Analysis Overview
Threat Level: Known bad
The file https://github.com/knightxanavsem/PremierePro2024 was found to be: Known bad.
Malicious Activity Summary
Lumma Stealer
Executes dropped EXE
Legitimate hosting services abused for malware hosting/C2
Suspicious use of SetThreadContext
Suspicious behavior: EnumeratesProcesses
Modifies registry class
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Modifies data under HKEY_USERS
Checks SCSI registry key(s)
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-07-10 21:57
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-10 21:57
Reported
2024-07-10 22:00
Platform
win10v2004-20240709-uk
Max time kernel
134s
Max time network
116s
Command Line
Signatures
Lumma Stealer
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\Setup\github.software.1.3.9.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Setup\github.software.1.3.9.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 4372 set thread context of 3616 | N/A | C:\Users\Admin\Desktop\Setup\github.software.1.3.9.exe | C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
| PID 4432 set thread context of 2484 | N/A | C:\Users\Admin\Desktop\Setup\github.software.1.3.9.exe | C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133651222831542076" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/knightxanavsem/PremierePro2024
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fffa333cc40,0x7fffa333cc4c,0x7fffa333cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1896,i,8666039224470492011,655430454624537333,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1888 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2172,i,8666039224470492011,655430454624537333,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2160 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2236,i,8666039224470492011,655430454624537333,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2368 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3144,i,8666039224470492011,655430454624537333,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3172 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3160,i,8666039224470492011,655430454624537333,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3344 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4464,i,8666039224470492011,655430454624537333,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4728 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4668,i,8666039224470492011,655430454624537333,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4728 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\git.software_v1.3.9.7z"
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\7zOC5AEE748\Read me.txt
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /1
C:\Users\Admin\Desktop\Setup\github.software.1.3.9.exe
"C:\Users\Admin\Desktop\Setup\github.software.1.3.9.exe"
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Users\Admin\Desktop\Setup\github.software.1.3.9.exe
"C:\Users\Admin\Desktop\Setup\github.software.1.3.9.exe"
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 185.199.110.133:443 | user-images.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | 10.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.187.234:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 154.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| GB | 142.250.187.234:443 | content-autofill.googleapis.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 234.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.110.86.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.112.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 185.199.108.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.170.16.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 227.66.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sensitivyitszv.shop | udp |
