Malware Analysis Report

2024-11-13 14:05

Sample ID 240225-2rhfrsee64
Target 1nstaller.exe
SHA256 a32091f0369a7cf43e1d12cb0bbaf4263d6aeff67331046e507ca16f85b470f1
Tags
lumma stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

a32091f0369a7cf43e1d12cb0bbaf4263d6aeff67331046e507ca16f85b470f1

Threat Level: Known bad

The file 1nstaller.exe was found to be: Known bad.

Malicious Activity Summary

lumma stealer

Lumma Stealer

Suspicious use of SetThreadContext

Program crash

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-25 22:48

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-25 22:48

Reported

2024-02-25 22:51

Platform

win7-20240221-en

Max time kernel

52s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1nstaller.exe"

Signatures

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 3040 set thread context of 2248 N/A C:\Users\Admin\AppData\Local\Temp\1nstaller.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3040 wrote to memory of 2248 N/A C:\Users\Admin\AppData\Local\Temp\1nstaller.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 3040 wrote to memory of 2248 N/A C:\Users\Admin\AppData\Local\Temp\1nstaller.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 3040 wrote to memory of 2248 N/A C:\Users\Admin\AppData\Local\Temp\1nstaller.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 3040 wrote to memory of 2248 N/A C:\Users\Admin\AppData\Local\Temp\1nstaller.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 3040 wrote to memory of 2248 N/A C:\Users\Admin\AppData\Local\Temp\1nstaller.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 3040 wrote to memory of 2248 N/A C:\Users\Admin\AppData\Local\Temp\1nstaller.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 3040 wrote to memory of 2248 N/A C:\Users\Admin\AppData\Local\Temp\1nstaller.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 3040 wrote to memory of 2248 N/A C:\Users\Admin\AppData\Local\Temp\1nstaller.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 3040 wrote to memory of 2248 N/A C:\Users\Admin\AppData\Local\Temp\1nstaller.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 3040 wrote to memory of 2248 N/A C:\Users\Admin\AppData\Local\Temp\1nstaller.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 3040 wrote to memory of 2248 N/A C:\Users\Admin\AppData\Local\Temp\1nstaller.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 3040 wrote to memory of 2248 N/A C:\Users\Admin\AppData\Local\Temp\1nstaller.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 3040 wrote to memory of 2248 N/A C:\Users\Admin\AppData\Local\Temp\1nstaller.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 2248 wrote to memory of 2644 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\SysWOW64\WerFault.exe
PID 2248 wrote to memory of 2644 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\SysWOW64\WerFault.exe
PID 2248 wrote to memory of 2644 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\SysWOW64\WerFault.exe
PID 2248 wrote to memory of 2644 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\SysWOW64\WerFault.exe
PID 3004 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2924 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2924 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2924 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2924 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2924 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2924 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2924 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2924 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2924 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2924 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2924 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2924 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2924 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2924 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2924 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2924 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2924 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2924 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2924 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2924 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2924 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2924 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2924 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2924 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2924 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2924 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2924 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2924 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2924 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2924 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2924 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2924 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2924 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2924 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2924 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2924 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2924 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2924 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2924 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2744 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3004 wrote to memory of 2744 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\1nstaller.exe

"C:\Users\Admin\AppData\Local\Temp\1nstaller.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 260

