lumma | fc7473637cd1fcfe355a62bf69fbf930bef1c9c9a076eecd09968d2069faa51f

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
22-04-2024 22:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

FL_Activator.exe
Size

4.9MB
MD5

f33899f10f3f51083a0ed6fac21df358
SHA1

ae1eafbdfcd2d43340936a19b5f5c4118d4c3bfc
SHA256

fc7473637cd1fcfe355a62bf69fbf930bef1c9c9a076eecd09968d2069faa51f
SHA512

44e9a627f1e8b68d6b9e933a2203575552ad818e6cf012236c6dfe787ae2d3df7d1ae639bb3abbb04dc68b95ca9bb5a7f15655d8a45661e1dea8529effa7de34
SSDEEP

49152:hC0AMnvxN/QDiMsXWAvSsG/fDz5Tk6eNbyG7jTg2FXx7ZIw6Jf8c5mEqDXgQNUIL:hC0AMnv5XPF7jTg25xcz5m/tO4FL

Score

10^/10

lumma zgrat rat stealer

Malware Config

Extracted

Family

lumma

https://hearthingdirecwi.shop/api

https://productivelookewr.shop/api

https://tolerateilusidjukl.shop/api

https://shatterbreathepsw.shop/api

https://shortsvelventysjo.shop/api

https://incredibleextedwj.shop/api

https://alcojoldwograpciw.shop/api

https://liabilitynighstjsko.shop/api

https://demonstationfukewko.shop/api

Signatures

Detect ZGRat V1 1 IoCs

Processes:

resource	yara_rule
behavioral2/memory/5092-1-0x0000000000A20000-0x0000000000EFC000-memory.dmp	family_zgrat_v1

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma
ZGRat
ZGRat is remote access trojan written in C#.
rat zgrat

.NET Reactor proctector 1 IoCs

Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

Processes:

resource	yara_rule
behavioral2/memory/5092-1-0x0000000000A20000-0x0000000000EFC000-memory.dmp	net_reactor

Loads dropped DLL 1 IoCs

Processes:

FL_Activator.exe

pid process

5092 FL_Activator.exe
Suspicious use of SetThreadContext 1 IoCs

Processes:

FL_Activator.exe

description pid process target process

PID 5092 set thread context of 3120 5092 FL_Activator.exe MsBuild.exe

pid	process
5092	FL_Activator.exe

description	pid	process	target process
PID 5092 set thread context of 3120	5092	FL_Activator.exe	MsBuild.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133582982385631986"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

3944 chrome.exe
3944 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

Processes:

