Analysis Overview
Threat Level: Known bad
The file https://google.com was found to be: Known bad.
Malicious Activity Summary
Lumma Stealer
Executes dropped EXE
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Checks SCSI registry key(s)
Suspicious use of FindShellTrayWindow
Modifies registry class
Modifies data under HKEY_USERS
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-27 15:13
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-27 15:13
Reported
2024-02-27 15:19
Platform
win10v2004-20240226-en
Max time kernel
350s
Max time network
329s
Command Line
Signatures
Lumma Stealer
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\EVIL HACK_\EVIL HACK.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\EVIL HACK_\EVIL HACK.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\EVIL HACK_\EVIL HACK.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\EVIL HACK_\EVIL HACK.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133535204419907583" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://google.com
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc6bf59758,0x7ffc6bf59768,0x7ffc6bf59778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1700 --field-trial-handle=1816,i,17426770134591006297,267103395214097693,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1816,i,17426770134591006297,267103395214097693,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2184 --field-trial-handle=1816,i,17426770134591006297,267103395214097693,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3236 --field-trial-handle=1816,i,17426770134591006297,267103395214097693,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3204 --field-trial-handle=1816,i,17426770134591006297,267103395214097693,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4632 --field-trial-handle=1816,i,17426770134591006297,267103395214097693,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4876 --field-trial-handle=1816,i,17426770134591006297,267103395214097693,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4532 --field-trial-handle=1816,i,17426770134591006297,267103395214097693,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5140 --field-trial-handle=1816,i,17426770134591006297,267103395214097693,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5684 --field-trial-handle=1816,i,17426770134591006297,267103395214097693,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6040 --field-trial-handle=1816,i,17426770134591006297,267103395214097693,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6136 --field-trial-handle=1816,i,17426770134591006297,267103395214097693,131072 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap7144:76:7zEvent29218
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\Admin\Desktop\EVIL HACK_\EVIL HACK.exe
"C:\Users\Admin\Desktop\EVIL HACK_\EVIL HACK.exe"
C:\Users\Admin\Desktop\EVIL HACK_\EVIL HACK.exe
"C:\Users\Admin\Desktop\EVIL HACK_\EVIL HACK.exe"
C:\Users\Admin\Desktop\EVIL HACK_\EVIL HACK.exe
"C:\Users\Admin\Desktop\EVIL HACK_\EVIL HACK.exe"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Users\Admin\Desktop\EVIL HACK_\EVIL HACK.exe
"C:\Users\Admin\Desktop\EVIL HACK_\EVIL HACK.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5972 --field-trial-handle=1816,i,17426770134591006297,267103395214097693,131072 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 178.223.142.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | google.com | udp |
| IE | 172.253.116.102:443 | google.com | tcp |
