Malware Analysis Report

2024-11-30 04:51

Sample ID 240222-twmbhscc7y
Target https://github.com/topics/roblox-hacks?o=desc&s=updated
Tags
lumma stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://github.com/topics/roblox-hacks?o=desc&s=updated was found to be: Known bad.

Malicious Activity Summary

lumma stealer

Lumma Stealer

Legitimate hosting services abused for malware hosting/C2

Suspicious use of SetThreadContext

Drops file in Windows directory

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of FindShellTrayWindow

Modifies registry class

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Checks SCSI registry key(s)

Modifies data under HKEY_USERS

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Checks processor information in registry

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-22 16:24

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-22 16:24

Reported

2024-02-22 16:28

Platform

win10-20240221-en

Max time kernel

231s

Max time network

228s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/topics/roblox-hacks?o=desc&s=updated

Signatures

Lumma Stealer

stealer lumma

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A camo.githubusercontent.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\1601268389\3877292338.pri C:\Windows\system32\taskmgr.exe N/A
File created C:\Windows\rescache\_merged\4183903823\810424605.pri C:\Windows\system32\taskmgr.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\taskmgr.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133530926935489691" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3504 wrote to memory of 752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3504 wrote to memory of 752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3504 wrote to memory of 4192 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3504 wrote to memory of 4192 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3504 wrote to memory of 4192 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3504 wrote to memory of 4192 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3504 wrote to memory of 4192 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3504 wrote to memory of 4192 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3504 wrote to memory of 4192 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3504 wrote to memory of 4192 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3504 wrote to memory of 4192 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3504 wrote to memory of 4192 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3504 wrote to memory of 4192 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3504 wrote to memory of 4192 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3504 wrote to memory of 4192 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3504 wrote to memory of 4192 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3504 wrote to memory of 4192 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3504 wrote to memory of 4192 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3504 wrote to memory of 4192 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3504 wrote to memory of 4192 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3504 wrote to memory of 4192 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3504 wrote to memory of 4192 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3504 wrote to memory of 4192 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3504 wrote to memory of 4192 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3504 wrote to memory of 4192 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3504 wrote to memory of 4192 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3504 wrote to memory of 4192 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3504 wrote to memory of 4192 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3504 wrote to memory of 4192 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3504 wrote to memory of 4192 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3504 wrote to memory of 4192 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3504 wrote to memory of 4192 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3504 wrote to memory of 4192 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3504 wrote to memory of 4192 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3504 wrote to memory of 4192 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3504 wrote to memory of 4192 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3504 wrote to memory of 4192 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3504 wrote to memory of 4192 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3504 wrote to memory of 4192 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3504 wrote to memory of 4192 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3504 wrote to memory of 5064 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3504 wrote to memory of 5064 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3504 wrote to memory of 3672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3504 wrote to memory of 3672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3504 wrote to memory of 3672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3504 wrote to memory of 3672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3504 wrote to memory of 3672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3504 wrote to memory of 3672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3504 wrote to memory of 3672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3504 wrote to memory of 3672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3504 wrote to memory of 3672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3504 wrote to memory of 3672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3504 wrote to memory of 3672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3504 wrote to memory of 3672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3504 wrote to memory of 3672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3504 wrote to memory of 3672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3504 wrote to memory of 3672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3504 wrote to memory of 3672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3504 wrote to memory of 3672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3504 wrote to memory of 3672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3504 wrote to memory of 3672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3504 wrote to memory of 3672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3504 wrote to memory of 3672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3504 wrote to memory of 3672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/topics/roblox-hacks?o=desc&s=updated

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff9a2b89758,0x7ff9a2b89768,0x7ff9a2b89778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1792 --field-trial-handle=1840,i,18446592626449405749,91000633690997691,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2068 --field-trial-handle=1840,i,18446592626449405749,91000633690997691,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2848 --field-trial-handle=1840,i,18446592626449405749,91000633690997691,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1840,i,18446592626449405749,91000633690997691,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2856 --field-trial-handle=1840,i,18446592626449405749,91000633690997691,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4648 --field-trial-handle=1840,i,18446592626449405749,91000633690997691,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4760 --field-trial-handle=1840,i,18446592626449405749,91000633690997691,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4744 --field-trial-handle=1840,i,18446592626449405749,91000633690997691,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4880 --field-trial-handle=1840,i,18446592626449405749,91000633690997691,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 --field-trial-handle=1840,i,18446592626449405749,91000633690997691,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Users\Admin\Downloads\Gh-Installer.2\Gh-Installer.exe