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef68f9758,0x7fef68f9768,0x7fef68f9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1128 --field-trial-handle=1376,i,15338515195827220598,4219596897705939829,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1444 --field-trial-handle=1376,i,15338515195827220598,4219596897705939829,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1616 --field-trial-handle=1376,i,15338515195827220598,4219596897705939829,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2148 --field-trial-handle=1376,i,15338515195827220598,4219596897705939829,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2156 --field-trial-handle=1376,i,15338515195827220598,4219596897705939829,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1576 --field-trial-handle=1376,i,15338515195827220598,4219596897705939829,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1432 --field-trial-handle=1376,i,15338515195827220598,4219596897705939829,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3652 --field-trial-handle=1376,i,15338515195827220598,4219596897705939829,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3780 --field-trial-handle=1376,i,15338515195827220598,4219596897705939829,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=1812 --field-trial-handle=1376,i,15338515195827220598,4219596897705939829,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3388 --field-trial-handle=1376,i,15338515195827220598,4219596897705939829,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1048 --field-trial-handle=1376,i,15338515195827220598,4219596897705939829,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2204 --field-trial-handle=1376,i,15338515195827220598,4219596897705939829,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1508 --field-trial-handle=1376,i,15338515195827220598,4219596897705939829,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3420 --field-trial-handle=1376,i,15338515195827220598,4219596897705939829,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3192 --field-trial-handle=1376,i,15338515195827220598,4219596897705939829,131072 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 216.58.212.202:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 consent.google.com udp
GB 142.250.178.14:443 consent.google.com tcp
US 8.8.8.8:53 apis.google.com udp
GB 216.58.213.14:443 apis.google.com tcp
GB 216.58.212.202:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 dotnet.microsoft.com udp
US 13.107.246.64:443 dotnet.microsoft.com tcp
US 13.107.246.64:443 dotnet.microsoft.com tcp
GB 216.58.213.3:80 www.gstatic.com tcp
US 13.107.246.64:443 dotnet.microsoft.com tcp
US 13.107.246.64:443 dotnet.microsoft.com tcp
US 13.107.246.64:443 dotnet.microsoft.com tcp
US 8.8.8.8:53 js.monitor.azure.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 13.107.253.64:443 js.monitor.azure.com tcp
GB 104.78.177.227:443 www.microsoft.com tcp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
GB 104.78.177.227:443 www.microsoft.com tcp
US 8.8.8.8:53 microsoftmscompoc.tt.omtrdc.net udp
US 8.8.8.8:53 target.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.253.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 w.usabilla.com udp
IE 52.19.144.207:443 w.usabilla.com tcp
US 13.107.253.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 westus2-0.in.applicationinsights.azure.com udp
US 20.9.155.145:443 westus2-0.in.applicationinsights.azure.com tcp
US 8.8.8.8:53 d6tizftlrpuof.cloudfront.net udp
US 18.239.190.106:443 d6tizftlrpuof.cloudfront.net tcp
US 13.107.253.64:443 wcpstatic.microsoft.com tcp
GB 104.78.177.227:443 www.microsoft.com tcp
US 13.107.253.64:443 wcpstatic.microsoft.com tcp
GB 104.78.177.227:443 www.microsoft.com tcp
US 13.107.253.64:443 wcpstatic.microsoft.com tcp
US 20.9.155.145:443 westus2-0.in.applicationinsights.azure.com tcp
US 13.107.253.64:443 wcpstatic.microsoft.com tcp
GB 104.78.177.227:443 www.microsoft.com tcp
US 13.107.253.64:443 wcpstatic.microsoft.com tcp
GB 104.78.177.227:443 www.microsoft.com tcp
US 13.107.253.64:443 wcpstatic.microsoft.com tcp
US 20.9.155.145:443 westus2-0.in.applicationinsights.azure.com tcp
US 8.8.8.8:53 en.wikipedia.org udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
NL 185.15.59.224:443 en.wikipedia.org tcp
NL 185.15.59.224:443 en.wikipedia.org tcp
US 8.8.8.8:53 upload.wikimedia.org udp
US 8.8.8.8:53 meta.wikimedia.org udp
US 8.8.8.8:53 login.wikimedia.org udp
NL 185.15.59.240:443 upload.wikimedia.org tcp
NL 185.15.59.240:443 upload.wikimedia.org tcp
NL 185.15.59.240:443 upload.wikimedia.org tcp
NL 185.15.59.240:443 upload.wikimedia.org tcp
NL 185.15.59.240:443 upload.wikimedia.org tcp
NL 185.15.59.240:443 upload.wikimedia.org tcp
GB 216.58.212.202:443 content-autofill.googleapis.com udp