| IE | 172.253.116.102:443 | google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| IE | 74.125.193.147:443 | www.google.com | udp |
| IE | 74.125.193.147:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.116.253.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.202.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.193.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| IE | 209.85.203.95:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 94.202.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.203.85.209.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 203.33.253.131.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| DE | 140.82.121.3:443 | github.com | tcp |
| DE | 140.82.121.3:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.109.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | 3.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.109.199.185.in-addr.arpa | udp |
| IE | 209.85.203.95:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| DE | 140.82.121.5:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 22.114.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.36.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| DE | 140.82.121.9:443 | codeload.github.com | tcp |
| US | 8.8.8.8:53 | 9.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sideindexfollowragelrew.pw | udp |
| US | 8.8.8.8:53 | technologyenterdo.shop | udp |
| US | 172.67.180.132:443 | technologyenterdo.shop | tcp |
| US | 8.8.8.8:53 | lighterepisodeheighte.fun | udp |
| US | 8.8.8.8:53 | problemregardybuiwo.fun | udp |
| US | 8.8.8.8:53 | detectordiscusser.shop | udp |
| US | 104.21.60.92:443 | detectordiscusser.shop | tcp |
| US | 8.8.8.8:53 | 132.180.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edurestunningcrackyow.fun | udp |
| US | 8.8.8.8:53 | pooreveningfuseor.pw | udp |
| US | 8.8.8.8:53 | turkeyunlikelyofw.shop | udp |
| US | 172.67.202.191:443 | turkeyunlikelyofw.shop | tcp |
| US | 8.8.8.8:53 | associationokeo.shop | udp |
| US | 104.21.10.242:443 | associationokeo.shop | tcp |
| US | 8.8.8.8:53 | 92.60.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.202.67.172.in-addr.arpa | udp |
| US | 172.67.180.132:443 | technologyenterdo.shop | tcp |
| US | 8.8.8.8:53 | 242.10.21.104.in-addr.arpa | udp |
| US | 104.21.60.92:443 | detectordiscusser.shop | tcp |
| US | 172.67.202.191:443 | turkeyunlikelyofw.shop | tcp |
| US | 104.21.10.242:443 | associationokeo.shop | tcp |
| US | 8.8.8.8:53 | sideindexfollowragelrew.pw | udp |
| US | 172.67.180.132:443 | technologyenterdo.shop | tcp |
| US | 8.8.8.8:53 | lighterepisodeheighte.fun | udp |
| US | 8.8.8.8:53 | problemregardybuiwo.fun | udp |
| US | 104.21.60.92:443 | detectordiscusser.shop | tcp |
| US | 8.8.8.8:53 | edurestunningcrackyow.fun | udp |
| US | 8.8.8.8:53 | pooreveningfuseor.pw | udp |
| US | 172.67.202.191:443 | turkeyunlikelyofw.shop | tcp |
| US | 104.21.10.242:443 | associationokeo.shop | tcp |
| US | 8.8.8.8:53 | 185.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sideindexfollowragelrew.pw | udp |
| US | 172.67.180.132:443 | technologyenterdo.shop | tcp |
| US | 8.8.8.8:53 | lighterepisodeheighte.fun | udp |
| US | 8.8.8.8:53 | problemregardybuiwo.fun | udp |
| US | 104.21.60.92:443 | detectordiscusser.shop | tcp |
| US | 8.8.8.8:53 | edurestunningcrackyow.fun | udp |
| US | 8.8.8.8:53 | pooreveningfuseor.pw | udp |
| US | 172.67.202.191:443 | turkeyunlikelyofw.shop | tcp |
| US | 104.21.10.242:443 | associationokeo.shop | tcp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| IE | 172.253.116.102:443 | google.com | udp |