"C:\Users\Admin\Downloads\Gh-Installer.2\Gh-Installer.exe"

C:\Users\Admin\Downloads\Gh-Installer.2\Gh-Installer.exe

"C:\Users\Admin\Downloads\Gh-Installer.2\Gh-Installer.exe"

C:\Users\Admin\Downloads\Gh-Installer.2\Gh-Installer.exe

"C:\Users\Admin\Downloads\Gh-Installer.2\Gh-Installer.exe"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Users\Admin\Downloads\Gh-Installer.2\Gh-Installer.exe

"C:\Users\Admin\Downloads\Gh-Installer.2\Gh-Installer.exe"

C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /7

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 --field-trial-handle=1840,i,18446592626449405749,91000633690997691,131072 /prefetch:2

C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

C:\Users\Admin\Downloads\Gh-Installer.2\Gh-Installer.exe

"C:\Users\Admin\Downloads\Gh-Installer.2\Gh-Installer.exe"

C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2072 --field-trial-handle=1840,i,18446592626449405749,91000633690997691,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4904 --field-trial-handle=1840,i,18446592626449405749,91000633690997691,131072 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 github.com udp
DE 140.82.121.3:443 github.com tcp
DE 140.82.121.3:443 github.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.121.82.140.in-addr.arpa udp
US 8.8.8.8:53 repository-images.githubusercontent.com udp
US 185.199.108.133:443 repository-images.githubusercontent.com tcp
US 185.199.108.133:443 repository-images.githubusercontent.com tcp
US 185.199.108.133:443 repository-images.githubusercontent.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 216.58.204.74:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 collector.github.com udp
US 185.199.111.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
US 140.82.114.22:443 collector.github.com tcp
US 8.8.8.8:53 154.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
DE 140.82.121.6:443 api.github.com tcp
US 8.8.8.8:53 6.121.82.140.in-addr.arpa udp
US 8.8.8.8:53 22.114.82.140.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 camo.githubusercontent.com udp
GB 216.58.204.74:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 turkeyunlikelyofw.shop udp
US 172.67.202.191:443 turkeyunlikelyofw.shop tcp
US 8.8.8.8:53 chocolatedepressofw.fun udp
US 8.8.8.8:53 lighterepisodeheighte.fun udp
US 8.8.8.8:53 problemregardybuiwo.fun udp
US 8.8.8.8:53 prescriptionstorageag.fun udp
US 8.8.8.8:53 edurestunningcrackyow.fun udp
US 8.8.8.8:53 pooreveningfuseor.pw udp
US 8.8.8.8:53 191.202.67.172.in-addr.arpa udp
US 8.8.8.8:53 associationokeo.shop udp
US 172.67.202.191:443 turkeyunlikelyofw.shop tcp
US 104.21.10.242:443 associationokeo.shop tcp
US 172.67.202.191:443 turkeyunlikelyofw.shop tcp
US 104.21.10.242:443 associationokeo.shop tcp
US 104.21.10.242:443 associationokeo.shop tcp
US 8.8.8.8:53 242.10.21.104.in-addr.arpa udp
US 172.67.202.191:443 turkeyunlikelyofw.shop tcp
US 8.8.8.8:53 chocolatedepressofw.fun udp
US 8.8.8.8:53 lighterepisodeheighte.fun udp
US 8.8.8.8:53 problemregardybuiwo.fun udp
US 8.8.8.8:53 prescriptionstorageag.fun udp
US 8.8.8.8:53 edurestunningcrackyow.fun udp
US 8.8.8.8:53 pooreveningfuseor.pw udp
US 104.21.10.242:443 associationokeo.shop tcp
US 8.8.8.8:53 23.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 14.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.113.22:443 collector.github.com tcp
DE 140.82.121.5:443 api.github.com tcp
US 8.8.8.8:53 5.121.82.140.in-addr.arpa udp
US 8.8.8.8:53 22.113.82.140.in-addr.arpa udp
US 172.67.202.191:443 turkeyunlikelyofw.shop tcp
US 8.8.8.8:53 chocolatedepressofw.fun udp
US 8.8.8.8:53 lighterepisodeheighte.fun udp
US 8.8.8.8:53 problemregardybuiwo.fun udp
US 8.8.8.8:53 prescriptionstorageag.fun udp
US 8.8.8.8:53 edurestunningcrackyow.fun udp
US 8.8.8.8:53 pooreveningfuseor.pw udp
US 104.21.10.242:443 associationokeo.shop tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp

