Malware Analysis Report

2024-11-30 05:27

Sample ID 240710-1t9glascmj
Target https://github.com/knightxanavsem/PremierePro2024
Tags
lumma stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://github.com/knightxanavsem/PremierePro2024 was found to be: Known bad.

Malicious Activity Summary

lumma stealer

Lumma Stealer

Executes dropped EXE

Legitimate hosting services abused for malware hosting/C2

Suspicious use of SetThreadContext

Suspicious behavior: EnumeratesProcesses

Modifies registry class

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Modifies data under HKEY_USERS

Checks SCSI registry key(s)

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-10 21:57

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-10 21:57

Reported

2024-07-10 22:00

Platform

win10v2004-20240709-uk

Max time kernel

134s

Max time network

116s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/knightxanavsem/PremierePro2024

Signatures

Lumma Stealer

stealer lumma

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\Setup\github.software.1.3.9.exe N/A
N/A N/A C:\Users\Admin\Desktop\Setup\github.software.1.3.9.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133651222831542076" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings C:\Program Files\7-Zip\7zFM.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3996 wrote to memory of 3272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3996 wrote to memory of 3272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3996 wrote to memory of 472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3996 wrote to memory of 472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3996 wrote to memory of 472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3996 wrote to memory of 472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3996 wrote to memory of 472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3996 wrote to memory of 472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3996 wrote to memory of 472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3996 wrote to memory of 472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3996 wrote to memory of 472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3996 wrote to memory of 472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3996 wrote to memory of 472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3996 wrote to memory of 472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3996 wrote to memory of 472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3996 wrote to memory of 472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3996 wrote to memory of 472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3996 wrote to memory of 472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3996 wrote to memory of 472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3996 wrote to memory of 472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3996 wrote to memory of 472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3996 wrote to memory of 472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3996 wrote to memory of 472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3996 wrote to memory of 472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3996 wrote to memory of 472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3996 wrote to memory of 472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3996 wrote to memory of 472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3996 wrote to memory of 472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3996 wrote to memory of 472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3996 wrote to memory of 472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3996 wrote to memory of 472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3996 wrote to memory of 472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3996 wrote to memory of 5072 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3996 wrote to memory of 5072 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3996 wrote to memory of 1872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3996 wrote to memory of 1872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3996 wrote to memory of 1872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3996 wrote to memory of 1872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3996 wrote to memory of 1872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3996 wrote to memory of 1872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3996 wrote to memory of 1872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3996 wrote to memory of 1872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3996 wrote to memory of 1872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3996 wrote to memory of 1872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3996 wrote to memory of 1872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3996 wrote to memory of 1872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3996 wrote to memory of 1872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3996 wrote to memory of 1872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3996 wrote to memory of 1872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3996 wrote to memory of 1872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3996 wrote to memory of 1872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3996 wrote to memory of 1872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3996 wrote to memory of 1872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3996 wrote to memory of 1872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3996 wrote to memory of 1872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3996 wrote to memory of 1872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3996 wrote to memory of 1872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3996 wrote to memory of 1872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3996 wrote to memory of 1872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3996 wrote to memory of 1872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3996 wrote to memory of 1872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3996 wrote to memory of 1872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3996 wrote to memory of 1872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3996 wrote to memory of 1872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/knightxanavsem/PremierePro2024

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fffa333cc40,0x7fffa333cc4c,0x7fffa333cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1896,i,8666039224470492011,655430454624537333,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1888 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2172,i,8666039224470492011,655430454624537333,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2160 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2236,i,8666039224470492011,655430454624537333,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2368 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3144,i,8666039224470492011,655430454624537333,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3172 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3160,i,8666039224470492011,655430454624537333,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3344 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4464,i,8666039224470492011,655430454624537333,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4728 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4668,i,8666039224470492011,655430454624537333,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4728 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\git.software_v1.3.9.7z"

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\7zOC5AEE748\Read me.txt

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /1

C:\Users\Admin\Desktop\Setup\github.software.1.3.9.exe

"C:\Users\Admin\Desktop\Setup\github.software.1.3.9.exe"