Files

memory/3040-0-0x0000000000A60000-0x0000000000AAE000-memory.dmp

memory/3040-1-0x0000000074150000-0x000000007483E000-memory.dmp

memory/3040-4-0x0000000002200000-0x0000000004200000-memory.dmp

memory/2248-5-0x0000000000400000-0x0000000000446000-memory.dmp

memory/2248-7-0x0000000000400000-0x0000000000446000-memory.dmp

memory/2248-9-0x0000000000400000-0x0000000000446000-memory.dmp

memory/2248-10-0x0000000000400000-0x0000000000446000-memory.dmp

memory/2248-11-0x0000000000400000-0x0000000000446000-memory.dmp

memory/2248-14-0x0000000000400000-0x0000000000446000-memory.dmp

memory/2248-12-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

memory/2248-17-0x0000000000400000-0x0000000000446000-memory.dmp

memory/3040-18-0x0000000074150000-0x000000007483E000-memory.dmp

memory/2248-19-0x0000000000400000-0x0000000000446000-memory.dmp

\??\pipe\crashpad_3004_JIEDJEWWAYSQRAGZ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

MD5 873734b55d4c7d35a177c8318b0caec7
SHA1 469b913b09ea5b55e60098c95120cc9b935ddb28
SHA256 4ee3aa3dc43cb3ef3f6bfb91ed8214659e9c2600a45bee9728ebbcb6f33b088d
SHA512 24f05ed981e994475879ca2221b6948418c4412063b9c07f46b8de581047ddd5d73401562fa9ee54d4ce5f97a6288c54eac5de0ca29b1bb5797bdac5a1b30308

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5e5209bbce9b878e6ac9ac8f5156fb2b
SHA1 66d4d27203c948017c0d5d15148424ba547879e2
SHA256 20aeb8fd6d227ae69bc80a5dd5f344c969cc2f9a6eaf540cc69f8ef7dc25613c
SHA512 464b2ca2eecd3db58b58fe1ec90f9c731337a872663b3a6e9e6323f4aedd74607dc92e2e7e8daff9b01ddc340f781fe36d851c546c5867eef1699dd279bc5ab6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d1a8d1fae074a8b970253960b3911d78
SHA1 b273e3ecce7170e54b721f3aae9572e3877e6c15
SHA256 86b8694322fb207646ba5be2bb9ff6282d4289bcb409ec1ffac247f11ace56d2
SHA512 abd8dbdb61e8504592c6039ca1a7a14408e53516de4bf2f523c4b9311b1f33a89cf7b3b8f10c19bc08e3f5f1bb76685a27ccef0772061117010ad2debb94578b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ffbf63ec9167b83da3f167188d839055
SHA1 b9201612024b6c090f9a435918af2092f39ddc75
SHA256 5f641f14ca6e9baab67373ca81b61802de58f0dfd3287764a549a016933c4731
SHA512 bd4443ba542a9858eb56be2f6551f07ff10989275fef61e82eece49af7fa3b5fd03edc46418bf7e5970eb961fc5c22e9151a3f3845416a14de1c1dafce04e894

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 68627fd0c235d41cdd020fa7cbfd2266
SHA1 5f73a8dcb8973e4712e41f881a2ff810bdef9e15
SHA256 cc885e0093f0c0f7f96f8da62b748b9306c1020e388528cf738fab0ea03f8a0e
SHA512 776ea2e5be348d81a297f20a8783a26cc6c783fb230b5b2a3dca0ccee1add141c92cc5184f2ee0f089c7588e05ef8214b4eff93275a49303ed2bc64ffaa027ea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d6ecfcbefb4932929a44533ad25499fb
SHA1 5e5cdef66c3aa152d6135a297ebd868809e7dfd0
SHA256 1b42eb32ab20996fbaa0bf3bdd780053f59c047ae1467b4cc373ffbae2742239
SHA512 20e396397ac5211ef40ed046e14506608448c50fb4573b66a445ea24a7b3ab5793f77ae7e4f32e9f51bb3aacdf8aa02a395d0d6482cf36b5e98654f41db4ff81

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 29d90679c96a73439b8d5b817aacd033
SHA1 1de54c781347cb58427c2ad2a0ed2c462a7ce94b
SHA256 1c417eb1ea16ab8974628a4438b655107ed71b1167dec50bdc9fc8b2418b3e55
SHA512 d0fae9345a64ab7a2060bb77c560fab2ab6ebd6f0383e895a035468cff91c5e827b7d84c6eec6fb73e7bfa7207afffcb4b1f4905da3d18cf1c159baca06433b4

