lumma | hxxps://guaicui[.]com[.]br/wp-content/plugins/captcha/js/file[.]zip

Analysis

max time kernel
122s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20250129-en
resource tags

arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
submitted
31/01/2025, 11:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://guaicui.com.br/wp-content/plugins/captcha/js/file.zip

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

https://toppyneedus.biz/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 5064 set thread context of 4980	5064	Update.exe	103
PID 4284 set thread context of 688	4284	Update.exe	110

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aspnet_wp.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aspnet_wp.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133827964903384442"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2089655958-977706906-1981639424-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
660	Process not Found
660	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
968	chrome.exe
968	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeDebugPrivilege	5064	Update.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe

Suspicious use of FindShellTrayWindow 45 IoCs

pid	Process
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 968 wrote to memory of 3396	968	chrome.exe	83
PID 968 wrote to memory of 3396	968	chrome.exe	83
PID 968 wrote to memory of 4860	968	chrome.exe	85
PID 968 wrote to memory of 4860	968	chrome.exe	85
PID 968 wrote to memory of 4860	968	chrome.exe	85
PID 968 wrote to memory of 4860	968	chrome.exe	85
PID 968 wrote to memory of 4860	968	chrome.exe	85
PID 968 wrote to memory of 4860	968	chrome.exe	85
PID 968 wrote to memory of 4860	968	chrome.exe	85
PID 968 wrote to memory of 4860	968	chrome.exe	85
PID 968 wrote to memory of 4860	968	chrome.exe	85
PID 968 wrote to memory of 4860	968	chrome.exe	85
PID 968 wrote to memory of 4860	968	chrome.exe	85
PID 968 wrote to memory of 4860	968	chrome.exe	85
PID 968 wrote to memory of 4860	968	chrome.exe	85
PID 968 wrote to memory of 4860	968	chrome.exe	85
PID 968 wrote to memory of 4860	968	chrome.exe	85
PID 968 wrote to memory of 4860	968	chrome.exe	85
PID 968 wrote to memory of 4860	968	chrome.exe	85
PID 968 wrote to memory of 4860	968	chrome.exe	85
PID 968 wrote to memory of 4860	968	chrome.exe	85
PID 968 wrote to memory of 4860	968	chrome.exe	85
PID 968 wrote to memory of 4860	968	chrome.exe	85
PID 968 wrote to memory of 4860	968	chrome.exe	85
PID 968 wrote to memory of 4860	968	chrome.exe	85
PID 968 wrote to memory of 4860	968	chrome.exe	85
PID 968 wrote to memory of 4860	968	chrome.exe	85
PID 968 wrote to memory of 4860	968	chrome.exe	85
PID 968 wrote to memory of 4860	968	chrome.exe	85
PID 968 wrote to memory of 4860	968	chrome.exe	85
PID 968 wrote to memory of 4860	968	chrome.exe	85
PID 968 wrote to memory of 4860	968	chrome.exe	85
PID 968 wrote to memory of 4436	968	chrome.exe	86
PID 968 wrote to memory of 4436	968	chrome.exe	86
PID 968 wrote to memory of 4568	968	chrome.exe	87
PID 968 wrote to memory of 4568	968	chrome.exe	87
PID 968 wrote to memory of 4568	968	chrome.exe	87
PID 968 wrote to memory of 4568	968	chrome.exe	87
PID 968 wrote to memory of 4568	968	chrome.exe	87
PID 968 wrote to memory of 4568	968	chrome.exe	87
PID 968 wrote to memory of 4568	968	chrome.exe	87
PID 968 wrote to memory of 4568	968	chrome.exe	87
PID 968 wrote to memory of 4568	968	chrome.exe	87
PID 968 wrote to memory of 4568	968	chrome.exe	87
PID 968 wrote to memory of 4568	968	chrome.exe	87
PID 968 wrote to memory of 4568	968	chrome.exe	87
PID 968 wrote to memory of 4568	968	chrome.exe	87
PID 968 wrote to memory of 4568	968	chrome.exe	87
PID 968 wrote to memory of 4568	968	chrome.exe	87
PID 968 wrote to memory of 4568	968	chrome.exe	87
PID 968 wrote to memory of 4568	968	chrome.exe	87
PID 968 wrote to memory of 4568	968	chrome.exe	87
PID 968 wrote to memory of 4568	968	chrome.exe	87
PID 968 wrote to memory of 4568	968	chrome.exe	87
PID 968 wrote to memory of 4568	968	chrome.exe	87
PID 968 wrote to memory of 4568	968	chrome.exe	87
PID 968 wrote to memory of 4568	968	chrome.exe	87
PID 968 wrote to memory of 4568	968	chrome.exe	87
PID 968 wrote to memory of 4568	968	chrome.exe	87
PID 968 wrote to memory of 4568	968	chrome.exe	87
PID 968 wrote to memory of 4568	968	chrome.exe	87
PID 968 wrote to memory of 4568	968	chrome.exe	87
PID 968 wrote to memory of 4568	968	chrome.exe	87
PID 968 wrote to memory of 4568	968	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://guaicui.com.br/wp-content/plugins/captcha/js/file.zip
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb0680cc40,0x7ffb0680cc4c,0x7ffb0680cc58
  2⤵
  PID:3396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2000,i,1861426992196212439,15989075768049810290,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=2004 /prefetch:2
  2⤵
  PID:4860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1944,i,1861426992196212439,15989075768049810290,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=2128 /prefetch:3
  2⤵
  PID:4436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2268,i,1861426992196212439,15989075768049810290,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=2460 /prefetch:8
  2⤵
  PID:4568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,1861426992196212439,15989075768049810290,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3120,i,1861426992196212439,15989075768049810290,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:4104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4768,i,1861426992196212439,15989075768049810290,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=4788 /prefetch:8
  2⤵
  PID:3348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4680,i,1861426992196212439,15989075768049810290,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=5036 /prefetch:8
  2⤵
  PID:4488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=208,i,1861426992196212439,15989075768049810290,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=5264 /prefetch:8
  2⤵
  PID:2648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5248,i,1861426992196212439,15989075768049810290,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=3828 /prefetch:8
  2⤵
  PID:4048