C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

C:\Users\Admin\Desktop\Setup\github.software.1.3.9.exe

"C:\Users\Admin\Desktop\Setup\github.software.1.3.9.exe"

C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 185.199.110.133:443 user-images.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.187.234:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 154.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 api.github.com udp
US 140.82.112.21:443 collector.github.com tcp
US 140.82.112.21:443 collector.github.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
GB 142.250.187.234:443 content-autofill.googleapis.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 202.110.86.104.in-addr.arpa udp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 21.112.82.140.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 185.199.108.133:443 objects.githubusercontent.com tcp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 121.170.16.2.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 227.66.18.2.in-addr.arpa udp
US 8.8.8.8:53 sensitivyitszv.shop udp
US 172.67.197.243:443 sensitivyitszv.shop tcp
US 8.8.8.8:53 bouncedgowp.shop udp
US 104.21.93.198:443 bouncedgowp.shop tcp
US 8.8.8.8:53 bannngwko.shop udp
US 104.21.81.196:443 bannngwko.shop tcp
US 8.8.8.8:53 bargainnykwo.shop udp
US 8.8.8.8:53 243.197.67.172.in-addr.arpa udp
US 8.8.8.8:53 198.93.21.104.in-addr.arpa udp
US 8.8.8.8:53 196.81.21.104.in-addr.arpa udp
US 172.67.146.97:443 bargainnykwo.shop tcp
US 8.8.8.8:53 affecthorsedpo.shop udp
US 104.21.6.254:443 affecthorsedpo.shop tcp
US 8.8.8.8:53 radiationnopp.shop udp
US 172.67.196.169:443 radiationnopp.shop tcp
US 8.8.8.8:53 answerrsdo.shop udp
US 104.21.44.192:443 answerrsdo.shop tcp
US 8.8.8.8:53 97.146.67.172.in-addr.arpa udp
US 8.8.8.8:53 254.6.21.104.in-addr.arpa udp
US 8.8.8.8:53 169.196.67.172.in-addr.arpa udp
US 8.8.8.8:53 publicitttyps.shop udp
US 172.67.134.88:443 publicitttyps.shop tcp
US 8.8.8.8:53 benchillppwo.shop udp
US 104.21.81.128:443 benchillppwo.shop tcp
US 8.8.8.8:53 steamcommunity.com udp
GB 23.214.143.155:443 steamcommunity.com tcp
US 8.8.8.8:53 192.44.21.104.in-addr.arpa udp
US 8.8.8.8:53 88.134.67.172.in-addr.arpa udp
US 8.8.8.8:53 128.81.21.104.in-addr.arpa udp
US 8.8.8.8:53 reinforcedirectorywd.shop udp
US 104.21.83.48:443 reinforcedirectorywd.shop tcp
US 8.8.8.8:53 155.143.214.23.in-addr.arpa udp
US 8.8.8.8:53 48.83.21.104.in-addr.arpa udp
US 8.8.8.8:53 233.143.123.92.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 172.67.197.243:443 sensitivyitszv.shop tcp
US 104.21.93.198:443 bouncedgowp.shop tcp
US 104.21.81.196:443 bannngwko.shop tcp
US 172.67.146.97:443 bargainnykwo.shop tcp
US 104.21.6.254:443 affecthorsedpo.shop tcp
US 172.67.196.169:443 radiationnopp.shop tcp
US 104.21.44.192:443 answerrsdo.shop tcp
US 172.67.134.88:443 publicitttyps.shop tcp
US 104.21.81.128:443 benchillppwo.shop tcp
US 8.8.8.8:53 steamcommunity.com udp
GB 23.214.143.155:443 steamcommunity.com tcp
US 104.21.83.48:443 reinforcedirectorywd.shop tcp

Files

\??\pipe\crashpad_3996_BPYOUXNEHRTSMEVM

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 d9f10b7d25da53cf4af08f62ba4d1eb1
SHA1 1db1aebcd5d2013145eadbc2dea43ad89769a165
SHA256 713f9400ba5c4dbf898c2ef793747e4c1cc4f6e0d70ea3ea32b26b80ff4de51d
SHA512 6d4ce5c4b13c875a1b1b3adf4559e1989a43e65a3585d258510fef3629e7d89f8e95c61d1461582a39f2f7e5200b107ec8a7c912325fcdbe133ad85161f24416

