Analysis Overview
Threat Level: Known bad
The file https://github.com/topics/roblox-hacks?o=desc&s=updated was found to be: Known bad.
Malicious Activity Summary
Lumma Stealer
Legitimate hosting services abused for malware hosting/C2
Suspicious use of SetThreadContext
Drops file in Windows directory
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Modifies registry class
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Checks SCSI registry key(s)
Modifies data under HKEY_USERS
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-22 16:24
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-22 16:24
Reported
2024-02-22 16:28
Platform
win10-20240221-en
Max time kernel
231s
Max time network
228s
Command Line
Signatures
Lumma Stealer
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | camo.githubusercontent.com | N/A | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 2256 set thread context of 4700 | N/A | C:\Users\Admin\Downloads\Gh-Installer.2\Gh-Installer.exe | C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
| PID 4104 set thread context of 832 | N/A | C:\Users\Admin\Downloads\Gh-Installer.2\Gh-Installer.exe | C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
| PID 1868 set thread context of 4252 | N/A | C:\Users\Admin\Downloads\Gh-Installer.2\Gh-Installer.exe | C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
| PID 4336 set thread context of 1328 | N/A | C:\Users\Admin\Downloads\Gh-Installer.2\Gh-Installer.exe | C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
| PID 1404 set thread context of 1520 | N/A | C:\Users\Admin\Downloads\Gh-Installer.2\Gh-Installer.exe | C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\rescache\_merged\1601268389\3877292338.pri | C:\Windows\system32\taskmgr.exe | N/A |
| File created | C:\Windows\rescache\_merged\4183903823\810424605.pri | C:\Windows\system32\taskmgr.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\taskmgr.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133530926935489691" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/topics/roblox-hacks?o=desc&s=updated
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff9a2b89758,0x7ff9a2b89768,0x7ff9a2b89778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1792 --field-trial-handle=1840,i,18446592626449405749,91000633690997691,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2068 --field-trial-handle=1840,i,18446592626449405749,91000633690997691,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2848 --field-trial-handle=1840,i,18446592626449405749,91000633690997691,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1840,i,18446592626449405749,91000633690997691,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2856 --field-trial-handle=1840,i,18446592626449405749,91000633690997691,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4648 --field-trial-handle=1840,i,18446592626449405749,91000633690997691,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4760 --field-trial-handle=1840,i,18446592626449405749,91000633690997691,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4744 --field-trial-handle=1840,i,18446592626449405749,91000633690997691,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4880 --field-trial-handle=1840,i,18446592626449405749,91000633690997691,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 --field-trial-handle=1840,i,18446592626449405749,91000633690997691,131072 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Users\Admin\Downloads\Gh-Installer.2\Gh-Installer.exe
"C:\Users\Admin\Downloads\Gh-Installer.2\Gh-Installer.exe"
C:\Users\Admin\Downloads\Gh-Installer.2\Gh-Installer.exe
"C:\Users\Admin\Downloads\Gh-Installer.2\Gh-Installer.exe"
C:\Users\Admin\Downloads\Gh-Installer.2\Gh-Installer.exe