Files

\??\pipe\crashpad_3504_LJBGGAQSIWAARGSW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 5d64074dadee8bc05a78493ea908aaa6
SHA1 bd8a0d3ca7bf88795604600e16cbd7008592d8e3
SHA256 7433d3bf184d7ba0e1e0d0a27485a7b6a5703a105e0970f8cbce9e24804da33b
SHA512 2a2ab6cba0773c320d0424f1959cf3694cc472918403a99db45a88764c2ae3fd3362d8adc8e859ccd38bad7ae9b03e74d480e0213e8b3441a4608ce363748d75

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a66add9dfd3021db01e3cd4bea3b9bb4
SHA1 c665cfa8c91dd2d159b79f727696a0f0f104bae5
SHA256 7c75510a2186eb29f706817a551f79c11493ca61dc539c16c07a07dc1ce83ff2
SHA512 2cb6c7898a0a6872f5053333185658c5ce0177a859ca5e2ad32cc20eb94c2f3e8b2435596f6f605725899b2ecf17092d7579c5ffdee7214fe0394e88b631d697

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6467f475d1e7469ec753531a05b8d177
SHA1 56c329834a77a9572bb97a8e1b50be74150a3b71
SHA256 fde298de37e2e7a549bb443c986d861ee2357a9211779f97a271c940b8476b45
SHA512 baab9c72795270ac221bbbb6f98a219a19b122deddb302e4da35840e0f3675c6dfd3a30c92e920ba5b51033aacdd499c3ff7e5a11d94e84834e89b201ae9e193

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 dc7f9173f551663218279ac6f4c876cd
SHA1 d2ba464fb43e95e382bdb271fdbf46407494a0e5
SHA256 bed75e844bbec25261e9f7fd6d0aa742a577fd0533aea200f9101604afca6fbd
SHA512 d911e3b6d43017d00c69d12b556a04b2f0fae27b90c73329dd616af20fed83835db9be85cbdb41c5769d0a2947ca96f7c9ebe2616ad41be62263e917b46f6bb3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 bbb278db05d5a15f51fa8d812560eedc
SHA1 46344d3fab2a230077510e071a5d77735cf7d184
SHA256 0b3a2e0e57c72349fab7e733b69a9a584f7821cc5525dc0340471774d9f93687
SHA512 050b7ecc56d1d7c53a4183c63155dfcb72641fb8d0f7d6aab4bbaec9fe917bd1fa9f36efa8b27a3abb67550723a4c20fef032989da657c26686922eef0dc6cd1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b58b043bc1a9a4375f33795cce9ec77b
SHA1 7f7f705f4fad41fa88d3d8e0ffcb31691fa894a6
SHA256 3e350a763b556a4f3608e03b055bd7942076ba2592d48b58213af1e5c0f75319
SHA512 886cb73bb0d1bdc8c9c79f9c4bafc63da21f0f60e7e1f8188483d8b17834b54660e662ab86b9e1a42a78e56caed5e0f4372c45b912b3ef546356c387a3375f5c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 0fd8c0bfbfc54d6cd0e0192094611df3
SHA1 bcc9dda219024cf41a2701ec07087ac134cd5094
SHA256 88b47e77b7af2e1638e061abc401c8cd76afafb66c582f5e546b3c78d919b52c
SHA512 9bf773b874b99babf3c88539119857999b3f113944edc709f2cba05a6c597428ee7998dc5cc79dbd76a18aec6e167a62178608719353f2a5f2e9b846f953d617