chrome.exe

pid process

3944 chrome.exe
3944 chrome.exe
3944 chrome.exe
3944 chrome.exe
3944 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3944	chrome.exe
Token: SeCreatePagefilePrivilege	3944	chrome.exe
Token: SeShutdownPrivilege	3944	chrome.exe
Token: SeCreatePagefilePrivilege	3944	chrome.exe
Token: SeShutdownPrivilege	3944	chrome.exe
Token: SeCreatePagefilePrivilege	3944	chrome.exe
Token: SeShutdownPrivilege	3944	chrome.exe
Token: SeCreatePagefilePrivilege	3944	chrome.exe
Token: SeShutdownPrivilege	3944	chrome.exe
Token: SeCreatePagefilePrivilege	3944	chrome.exe
Token: SeShutdownPrivilege	3944	chrome.exe
Token: SeCreatePagefilePrivilege	3944	chrome.exe
Token: SeShutdownPrivilege	3944	chrome.exe
Token: SeCreatePagefilePrivilege	3944	chrome.exe
Token: SeShutdownPrivilege	3944	chrome.exe
Token: SeCreatePagefilePrivilege	3944	chrome.exe
Token: SeShutdownPrivilege	3944	chrome.exe
Token: SeCreatePagefilePrivilege	3944	chrome.exe
Token: SeShutdownPrivilege	3944	chrome.exe
Token: SeCreatePagefilePrivilege	3944	chrome.exe
Token: SeShutdownPrivilege	3944	chrome.exe
Token: SeCreatePagefilePrivilege	3944	chrome.exe
Token: SeShutdownPrivilege	3944	chrome.exe
Token: SeCreatePagefilePrivilege	3944	chrome.exe
Token: SeShutdownPrivilege	3944	chrome.exe
Token: SeCreatePagefilePrivilege	3944	chrome.exe
Token: SeShutdownPrivilege	3944	chrome.exe
Token: SeCreatePagefilePrivilege	3944	chrome.exe
Token: SeShutdownPrivilege	3944	chrome.exe
Token: SeCreatePagefilePrivilege	3944	chrome.exe
Token: SeShutdownPrivilege	3944	chrome.exe
Token: SeCreatePagefilePrivilege	3944	chrome.exe
Token: SeShutdownPrivilege	3944	chrome.exe
Token: SeCreatePagefilePrivilege	3944	chrome.exe
Token: SeShutdownPrivilege	3944	chrome.exe
Token: SeCreatePagefilePrivilege	3944	chrome.exe
Token: SeShutdownPrivilege	3944	chrome.exe
Token: SeCreatePagefilePrivilege	3944	chrome.exe
Token: SeShutdownPrivilege	3944	chrome.exe
Token: SeCreatePagefilePrivilege	3944	chrome.exe
Token: SeShutdownPrivilege	3944	chrome.exe
Token: SeCreatePagefilePrivilege	3944	chrome.exe
Token: SeShutdownPrivilege	3944	chrome.exe
Token: SeCreatePagefilePrivilege	3944	chrome.exe
Token: SeShutdownPrivilege	3944	chrome.exe
Token: SeCreatePagefilePrivilege	3944	chrome.exe
Token: SeShutdownPrivilege	3944	chrome.exe
Token: SeCreatePagefilePrivilege	3944	chrome.exe
Token: SeShutdownPrivilege	3944	chrome.exe
Token: SeCreatePagefilePrivilege	3944	chrome.exe
Token: SeShutdownPrivilege	3944	chrome.exe
Token: SeCreatePagefilePrivilege	3944	chrome.exe
Token: SeShutdownPrivilege	3944	chrome.exe
Token: SeCreatePagefilePrivilege	3944	chrome.exe
Token: SeShutdownPrivilege	3944	chrome.exe
Token: SeCreatePagefilePrivilege	3944	chrome.exe
Token: SeShutdownPrivilege	3944	chrome.exe
Token: SeCreatePagefilePrivilege	3944	chrome.exe
Token: SeShutdownPrivilege	3944	chrome.exe
Token: SeCreatePagefilePrivilege	3944	chrome.exe
Token: SeShutdownPrivilege	3944	chrome.exe
Token: SeCreatePagefilePrivilege	3944	chrome.exe
Token: SeShutdownPrivilege	3944	chrome.exe
Token: SeCreatePagefilePrivilege	3944	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