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 405f5648bcd16d7206eff3cd473f20af
SHA1 32bd75bbd294c1f1956fa445b35923f82264f87e
SHA256 733c2536a8fafbbda490bafef915aeaa4d4545446fc5ef236e2a3a157953f190
SHA512 dbbd14dc8f8d4c44a3056153a7b54755a0e56e94c713b0dbed7cafc20edcbcbf8a4aad516cefefffc1fe123a17a7f77689651e69c2650592189aade929192008

C:\Users\Admin\Downloads\git.software_v1.3.9.7z.crdownload

MD5 3207a4ed7ff4c038327e18671b46a729
SHA1 9c3df43214b54fdd365c89b0c0fecba478635775
SHA256 134ed02afe18b6c871113ec40ade8e67497e875da6492e4a04a896ddfe498556
SHA512 58625db8c8c6f84592c6b0c8bce689247648854898ef5cefd61c5b422b751446502a86063c8baf7b6225009e317d42c597f820dbedfba59be78479148c95ec6c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1e86d8e5bf22b325594ab16aea706bec
SHA1 f2712a82bbe0e301b9962b992b041e26c0b0100a
SHA256 0307db303e0876e3e494b66df2c827d3f5d16206428c574b3349976710c6c9b6
SHA512 d496387926512a65c4ae0a5ddd9ba738afa6f4fb749e8da8c32ac69a0be49b1c69cfb39e8c7e5a53be7b64ba61399e95feafe31a6050153c39c4cebbaf9a218c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ac6a736377068e321f092d06952a6789
SHA1 20f50602e3472940c694ac685204fd140fa44895
SHA256 c2dfc9622e4a8b5a7758390f0f85d8d774877aeaafe10697ab5dab3d38ba8c90
SHA512 2047518e8e3b099ceaed09812beefebe8999f20f6896111ee7cb49a6a476eaf52e9df9d4dcaf77c5aad8fb6a2752e5a0158af696a9487709583589311d81acc5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 299744f942bfbffb31143f5187c8d4b0
SHA1 0d1ff1c17007e3d1e0e034ec882e621ca945155c
SHA256 0f4604c2cf8640f569b064ca0f6a70c828846635f172aad70b875d820f09eea0
SHA512 7bdbdfc13b4653cae0ad3c742a844bc378be9a5c4428d0e071db63b7e7690104fec4c3ad185ae56060ed5e3ecfdd5881ca571cda31ac73cf3b6bfb5ad96e5e43

C:\Users\Admin\AppData\Local\Temp\7zOC5AEE748\Read me.txt

MD5 1b1001b50ec2880a656a82884ea99075
SHA1 17d5379e1443cde363639d8eb7787db842307aef
SHA256 9e47d314de104ec433194891d99eac4b24344730d4b87c5ecc85b49b0f645794
SHA512 d6e42565573e64be48741151019ba1240f8676cd8102f18fa029be91b3d315865535768d7fee783882c3be9642c818223606e2d1d352955093276498955b1777

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ed3c8846a87da368e58134a298dfc1a4
SHA1 3b932b4c263ba2eace0c49e6c1a632bab55e0803
SHA256 2258cb7950a7df9928ecf67deb61d419e961209f476ddb295989f7c135badaae
SHA512 94f727d281a2f8d8a80f6569a134ec1779d6fb5ae57d1bcca3c105289fbd51bda7d20f5b1478f7f1cfc4a363767a8da2589693bfa16217835b1882cb982e0120