"C:\Users\Admin\Downloads\Gh-Installer.2\Gh-Installer.exe"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Users\Admin\Downloads\Gh-Installer.2\Gh-Installer.exe
"C:\Users\Admin\Downloads\Gh-Installer.2\Gh-Installer.exe"
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 --field-trial-handle=1840,i,18446592626449405749,91000633690997691,131072 /prefetch:2
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Users\Admin\Downloads\Gh-Installer.2\Gh-Installer.exe
"C:\Users\Admin\Downloads\Gh-Installer.2\Gh-Installer.exe"
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2072 --field-trial-handle=1840,i,18446592626449405749,91000633690997691,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4904 --field-trial-handle=1840,i,18446592626449405749,91000633690997691,131072 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | github.com | udp |
| DE | 140.82.121.3:443 | github.com | tcp |
| DE | 140.82.121.3:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | repository-images.githubusercontent.com | udp |
| US | 185.199.108.133:443 | repository-images.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | repository-images.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | repository-images.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 216.58.204.74:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | 154.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| DE | 140.82.121.6:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 6.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.114.82.140.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| GB | 216.58.204.74:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | turkeyunlikelyofw.shop | udp |
| US | 172.67.202.191:443 | turkeyunlikelyofw.shop | tcp |
| US | 8.8.8.8:53 | chocolatedepressofw.fun | udp |
| US | 8.8.8.8:53 | lighterepisodeheighte.fun | udp |
| US | 8.8.8.8:53 | problemregardybuiwo.fun | udp |
| US | 8.8.8.8:53 | prescriptionstorageag.fun | udp |
| US | 8.8.8.8:53 | edurestunningcrackyow.fun | udp |
| US | 8.8.8.8:53 | pooreveningfuseor.pw | udp |
| US | 8.8.8.8:53 | 191.202.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | associationokeo.shop | udp |
| US | 172.67.202.191:443 | turkeyunlikelyofw.shop | tcp |
| US | 104.21.10.242:443 | associationokeo.shop | tcp |
| US | 172.67.202.191:443 | turkeyunlikelyofw.shop | tcp |
| US | 104.21.10.242:443 | associationokeo.shop | tcp |
| US | 104.21.10.242:443 | associationokeo.shop | tcp |
| US | 8.8.8.8:53 | 242.10.21.104.in-addr.arpa | udp |
| US | 172.67.202.191:443 | turkeyunlikelyofw.shop | tcp |
| US | 8.8.8.8:53 | chocolatedepressofw.fun | udp |
| US | 8.8.8.8:53 | lighterepisodeheighte.fun | udp |
| US | 8.8.8.8:53 | problemregardybuiwo.fun | udp |
| US | 8.8.8.8:53 | prescriptionstorageag.fun | udp |
| US | 8.8.8.8:53 | edurestunningcrackyow.fun | udp |
| US | 8.8.8.8:53 | pooreveningfuseor.pw | udp |
| US | 104.21.10.242:443 | associationokeo.shop | tcp |
| US | 8.8.8.8:53 | 23.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| DE | 140.82.121.5:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 5.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.113.82.140.in-addr.arpa | udp |
| US | 172.67.202.191:443 | turkeyunlikelyofw.shop | tcp |
| US | 8.8.8.8:53 | chocolatedepressofw.fun | udp |
| US | 8.8.8.8:53 | lighterepisodeheighte.fun | udp |
| US | 8.8.8.8:53 | problemregardybuiwo.fun | udp |
| US | 8.8.8.8:53 | prescriptionstorageag.fun | udp |
| US | 8.8.8.8:53 | edurestunningcrackyow.fun | udp |
| US | 8.8.8.8:53 | pooreveningfuseor.pw | udp |
| US | 104.21.10.242:443 | associationokeo.shop | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 4.178.250.142.in-addr.arpa | udp |
Files
\??\pipe\crashpad_3504_LJBGGAQSIWAARGSW
