lumma | hxxps://www[.]youtube[.]com/redirect?event=video_description&redir_token=QUFFLUhqbHpjTTNVTXdMbkhHMVRoQVdyZmxSNHNvbkt6UXxBQ3Jtc0tsQy1fbmpjTy14c2czOEg4OHQ2NmpzYllMM1IzRWNUTGlkM1h1X1dYUVZuTUwwWGY3YkxNZ2pCcTBTaUVhVUgtUEpueXQyVmxaTWVtVlJHaV9NbnU2aDNRR3Q5aGV1TUN5dlBYdUs1bFlVU0tmcmhpWQ&q=https%3A%2F%2Finsomniahack[.]fun%2F&v=PkS4At4B5DY

Analysis

max time kernel
107s
max time network
112s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
25-04-2024 16:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbHpjTTNVTXdMbkhHMVRoQVdyZmxSNHNvbkt6UXxBQ3Jtc0tsQy1fbmpjTy14c2czOEg4OHQ2NmpzYllMM1IzRWNUTGlkM1h1X1dYUVZuTUwwWGY3YkxNZ2pCcTBTaUVhVUgtUEpueXQyVmxaTWVtVlJHaV9NbnU2aDNRR3Q5aGV1TUN5dlBYdUs1bFlVU0tmcmhpWQ&q=https%3A%2F%2Finsomniahack.fun%2F&v=PkS4At4B5DY

Score

10^/10

lumma stealer

Malware Config

Extracted

Family

lumma

https://productivelookewr.shop/api

https://tolerateilusidjukl.shop/api

https://shatterbreathepsw.shop/api

https://shortsvelventysjo.shop/api

https://incredibleextedwj.shop/api

https://alcojoldwograpciw.shop/api

https://liabilitynighstjsko.shop/api

https://demonstationfukewko.shop/api

Signatures

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma
Suspicious use of SetThreadContext 1 IoCs

Processes:

Insomnia.exe

description pid process target process

PID 2964 set thread context of 4324 2964 Insomnia.exe RegAsm.exe
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

3368 2964 WerFault.exe Insomnia.exe

description	pid	process	target process
PID 2964 set thread context of 4324	2964	Insomnia.exe	RegAsm.exe

pid	pid_target	process	target process
3368	2964	WerFault.exe	Insomnia.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133585368062475293"	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings chrome.exe
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

1976 chrome.exe
1976 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

Processes:

chrome.exe

pid process

1976 chrome.exe
1976 chrome.exe
1976 chrome.exe
1976 chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

Processes:

chrome.exe

pid	process
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1976 wrote to memory of 372	1976	chrome.exe	chrome.exe
PID 1976 wrote to memory of 372	1976	chrome.exe	chrome.exe
PID 1976 wrote to memory of 4836	1976	chrome.exe	chrome.exe
PID 1976 wrote to memory of 4836	1976	chrome.exe	chrome.exe
PID 1976 wrote to memory of 4836	1976	chrome.exe	chrome.exe
PID 1976 wrote to memory of 4836	1976	chrome.exe	chrome.exe
PID 1976 wrote to memory of 4836	1976	chrome.exe	chrome.exe
PID 1976 wrote to memory of 4836	1976	chrome.exe	chrome.exe
PID 1976 wrote to memory of 4836	1976	chrome.exe	chrome.exe
PID 1976 wrote to memory of 4836	1976	chrome.exe	chrome.exe
PID 1976 wrote to memory of 4836	1976	chrome.exe	chrome.exe
PID 1976 wrote to memory of 4836	1976	chrome.exe	chrome.exe
PID 1976 wrote to memory of 4836	1976	chrome.exe	chrome.exe
PID 1976 wrote to memory of 4836	1976	chrome.exe	chrome.exe
PID 1976 wrote to memory of 4836	1976	chrome.exe	chrome.exe
PID 1976 wrote to memory of 4836	1976	chrome.exe	chrome.exe
PID 1976 wrote to memory of 4836	1976	chrome.exe	chrome.exe
PID 1976 wrote to memory of 4836	1976	chrome.exe	chrome.exe
PID 1976 wrote to memory of 4836	1976	chrome.exe	chrome.exe
PID 1976 wrote to memory of 4836	1976	chrome.exe	chrome.exe
PID 1976 wrote to memory of 4836	1976	chrome.exe	chrome.exe
PID 1976 wrote to memory of 4836	1976	chrome.exe	chrome.exe
PID 1976 wrote to memory of 4836	1976	chrome.exe	chrome.exe
PID 1976 wrote to memory of 4836	1976	chrome.exe	chrome.exe
PID 1976 wrote to memory of 4836	1976	chrome.exe	chrome.exe
PID 1976 wrote to memory of 4836	1976	chrome.exe	chrome.exe
PID 1976 wrote to memory of 4836	1976	chrome.exe	chrome.exe
PID 1976 wrote to memory of 4836	1976	chrome.exe	chrome.exe
PID 1976 wrote to memory of 4836	1976	chrome.exe	chrome.exe
PID 1976 wrote to memory of 4836	1976	chrome.exe	chrome.exe
PID 1976 wrote to memory of 4836	1976	chrome.exe	chrome.exe
PID 1976 wrote to memory of 4836	1976	chrome.exe	chrome.exe
PID 1976 wrote to memory of 4836	1976	chrome.exe	chrome.exe
PID 1976 wrote to memory of 2964	1976	chrome.exe	chrome.exe
PID 1976 wrote to memory of 2964	1976	chrome.exe	chrome.exe
PID 1976 wrote to memory of 2788	1976	chrome.exe	chrome.exe
PID 1976 wrote to memory of 2788	1976	chrome.exe	chrome.exe
PID 1976 wrote to memory of 2788	1976	chrome.exe	chrome.exe
PID 1976 wrote to memory of 2788	1976	chrome.exe	chrome.exe
PID 1976 wrote to memory of 2788	1976	chrome.exe	chrome.exe
PID 1976 wrote to memory of 2788	1976	chrome.exe	chrome.exe
PID 1976 wrote to memory of 2788	1976	chrome.exe	chrome.exe
PID 1976 wrote to memory of 2788	1976	chrome.exe	chrome.exe
PID 1976 wrote to memory of 2788	1976	chrome.exe	chrome.exe
PID 1976 wrote to memory of 2788	1976	chrome.exe	chrome.exe
PID 1976 wrote to memory of 2788	1976	chrome.exe	chrome.exe
PID 1976 wrote to memory of 2788	1976	chrome.exe	chrome.exe
PID 1976 wrote to memory of 2788	1976	chrome.exe	chrome.exe
PID 1976 wrote to memory of 2788	1976	chrome.exe	chrome.exe
PID 1976 wrote to memory of 2788	1976	chrome.exe	chrome.exe
PID 1976 wrote to memory of 2788	1976	chrome.exe	chrome.exe
PID 1976 wrote to memory of 2788	1976	chrome.exe	chrome.exe
PID 1976 wrote to memory of 2788	1976	chrome.exe	chrome.exe
PID 1976 wrote to memory of 2788	1976	chrome.exe	chrome.exe
PID 1976 wrote to memory of 2788	1976	chrome.exe	chrome.exe
PID 1976 wrote to memory of 2788	1976	chrome.exe	chrome.exe
PID 1976 wrote to memory of 2788	1976	chrome.exe	chrome.exe
PID 1976 wrote to memory of 2788	1976	chrome.exe	chrome.exe
PID 1976 wrote to memory of 2788	1976	chrome.exe	chrome.exe
PID 1976 wrote to memory of 2788	1976	chrome.exe	chrome.exe
PID 1976 wrote to memory of 2788	1976	chrome.exe	chrome.exe
PID 1976 wrote to memory of 2788	1976	chrome.exe	chrome.exe
PID 1976 wrote to memory of 2788	1976	chrome.exe	chrome.exe
PID 1976 wrote to memory of 2788	1976	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbHpjTTNVTXdMbkhHMVRoQVdyZmxSNHNvbkt6UXxBQ3Jtc0tsQy1fbmpjTy14c2czOEg4OHQ2NmpzYllMM1IzRWNUTGlkM1h1X1dYUVZuTUwwWGY3YkxNZ2pCcTBTaUVhVUgtUEpueXQyVmxaTWVtVlJHaV9NbnU2aDNRR3Q5aGV1TUN5dlBYdUs1bFlVU0tmcmhpWQ&q=https%3A%2F%2Finsomniahack.fun%2F&v=PkS4At4B5DY
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdd21fab58,0x7ffdd21fab68,0x7ffdd21fab78
  2⤵
  PID:372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1708 --field-trial-handle=1876,i,1585599831036370765,3323182102294166767,131072 /prefetch:2
  2⤵
  PID:4836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1876,i,1585599831036370765,3323182102294166767,131072 /prefetch:8
  2⤵
  PID:2964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2188 --field-trial-handle=1876,i,1585599831036370765,3323182102294166767,131072 /prefetch:8
  2⤵
  PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3048 --field-trial-handle=1876,i,1585599831036370765,3323182102294166767,131072 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3056 --field-trial-handle=1876,i,1585599831036370765,3323182102294166767,131072 /prefetch:1
  2⤵
  PID:2112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4396 --field-trial-handle=1876,i,1585599831036370765,3323182102294166767,131072 /prefetch:8
  2⤵
  PID:4860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4560 --field-trial-handle=1876,i,1585599831036370765,3323182102294166767,131072 /prefetch:8
  2⤵
  PID:5116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4576 --field-trial-handle=1876,i,1585599831036370765,3323182102294166767,131072 /prefetch:1
  2⤵
  PID:2936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4128 --field-trial-handle=1876,i,1585599831036370765,3323182102294166767,131072 /prefetch:8
  2⤵
  PID:1844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2536 --field-trial-handle=1876,i,1585599831036370765,3323182102294166767,131072 /prefetch:1
  2⤵
  PID:3060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4820 --field-trial-handle=1876,i,1585599831036370765,3323182102294166767,131072 /prefetch:8
  2⤵
  PID:3408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4576 --field-trial-handle=1876,i,1585599831036370765,3323182102294166767,131072 /prefetch:8
  2⤵
  PID:1748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4412 --field-trial-handle=1876,i,1585599831036370765,3323182102294166767,131072 /prefetch:8
  2⤵
  PID:1860