FL_Activator.exechrome.exe

description	pid	process	target process
PID 5092 wrote to memory of 4356	5092	FL_Activator.exe	MsBuild.exe
PID 5092 wrote to memory of 4356	5092	FL_Activator.exe	MsBuild.exe
PID 5092 wrote to memory of 4356	5092	FL_Activator.exe	MsBuild.exe
PID 5092 wrote to memory of 3120	5092	FL_Activator.exe	MsBuild.exe
PID 5092 wrote to memory of 3120	5092	FL_Activator.exe	MsBuild.exe
PID 5092 wrote to memory of 3120	5092	FL_Activator.exe	MsBuild.exe
PID 5092 wrote to memory of 3120	5092	FL_Activator.exe	MsBuild.exe
PID 5092 wrote to memory of 3120	5092	FL_Activator.exe	MsBuild.exe
PID 5092 wrote to memory of 3120	5092	FL_Activator.exe	MsBuild.exe
PID 5092 wrote to memory of 3120	5092	FL_Activator.exe	MsBuild.exe
PID 5092 wrote to memory of 3120	5092	FL_Activator.exe	MsBuild.exe
PID 5092 wrote to memory of 3120	5092	FL_Activator.exe	MsBuild.exe
PID 3944 wrote to memory of 5052	3944	chrome.exe	chrome.exe
PID 3944 wrote to memory of 5052	3944	chrome.exe	chrome.exe
PID 3944 wrote to memory of 4112	3944	chrome.exe	chrome.exe
PID 3944 wrote to memory of 4112	3944	chrome.exe	chrome.exe
PID 3944 wrote to memory of 4112	3944	chrome.exe	chrome.exe
PID 3944 wrote to memory of 4112	3944	chrome.exe	chrome.exe
PID 3944 wrote to memory of 4112	3944	chrome.exe	chrome.exe
PID 3944 wrote to memory of 4112	3944	chrome.exe	chrome.exe
PID 3944 wrote to memory of 4112	3944	chrome.exe	chrome.exe
PID 3944 wrote to memory of 4112	3944	chrome.exe	chrome.exe
PID 3944 wrote to memory of 4112	3944	chrome.exe	chrome.exe
PID 3944 wrote to memory of 4112	3944	chrome.exe	chrome.exe
PID 3944 wrote to memory of 4112	3944	chrome.exe	chrome.exe
PID 3944 wrote to memory of 4112	3944	chrome.exe	chrome.exe
PID 3944 wrote to memory of 4112	3944	chrome.exe	chrome.exe
PID 3944 wrote to memory of 4112	3944	chrome.exe	chrome.exe
PID 3944 wrote to memory of 4112	3944	chrome.exe	chrome.exe
PID 3944 wrote to memory of 4112	3944	chrome.exe	chrome.exe
PID 3944 wrote to memory of 4112	3944	chrome.exe	chrome.exe
PID 3944 wrote to memory of 4112	3944	chrome.exe	chrome.exe
PID 3944 wrote to memory of 4112	3944	chrome.exe	chrome.exe
PID 3944 wrote to memory of 4112	3944	chrome.exe	chrome.exe
PID 3944 wrote to memory of 4112	3944	chrome.exe	chrome.exe
PID 3944 wrote to memory of 4112	3944	chrome.exe	chrome.exe
PID 3944 wrote to memory of 4112	3944	chrome.exe	chrome.exe
PID 3944 wrote to memory of 4112	3944	chrome.exe	chrome.exe
PID 3944 wrote to memory of 4112	3944	chrome.exe	chrome.exe
PID 3944 wrote to memory of 4112	3944	chrome.exe	chrome.exe
PID 3944 wrote to memory of 4112	3944	chrome.exe	chrome.exe
PID 3944 wrote to memory of 4112	3944	chrome.exe	chrome.exe
PID 3944 wrote to memory of 4112	3944	chrome.exe	chrome.exe
PID 3944 wrote to memory of 4112	3944	chrome.exe	chrome.exe
PID 3944 wrote to memory of 4112	3944	chrome.exe	chrome.exe
PID 3944 wrote to memory of 4352	3944	chrome.exe	chrome.exe
PID 3944 wrote to memory of 4352	3944	chrome.exe	chrome.exe
PID 3944 wrote to memory of 4044	3944	chrome.exe	chrome.exe
PID 3944 wrote to memory of 4044	3944	chrome.exe	chrome.exe
PID 3944 wrote to memory of 4044	3944	chrome.exe	chrome.exe
PID 3944 wrote to memory of 4044	3944	chrome.exe	chrome.exe
PID 3944 wrote to memory of 4044	3944	chrome.exe	chrome.exe
PID 3944 wrote to memory of 4044	3944	chrome.exe	chrome.exe
PID 3944 wrote to memory of 4044	3944	chrome.exe	chrome.exe
PID 3944 wrote to memory of 4044	3944	chrome.exe	chrome.exe
PID 3944 wrote to memory of 4044	3944	chrome.exe	chrome.exe
PID 3944 wrote to memory of 4044	3944	chrome.exe	chrome.exe
PID 3944 wrote to memory of 4044	3944	chrome.exe	chrome.exe
PID 3944 wrote to memory of 4044	3944	chrome.exe	chrome.exe
PID 3944 wrote to memory of 4044	3944	chrome.exe	chrome.exe
PID 3944 wrote to memory of 4044	3944	chrome.exe	chrome.exe
PID 3944 wrote to memory of 4044	3944	chrome.exe	chrome.exe
PID 3944 wrote to memory of 4044	3944	chrome.exe	chrome.exe
PID 3944 wrote to memory of 4044	3944	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\FL_Activator.exe
"C:\Users\Admin\AppData\Local\Temp\FL_Activator.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:5092
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
  C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
  2⤵
  PID:4356
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
  C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
  2⤵
  PID:3120