| US | 172.67.197.243:443 | sensitivyitszv.shop | tcp |
| US | 8.8.8.8:53 | bouncedgowp.shop | udp |
| US | 104.21.93.198:443 | bouncedgowp.shop | tcp |
| US | 8.8.8.8:53 | bannngwko.shop | udp |
| US | 104.21.81.196:443 | bannngwko.shop | tcp |
| US | 8.8.8.8:53 | bargainnykwo.shop | udp |
| US | 8.8.8.8:53 | 243.197.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.93.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.81.21.104.in-addr.arpa | udp |
| US | 172.67.146.97:443 | bargainnykwo.shop | tcp |
| US | 8.8.8.8:53 | affecthorsedpo.shop | udp |
| US | 104.21.6.254:443 | affecthorsedpo.shop | tcp |
| US | 8.8.8.8:53 | radiationnopp.shop | udp |
| US | 172.67.196.169:443 | radiationnopp.shop | tcp |
| US | 8.8.8.8:53 | answerrsdo.shop | udp |
| US | 104.21.44.192:443 | answerrsdo.shop | tcp |
| US | 8.8.8.8:53 | 97.146.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.6.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.196.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | publicitttyps.shop | udp |
| US | 172.67.134.88:443 | publicitttyps.shop | tcp |
| US | 8.8.8.8:53 | benchillppwo.shop | udp |
| US | 104.21.81.128:443 | benchillppwo.shop | tcp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| GB | 23.214.143.155:443 | steamcommunity.com | tcp |
| US | 8.8.8.8:53 | 192.44.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.134.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.81.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | reinforcedirectorywd.shop | udp |
| US | 104.21.83.48:443 | reinforcedirectorywd.shop | tcp |
| US | 8.8.8.8:53 | 155.143.214.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.83.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.143.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 172.67.197.243:443 | sensitivyitszv.shop | tcp |
| US | 104.21.93.198:443 | bouncedgowp.shop | tcp |
| US | 104.21.81.196:443 | bannngwko.shop | tcp |
| US | 172.67.146.97:443 | bargainnykwo.shop | tcp |
| US | 104.21.6.254:443 | affecthorsedpo.shop | tcp |
| US | 172.67.196.169:443 | radiationnopp.shop | tcp |
| US | 104.21.44.192:443 | answerrsdo.shop | tcp |
| US | 172.67.134.88:443 | publicitttyps.shop | tcp |
| US | 104.21.81.128:443 | benchillppwo.shop | tcp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| GB | 23.214.143.155:443 | steamcommunity.com | tcp |
| US | 104.21.83.48:443 | reinforcedirectorywd.shop | tcp |
Files
\??\pipe\crashpad_3996_BPYOUXNEHRTSMEVM
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | d9f10b7d25da53cf4af08f62ba4d1eb1 |
| SHA1 | 1db1aebcd5d2013145eadbc2dea43ad89769a165 |
| SHA256 | 713f9400ba5c4dbf898c2ef793747e4c1cc4f6e0d70ea3ea32b26b80ff4de51d |
| SHA512 | 6d4ce5c4b13c875a1b1b3adf4559e1989a43e65a3585d258510fef3629e7d89f8e95c61d1461582a39f2f7e5200b107ec8a7c912325fcdbe133ad85161f24416 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 405f5648bcd16d7206eff3cd473f20af |
| SHA1 | 32bd75bbd294c1f1956fa445b35923f82264f87e |
| SHA256 | 733c2536a8fafbbda490bafef915aeaa4d4545446fc5ef236e2a3a157953f190 |
| SHA512 | dbbd14dc8f8d4c44a3056153a7b54755a0e56e94c713b0dbed7cafc20edcbcbf8a4aad516cefefffc1fe123a17a7f77689651e69c2650592189aade929192008 |
C:\Users\Admin\Downloads\git.software_v1.3.9.7z.crdownload
| MD5 | 3207a4ed7ff4c038327e18671b46a729 |
| SHA1 | 9c3df43214b54fdd365c89b0c0fecba478635775 |
| SHA256 | 134ed02afe18b6c871113ec40ade8e67497e875da6492e4a04a896ddfe498556 |
| SHA512 | 58625db8c8c6f84592c6b0c8bce689247648854898ef5cefd61c5b422b751446502a86063c8baf7b6225009e317d42c597f820dbedfba59be78479148c95ec6c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 1e86d8e5bf22b325594ab16aea706bec |
| SHA1 | f2712a82bbe0e301b9962b992b041e26c0b0100a |
| SHA256 | 0307db303e0876e3e494b66df2c827d3f5d16206428c574b3349976710c6c9b6 |
| SHA512 | d496387926512a65c4ae0a5ddd9ba738afa6f4fb749e8da8c32ac69a0be49b1c69cfb39e8c7e5a53be7b64ba61399e95feafe31a6050153c39c4cebbaf9a218c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ac6a736377068e321f092d06952a6789 |