C:\Users\Admin\AppData\Local\Temp\Cab954F.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar95CF.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9a9c8d3b085b4c9caed0d500fb8486f2
SHA1 d9d37b4564603b25e93068395aebe2be799b893d
SHA256 935bb6b01bfa1e2807423dad92d67c1355c30f069594d154ec27201a6c7583e1
SHA512 faed8bdcb8508232d622dfa4928aa714169523b295a16d5439e62895959f5ea7f7dd1329b8773619162fe63c006ea4967bde48f80847af2c28468d44f7809fca

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d42736e6e0ef61ab1f9735dd28cfc1f6
SHA1 af8df55a11877fedb8c055364478d6e8d4f1f5c1
SHA256 a9cb00c7b8d5d56a0701ed73260a396abe63c883fe7d4ec25edebc583dea6f38
SHA512 b812324451664f3308ec30a4958ac86dcb5787e079b0d35f9d527e1cb6a3ba2d7b1d36373b21bffd83bba8f41a2ad61d371d3e3867a17a5ba27f2528663564d1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5351ff4bbb594f2435de3a24405fca91
SHA1 a9ae2cb9595fc9b27ef7baafce0756e6a488926d
SHA256 0f43a583d1080776923f56f08dbab1b8debc3343f0b12669f7693afa6ab86348
SHA512 f6f7b4a8c3b0ac308be883c8b72122ff7ba92d99b98a0822cb6c15c4e91cb3794983e023f633e9d53c2901baeb3e24a25b9ce2c361d6e24fa84783431d363d9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9f0cfb1250d24a87b0936d972f5b6904
SHA1 ec37ea9fdfa702c4b917ecaa7788e9de5b26d0ee
SHA256 5a500818cefe519f3489d13f57f2de6ca1e438e490f68e8e2b43bbddb9693240
SHA512 a64cd073c84c8d3978bb4d5a8b1d06a0352317306bee2a9d0546b5f89653814e4061dd002ce45fa30bd04322cc6237a1b3a04a7241a1a0dab9946924bf02dd36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 883feb895a3e5607cd70c47b7ba5e3bb
SHA1 3e1a288f851ba9611ba3f724604b9acf982b2968
SHA256 b81f7f5d87b60076769444abfe95bca04f4077db1f5546704e7229d572f67384
SHA512 d5232ee17ff4ccb0c781776938da2d9a08744b806ca6ec04d7b4e87ad9c182b80b9edbb4fa6d2f4c41895e8d7708808541df0300d8ce4486467d22c22144428b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 85c918e4d08678dd3c0fe078f9d830be
SHA1 26dde9ac03821dcd8f89ff0579b204ca710f65ac
SHA256 bf62932646b72fbba83e9796e85ae4ad6adb502c09d30f1597cc0b2d720ea39e
SHA512 aa1de14b36e34e236a271b21e367589f1ac25711a7d8207714110664880ff5d0c64b7f13b22a1dca9873edf5feddfa18d12d6ace67e984ff5ab6979d6563ecd7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aa679308c95e8c388a8de96bc03b68de
SHA1 b976f2d7f1690cb1e1b0e12e5482d093cefb9530
SHA256 f8ba9a56a3cfd6d42adb22bc245df3c3e51cb2c4484dbab50edaa1ff55f17006
SHA512 4e596e59a7cec0c6a9a6a9000efe92e4491b058b7aeabf253d204de41da180c7b221c5bb441407c22de2815853e7912a0f7282315d0e617be3d4716aca6071ca