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd0052ab58,0x7ffd0052ab68,0x7ffd0052ab78
  2⤵
  PID:5052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1676 --field-trial-handle=1908,i,17919223728791960815,12464425323046332101,131072 /prefetch:2
  2⤵
  PID:4112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1908,i,17919223728791960815,12464425323046332101,131072 /prefetch:8
  2⤵
  PID:4352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2212 --field-trial-handle=1908,i,17919223728791960815,12464425323046332101,131072 /prefetch:8
  2⤵
  PID:4044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3104 --field-trial-handle=1908,i,17919223728791960815,12464425323046332101,131072 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3228 --field-trial-handle=1908,i,17919223728791960815,12464425323046332101,131072 /prefetch:1
  2⤵
  PID:1064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4424 --field-trial-handle=1908,i,17919223728791960815,12464425323046332101,131072 /prefetch:1
  2⤵
  PID:4204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4464 --field-trial-handle=1908,i,17919223728791960815,12464425323046332101,131072 /prefetch:8
  2⤵
  PID:4152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4640 --field-trial-handle=1908,i,17919223728791960815,12464425323046332101,131072 /prefetch:8
  2⤵
  PID:4608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4660 --field-trial-handle=1908,i,17919223728791960815,12464425323046332101,131072 /prefetch:8
  2⤵
  PID:3712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4776 --field-trial-handle=1908,i,17919223728791960815,12464425323046332101,131072 /prefetch:8
  2⤵
  PID:1976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 --field-trial-handle=1908,i,17919223728791960815,12464425323046332101,131072 /prefetch:8
  2⤵
  PID:3264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 --field-trial-handle=1908,i,17919223728791960815,12464425323046332101,131072 /prefetch:8
  2⤵
  PID:548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4908 --field-trial-handle=1908,i,17919223728791960815,12464425323046332101,131072 /prefetch:8
  2⤵
  PID:1040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5104 --field-trial-handle=1908,i,17919223728791960815,12464425323046332101,131072 /prefetch:1
  2⤵
  PID:4132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4552 --field-trial-handle=1908,i,17919223728791960815,12464425323046332101,131072 /prefetch:1
  2⤵
  PID:3876

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
41ab1fd6f08d819b07751a9ff32830e9

SHA1
02841fd3dad1c3fedbff8c6ac6d01de50e34fc79

SHA256
1dd8facf0e8639fd8e47a74587ecff7e939eec4a1268fe92684212ba29884285

SHA512
f7e491d5ec680c59842f594dadbd92a020c791a773c90361ac86fc87ac26127a7d6f340480b3818092355e950f53c5a895e042da914a5b2bdfbcb29ff63dce18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
4efcff7ff63d7235551d33d5e3481c2a

SHA1
962f1b80d3bd4b43025da5ed06cc90a51817b4c6

SHA256
b09e36b83a532f1260911c8ad237445525c7becef08bb13ea40f0e11ced1c11e

SHA512
1e6d7258d25fc00878d21ced98feffc7b30fdd96e214e7c11d6a710fc01e70b6a7394883af6a9e48e69b59f561350772160564fecb6071a2699867369215d2ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
6639c57d898a4283b2cce72029e99ab5

SHA1
58c0d4742948eefdf7155384e01f230f04204cfd

SHA256
0c586198d566cf7a7f8d3f00f4d57980df4ecd360d861284da395e2ba83a4532

SHA512
2f13e0f7f17eb5f13a5594c144227b04557f46ddadc9aef60820d62ee6d04f3f51ae301611039c5d37f90b00161be434a2b660238ab5003819f1acf86acc0a4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
68dbac2127a8dd393644e1b9a0f32167

SHA1
17746e93d212bd9dd9a7ebed59be364c6fa09e08

SHA256
9f04208a199ff00244c272362ffeb39e028d00e17d80ed2407c292261c5c1f41

SHA512
26881f8f87b504c1c43dab4a63e1789235055624594c378ae8f64cf41daad5f4a6522f83b528861a7493df8597803d715e64f78c16f09846ca55453e84f4241a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b83f68f552942cb2037f910f8a360fe4

SHA1
0da22db8f640726c47ad7e99028306f507add282

SHA256
eebd137742204408541a96276e1907b048cd90047f4a14a7574f5646a779f952

SHA512
1e4c13c241d7bffd64162c765ca1ab9b8ccd7fd944ac43a843230f7beef39cbb1d407186ca5b410f23e5abbc8a4571c5352ace652d1bec4c6999b91150138af1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9222981fbc05d74b2fc40920d8477cae

SHA1
80a0f9df1e051d6690b8340180464a4431ca50e8

SHA256
697e587d72d2193691bd81a3dfe66ed9f2cdc31d99b74bb03617e01bba5ef1fd

SHA512
8b2a8e55c55635790fb4c21e07caa665e8ef9517d317778f9595f1bddc165c3d0c47a6b31f61368a6b57ded81bf89cc3b65ba6c1a006fa40c45405a5dd50a455