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 595c23ff9c7192abc3ad44f6e48b8678
SHA1 d0b280f2489289f84d87e86226a8001fd2c93a5f
SHA256 2e808ecb4c99a2c601be0c9df59ad3711d75798ba848a7f446b56e17d648ca0b
SHA512 71ef99a4875411899b209853b45fd7cf5e43998779bd04039063d0fb829111ede23fe54fa70ceede73f65b57a4fba7dc4b82424ec469111869524982c2f29d3e

C:\Users\Admin\Downloads\Gh-Installer.2.zip.crdownload

MD5 7cb35c49e6c135ea6de98a582f9a6a4f
SHA1 87f6f7b2c2b77560d9486a2fd4218efdaa5eb599
SHA256 f69c3c12dda46207e8d095bc36de8acd4fe60c09635ccb3a1aa22bd6c24a30bc
SHA512 d3daea056327169a6807345436e74f7674cff1aad00861947942969d40e869385704f66a279c8754563daebd4d3a5c31bd4273284504864f5921025f33acbe2e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d10720b55ccd262073448c7610049544
SHA1 1dc7ca8acdd1f0a2e0f861c604eebd9c09e1b4e9
SHA256 718a943bdc10232f6bc4c7a65112228a1667b690e0e45300c8961548b08e448d
SHA512 1230085e2972169b83c70e669e7f250fce173a75ae32a808458557524d94a06d691ed46467e03b2f0eb2828c847deeb48016910eb9facb42a8ea7d1356c2464c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\b9527eba-80d6-45d8-bbaa-abe97a26ab00.tmp

MD5 2a094d9fefb077e3b0f056381b0f3bfd
SHA1 abf5e28185d7c9dc224af50603759c1ea9065ef5
SHA256 44812ca118b256a2824584dabea0b0fa5cde6b2cdead1e47843cf53df4582ae2
SHA512 0b0531ef17849e6a61e5d31078478eca7dfd4e8d6dcf1fa53474c83dc446afcf87c67e76caaf808cd3b40c8b0e1b8649de417efcfc55c598b7b060a175809030

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 b5da63f60d8c76b8005516f698f87e63
SHA1 e497d1cdbc25bc6bddb7ce61ccd08c8dcbe951eb
SHA256 169268513311225dd47829a9b61df1adf9414cb47601f1a8d2431214e22772fb
SHA512 14b43a5594afa6c27e080da98eb09db14bab20d653aa56f41ed44c7564aca287446dbc4c58b78e96469202126e95f8a170457ab779afa57df5ebbcd47e6e2ca2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57fed2.TMP

MD5 d43ab814bad348f6d7568bddaffe6209
SHA1 174b3e11ce1b86742e1e0c16d3b0c8f735ec5213
SHA256 1248a9af30c354b18a10678dd7a1d93a72523fe004d116776e70e29136da72ee
SHA512 de15a0e90accba493bcff0b68598ca8043a640e50baff175b87c97a6927b66115dafd1b57265edcf6e201f928d638f1fbd5e4afeac0bb36c34e9f8930cb923a9

memory/2256-330-0x00007FF608980000-0x00007FF60973F000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 74fbcab616180d1e2d09fe67803a4bba
SHA1 bfda8d1742bcfe373314354c90dc87b02df6ad32
SHA256 5270f4664ac79248e2a036f9c85038b5646eab6e90eb2e7b92078693c4927fd7
SHA512 1c19dea704dd533a392b268317cececeec5191f5ea1d5d0ffe76d861a4da44e3991b72351180bbd00693365c8d633fcdb190199b0457bfc86a1429a81bd6bc58