| IE | 209.85.203.94:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 94.203.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.173.189.20.in-addr.arpa | udp |
Files
\??\pipe\crashpad_4368_RIKDQDBZCRJCYNEZ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001
| MD5 | 873734b55d4c7d35a177c8318b0caec7 |
| SHA1 | 469b913b09ea5b55e60098c95120cc9b935ddb28 |
| SHA256 | 4ee3aa3dc43cb3ef3f6bfb91ed8214659e9c2600a45bee9728ebbcb6f33b088d |
| SHA512 | 24f05ed981e994475879ca2221b6948418c4412063b9c07f46b8de581047ddd5d73401562fa9ee54d4ce5f97a6288c54eac5de0ca29b1bb5797bdac5a1b30308 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 11822e0a47942588f7ed6745012509ee |
| SHA1 | 175ce4a7164dbab202f2aa16b1b5a27e8525781e |
| SHA256 | 735357eb357f50f8adf2da0d1d4921b9ea3e26db354724b288e7e9ac5b94f35d |
| SHA512 | 924643a4d09fe449ea86d15f8c21facb7e86f097e1b2b64fbbd3120ad2884fdd111ba9949f80534dd06582bc75c4392698cf12252f38a65806db22824f5b6b02 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | caff23d78ede7a6938ab2b6d451dbf86 |
| SHA1 | 0b19880c1bb888bc84e8a4ce4c632945b5777142 |
| SHA256 | 7040a15356a3fe6ef6ac0909967cea536abc93cf2bd153942aee19c4d6e3df0e |
| SHA512 | 5735ede6618bfada342e60d123b9f64a6455183900ccb49f573f76eae18f06f798479aad6b264a3223448b502e1ee524de1d1a49e9bab70f1dfc85df9e8fedbc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c8b4222410300530763d2e50fd05cc04 |
| SHA1 | 72c9f4056b72406cf4545ae5be63bd2be6d2126d |
| SHA256 | 0ef02dc1141b0716eb98dece5346cd37dc46797358cf7587f3beca6a7c4e331e |
| SHA512 | aab1a96dc3b26b892d35767c4099d46cf30e0e0c29cd71e521a562f1e7c64d0ca61f8a0de282d041c069f0a4059a16162977efc33edd6662b90a4fbb6e49cf4f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 097a275cc74f59ec65b5e10b7ea5f737 |
| SHA1 | 477b54cf312b4dca24ad057bc8549e3f37f13e57 |
| SHA256 | 7af20d8615f827766434213f4b184e41445eb05fc84132255fbae91e13de7e56 |
| SHA512 | 6074201b6b9cccd84d5e08f5f51452767411f69d864cd89562b774ebaba89b4a801fe45b02aec16db7222c5374e8ab9e1346bd1f6e634481cf2ebe8e6b1582d8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 908138be80d0c7c85e94c268b559c8cc |
| SHA1 | 52ea983edb152d740868b9fd5cac702836fb571d |
| SHA256 | 2e52a36630f459b90a483979e23a2aff96ba3f707f66eb48fcc588406ed1583b |
| SHA512 | ab975b28c3a29904b65ed362ce23af81172cbb430439049013205720c63461244ef5440c2f5bdbf57faf5e4a8949508a70d70486dfe0d8f2c18da1097e4ed92e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005
| MD5 | 1deeafca9849f28c153a97f5070355d6 |
| SHA1 | 03b46b765150a2f308353bcb9838cbdd4e28f893 |
| SHA256 | b1639f4ce0285c41f4bd666f3fae4767094e3042b0379646b5ccfe04ef01ec19 |
| SHA512 | 52122b7e3ca9b58eab42fc652c24b4b8c17c43970f88860372d8377c49c540c31ddc81b519f4d59d34e199571758f82ab2fea0737ac1f847b3d4dd75d7acac19 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004
| MD5 | 4b4947c20d0989be322a003596b94bdc |
| SHA1 | f24db7a83eb52ecbd99c35c2af513e85a5a06dda |
| SHA256 | 96f697d16fbe496e4575cd5f655c0edb07b3f737c2f03de8c9dda54e635b3180 |
| SHA512 | 2a3443e18051b7c830517143482bf6bffd54725935e37ee58d6464fac52d3ce29c6a85fc842b306feaa49e424ba6086942fc3f0fea8bb28e7495070a38ce2e59 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006
| MD5 | 4b4d8982bbafa622e9dc9f2d794f964c |
| SHA1 | 3786c77dd5cb7d7853a5c24ce9b92f84792b74f0 |
| SHA256 | af0a5509a81b5b5ae6a1f55283a33f62955e1bd644786818854f13a64a3cfee4 |
| SHA512 | b629256ec91938011669484c521e88321c5b40299f3d6915517a6e8bb718a7e410fa53ff47607bbcb242621c20b68c1432952ed81b72cae1c72ee63e00dc24a1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012