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fb6c5d772e2077c12775762de944d124
SHA1 d048b571eb48066e7be9c5df5cba766dfa865752
SHA256 6dd0567955662069f6f4b4b6ea9e8e99f691ec8e86f759120dc0a052ba0842b7
SHA512 02cb6a7b6e6b35118b764b922863257b96a317c38cf4d299c4617b355ccc4c4b323ae49635019480ddd62409d530d7398b1ad6536ae758ad2dca2178ae3bc5f7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 667c196a267734aff893657e0aeea4c3
SHA1 363f7a39a914f14df336a6cda335b9c7ed2b5652
SHA256 583c49e364a968936cbaad9a3e7f73fd880cb475ad8176e8c0f8a83a336c56da
SHA512 d11e0875550ddd80fce1f5f0d2e4cb670dea5905da7467b83c4a7a602a7b73545ff59507594d86b3a718b7399af153ce386bc728b7f16827be49028ac30afad1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 315bbeab7670e3496c3f43ca843e87b4
SHA1 e382854d84adedd0d61505c60e4743b1a9a137f8
SHA256 464256d5dc8ac8178278e66702dce8007fc068fbf32c6a764a6b45f699444eae
SHA512 f0a4eae3fc738b2e521a6803b5a5fb2eff51d0166dd676239ae39cd587fa2dc6bcf46ac3ea4e0b2a3d5101ab1bd58cb9fd5097e71db1ff5a651790386961be0e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e309d59e393d524dc78b9db8542bad88
SHA1 c17c186b8895d5e6d06c2444e0171452f2718d67
SHA256 374c4c87aecdb43b648805edbcc0d651cc5ff8ef6f286f3dac3f4ce5d081d184
SHA512 b14818a85a22d1c69db8e57e91c2397d77bdb7edccc0a23624b14a6b3eb922182bc1f11b16e8327f555114a10cf0c53450a03c00ee8e773569bf35dffd55e504

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 07be6d6641d9d4aafafae1eecdba4ab5
SHA1 83b72a730b9b0a6205ba1b09d4c1da7c8bc15fe4
SHA256 c4c0595dc76fd2f9d8af2e2c704a47b3201c71b530cd6648241d326c3ba5f7d4
SHA512 dad14850bad944af500e25001a4413dbe4f7519b4a1af785cc6195ce21a4c66a5943d61a026bd0e1f879a3d6d1f728f4ca49cb270c01994106c64b93dcdc67fe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ad4bc29a09a373b4767f7a8b919916f1
SHA1 e91596a9c6a129626b353ae2b4bfee569c030b8e
SHA256 6a6ff9517df6d28e44a99912dcdf9dbfce83fe31f2308bd74532ae6b778a910e
SHA512 0ae09e9e5038a345dc9985781a51e5e845b5d4ffbd0e93e4161bd672232e061c36ee31591919d79b94a7f248fdf180ccbcbfbdaec663c79291e2bb15680ef2d8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7455382f4f22653b84b5bfe49fe770ed
SHA1 191f7441e643113449daaee62875aca288e80db0
SHA256 d0a464d38171d9c6354accc6fbd1e78769e31a4147272e77855bfdb6a908c488
SHA512 2f2be756acae9d6ff84173219bb0dc68e6aeb4147f65c86b7236f800bf3bb15886963a15a690fb8b1e981e8eae471138b988f44fda055ea03710336368e3193b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ed88545c0e2c9c1fd88792ec0cf4d244
SHA1 8c0f00e785a77e059e13f4e83cbcca1bcfc4adec
SHA256 1b8f1b5a322aa4d180faee727e46dda4383390fd26b48448f63927b6d525ae39
SHA512 f79d7808eb29c19a6e5a8a9b74cebd075e3087ca13e34cc7e044e342688213cf4c9e4d2177d8b959d02dbd44e854b62045f0685c3cf258a1c3af4beb1033549a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\21670af1-73da-4f73-aee3-23684f55e942.tmp

MD5 0f1e5701d2c5631eeb0c871fa1326c76
SHA1 d08ff1833a51d80f28e7863df43e8e3e30b37211
SHA256 bc27a9cf9cdf87254450e1409b0b5549865446f071946257835e0c29797df5ba
SHA512 b3a3f78dc470caa3507a3565d83c06381d503833edb43725e417506b6365045efbc628955ed2d06b387e5be730994603fa1d1d523207ac0eee2ad8ae96a53c9a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0b1d6998c213968f8f0fb2a4798867dd
SHA1 ca51a6f0a82ca9e90d8f39a9b7ceb1cae815a51e
SHA256 bff6d8b4a6e254a8c9c8fc32ab8077dc8d2fb519b4c1d9ad9239a64863a9a46c
SHA512 b0e4e2a2427f85270f3b0126c193dc1c69c888223aa96ac186c9b5219f8e600c9bbc69bb4efca41b06449f52acc06a66e9e966591c2f6c981f3f606543454d24