memory/3292-605-0x0000021ED2410000-0x0000021ED2411000-memory.dmp

memory/3292-606-0x0000021ED2410000-0x0000021ED2411000-memory.dmp

memory/3292-607-0x0000021ED2410000-0x0000021ED2411000-memory.dmp

memory/3292-617-0x0000021ED2410000-0x0000021ED2411000-memory.dmp

memory/3292-616-0x0000021ED2410000-0x0000021ED2411000-memory.dmp

memory/3292-615-0x0000021ED2410000-0x0000021ED2411000-memory.dmp

memory/3292-614-0x0000021ED2410000-0x0000021ED2411000-memory.dmp

memory/3292-613-0x0000021ED2410000-0x0000021ED2411000-memory.dmp

memory/3292-612-0x0000021ED2410000-0x0000021ED2411000-memory.dmp

memory/3292-611-0x0000021ED2410000-0x0000021ED2411000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b249929ad2c83c4ac0beff82bd02d85c
SHA1 320fc8e215e6eea41e2f6224af76c56aa35a704a
SHA256 784c7fda46698df2ee4e868e440a99689e193884823074fb6ee70faa71742166
SHA512 02cb94d13cdcd825bed949e16b250f0abb2ddd7b58182beed2e7d3b18cb3c6d62c00620127f7910245d67454ba2ec2e1932ff897dbf92a8d09e11f9be93c0ad9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a372bd25d99bd59bfe7dc14de7b04809
SHA1 499b00a9059901064041c86f79c59ec8adfd2c93
SHA256 dc30b98fe11f8c9c9fc5cf882161a6958315d6dd05ece2c56140931228e7d40b
SHA512 ca271d9fe3cd088c3c95e383b02df231ba4daba202492f45469e45d17af9d3b189cb636e23bed572e1bb94e5f66bd8a3904dec1cee543ef6327e27ab8aa63a11

memory/4220-636-0x000002E9B1CB0000-0x000002E9B1CB1000-memory.dmp

C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

MD5 6bd369f7c74a28194c991ed1404da30f
SHA1 0f8e3f8ab822c9374409fe399b6bfe5d68cbd643
SHA256 878947d0ec814fe7c343cdebc05eebf00eb14f3023bdb3809a559e17f399fe5d
SHA512 8fc5f073dc9fa1e1ae47c60a5f06e0a48709fd6a4302dffaa721858409e7bde64bc6856d3fb28891090516d1a7afc542579de287778b5755eafe75cc67d45d93

C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

MD5 d2fb266b97caff2086bf0fa74eddb6b2
SHA1 2f0061ce9c51b5b4fbab76b37fc6a540be7f805d
SHA256 b09f68b61d9ff5a7c7c8b10eee9447d4813ee0e866346e629e788cd4adecb66a
SHA512 c3ba95a538c1d266beb83334af755c34ce642a4178ab0f2e5f7822fd6821d3b68862a8b58f167a9294e6d913b08c1054a69b5d7aec2efdb3cf9796ed84de21a8

C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

memory/4220-638-0x000002E9B1CB0000-0x000002E9B1CB1000-memory.dmp

memory/4220-637-0x000002E9B1CB0000-0x000002E9B1CB1000-memory.dmp

memory/4220-643-0x000002E9B1CB0000-0x000002E9B1CB1000-memory.dmp

memory/4220-648-0x000002E9B1CB0000-0x000002E9B1CB1000-memory.dmp

memory/4220-647-0x000002E9B1CB0000-0x000002E9B1CB1000-memory.dmp

memory/4220-646-0x000002E9B1CB0000-0x000002E9B1CB1000-memory.dmp

memory/4220-645-0x000002E9B1CB0000-0x000002E9B1CB1000-memory.dmp

memory/4220-644-0x000002E9B1CB0000-0x000002E9B1CB1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fb1656be15a2422379c78305f1ce937e
SHA1 4fc3d8ca502dc19255491d502157540b2d7e4524
SHA256 a9d3e93f7865cbd53dddeaa05e5dc810738d5d62d51a94e66c69cdb0609b6a00
SHA512 e4352d45faa911d98e571f5980d41e6793d4ed17a1996150d84c276d78c61a83efbdc77431725f1b0a725432fcf5972290f1d08e8718af4f5ba7d475191a8e86