| MD5 | bc4836b104a72b46dcfc30b7164850f8 |
| SHA1 | 390981a02ebaac911f5119d0fbca40838387b005 |
| SHA256 | 0e0b0894faf2fc17d516cb2de5955e1f3ae4d5a8f149a5ab43c4e4c367a85929 |
| SHA512 | e96421dd2903edea7745971364f8913c2d6754138f516e97c758556a2c6a276ba198cdfa86eb26fe24a39259faff073d47ef995a82667fa7dee7b84f1c76c2b2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9c8c87016bccc14daab8df1c105011e5 |
| SHA1 | ae038043df40dbfd3e7cde15deb71ab59911063d |
| SHA256 | a247fdc9aee3d3633f8f9fc72d663fc372e251ee16d972513640a4ab4fbcb8ab |
| SHA512 | 03327faf480ecd81494ec4b5213fe4b39074814c910d66a71b89a355451e180c9635cc6ca69d290fc37d7840b65d745fdc4faebe557805a9b673634c71b8f260 |
C:\Users\Admin\Downloads\CHEAT-FORTNITE--main.zip.crdownload
| MD5 | 7649763bbc438362466b7f120cbcae10 |
| SHA1 | 364c5baee16acb8cd0ec3b886edee4ac2d885927 |
| SHA256 | d480a98bf15a408ba207c0adb01d9edbeaa9ae6878442a1bf4143a8fc43c7c57 |
| SHA512 | 176a5560ce13dd88cfbc33142170317da542392b7532dc492d9e6c8a5969ecdd5c1dac2bfab271de195735b83f02167f380d37610a8b9583155c10a52d80c293 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 19cad71674f01470e1f30d1fc1701c1a |
| SHA1 | 771fb60e6794f9f546db8fd3c261fb262459fd85 |
| SHA256 | e200842fdadd0afc41defc83a5d3b308778ab6fb35f3e9a9821ace3e09babd9c |
| SHA512 | 552e2afe879473154a2b5144311578692b6c42763d78dea74677e192815acf2cd4eb5b6c309bf24f6f6be66d236be076c7e535e146e78a20094d506db1ff0973 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 003053a8c7a1ec0ea99a0f0b758be19e |
| SHA1 | a6099cda8526a752a5c77d66232606b83e52d448 |
| SHA256 | ad7c25267ee2af5cc4e7292c94fa94bd9430fcd64657f5d319599f188f4d270d |
| SHA512 | 2243a71fa6c1d35f8c7d11cd3ceee08257313c8c5b76628b36f975d0d966f1c3b8430e58eb70b01ad83556f4226fef8147c23030849f0cdc4c11929433af008b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | f893755437b89fd343a061029f6f2bb6 |
| SHA1 | 3dc6da2c8c10350ba4693cef1afd940b0daed360 |
| SHA256 | 2b6d252e073c315220c77a76a0191f7cf2207b1183abec0c98c11d19da458d31 |
| SHA512 | 50fa5305425b2e8717b87fa04b71dfaf35429e43df2f43e54714002bfd5c7fb25263cc2b9b3b798dc5eadba75dc9e6cedaebfe31ed93bd7846b5a12d236eb0b7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5806e1.TMP
| MD5 | f4891b61c71a201ad29ee5cccdcb61ef |
| SHA1 | 47039ddf7477dfe20ed21ac0002dbd0e43dae5c9 |
| SHA256 | 60f650888a4b920b71b5ef71ac1dd6831c85e4b041564d6923cb0841ffce523e |
| SHA512 | 7cbd4a8c49eaf30279692339ac4049139c463b367e05f170e94fa2521891cce0579990160fbd908ba42a93364e95ab383c5d8a741f6873d082ab2093a78d6592 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f6711cd8cc8ffc15d4b145299d38eb6f |
| SHA1 | 1d425141817f7795594f69b2a091188236de8dad |
| SHA256 | 377d224157f3915cac77f858e0e32fba114e10cbcbb8f756f83d16bd326934a3 |
| SHA512 | 746c9644102d9ac0ead16654d7ecfca1150c6658b7edb6098eff3179902b7881345039319c0f018cceb16ec149e19f2deaa681d80dac6d2a46dbbac3188cce34 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 935e576c37a7f76d3003dd558de9de38 |
| SHA1 | e95794d14ee813ec68f226e532cf1a7136c8ce25 |
| SHA256 | 3c2e97fd9e990f0a593d44c7a332bb093cf1d7a2c7934bca4a15eebce4905f40 |
| SHA512 | 96c37e98529d399fd131ea6b7c36396a8f69dd0f6f2f26953df81269ef829c82e49759bf663eef2484dc83223a297add28e4b3358e9a4f770f850bd85de9b851 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | baa33bbf564a6b7431e1d2f98a5e567a |
| SHA1 | 05df34039572445691fe306de36235b418e48909 |
| SHA256 | c325942046841cdd607b2f79041fd25e95aaf5bb2e5d364d9628c40e9b82d184 |