memory/2256-349-0x00007FF608980000-0x00007FF60973F000-memory.dmp

memory/4104-350-0x00007FF608980000-0x00007FF60973F000-memory.dmp

memory/2256-351-0x00007FF608980000-0x00007FF60973F000-memory.dmp

memory/1868-352-0x00007FF608980000-0x00007FF60973F000-memory.dmp

memory/4104-360-0x00007FF608980000-0x00007FF60973F000-memory.dmp

memory/2256-367-0x00007FF608980000-0x00007FF60973F000-memory.dmp

memory/1868-368-0x00007FF608980000-0x00007FF60973F000-memory.dmp

memory/4700-369-0x0000000000C00000-0x0000000000C49000-memory.dmp

memory/2256-371-0x00007FF608980000-0x00007FF60973F000-memory.dmp

memory/4700-372-0x0000000000C00000-0x0000000000C49000-memory.dmp

memory/4700-373-0x0000000000C00000-0x0000000000C49000-memory.dmp

memory/4104-374-0x00007FF608980000-0x00007FF60973F000-memory.dmp

memory/832-375-0x0000000002F60000-0x0000000002FA9000-memory.dmp

memory/832-378-0x0000000002F60000-0x0000000002FA9000-memory.dmp

memory/4104-376-0x00007FF608980000-0x00007FF60973F000-memory.dmp

memory/832-380-0x0000000003320000-0x0000000003360000-memory.dmp

memory/832-379-0x0000000002F60000-0x0000000002FA9000-memory.dmp

memory/832-383-0x0000000003320000-0x0000000003360000-memory.dmp

memory/4252-381-0x0000000000550000-0x0000000000599000-memory.dmp

memory/832-382-0x0000000003320000-0x0000000003360000-memory.dmp

memory/4252-386-0x0000000000550000-0x0000000000599000-memory.dmp

memory/832-385-0x0000000003320000-0x0000000003360000-memory.dmp

memory/1868-389-0x00007FF608980000-0x00007FF60973F000-memory.dmp

memory/4252-390-0x0000000000550000-0x0000000000599000-memory.dmp

memory/832-387-0x0000000003320000-0x0000000003360000-memory.dmp

memory/832-388-0x0000000003320000-0x0000000003360000-memory.dmp

memory/4336-391-0x00007FF608980000-0x00007FF60973F000-memory.dmp

memory/4336-392-0x00007FF608980000-0x00007FF60973F000-memory.dmp

memory/4336-404-0x00007FF608980000-0x00007FF60973F000-memory.dmp

memory/1328-405-0x0000000000380000-0x00000000003C9000-memory.dmp

memory/4336-406-0x00007FF608980000-0x00007FF60973F000-memory.dmp

memory/1328-408-0x0000000000380000-0x00000000003C9000-memory.dmp

memory/1328-410-0x00000000003F0000-0x00000000003F1000-memory.dmp

memory/1328-409-0x0000000000380000-0x00000000003C9000-memory.dmp

memory/1404-412-0x00007FF608980000-0x00007FF60973F000-memory.dmp

memory/1404-415-0x00007FF608980000-0x00007FF60973F000-memory.dmp

memory/1520-418-0x00000000001B0000-0x00000000001F9000-memory.dmp

memory/1404-419-0x00007FF608980000-0x00007FF60973F000-memory.dmp

memory/1520-421-0x00000000001B0000-0x00000000001F9000-memory.dmp

memory/1520-422-0x00000000001B0000-0x00000000001F9000-memory.dmp

memory/1520-423-0x0000000000D60000-0x0000000000E60000-memory.dmp

memory/1520-424-0x0000000000C20000-0x0000000000C60000-memory.dmp

memory/1520-425-0x0000000000C20000-0x0000000000C60000-memory.dmp

memory/1520-426-0x0000000000C20000-0x0000000000C60000-memory.dmp

memory/1520-427-0x0000000000C20000-0x0000000000C60000-memory.dmp

memory/1520-428-0x0000000000C20000-0x0000000000C60000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6a5d2b983a0d10f36ce7f68aa1a92106
