to memory of 5044	4944	chrome.exe	85
PID 4944 wrote to memory of 5044	4944	chrome.exe	85
PID 4944 wrote to memory of 5044	4944	chrome.exe	85
PID 4944 wrote to memory of 5044	4944	chrome.exe	85
PID 4944 wrote to memory of 5044	4944	chrome.exe	85
PID 4944 wrote to memory of 5044	4944	chrome.exe	85
PID 4944 wrote to memory of 2956	4944	chrome.exe	86
PID 4944 wrote to memory of 2956	4944	chrome.exe	86
PID 4944 wrote to memory of 1596	4944	chrome.exe	87
PID 4944 wrote to memory of 1596	4944	chrome.exe	87
PID 4944 wrote to memory of 1596	4944	chrome.exe	87
PID 4944 wrote to memory of 1596	4944	chrome.exe	87
PID 4944 wrote to memory of 1596	4944	chrome.exe	87
PID 4944 wrote to memory of 1596	4944	chrome.exe	87
PID 4944 wrote to memory of 1596	4944	chrome.exe	87
PID 4944 wrote to memory of 1596	4944	chrome.exe	87
PID 4944 wrote to memory of 1596	4944	chrome.exe	87
PID 4944 wrote to memory of 1596	4944	chrome.exe	87
PID 4944 wrote to memory of 1596	4944	chrome.exe	87
PID 4944 wrote to memory of 1596	4944	chrome.exe	87
PID 4944 wrote to memory of 1596	4944	chrome.exe	87
PID 4944 wrote to memory of 1596	4944	chrome.exe	87
PID 4944 wrote to memory of 1596	4944	chrome.exe	87
PID 4944 wrote to memory of 1596	4944	chrome.exe	87
PID 4944 wrote to memory of 1596	4944	chrome.exe	87
PID 4944 wrote to memory of 1596	4944	chrome.exe	87
PID 4944 wrote to memory of 1596	4944	chrome.exe	87
PID 4944 wrote to memory of 1596	4944	chrome.exe	87
PID 4944 wrote to memory of 1596	4944	chrome.exe	87
PID 4944 wrote to memory of 1596	4944	chrome.exe	87
PID 4944 wrote to memory of 1596	4944	chrome.exe	87
PID 4944 wrote to memory of 1596	4944	chrome.exe	87
PID 4944 wrote to memory of 1596	4944	chrome.exe	87
PID 4944 wrote to memory of 1596	4944	chrome.exe	87
PID 4944 wrote to memory of 1596	4944	chrome.exe	87
PID 4944 wrote to memory of 1596	4944	chrome.exe	87
PID 4944 wrote to memory of 1596	4944	chrome.exe	87
PID 4944 wrote to memory of 1596	4944	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://too-gle.com/coco/joas.txt
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff550acc40,0x7fff550acc4c,0x7fff550acc58
  2⤵
  PID:4784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1896,i,17525190745922333940,6913725591793158417,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1892 /prefetch:2
  2⤵
  PID:5044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2120,i,17525190745922333940,6913725591793158417,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  PID:2956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2260,i,17525190745922333940,6913725591793158417,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2132 /prefetch:8
  2⤵
  PID:1596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,17525190745922333940,6913725591793158417,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:2732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,17525190745922333940,6913725591793158417,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:1336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4328,i,17525190745922333940,6913725591793158417,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4628 /prefetch:8
  2⤵
  PID:3748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4464,i,17525190745922333940,6913725591793158417,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3112 /prefetch:1
  2⤵
  PID:620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4980,i,17525190745922333940,6913725591793158417,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:1732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5004,i,17525190745922333940,6913725591793158417,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:2320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5160,i,17525190745922333940,6913725591793158417,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5352 /prefetch:8
  2⤵
  PID:2420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5712,i,17525190745922333940,6913725591793158417,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:2556

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3148

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3632

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1416

C:\Users\Admin\AppData\Local\Temp\Temp1_gamdome.zip\kutikolo.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_gamdome.zip\kutikolo.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1856

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap25113:76:7zEvent16757
1⤵
- Suspicious use of FindShellTrayWindow
PID:3992