| SHA512 | 102a8d787d853e36e93d5547ce5506fe8967fc8e8a77ee6d852cd2fe7d496a9875aa8b5e227996ec5ffccfd1f557f1a2567644470004c3a9b8d99e784403f953 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 6bb6d5b73f35db304d8bb0318a030501 |
| SHA1 | a2ec32d79b55c447b27093735209b6ff2019a07c |
| SHA256 | ccca467e7c6d3c5f3c9d875d1fb99000cb3058b70abf90737c2e2c6ab00d3ffb |
| SHA512 | ec82728fbe19580eb413efdbbd04ec69b1015abe86c8676f3eea9f8dee1243080566be4c6e2345d59f6b566f92a8e9a66d38ccdf5b71d73d89678651bbabe8a7 |
C:\Users\Admin\Desktop\EVIL HACK_\EVIL HACK.exe
| MD5 | 1582c91ce3295398d82e5f24c7ee3bcf |
| SHA1 | 2ae5bef7f43dedf03abfabde7b1b8137226e1cfd |
| SHA256 | 3244aa3cca2f7394edb843d4b444d4ae90356ca2521da2e470e6476ac97039e4 |
| SHA512 | 9183886fcf786e0601e89b2d1460c0c94f3e212b16c76c8000d9ccef9433e004aba8e49992465826f3310c147803611f83781848cf74b37e1cb90c73b78f8a49 |
memory/2944-476-0x0000000001210000-0x0000000001259000-memory.dmp
memory/2944-481-0x0000000003190000-0x0000000003191000-memory.dmp
memory/2944-482-0x0000000002FE0000-0x0000000002FE1000-memory.dmp
memory/2944-484-0x0000000002FE0000-0x0000000003012000-memory.dmp
memory/2944-483-0x0000000002FE0000-0x0000000003012000-memory.dmp
memory/2944-485-0x0000000002FE0000-0x0000000003012000-memory.dmp
memory/2944-486-0x0000000002FE0000-0x0000000003012000-memory.dmp
memory/2944-487-0x0000000001210000-0x0000000001259000-memory.dmp
memory/4984-489-0x0000000000F90000-0x0000000000FD9000-memory.dmp
memory/4984-494-0x00000000014A0000-0x00000000014A1000-memory.dmp
memory/4984-495-0x0000000000F90000-0x0000000000FD9000-memory.dmp
memory/228-497-0x00000000001C0000-0x0000000000209000-memory.dmp
memory/228-502-0x00000000003B0000-0x00000000003B1000-memory.dmp
memory/228-503-0x00000000003B0000-0x00000000003B1000-memory.dmp
memory/228-505-0x00000000003B0000-0x00000000003B1000-memory.dmp
memory/228-504-0x00000000003B0000-0x00000000003B1000-memory.dmp
memory/228-506-0x00000000001C0000-0x0000000000209000-memory.dmp
memory/4904-507-0x0000025B95FA0000-0x0000025B95FA1000-memory.dmp
memory/4904-508-0x0000025B95FA0000-0x0000025B95FA1000-memory.dmp
memory/4904-509-0x0000025B95FA0000-0x0000025B95FA1000-memory.dmp
memory/4904-513-0x0000025B95FA0000-0x0000025B95FA1000-memory.dmp
memory/4904-515-0x0000025B95FA0000-0x0000025B95FA1000-memory.dmp
memory/4904-514-0x0000025B95FA0000-0x0000025B95FA1000-memory.dmp
memory/4904-516-0x0000025B95FA0000-0x0000025B95FA1000-memory.dmp
memory/4904-517-0x0000025B95FA0000-0x0000025B95FA1000-memory.dmp
memory/4904-518-0x0000025B95FA0000-0x0000025B95FA1000-memory.dmp
memory/4904-519-0x0000025B95FA0000-0x0000025B95FA1000-memory.dmp
memory/4744-526-0x00000000003B0000-0x00000000003B1000-memory.dmp
memory/4744-527-0x00000000003B0000-0x00000000003B1000-memory.dmp
memory/4744-528-0x00000000003B0000-0x00000000003B1000-memory.dmp
memory/4744-529-0x00000000001C0000-0x0000000000209000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 2fbdf4a4219a335ba77dcc0bad647c06 |
| SHA1 | 06ff875fa142aeaf5a38c1ee6cb22dcb2f7750cf |
| SHA256 | 38baba4b760ce301acae71dd1696ff63def1e842d245901030aed82284ab5771 |
| SHA512 | ee6419b3f51ab641c96626d7851c721a1e9f0ec7a26d0cfc6fb7e9858ec21a8cc943733f021587fe1e5b67aabb030e529c0c0c5b8e68e997a9638141367e48fb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | d2d4cee6deffb02fb826dd3910e9e0f9 |
| SHA1 | a0af6aefc119356dbf1bd2a1931e4eaafad32a8c |
| SHA256 | c15dd0b35e1c0c75a2f737bbda3849915f55784c77f37d8522dae0a7bebcbfd9 |
| SHA512 | 6db658302d6f738dc36fcf1f2e791886a7d8c875cb7f72047b4b967abc3305fdbdb11420d6e9cb2b6fee807894b828aadd4c3bcec02e1ad13fe88daa2a423f21 |