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
08ca34296e60b70899287dd9674e411f

SHA1
931512db7f643f28334cc1fe6477d3b8177032c8

SHA256
9ef43bf9bd6c60f6e605688649812f7ae4654291e8f6a8aba8829db581af9c88

SHA512
fceb650a2cecbea87a13aa76ec87d08de87630f7ef6a318262835523721f40cad608afbb6cdb2866418da4df8e72488e74b22d7aa689cd96c7f7dddfa5cce891

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe59353f.TMP

Filesize
120B

MD5
bd13511b2502e24676d8ad352c3ea1d3

SHA1
a9c93653606389ea39351ed6524ec44afc9fc767

SHA256
fa84c9594fe85b5c6e9a590297af7475368b032eecd278656a61e83311ff5c2a

SHA512
082e036e9bf280c256f9c7c7d14e0f7681d5192651a838fb7ee3f5449152dea9d24bff3825e950cfa92180cb3c5290613ac6a5dd9dd2b866142903df299ca41e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\d4d95dcc-1df8-4735-8035-9b040a909ab3.tmp

Filesize
252KB

MD5
3dad0fc61c230df697ec74a024fd8201

SHA1
f4d7e1c67b2c04f07b6e48ccc8b7f0c963ad8b7f

SHA256
472a25b1b0081d304453a2ebb88104d22ab8309470d3d54f476edb6250ac42ff

SHA512
57d0e8b99677ee2d47032424aefdcadec725642acb007556c3654913cd754c8fe384a497e1fd32cecd568745f5b1086f1c1776c6c6e46682a060c89028e29ce4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Protect544cd51a.dll

Filesize
742KB

MD5
544cd51a596619b78e9b54b70088307d

SHA1
4769ddd2dbc1dc44b758964ed0bd231b85880b65

SHA256
dfce2d4d06de6452998b3c5b2dc33eaa6db2bd37810d04e3d02dc931887cfddd

SHA512
f56d8b81022bb132d40aa78596da39b5c212d13b84b5c7d2c576bbf403924f1d22e750de3b09d1be30aea359f1b72c5043b19685fc9bf06d8040bfee16b17719

Download Submit
\??\pipe\crashpad_3944_SIWMPAIWIZWRBABM

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/3120-22-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/3120-28-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/3120-27-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/3120-25-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/5092-12-0x0000000005910000-0x0000000005920000-memory.dmp

Filesize
64KB

Download
memory/5092-14-0x0000000005910000-0x0000000005920000-memory.dmp

Filesize
64KB

Download
memory/5092-26-0x00000000747F0000-0x0000000074FA0000-memory.dmp

Filesize
7.7MB

Download
memory/5092-21-0x0000000007540000-0x0000000007640000-memory.dmp

Filesize
1024KB

Download
memory/5092-20-0x0000000007540000-0x0000000007640000-memory.dmp

Filesize
1024KB

Download
memory/5092-18-0x0000000005910000-0x0000000005920000-memory.dmp

Filesize
64KB

Download
memory/5092-17-0x0000000005910000-0x0000000005920000-memory.dmp

Filesize
64KB

Download
memory/5092-16-0x0000000005910000-0x0000000005920000-memory.dmp

Filesize
64KB

Download
memory/5092-15-0x0000000005410000-0x0000000005420000-memory.dmp

Filesize
64KB

Download
memory/5092-19-0x0000000007540000-0x0000000007640000-memory.dmp

Filesize
1024KB

Download
memory/5092-13-0x0000000005910000-0x0000000005920000-memory.dmp

Filesize
64KB

Download
memory/5092-1-0x0000000000A20000-0x0000000000EFC000-memory.dmp

Filesize
4.9MB

Download
memory/5092-6-0x0000000007010000-0x00000000071A2000-memory.dmp

Filesize
1.6MB

Download
memory/5092-5-0x0000000005D00000-0x0000000005EDE000-memory.dmp

Filesize
1.9MB

Download
memory/5092-4-0x0000000005910000-0x0000000005920000-memory.dmp

Filesize
64KB

Download
memory/5092-3-0x00000000747F0000-0x0000000074FA0000-memory.dmp

Filesize
7.7MB

Download
memory/5092-2-0x0000000005920000-0x00000000059BC000-memory.dmp

Filesize
624KB

Download
memory/5092-0-0x00000000747F0000-0x0000000074FA0000-memory.dmp

Filesize
7.7MB

Download