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 5d64074dadee8bc05a78493ea908aaa6 |
| SHA1 | bd8a0d3ca7bf88795604600e16cbd7008592d8e3 |
| SHA256 | 7433d3bf184d7ba0e1e0d0a27485a7b6a5703a105e0970f8cbce9e24804da33b |
| SHA512 | 2a2ab6cba0773c320d0424f1959cf3694cc472918403a99db45a88764c2ae3fd3362d8adc8e859ccd38bad7ae9b03e74d480e0213e8b3441a4608ce363748d75 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a66add9dfd3021db01e3cd4bea3b9bb4 |
| SHA1 | c665cfa8c91dd2d159b79f727696a0f0f104bae5 |
| SHA256 | 7c75510a2186eb29f706817a551f79c11493ca61dc539c16c07a07dc1ce83ff2 |
| SHA512 | 2cb6c7898a0a6872f5053333185658c5ce0177a859ca5e2ad32cc20eb94c2f3e8b2435596f6f605725899b2ecf17092d7579c5ffdee7214fe0394e88b631d697 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 6467f475d1e7469ec753531a05b8d177 |
| SHA1 | 56c329834a77a9572bb97a8e1b50be74150a3b71 |
| SHA256 | fde298de37e2e7a549bb443c986d861ee2357a9211779f97a271c940b8476b45 |
| SHA512 | baab9c72795270ac221bbbb6f98a219a19b122deddb302e4da35840e0f3675c6dfd3a30c92e920ba5b51033aacdd499c3ff7e5a11d94e84834e89b201ae9e193 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | dc7f9173f551663218279ac6f4c876cd |
| SHA1 | d2ba464fb43e95e382bdb271fdbf46407494a0e5 |
| SHA256 | bed75e844bbec25261e9f7fd6d0aa742a577fd0533aea200f9101604afca6fbd |
| SHA512 | d911e3b6d43017d00c69d12b556a04b2f0fae27b90c73329dd616af20fed83835db9be85cbdb41c5769d0a2947ca96f7c9ebe2616ad41be62263e917b46f6bb3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | bbb278db05d5a15f51fa8d812560eedc |
| SHA1 | 46344d3fab2a230077510e071a5d77735cf7d184 |
| SHA256 | 0b3a2e0e57c72349fab7e733b69a9a584f7821cc5525dc0340471774d9f93687 |
| SHA512 | 050b7ecc56d1d7c53a4183c63155dfcb72641fb8d0f7d6aab4bbaec9fe917bd1fa9f36efa8b27a3abb67550723a4c20fef032989da657c26686922eef0dc6cd1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b58b043bc1a9a4375f33795cce9ec77b |
| SHA1 | 7f7f705f4fad41fa88d3d8e0ffcb31691fa894a6 |
| SHA256 | 3e350a763b556a4f3608e03b055bd7942076ba2592d48b58213af1e5c0f75319 |
| SHA512 | 886cb73bb0d1bdc8c9c79f9c4bafc63da21f0f60e7e1f8188483d8b17834b54660e662ab86b9e1a42a78e56caed5e0f4372c45b912b3ef546356c387a3375f5c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 0fd8c0bfbfc54d6cd0e0192094611df3 |
| SHA1 | bcc9dda219024cf41a2701ec07087ac134cd5094 |
| SHA256 | 88b47e77b7af2e1638e061abc401c8cd76afafb66c582f5e546b3c78d919b52c |
| SHA512 | 9bf773b874b99babf3c88539119857999b3f113944edc709f2cba05a6c597428ee7998dc5cc79dbd76a18aec6e167a62178608719353f2a5f2e9b846f953d617 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 595c23ff9c7192abc3ad44f6e48b8678 |
| SHA1 | d0b280f2489289f84d87e86226a8001fd2c93a5f |
| SHA256 | 2e808ecb4c99a2c601be0c9df59ad3711d75798ba848a7f446b56e17d648ca0b |
| SHA512 | 71ef99a4875411899b209853b45fd7cf5e43998779bd04039063d0fb829111ede23fe54fa70ceede73f65b57a4fba7dc4b82424ec469111869524982c2f29d3e |
C:\Users\Admin\Downloads\Gh-Installer.2.zip.crdownload
| MD5 | 7cb35c49e6c135ea6de98a582f9a6a4f |
| SHA1 | 87f6f7b2c2b77560d9486a2fd4218efdaa5eb599 |
| SHA256 | f69c3c12dda46207e8d095bc36de8acd4fe60c09635ccb3a1aa22bd6c24a30bc |
| SHA512 | d3daea056327169a6807345436e74f7674cff1aad00861947942969d40e869385704f66a279c8754563daebd4d3a5c31bd4273284504864f5921025f33acbe2e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d10720b55ccd262073448c7610049544 |
| SHA1 | 1dc7ca8acdd1f0a2e0f861c604eebd9c09e1b4e9 |
| SHA256 | 718a943bdc10232f6bc4c7a65112228a1667b690e0e45300c8961548b08e448d |
| SHA512 | 1230085e2972169b83c70e669e7f250fce173a75ae32a808458557524d94a06d691ed46467e03b2f0eb2828c847deeb48016910eb9facb42a8ea7d1356c2464c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\b9527eba-80d6-45d8-bbaa-abe97a26ab00.tmp
| MD5 | 2a094d9fefb077e3b0f056381b0f3bfd |
| SHA1 | abf5e28185d7c9dc224af50603759c1ea9065ef5 |