SHA1 1c2926f63188d0ce1384c09df743c18d53f4dfa1
SHA256 63f01c89c87fec15a5ee0208db31ee1665ae64c960c977156e6ea67920125eed
SHA512 aa1d7e28926008681f165ce1efa74720c22cb48210f7f55ef1d7a57c98236e6bc9ff5eb56c16f07adb05ed6810218c32f94c8363fcc074632aa97c584c253aef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 63c99435c2cc3b255cf8fc0e7de30ca1
SHA1 df24d5ad30bdbd683dafbac9599bb336a4781cbe
SHA256 8fb6b7a9cc03064b7218f4a90c46c044f319f4cee554b3020f813749c6c06656
SHA512 9a1cf31e409ca8f9e8ae8acc54b203d368db6602fb36575715b9f2db40a1dc62cfcb9908d754d21afb73b5fde08506e72876ca4be395dc264dcd1f1360b943e7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4edfdb942ed3c77e7ee067e8ae4415da
SHA1 56cb35f0c705f5e1260028cf6237779a8ebae4f6
SHA256 51d923c02de0ee219df6054bb274ed3b474992a51c60dec56c8614d131fb39a4
SHA512 c61a13a01ef5e40542d79747d1c897f232793479824a086f609d979bcb0cf077208f9ed237a523f8d187eebabb53fd959f6de5751579c08a126578da6743540c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 e0cff29b4d35ee3495dc95b48443402b
SHA1 a2b205ad37d4e683acdfb22fef664f3cf20f235f
SHA256 e34217ef5d6f7c1a8a57c64cb04af3b12d81b08e05319d18d2d9df13f8d218da
SHA512 21a890612bf9628a607d2993efefd5369f5eca985d56e4df115c792adf7a482a7ddb10c2f2e1bbf60bc9744e17305986cb7cb77f40abdecafbf46e0139770c76

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 99d38113c4973d8979f5b75fbd66020c
SHA1 af1d32906cadce52702490f60137589aa802f3e7
SHA256 c437f13634c1b557e3b2383ee8cf077157efb6a0e8e0352836fca7d4732233c3
SHA512 b23b3034e486e592ea8b96aa00bc9a6901e425f96fa4ea82e9e46cfda8793fa5d50a2245264c5bd02ae09e5fb616dec8129fbc8ad9c8d0ec48ad454299f69475

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 e9f6afddd39c1f0650e7b6a1852d0edd
SHA1 f2f2b1a7ca7bb89329aed1775305b4777a41c8bd
SHA256 3703432b5ff6725b8686239951be3a2d9bc5f11a98e881d3d1dae04340f0445a
SHA512 73290b3a0e493c4ba169546fe70abf5cde6134cb88b6142192b1c561a7a6eae008b4dae16629e93cb9b4da1a5913572dcfe1a3db058143880c39a18e189af932

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 db05db66e25b13caca4e4775339155b3
SHA1 8db9cae3f763e444a261f3fa6e38cf6c511f224a
SHA256 1a71dbff4d729be4426330eed60836c30e8edd48b3884d5633b687e892208dac
SHA512 72c34d9c740b868c5877d59fa26cb2b3d2e65d3323d36e89f8aba4a5b791b8ebe1fa54b9b8794be37f059b08d17be653ac02303a71d69e6185eb271825a5b385

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 6afd29c19e7a7c5cebca2808c3ec9bd9
SHA1 4fec3b71f2921c000eb9f94c0d7ccc77787c8d4c
SHA256 1215c885d54fab1fd68b08f33dd9be42724665d2319f81e08075c2cca966e59d
SHA512 506332def598133e56e6af483932d2b144d4b4d5fb66bea8bc4a74473f848fb5259ccaf7c80d5453de7a347998e3fd7cd6e7fdde125014e127d6ea88c228e26e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 c155ba7c1f137c35ebf5caeff9cd0f5b
SHA1 ac43f1f41f6f66b1559097b796e905a6bc603ac9
SHA256 d6a28620f48249a88202aea9d16ca9d115e7ec621c72fc9719db204e136fcd73
SHA512 ca497d82dc4404ea261e6fb28bf3a3f33063cfc60574cbebbd5f556475eb7842b9582f11f625fc5786b3348474fde24566a229404a08e6eb0c34a8c7f5b79dfb