lumma | hxxps://github[.]com/Many3RRORS/SKRIPT-GG/blob/main/SkriptGG[.]exe

Analysis

max time kernel
23s
max time network
22s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
21-11-2024 01:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Many3RRORS/SKRIPT-GG/blob/main/SkriptGG.exe

Score

10^/10

lumma defense_evasion discovery stealer

Malware Config

Extracted

Family

lumma

https://covvercilverow.shop/api

https://surroundeocw.shop/api

https://abortinoiwiam.shop/api

https://pumpkinkwquo.shop/api

https://priooozekw.shop/api

https://deallyharvenw.shop/api

https://defenddsouneuw.shop/api

https://racedsuitreow.shop/api

https://roaddrermncomplai.shop/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma
Downloads MZ/PE file
Executes dropped EXE 1 IoCs

Processes:

SkriptGG.exe

pid process

3196 SkriptGG.exe
Loads dropped DLL 1 IoCs

Processes:

SkriptGG.exe

pid process

3196 SkriptGG.exe
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

6 raw.githubusercontent.com
20 raw.githubusercontent.com
Suspicious use of SetThreadContext 1 IoCs

Processes:

SkriptGG.exe

description pid process target process

PID 3196 set thread context of 672 3196 SkriptGG.exe aspnet_regiis.exe
Drops file in Windows directory 1 IoCs

Processes:

chrome.exe

description ioc process

File opened for modification C:\Windows\SystemTemp chrome.exe
Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs
When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.
defense_evasion

SIP and Trust Provider Hijacking
T1553.003

Processes:

chrome.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\SkriptGG.exe:Zone.Identifier chrome.exe
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

pid	process
3196	SkriptGG.exe

pid	process
3196	SkriptGG.exe

flow	ioc
6	raw.githubusercontent.com
20	raw.githubusercontent.com

description	pid	process	target process
PID 3196 set thread context of 672	3196	SkriptGG.exe	aspnet_regiis.exe

description	ioc	process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\SkriptGG.exe:Zone.Identifier	chrome.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

SkriptGG.exeaspnet_regiis.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SkriptGG.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aspnet_regiis.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133766250122948775"	chrome.exe

NTFS ADS 1 IoCs

Processes:

chrome.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\SkriptGG.exe:Zone.Identifier chrome.exe
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

3920 chrome.exe
3920 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

Processes:

chrome.exe

pid process

3920 chrome.exe
3920 chrome.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\SkriptGG.exe:Zone.Identifier	chrome.exe

Suspicious use of AdjustPrivilegeToken 46 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

Processes:

chrome.exe

pid	process
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

chrome.exe

pid	process
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3920 wrote to memory of 3176	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 3176	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 4180	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 4180	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 4180	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 4180	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 4180	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 4180	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 4180	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 4180	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 4180	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 4180	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 4180	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 4180	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 4180	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 4180	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 4180	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 4180	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 4180	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 4180	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 4180	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 4180	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 4180	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 4180	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 4180	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 4180	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 4180	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 4180	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 4180	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 4180	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 4180	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 4180	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 680	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 680	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 4432	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 4432	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 4432	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 4432	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 4432	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 4432	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 4432	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 4432	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 4432	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 4432	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 4432	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 4432	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 4432	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 4432	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 4432	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 4432	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 4432	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 4432	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 4432	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 4432	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 4432	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 4432	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 4432	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 4432	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 4432	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 4432	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 4432	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 4432	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 4432	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 4432	3920	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Many3RRORS/SKRIPT-GG/blob/main/SkriptGG.exe
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8feaacc40,0x7ff8feaacc4c,0x7ff8feaacc58
  2⤵
  PID:3176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1832,i,12570133872496417241,10070631077608040653,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1828 /prefetch:2
  2⤵
  PID:4180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1720,i,12570133872496417241,10070631077608040653,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1928 /prefetch:3
  2⤵
  PID:680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2216,i,12570133872496417241,10070631077608040653,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2284 /prefetch:8
  2⤵
  PID:4432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3064,i,12570133872496417241,10070631077608040653,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3088 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3092,i,12570133872496417241,10070631077608040653,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3128 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4516,i,12570133872496417241,10070631077608040653,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4528 /prefetch:8
  2⤵
  PID:1692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4960,i,12570133872496417241,10070631077608040653,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4968 /prefetch:8
  2⤵
  PID:3236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4956,i,12570133872496417241,10070631077608040653,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5140 /prefetch:8
  2⤵
  PID:1992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3696,i,12570133872496417241,10070631077608040653,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5368 /prefetch:8
  2⤵
  PID:3504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5292,i,12570133872496417241,10070631077608040653,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5172 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:4636
- C:\Users\Admin\Downloads\SkriptGG.exe
  "C:\Users\Admin\Downloads\SkriptGG.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  PID:3196
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:672

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3240

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
c1342b3d04fdd71015e5f4625fadc81e