| SHA256 | 44812ca118b256a2824584dabea0b0fa5cde6b2cdead1e47843cf53df4582ae2 |
| SHA512 | 0b0531ef17849e6a61e5d31078478eca7dfd4e8d6dcf1fa53474c83dc446afcf87c67e76caaf808cd3b40c8b0e1b8649de417efcfc55c598b7b060a175809030 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | b5da63f60d8c76b8005516f698f87e63 |
| SHA1 | e497d1cdbc25bc6bddb7ce61ccd08c8dcbe951eb |
| SHA256 | 169268513311225dd47829a9b61df1adf9414cb47601f1a8d2431214e22772fb |
| SHA512 | 14b43a5594afa6c27e080da98eb09db14bab20d653aa56f41ed44c7564aca287446dbc4c58b78e96469202126e95f8a170457ab779afa57df5ebbcd47e6e2ca2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57fed2.TMP
| MD5 | d43ab814bad348f6d7568bddaffe6209 |
| SHA1 | 174b3e11ce1b86742e1e0c16d3b0c8f735ec5213 |
| SHA256 | 1248a9af30c354b18a10678dd7a1d93a72523fe004d116776e70e29136da72ee |
| SHA512 | de15a0e90accba493bcff0b68598ca8043a640e50baff175b87c97a6927b66115dafd1b57265edcf6e201f928d638f1fbd5e4afeac0bb36c34e9f8930cb923a9 |
memory/2256-330-0x00007FF608980000-0x00007FF60973F000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 74fbcab616180d1e2d09fe67803a4bba |
| SHA1 | bfda8d1742bcfe373314354c90dc87b02df6ad32 |
| SHA256 | 5270f4664ac79248e2a036f9c85038b5646eab6e90eb2e7b92078693c4927fd7 |
| SHA512 | 1c19dea704dd533a392b268317cececeec5191f5ea1d5d0ffe76d861a4da44e3991b72351180bbd00693365c8d633fcdb190199b0457bfc86a1429a81bd6bc58 |
memory/2256-349-0x00007FF608980000-0x00007FF60973F000-memory.dmp
memory/4104-350-0x00007FF608980000-0x00007FF60973F000-memory.dmp
memory/2256-351-0x00007FF608980000-0x00007FF60973F000-memory.dmp
memory/1868-352-0x00007FF608980000-0x00007FF60973F000-memory.dmp
memory/4104-360-0x00007FF608980000-0x00007FF60973F000-memory.dmp
memory/2256-367-0x00007FF608980000-0x00007FF60973F000-memory.dmp
memory/1868-368-0x00007FF608980000-0x00007FF60973F000-memory.dmp
memory/4700-369-0x0000000000C00000-0x0000000000C49000-memory.dmp
memory/2256-371-0x00007FF608980000-0x00007FF60973F000-memory.dmp
memory/4700-372-0x0000000000C00000-0x0000000000C49000-memory.dmp
memory/4700-373-0x0000000000C00000-0x0000000000C49000-memory.dmp
memory/4104-374-0x00007FF608980000-0x00007FF60973F000-memory.dmp
memory/832-375-0x0000000002F60000-0x0000000002FA9000-memory.dmp
memory/832-378-0x0000000002F60000-0x0000000002FA9000-memory.dmp
memory/4104-376-0x00007FF608980000-0x00007FF60973F000-memory.dmp
memory/832-380-0x0000000003320000-0x0000000003360000-memory.dmp
memory/832-379-0x0000000002F60000-0x0000000002FA9000-memory.dmp
memory/832-383-0x0000000003320000-0x0000000003360000-memory.dmp
memory/4252-381-0x0000000000550000-0x0000000000599000-memory.dmp
memory/832-382-0x0000000003320000-0x0000000003360000-memory.dmp
memory/4252-386-0x0000000000550000-0x0000000000599000-memory.dmp
memory/832-385-0x0000000003320000-0x0000000003360000-memory.dmp
memory/1868-389-0x00007FF608980000-0x00007FF60973F000-memory.dmp
memory/4252-390-0x0000000000550000-0x0000000000599000-memory.dmp
memory/832-387-0x0000000003320000-0x0000000003360000-memory.dmp
memory/832-388-0x0000000003320000-0x0000000003360000-memory.dmp
memory/4336-391-0x00007FF608980000-0x00007FF60973F000-memory.dmp
memory/4336-392-0x00007FF608980000-0x00007FF60973F000-memory.dmp
memory/4336-404-0x00007FF608980000-0x00007FF60973F000-memory.dmp
memory/1328-405-0x0000000000380000-0x00000000003C9000-memory.dmp
memory/4336-406-0x00007FF608980000-0x00007FF60973F000-memory.dmp
memory/1328-408-0x0000000000380000-0x00000000003C9000-memory.dmp
memory/1328-410-0x00000000003F0000-0x00000000003F1000-memory.dmp
memory/1328-409-0x0000000000380000-0x00000000003C9000-memory.dmp
memory/1404-412-0x00007FF608980000-0x00007FF60973F000-memory.dmp
memory/1404-415-0x00007FF608980000-0x00007FF60973F000-memory.dmp
memory/1520-418-0x00000000001B0000-0x00000000001F9000-memory.dmp
memory/1404-419-0x00007FF608980000-0x00007FF60973F000-memory.dmp