| SHA1 | 20f50602e3472940c694ac685204fd140fa44895 |
| SHA256 | c2dfc9622e4a8b5a7758390f0f85d8d774877aeaafe10697ab5dab3d38ba8c90 |
| SHA512 | 2047518e8e3b099ceaed09812beefebe8999f20f6896111ee7cb49a6a476eaf52e9df9d4dcaf77c5aad8fb6a2752e5a0158af696a9487709583589311d81acc5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 299744f942bfbffb31143f5187c8d4b0 |
| SHA1 | 0d1ff1c17007e3d1e0e034ec882e621ca945155c |
| SHA256 | 0f4604c2cf8640f569b064ca0f6a70c828846635f172aad70b875d820f09eea0 |
| SHA512 | 7bdbdfc13b4653cae0ad3c742a844bc378be9a5c4428d0e071db63b7e7690104fec4c3ad185ae56060ed5e3ecfdd5881ca571cda31ac73cf3b6bfb5ad96e5e43 |
C:\Users\Admin\AppData\Local\Temp\7zOC5AEE748\Read me.txt
| MD5 | 1b1001b50ec2880a656a82884ea99075 |
| SHA1 | 17d5379e1443cde363639d8eb7787db842307aef |
| SHA256 | 9e47d314de104ec433194891d99eac4b24344730d4b87c5ecc85b49b0f645794 |
| SHA512 | d6e42565573e64be48741151019ba1240f8676cd8102f18fa029be91b3d315865535768d7fee783882c3be9642c818223606e2d1d352955093276498955b1777 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ed3c8846a87da368e58134a298dfc1a4 |
| SHA1 | 3b932b4c263ba2eace0c49e6c1a632bab55e0803 |
| SHA256 | 2258cb7950a7df9928ecf67deb61d419e961209f476ddb295989f7c135badaae |
| SHA512 | 94f727d281a2f8d8a80f6569a134ec1779d6fb5ae57d1bcca3c105289fbd51bda7d20f5b1478f7f1cfc4a363767a8da2589693bfa16217835b1882cb982e0120 |
memory/3292-605-0x0000021ED2410000-0x0000021ED2411000-memory.dmp
memory/3292-606-0x0000021ED2410000-0x0000021ED2411000-memory.dmp
memory/3292-607-0x0000021ED2410000-0x0000021ED2411000-memory.dmp
memory/3292-617-0x0000021ED2410000-0x0000021ED2411000-memory.dmp
memory/3292-616-0x0000021ED2410000-0x0000021ED2411000-memory.dmp
memory/3292-615-0x0000021ED2410000-0x0000021ED2411000-memory.dmp
memory/3292-614-0x0000021ED2410000-0x0000021ED2411000-memory.dmp
memory/3292-613-0x0000021ED2410000-0x0000021ED2411000-memory.dmp
memory/3292-612-0x0000021ED2410000-0x0000021ED2411000-memory.dmp
memory/3292-611-0x0000021ED2410000-0x0000021ED2411000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | b249929ad2c83c4ac0beff82bd02d85c |
| SHA1 | 320fc8e215e6eea41e2f6224af76c56aa35a704a |
| SHA256 | 784c7fda46698df2ee4e868e440a99689e193884823074fb6ee70faa71742166 |
| SHA512 | 02cb94d13cdcd825bed949e16b250f0abb2ddd7b58182beed2e7d3b18cb3c6d62c00620127f7910245d67454ba2ec2e1932ff897dbf92a8d09e11f9be93c0ad9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a372bd25d99bd59bfe7dc14de7b04809 |
| SHA1 | 499b00a9059901064041c86f79c59ec8adfd2c93 |
| SHA256 | dc30b98fe11f8c9c9fc5cf882161a6958315d6dd05ece2c56140931228e7d40b |
| SHA512 | ca271d9fe3cd088c3c95e383b02df231ba4daba202492f45469e45d17af9d3b189cb636e23bed572e1bb94e5f66bd8a3904dec1cee543ef6327e27ab8aa63a11 |
memory/4220-636-0x000002E9B1CB0000-0x000002E9B1CB1000-memory.dmp
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
| MD5 | 6bd369f7c74a28194c991ed1404da30f |
| SHA1 | 0f8e3f8ab822c9374409fe399b6bfe5d68cbd643 |
| SHA256 | 878947d0ec814fe7c343cdebc05eebf00eb14f3023bdb3809a559e17f399fe5d |
| SHA512 | 8fc5f073dc9fa1e1ae47c60a5f06e0a48709fd6a4302dffaa721858409e7bde64bc6856d3fb28891090516d1a7afc542579de287778b5755eafe75cc67d45d93 |
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
| MD5 | d2fb266b97caff2086bf0fa74eddb6b2 |
| SHA1 | 2f0061ce9c51b5b4fbab76b37fc6a540be7f805d |
| SHA256 | b09f68b61d9ff5a7c7c8b10eee9447d4813ee0e866346e629e788cd4adecb66a |
| SHA512 | c3ba95a538c1d266beb83334af755c34ce642a4178ab0f2e5f7822fd6821d3b68862a8b58f167a9294e6d913b08c1054a69b5d7aec2efdb3cf9796ed84de21a8 |
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
| MD5 | f49655f856acb8884cc0ace29216f511 |
| SHA1 | cb0f1f87ec0455ec349aaa950c600475ac7b7b6b |
| SHA256 | 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba |
| SHA512 | 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8 |