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3092

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3408

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5104

C:\Users\Admin\Downloads\file\Update.exe
"C:\Users\Admin\Downloads\file\Update.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:5064
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4980

C:\Users\Admin\Downloads\file\Update.exe
"C:\Users\Admin\Downloads\file\Update.exe"
1⤵
- Suspicious use of SetThreadContext
PID:4284
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:688

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
963d39299cfb60c9762cf57f50427319

SHA1
17b37eb445afc40de279bc3738d4bfc1b2bf990a

SHA256
17192a4781c1a8b2c0259a51ccb3f9a26e9e9d728e16ef212f67d45ae30b7a61

SHA512
1447476ad853cc3589ddd9aa0a823745cc32e5a0a2a8a7e6aa07aa1770cb2ca508a78de52b2a0388ee0e805ef7cdcc8d9ede3c4d0265f4ca4a4542528f2e870f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
24665f65ce2269070655e53cb41499d2

SHA1
5197cdb7d25669d98e932313a3c2f9a7fde0d79c

SHA256
7f286808833b660fe28ee2296b1b366105b3fd8ea94dcf5098d3aba38148c1a6

SHA512
1dd1918a0ef0ec0e8bd355b45251eaa9159e6a36e46125e0f336344d0f5eb7ffe30956e9bbf00e1969afc0faef7a52d7e8f54df676525e9ff940b2206cd2ca93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
5ab0b1a7e35681d609a2df8403085109

SHA1
66e42b0cd532234ae89780e03408c4e6ef92dd60

SHA256
3544a4ef82f4465458288725795c0430b9c0879881e63b50f30f8bf55aaa855a

SHA512
79bfdd19fb203784c707b9a1fbdea9475e3c7fd80f963345b748fa1cfb28ff7de8048dce3c20d41d60c115fbb3024daba7133112c30fdeec3822f6fcc0c1e565

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
f1784463c6a327c4cd70842174ca3467

SHA1
64dec15bc17f895368e8ccc6d6d9c44f0e8443c0

SHA256
d25b87103acb0b7d1ef411f245e992c3272acc1f33f6bd773977af9b29c3252b

SHA512
1a0a83b1618156d10335f71ba582f25a0e41ee810c9d93881b18e3439c54b2585be7ebb886d7c7f5f6cbf18452be79d5f430de999d6b40c7839869fde3563ac8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
5760090c373ff66ba43b7ac8d320241e

SHA1
ff254194a3ff6f0007f5f3fb7d56e5a899f4bbc8

SHA256
96ce37c6758d18beed7be17f276e446589375e665a581adaa8d711a323716037

SHA512
0c3d03ed73023cb730c1500a89ec83945ba604003046c7d51abbecc44bd3b68a607febf48d4a068f2d9a43c8c4c1f9b4be93c548c1dfc978d32798d8332bd098