memory/1520-421-0x00000000001B0000-0x00000000001F9000-memory.dmp
memory/1520-422-0x00000000001B0000-0x00000000001F9000-memory.dmp
memory/1520-423-0x0000000000D60000-0x0000000000E60000-memory.dmp
memory/1520-424-0x0000000000C20000-0x0000000000C60000-memory.dmp
memory/1520-425-0x0000000000C20000-0x0000000000C60000-memory.dmp
memory/1520-426-0x0000000000C20000-0x0000000000C60000-memory.dmp
memory/1520-427-0x0000000000C20000-0x0000000000C60000-memory.dmp
memory/1520-428-0x0000000000C20000-0x0000000000C60000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6a5d2b983a0d10f36ce7f68aa1a92106 |
| SHA1 | 1c2926f63188d0ce1384c09df743c18d53f4dfa1 |
| SHA256 | 63f01c89c87fec15a5ee0208db31ee1665ae64c960c977156e6ea67920125eed |
| SHA512 | aa1d7e28926008681f165ce1efa74720c22cb48210f7f55ef1d7a57c98236e6bc9ff5eb56c16f07adb05ed6810218c32f94c8363fcc074632aa97c584c253aef |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 63c99435c2cc3b255cf8fc0e7de30ca1 |
| SHA1 | df24d5ad30bdbd683dafbac9599bb336a4781cbe |
| SHA256 | 8fb6b7a9cc03064b7218f4a90c46c044f319f4cee554b3020f813749c6c06656 |
| SHA512 | 9a1cf31e409ca8f9e8ae8acc54b203d368db6602fb36575715b9f2db40a1dc62cfcb9908d754d21afb73b5fde08506e72876ca4be395dc264dcd1f1360b943e7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4edfdb942ed3c77e7ee067e8ae4415da |
| SHA1 | 56cb35f0c705f5e1260028cf6237779a8ebae4f6 |
| SHA256 | 51d923c02de0ee219df6054bb274ed3b474992a51c60dec56c8614d131fb39a4 |
| SHA512 | c61a13a01ef5e40542d79747d1c897f232793479824a086f609d979bcb0cf077208f9ed237a523f8d187eebabb53fd959f6de5751579c08a126578da6743540c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | e0cff29b4d35ee3495dc95b48443402b |
| SHA1 | a2b205ad37d4e683acdfb22fef664f3cf20f235f |
| SHA256 | e34217ef5d6f7c1a8a57c64cb04af3b12d81b08e05319d18d2d9df13f8d218da |
| SHA512 | 21a890612bf9628a607d2993efefd5369f5eca985d56e4df115c792adf7a482a7ddb10c2f2e1bbf60bc9744e17305986cb7cb77f40abdecafbf46e0139770c76 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 99d38113c4973d8979f5b75fbd66020c |
| SHA1 | af1d32906cadce52702490f60137589aa802f3e7 |
| SHA256 | c437f13634c1b557e3b2383ee8cf077157efb6a0e8e0352836fca7d4732233c3 |
| SHA512 | b23b3034e486e592ea8b96aa00bc9a6901e425f96fa4ea82e9e46cfda8793fa5d50a2245264c5bd02ae09e5fb616dec8129fbc8ad9c8d0ec48ad454299f69475 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | e9f6afddd39c1f0650e7b6a1852d0edd |
| SHA1 | f2f2b1a7ca7bb89329aed1775305b4777a41c8bd |
| SHA256 | 3703432b5ff6725b8686239951be3a2d9bc5f11a98e881d3d1dae04340f0445a |
| SHA512 | 73290b3a0e493c4ba169546fe70abf5cde6134cb88b6142192b1c561a7a6eae008b4dae16629e93cb9b4da1a5913572dcfe1a3db058143880c39a18e189af932 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | db05db66e25b13caca4e4775339155b3 |
| SHA1 | 8db9cae3f763e444a261f3fa6e38cf6c511f224a |
| SHA256 | 1a71dbff4d729be4426330eed60836c30e8edd48b3884d5633b687e892208dac |
| SHA512 | 72c34d9c740b868c5877d59fa26cb2b3d2e65d3323d36e89f8aba4a5b791b8ebe1fa54b9b8794be37f059b08d17be653ac02303a71d69e6185eb271825a5b385 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 6afd29c19e7a7c5cebca2808c3ec9bd9 |
| SHA1 | 4fec3b71f2921c000eb9f94c0d7ccc77787c8d4c |
| SHA256 | 1215c885d54fab1fd68b08f33dd9be42724665d2319f81e08075c2cca966e59d |
| SHA512 | 506332def598133e56e6af483932d2b144d4b4d5fb66bea8bc4a74473f848fb5259ccaf7c80d5453de7a347998e3fd7cd6e7fdde125014e127d6ea88c228e26e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
| MD5 | c155ba7c1f137c35ebf5caeff9cd0f5b |
| SHA1 | ac43f1f41f6f66b1559097b796e905a6bc603ac9 |
| SHA256 | d6a28620f48249a88202aea9d16ca9d115e7ec621c72fc9719db204e136fcd73 |
| SHA512 | ca497d82dc4404ea261e6fb28bf3a3f33063cfc60574cbebbd5f556475eb7842b9582f11f625fc5786b3348474fde24566a229404a08e6eb0c34a8c7f5b79dfb |