memory/4220-638-0x000002E9B1CB0000-0x000002E9B1CB1000-memory.dmp
memory/4220-637-0x000002E9B1CB0000-0x000002E9B1CB1000-memory.dmp
memory/4220-643-0x000002E9B1CB0000-0x000002E9B1CB1000-memory.dmp
memory/4220-648-0x000002E9B1CB0000-0x000002E9B1CB1000-memory.dmp
memory/4220-647-0x000002E9B1CB0000-0x000002E9B1CB1000-memory.dmp
memory/4220-646-0x000002E9B1CB0000-0x000002E9B1CB1000-memory.dmp
memory/4220-645-0x000002E9B1CB0000-0x000002E9B1CB1000-memory.dmp
memory/4220-644-0x000002E9B1CB0000-0x000002E9B1CB1000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | fb1656be15a2422379c78305f1ce937e |
| SHA1 | 4fc3d8ca502dc19255491d502157540b2d7e4524 |
| SHA256 | a9d3e93f7865cbd53dddeaa05e5dc810738d5d62d51a94e66c69cdb0609b6a00 |
| SHA512 | e4352d45faa911d98e571f5980d41e6793d4ed17a1996150d84c276d78c61a83efbdc77431725f1b0a725432fcf5972290f1d08e8718af4f5ba7d475191a8e86 |
C:\Users\Admin\Desktop\Setup\github.software.1.3.9.exe
| MD5 | 2c096c46d1011d83c1617dfc1da3c4ef |
| SHA1 | afe98a6b8d9a05b8e7eaa5d5eb36ff5abd1bf645 |
| SHA256 | 3ff74f5275a2ed06959e63a3e321d051da4d7167efc3f6f3d80fbc134a187b3c |
| SHA512 | 69cc2076efc119e4ae4ef0afe5d48ff8cbb0034caa78943f42a220a2929afd11a5d9f9a15710def565958973105d377b185d064d675d4e87a066040e7eb5b298 |
memory/4372-665-0x00007FF759CA0000-0x00007FF75B1AF000-memory.dmp
memory/3616-668-0x0000000000870000-0x00000000008C5000-memory.dmp
memory/3616-670-0x0000000000870000-0x00000000008C5000-memory.dmp
memory/4372-669-0x00007FF759CA0000-0x00007FF75B1AF000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 923be145a2c35a0067e7cc30af3cf394 |
| SHA1 | 16b8f867e00f21ded8cfb8f696336affd7f72020 |
| SHA256 | 1563283e40036936b3cbca53592af36567936dc5e06c89c0e89b904d2ef90947 |
| SHA512 | df3d7a52f15b87467ef5042e0e6df9a110f4231c3804150d5bba9e0d9aeb3c0a637935df10d16da726720ee52ea67670c3d08689054102fa7924854c6ed04f74 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | a3b370d22dd8b349a1390c62e1e889e6 |
| SHA1 | d8a6fbed2ef778693d7174891b5a16b01aaf3bbc |
| SHA256 | dcc202e8b5b9968701ccaba876f6a26a63182814a65d48e9dc60a1bd51865721 |
| SHA512 | e983cbfbefce9b5d5c749a22fdaa13014b92a3f29e688a3aefc0284fb18a01318250ec167c3f8ae7b4369df9927e85ad34032048b54bb65a13e4aa1c8834c554 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | b912ac6e3b949eb88a921b7c91c7248a |
| SHA1 | 7f196eb7bcb093ec304c011cdda056f8fea5c2c3 |
| SHA256 | 440f6adc742f2835c513b8e8e100f0573a4ab41beb403843fc235ee5d1bde012 |
| SHA512 | 9c836ab809c16b7cb6b466b46c42161be1b4800972d5ebf9c0302a193916118df089226cf84c25ebbe401e8606497d909efc37d9c4e582395fa3f0c4c0babb05 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
| MD5 | 71a06f0f86b81ee9c16062eb93f8ad5c |
| SHA1 | 55398378951975c01757aeaebac856769e448a5f |
| SHA256 | d6e1b0b6e8515fc2b02e8d94702235dc2fe0b613d294df830aaa6057ea32910e |
| SHA512 | 319246f2cda60de80cf46be2fa891d2aabb3118d9301fc1b4919f12f1a7ba37191654fc070c5083f46b5907bf2c8be1caedb44b62e8fc471acd98e6917724f2e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d5731d7e35118697577606d581f108df |
| SHA1 | bd8f266d3aeab6c2638d2148002e653545a44d91 |
| SHA256 | 44a3f09b7a4aa075d75e73faa9366e63753a4d980e9ea96ad4e01f01026c4f55 |
| SHA512 | a34e7aef580121cd8aeb5c1b38367054586b19c6574742b169cfe68231097d232076a26fabf80216f759c657d4cbf86c175f9a0a1667f2d1d043c7e5dcec6121 |
C:\Users\Admin\AppData\Local\Temp\fake_useragent_0.2.0.json
| MD5 | 0af58abd8a3fd21eb8c012a05a58ad0e |
| SHA1 | 1725c9a836ff1aa112b84cec370fa973a5e8f7ce |
| SHA256 | 12a537681364542407e0e1a7bf52d51b213335f28bf8253a4871c2599ff55602 |
| SHA512 | 51dcbcd971f9d5a1f4b0967f9f6a277af0361698d436869c0d167567d5bf4188c6cf3e3bbe1095d9901b9e5524efc0db3e59b54a0e8c191eff40956ebf211002 |
memory/2484-785-0x00000000006C0000-0x0000000000715000-memory.dmp
memory/2484-787-0x00000000006C0000-0x0000000000715000-memory.dmp
memory/4432-786-0x00007FF759CA0000-0x00007FF75B1AF000-memory.dmp