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 eeaf80302235c0e9a016a3cb826f675d
SHA1 f61875dabc96cc427cbabc5fc9c536398e987e5e
SHA256 5ab3696841eeec2e2bb2493cfc2a756f7d173043f7d1758dae0f97528e7c2eae
SHA512 89487ae3d776ea3d7348b7fbf0edcd967b46782aa82a10b60f3db8993927bcab4b75a02c39aa27edae2d058914df488541b047fcf5b3c692a3a11a8c4b3b43a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 98c22ccce1b9babbb7bae5fbd044036f
SHA1 c3310b54402dc35309308d92c385018f07fd5791
SHA256 681ad03a767bd5e11ab9376b9d5730199868b43a2065c134a782e09cd7552066
SHA512 b945a47854795ab8bfbf9774c3b35c81bb6f00d34e919ac8aa316dde3e2058277aee4c3d6b90409033da1f3b2e863f9e41901d6d01ad43c4807fc3b830dd24e6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 37ff19acf0853270793617e1f5d58090
SHA1 12f6dd9c14622966e064c7c1ab4963b50d41f00e
SHA256 1a85b6324da2740b01ab3ca54ecee5943beee16bbd40551af0f540efd7a2224d
SHA512 832602b13044dbd7fc01531e50ef3fd0166eea21bcaa20f6a2a27b805fad9ccd1225b88c1a10800f84214fc03a4d20c340e425911f48a8967dfa2b111be75731

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-25 22:48

Reported

2024-02-25 22:51

Platform

win10v2004-20240221-en

Max time kernel

143s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1nstaller.exe"

Signatures

Lumma Stealer

stealer lumma

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 2268 set thread context of 1476 N/A C:\Users\Admin\AppData\Local\Temp\1nstaller.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Processes

C:\Users\Admin\AppData\Local\Temp\1nstaller.exe

"C:\Users\Admin\AppData\Local\Temp\1nstaller.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 sideindexfollowragelrew.pw udp
US 8.8.8.8:53 technologyenterdo.shop udp
US 172.67.180.132:443 technologyenterdo.shop tcp
US 8.8.8.8:53 lighterepisodeheighte.fun udp
US 8.8.8.8:53 problemregardybuiwo.fun udp
US 8.8.8.8:53 detectordiscusser.shop udp
US 104.21.60.92:443 detectordiscusser.shop tcp
US 8.8.8.8:53 132.180.67.172.in-addr.arpa udp
US 8.8.8.8:53 edurestunningcrackyow.fun udp
US 8.8.8.8:53 pooreveningfuseor.pw udp
US 8.8.8.8:53 turkeyunlikelyofw.shop udp
US 172.67.202.191:443 turkeyunlikelyofw.shop tcp
US 8.8.8.8:53 associationokeo.shop udp
US 172.67.147.18:443 associationokeo.shop tcp
US 8.8.8.8:53 92.60.21.104.in-addr.arpa udp
US 8.8.8.8:53 191.202.67.172.in-addr.arpa udp
US 8.8.8.8:53 18.147.67.172.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 140.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 8.179.89.13.in-addr.arpa udp

Files

memory/2268-0-0x0000000074760000-0x0000000074F10000-memory.dmp

memory/2268-1-0x0000000000FD0000-0x000000000101E000-memory.dmp

memory/1476-4-0x0000000000400000-0x0000000000446000-memory.dmp

memory/2268-7-0x00000000033C0000-0x00000000053C0000-memory.dmp

memory/2268-8-0x0000000074760000-0x0000000074F10000-memory.dmp

memory/1476-10-0x0000000000400000-0x0000000000446000-memory.dmp

memory/1476-12-0x0000000000400000-0x0000000000446000-memory.dmp

memory/1476-11-0x0000000000400000-0x0000000000446000-memory.dmp

memory/1476-13-0x0000000000400000-0x0000000000446000-memory.dmp