C:\Users\Admin\Downloads\kutikolo.exe
"C:\Users\Admin\Downloads\kutikolo.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2736

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
242e095ee25f35e1b773f385432338dd

SHA1
0e0a910dacd99abd643521ee93ba63da37f45800

SHA256
28e7973376caf6ba5cda828864b55534376937d227d22bc76b19bc8535170649

SHA512
b56c21b07ba26a38129d3d5380dccd95e28e19754b53110ba47af90f2124397d5c3cb81e595d6a5f3984c4dfcbbd362b555c93bae0bbff2448f212da89040b36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
289854f4456d43c25d11b93c32b46438

SHA1
46291a065cd03c8bba4a7323dd4ef3ee63319b96

SHA256
82801ddaff16f9a7d43c281d65c50486d3a85eb114420e1ae390d5f85a40df36

SHA512
567d4f4f61ffa97c12d0b92912e61c801e8534b5c2c1633e180a80ca5c7588529dc22b3351a190cb814f25a659ec9cfeafefec03cd4f58f5a11c2b1c565aea0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
5a34d147f3d9711febce4f54226df4d0

SHA1
7bfdfca9d17a77a3ae4c3013d4f3de0e8718123b

SHA256
176509834e94ff378014f8c62cdc4e092cae96c99eccbc2318b6cc13a07cfb87

SHA512
42d575056512ea443a8a2c02dfb6c9ec9c01f9c470a79352eac3258f3cafc2ab4d7ee0d0adef412486421f54a87e1dfecb648108bd74c0db3ff4b2d6b1bd9fa2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7973e6d356e9582c0c33e54c59e3b776

SHA1
a3fd1452a7e375e0642422433edfa1d62cb3feb6

SHA256
51d2d3e0af88a2fcc889e45b45694c221f6b9deed53c4b442c88e0920e8ba2df

SHA512
da460e9c5536096f3c0614d0aa17fa8bdb7bb8fb3587c45f8c7bd03526958e35e391522f575f825d475957680f1a39e488cf8185042fd0fbdc95e5b2a65105e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
00a7586520aaf2b282d5e057af53179c

SHA1
f1b2358d29d40f0a1d6ba87bf10ff52091499cec

SHA256
ffad93f2009c4dcc80b4e0f78966d5df6c80c256e56a6545fef5b927f9627133

SHA512
b43d70eb727181cbbb7d11dc062a1f43c479915c45dc4638e063a383e40305345dd60e505219e6d10ef8165a3932f488840813f29dd8474d890b273c5a84ee80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a912cf57932418932224b475677d837d

SHA1
1a3d3cd597a31db08d63c1e162db76a72007773e

SHA256
3c9b12c8b4341c92415af6d7087edb245339973eb8291336f628654c5dfab2c8

SHA512
a696e0ecd92d2193cb55ba3ed4390d71a805c0334bc95a046f46d1f02752b13c9f8cd89b5342886ba9e893911bef7ae3a300043d8cbcb8a28f97c12135bf05f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e0119ea7ee2de4b66dc4687fddd50f64

SHA1
51646ba69b15521dee49c5a5207adbcb12c24655

SHA256
5540dc456c037c832703dabd47a4ecfc9b8a9eb2f5c4fbdd383537227d1c0061

SHA512
2bbb8c7c67975328198d4af2489a8924650abb9e588db6199bd459fea8b66d26557a135649c8fe664eaaadf6c87c4e7a540308bd2ee335b9da547c390b461858

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4ae5413cf43ffd5c130e6611cc857425

SHA1
9d31948f31dca5f343aeda572a9b2570f69aa650

SHA256
1de56e1c11461f62b66d5158036a0fc59cc3e4865a524bc4618eb0cd69e7f806

SHA512
c953c425cae93ba6a5dc33737498b1646cc43300787b380d279dbcf9bc6cfd187f0f974626ea1ccd21165aa9a85c54d161c12c713adfce1353fca50548a35065

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e8602d636a593c51cac370d93b8557b7