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
a8bef548129df7110835f6e7b398ced1

SHA1
eeecf49a0ce152c1f2e94c9ebd149e09a6fdbde5

SHA256
edbe1f340d1d1dfd6a3146d13bca6e820843559029100f8d779d3a99536f07ee

SHA512
71b2cfd544fa5d31907e336f80f69150fd6688a63e3e96a274c087da9d7fd6dea7f86e4c71799c8696ae6c8c76ae959b2d8cd4fad1206648b81b9f8cab6af479

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
b4d3fcc1af8b91c1c51d79e0cc1f0b37

SHA1
024cf39b4f5aab65dce90feb99c0e398a111ab9b

SHA256
a704aaa1430dadb8561634308b7191880fe529d4000c67b94c805a27bb58f039

SHA512
ec98fc378b7d9c70d48bb34bce757baa255d2c92ba827828306f87171b4fd3ea396b0bd96ca1df3edae3ecbaf6145fbaacd750a8d96f1fba4b4df1d49c9712af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_1

Filesize
264KB

MD5
c73b4d8dc87fb4677778affe23725fc1

SHA1
d116e19c6fcc42af55f1afd870dc15e2405ac7fd

SHA256
bf4ec11fbd1bba35e8e562529079141a35a3904ff62a45ca8511ed2d2adeec87

SHA512
4cc6719136654bf58ca0f0620ed8dd6c07c6051b1309fda0c44bbfb636ac6780063d2ce7b3109558a7c7e19d89726388a015bafe054395b884bdd772f2417fe5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
177KB

MD5
11b3de3371d82542b44e719f391df1e5

SHA1
36ad21a1c5321bee7f3e0854f4f0edf9ce19b714

SHA256
9fc7919fa3c0eb5aa45294a3c787df356707880dfdfb0ed4efa2eb1d2fdc0b8c

SHA512
b60a123eecfba983e5d43d70bf7e78f0121c05236d02de66cfc74187b1c2dce6ca827fcd89fb93014bff25aba53a89d126949fc303d6f6f988dc76641bffff54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
124KB

MD5
0c46d2a84a8891ca4c55e9f7f1c034c9

SHA1
5e2a2812b85ad7d09a093dd20c94fc54354d55d2

SHA256
394899b8c14f4c6b0b6b12cb6d196dc38e8b2de986680b99ac6612af7e30d6e3

SHA512
d7f44a2322e931c9c93ed0f2c825fd39ffe33cb798506a3a25fcefc4fc31eb16da1478619c8d52b9f323c6a2d53d03d7c1dc23566e81455d3f4563cfdb0debed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
124KB

MD5
fa6f1349e11e8f8ae3935fc6f6a2baba

SHA1
018b6c6897321725af1ee7413d9851eda7e8dc85

SHA256
6954aa81ed83028148b0db79fc736c0e8065d8e86bf80eaa0e7820a12d034313

SHA512
55fd14164e629562c8f2724cf3f6102f1f6014eec6dd6cdab061b2dc584b61dc32664c6d4921b9875e8eb873416ec0148625d22ed330e98f6f098b0aa395771a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
125KB

MD5
b469429fb60360a43554a627867f3efb

SHA1
68557a33ffa0eef85f8ab920c8758348527847e5

SHA256
69ec8629c2162f4e04abcc76a41499325c92c8f55a84b700667299dec211e8a6

SHA512
45c5e3c1bec355677726862ba82645760c50e8960f9b4b9fe5fcab3a581707986413398e51d88005e3ccdcef91dd980312ef5f17623f34e23f52e5d5f87c671d

Download Submit
C:\Users\Admin\Downloads\file.zip.crdownload

Filesize
8.0MB

MD5
8a45b21de5ec621169f2e77ae96d2faf

SHA1
699046761789e3b1e18468e509f670b3347e67a3

SHA256
9077ef03723211f1f5cb3f26bc292f162d5de9900778042db47d74e437216142

SHA512
c045e0e6513e85ca4416982de9d83ed4565d811c6532ad1ccbc4c827aed85bd31a014df164a87e9e7cc7a2908e50d82c821d553da5e273f62151fda85292a463

Download Submit
memory/4284-94-0x00000000008C0000-0x00000000008D0000-memory.dmp

Filesize
64KB

Download
memory/4980-59-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/4980-58-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/4980-57-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/4980-55-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/5064-54-0x0000000001600000-0x0000000001610000-memory.dmp

Filesize
64KB

Download