SHA1
01dd23f975c52a80ac1945c16630e14ddcdaf9bc

SHA256
8800a64d03fc1d24c70b784e4fc529b67af04d46bd85b6915d75e526bfdc6334

SHA512
968e5147febdddae40d982145f9e679572fa6503ad1dada0b8d600b9185054216b1a2c74c951552631de15677a1a86e77044eef797b1f73eea62d4a813e28221

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
feecced02352eb38c4afda12bfda8631

SHA1
2bd94d5def3745294db6aa355d4818003091228b

SHA256
ad80c2140e1a7d2c7cc28da656d2b319eeb0222831dcdb015ae206c1d0e4e002

SHA512
917a0ca7de8a19c42c957d2dfe019d9e06bbe29ba241738959bd770980cffa4318d9862cfa5fbbc0554f4a920c12dd005a60208af764afb0f37c4d965d9ad260

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c10366b2cac953cb4516747440e08bd5

SHA1
dc867888fd86862d3065e32f2b1d9be99a33e17a

SHA256
960cffb6fbb6b075b05f24e3c750e311f26c330b2ac7dbe10a0cbbb7038c28f9

SHA512
83607d9bbdc610c6d54ed715ef80a904acf8048c02eb912efa42c56b83bce48bd36dfae43fc94a0539760f32367e2f122cdca51b1cb7d40f6b133fafa9750e79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3efa22b1da9af09f412df32abcdeab86

SHA1
65ff7b9f02f9ddb4b05a2443454ee56c8b45a8c6

SHA256
709e824aae077088470e6f395836adc69ffff1ec2180f330d8a7a24754717362

SHA512
26bd43e523d03d7e105dd50b36d2769e92235e61c152618052625f5ff14cd17fc9cdbc9e906e8435b5e8d769682028932a5f500c3eb8bdbbb2fd53a2eeaf6243

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
299b909548753aa4f63258ee692e96fa

SHA1
ec663706f2c1e23915f745938a243adc941bc3af

SHA256
a14ce134a5590f243c8e3f84acf6004ad4e5a51acb3120c30d1073a262ee1823

SHA512
5eef68ef809525a4539a6a538b9f53e444110a2f8f798ce8b1e0f1407f5aaced960e850883b1f4640271d4fe4ab78de6b126099066be882832b6abf83143e1b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
4498d7846822e49077d40065251adf5d

SHA1
fc8988195c74489f17d7e60f82a11ed531948c00

SHA256
df89bdf8df11772159923c8fa915b7fbce527fe0ebbab10d82e8538159f88af6

SHA512
9bd580a92ed0da4ca7394140e01e65b66078f19b9dcf09bdd6e6a5f184549bda8c99684a42f6170a8ab6a147f27897da3499a400ae1d2fd04afb39c23cb85db6

Download Submit
C:\Users\Admin\AppData\Roaming\msvcp110.dll

Filesize
642KB

MD5
9bc424be13dca227268ab018dca9ef0c

SHA1
f6f42e926f511d57ef298613634f3a186ec25ddc

SHA256
59d3999d0989c9c91dae93c26499f5a14b837a0fe56e6fc29f57456f54a1f8a2

SHA512
70a1abb35bd95efc40af6653d5db2e155fab9a8575b7ae5b69ab3fbcd60925c66a675dac6cba57564a430e9b92f1a2ea9e912c4d7f356b82696ed77e92b52715

Download Submit
C:\Users\Admin\Downloads\SkriptGG.exe

Filesize
550KB

MD5
ee6be1648866b63fd7f860fa0114f368

SHA1
42cab62fff29eb98851b33986b637514fc904f4b

SHA256
e17bf83e09457d8cecd1f3e903fa4c9770e17e823731650a453bc479591ac511

SHA512
d6492d3b3c1d94d6c87b77a9a248e8c46b889d2e23938ddb8a8e242caccb23e8cd1a1fbeffee6b140cf6fd3ea7e8da89190286a912032ce4a671257bd8e3e28a

Download Submit
C:\Users\Admin\Downloads\SkriptGG.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
\??\pipe\crashpad_3920_JPKVGJUYHUCCUYZZ

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/672-192-0x0000000000400000-0x0000000000465000-memory.dmp

Filesize
404KB

Download
memory/672-196-0x0000000000400000-0x0000000000465000-memory.dmp

Filesize
404KB

Download
memory/672-198-0x0000000000400000-0x0000000000465000-memory.dmp

Filesize
404KB

Download
memory/3196-191-0x00000000748F0000-0x00000000750A1000-memory.dmp

Filesize
7.7MB

Download
memory/3196-194-0x0000000076570000-0x00000000765D6000-memory.dmp

Filesize
408KB

Download
memory/3196-197-0x00000000748F0000-0x00000000750A1000-memory.dmp

Filesize
7.7MB

Download
memory/3196-184-0x00000000003D0000-0x0000000000460000-memory.dmp

Filesize
576KB

Download
memory/3196-183-0x00000000748FE000-0x00000000748FF000-memory.dmp

Filesize
4KB

Download