SHA1
0628c338af9408330bfb7856e30a0e90aa60cdf8

SHA256
5964aaa62907201770adaefa9c8517edeabf717be1d4328f8b1857904a0da366

SHA512
639bc77c7e038a1f699fd9c34bb988008f56fdcc61b9e149170b8eba490ac46b7af03a0076834bc3e42f164937f22543684728747e13f2c9d869128601245925

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6e820f2e1d484bc056a8f809e34b083e

SHA1
0befa4b3ffd963d102d9196c18176b16b47563c8

SHA256
d1890da0146f14c40db736611f96dcd2ba819afabe63ba17e8e578a771ba3e73

SHA512
940ba11b9a196b5039a9c98edb057bc14bc54408c9b6b261adfb9c071aca91a58bc1404fc988fa414b2dbb054b61ffd7e6f6f7c92279016b8171002d3a15e3ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
cb93d8e5f2bc9e88a4e728aa79ca139e

SHA1
d84092c94b9a91efa680ce594663b422ed9c7b79

SHA256
f23644b17e6cddc57bd6d1c7ff7700f8a574afdfd124c47f8bd65cb569843bb1

SHA512
667cd610bb399c31a53859fde9eea5586e4e10f9ed90fe26f159bd9491c66d8f58a1ccea6ac9dfb4eb3351121becb2145945238f4af002461dfa5fb8f6bc93e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
7542b23ed94953374d106b607bcd1973

SHA1
055fc43c765c73a21d5932390c71f02f535b79d5

SHA256
56d6b9295a5f6e8ee7a9eae5c4303eadc132d46ba9eac09948bf184c530e2350

SHA512
ea94caa3b1dd9751ce501d53d057b09986f5a086ed419108533ed8417aa99be72507e38e85b5f37455480a311a16984114e6d4913fea1d6c66b0a0710f54c158

Download Submit
C:\Users\Admin\Downloads\gamdome.zip.crdownload

Filesize
269KB

MD5
f165b1e3d5a0831a2e04ddf2fd4d8d5a

SHA1
6ce3fffac2c105d329ea086b006d5f9f8f9e0af7

SHA256
e30a46ebadb6e1fe28a62ca26f82ad2c3247097ceaaeef73eadfe7c8884eeb3a

SHA512
9f4f654ff6fba1e80c551cd2cf2d2c2bd8ee2a57ddba62736f89b957b6d356e80c036fa205eae14d95a7c2e9ead47888aff0483a665f3ff6509397db4de3fc2d

Download Submit
C:\Users\Admin\Downloads\kutikolo.exe

Filesize
21KB

MD5
1d5a066d6bcec7eec0c3e0b373f77a4b

SHA1
a28cf6f5effe3e922de41de3c7ba8ec0cb3e9cbc

SHA256
1ffb4f7a3351106fa161a141965a3b1cf31c2467038b2e91fd5ab6a9fb5cbec3

SHA512
89d14849bd81a6d5f1e7addb3cf8972faa097f115f9d713f7eb6bc87d70fa2a9072db4dca83347a559ee917802751bba0befa50aef7e6b984428b5f2e40abdce

Download Submit
C:\Users\Admin\Downloads\wincr.dll

Filesize
687KB

MD5
a446902ad9925ae7b03eb5103ee03f20

SHA1
1e04a528f7ee85f89681115ab192799e9328aa0a

SHA256
dadb4e4d5b95361f8e310f2cdf95c62ae74c10ce74da09641dbcf89940637cbd

SHA512
1c182ac0612c3c41d9eb2b109e638172363c0fe34e9ca6a2c10812302a9b763cacad3e05ae2c50267b06bcc329ae1b8fa24f11978a17b7c43b806757e642636d

Download Submit
memory/1856-79-0x0000000000270000-0x000000000027D000-memory.dmp

Filesize
52KB

Download
memory/2736-105-0x0000000000B90000-0x0000000000BEA000-memory.dmp

Filesize
360KB

Download
memory/2736-104-0x0000000000B90000-0x0000000000BEA000-memory.dmp

Filesize
360KB

Download
memory/2736-107-0x0000000075230000-0x00000000752E3000-memory.dmp

Filesize
716KB

Download
memory/2736-106-0x0000000000C30000-0x0000000000C3D000-memory.dmp

Filesize
52KB

Download