C:\Users\Admin\Desktop\Setup\github.software.1.3.9.exe

MD5 2c096c46d1011d83c1617dfc1da3c4ef
SHA1 afe98a6b8d9a05b8e7eaa5d5eb36ff5abd1bf645
SHA256 3ff74f5275a2ed06959e63a3e321d051da4d7167efc3f6f3d80fbc134a187b3c
SHA512 69cc2076efc119e4ae4ef0afe5d48ff8cbb0034caa78943f42a220a2929afd11a5d9f9a15710def565958973105d377b185d064d675d4e87a066040e7eb5b298

memory/4372-665-0x00007FF759CA0000-0x00007FF75B1AF000-memory.dmp

memory/3616-668-0x0000000000870000-0x00000000008C5000-memory.dmp

memory/3616-670-0x0000000000870000-0x00000000008C5000-memory.dmp

memory/4372-669-0x00007FF759CA0000-0x00007FF75B1AF000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 923be145a2c35a0067e7cc30af3cf394
SHA1 16b8f867e00f21ded8cfb8f696336affd7f72020
SHA256 1563283e40036936b3cbca53592af36567936dc5e06c89c0e89b904d2ef90947
SHA512 df3d7a52f15b87467ef5042e0e6df9a110f4231c3804150d5bba9e0d9aeb3c0a637935df10d16da726720ee52ea67670c3d08689054102fa7924854c6ed04f74

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 a3b370d22dd8b349a1390c62e1e889e6
SHA1 d8a6fbed2ef778693d7174891b5a16b01aaf3bbc
SHA256 dcc202e8b5b9968701ccaba876f6a26a63182814a65d48e9dc60a1bd51865721
SHA512 e983cbfbefce9b5d5c749a22fdaa13014b92a3f29e688a3aefc0284fb18a01318250ec167c3f8ae7b4369df9927e85ad34032048b54bb65a13e4aa1c8834c554

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b912ac6e3b949eb88a921b7c91c7248a
SHA1 7f196eb7bcb093ec304c011cdda056f8fea5c2c3
SHA256 440f6adc742f2835c513b8e8e100f0573a4ab41beb403843fc235ee5d1bde012
SHA512 9c836ab809c16b7cb6b466b46c42161be1b4800972d5ebf9c0302a193916118df089226cf84c25ebbe401e8606497d909efc37d9c4e582395fa3f0c4c0babb05

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 71a06f0f86b81ee9c16062eb93f8ad5c
SHA1 55398378951975c01757aeaebac856769e448a5f
SHA256 d6e1b0b6e8515fc2b02e8d94702235dc2fe0b613d294df830aaa6057ea32910e
SHA512 319246f2cda60de80cf46be2fa891d2aabb3118d9301fc1b4919f12f1a7ba37191654fc070c5083f46b5907bf2c8be1caedb44b62e8fc471acd98e6917724f2e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d5731d7e35118697577606d581f108df
SHA1 bd8f266d3aeab6c2638d2148002e653545a44d91
SHA256 44a3f09b7a4aa075d75e73faa9366e63753a4d980e9ea96ad4e01f01026c4f55
SHA512 a34e7aef580121cd8aeb5c1b38367054586b19c6574742b169cfe68231097d232076a26fabf80216f759c657d4cbf86c175f9a0a1667f2d1d043c7e5dcec6121

C:\Users\Admin\AppData\Local\Temp\fake_useragent_0.2.0.json

MD5 0af58abd8a3fd21eb8c012a05a58ad0e
SHA1 1725c9a836ff1aa112b84cec370fa973a5e8f7ce
SHA256 12a537681364542407e0e1a7bf52d51b213335f28bf8253a4871c2599ff55602
SHA512 51dcbcd971f9d5a1f4b0967f9f6a277af0361698d436869c0d167567d5bf4188c6cf3e3bbe1095d9901b9e5524efc0db3e59b54a0e8c191eff40956ebf211002

memory/2484-785-0x00000000006C0000-0x0000000000715000-memory.dmp

memory/2484-787-0x00000000006C0000-0x0000000000715000-memory.dmp

memory/4432-786-0x00007FF759CA0000-0x00007FF75B1AF000-memory.dmp