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2824

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3688

C:\Users\Admin\Desktop\Insomnia.exe
"C:\Users\Admin\Desktop\Insomnia.exe"
1⤵
- Suspicious use of SetThreadContext
PID:2964
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  PID:4324
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 320
  2⤵
  - Program crash
  PID:3368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 2964 -ip 2964
1⤵
PID:3116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
69f132bc3e808d4c147890cd85babe0b

SHA1
4655db839a2f173b57bfc633359325d220803f0a

SHA256
3ecc1a051437bb6158e39eccc246757f5bc6aed1a22c2ff9e505e562d789e0c7

SHA512
8070704fb49f27ac589e6df7d9fb414a4e532383f0647d5394f31ede2fcb693c65d8c1c34158cebd67a9f061e96ed7a6b61bbc9c223f610368d21ad20c0b66ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
4c66d63e9510a4938d4c0d96ac3fcf43

SHA1
5f6813ec704907d1ca320742b2dc85b1eb5f6774

SHA256
636cb820327f36bb6977e3e2b989270e6f6e4383b907e5919f29e957a26e492a

SHA512
85443e7b30ee10c9a3c74dfbb927437e24c2c8019c1f167a1e76c14a8ff48e4f7bf4e97f8a6608722c9455b31bcb93fd8d87f6d116a79e60f774c7265f396e41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
5d6ac1e712cd067d52c2b3836bf49b5e

SHA1
653061e7240e8ba60896a1e34adcab631e2c09f2

SHA256
a7fe48d664d3957271b8b01d2b99a36f4926e8e954e903edbfd999a970196aca

SHA512
772d5ef2bdb2197a48159787745a45f2742f5699a8e7d03fddaccb721e5a3d11fa29cc10da0f981a16fd089cbe52a4ee1c66a229ccee7721b112a8df12d38da1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
73f8d1d92233a9578c8b3fa7fa1abcfd

SHA1
3cf711d981de58dcf4af788eab826a84964d380c

SHA256
b4e27ba4b7076fcb76f59381cf54c1473563979f56167c6767d4d1a96817edfd

SHA512
4c7cd44bd46adf5c4b69403922bed642cb066462ee1498f0061437d4508e6fc140117e52bb2d246f32b1c52c53dc97aea564b9bd644c98f46dfa26bf114981e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a701739de578096f7c06a5538ebad638

SHA1
7b19578d21462eca2518cbf63627be329f6222f0

SHA256
a6d37b8ad8f0b584301f9a5001c6d001e14b260079241ae36b78cd7dbbc830f0

SHA512
2f1428f6e4393393a72f7ce0e4313a5f9fb70f22850780590d04c2e2a287f767cf6481bf4cd1e8f200e22723db4b0c55e1149d754f305a4feca9397c656ff10f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
25b2c25e648ec19aa3e1d4bdb2f2e72a

SHA1
d4cfa49f6119b42315b5061de5a8fcf32a06114f

SHA256
e580dac02219f9cff92131e15990a3c13906f1488b08c44bb664321a43559455

SHA512
95c7469212c968a7192aa1fa51a46f6ae7a8a813eb55a04b7a74dabac9d354f0161f125d3b9bc17374a6a094d9d4e8b9d553ccb48b645f51f4dd66a0f0082dc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
55e48baa4cb70d196b921ff4d76b1e4b

SHA1
7c27967c358e38bcef98f499ad3a4be9b05328b6

SHA256
dae18e80eb38ce24e576236a509bfd40cc2c3853686f3dcb940f01cdc577328b

SHA512
f72e8aa60686da83a881d9c9f5df2eefb09c15022c00646b0ea697088fed9a1bc2b1e6558175006e414f77c12e18e98ae6931c183c661e41f243120b9bfbf604

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
127KB

MD5
661f7c22e2d0d12b2351aea4732506c9

SHA1
89a8675a446f3612ed7566be4fa6dfc38ea26bcc

SHA256
fde61c476f716715c5c393b1bf6f0ac9d9f89ca462a5fd770a525d2a6122c98f

SHA512
398c5b15b0e846961c4ddd87ea4f4e4f95b65470f447d2f9f7eeb02420997b8af308cc5d682a8bfb136c73fbcea4c0b610ab0a4d04d51897f0d805154e6ded12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
127KB

MD5
fd1de0f8552e7b6e784fe0688f2393ee

SHA1
6a0b249f39f5ea51c64dad24bd4333b2c6b0a707

SHA256
d66ee430e7b5e47cb99a394d37449600a5b205f71c2ac8a7c599260d0a7aacbc

SHA512
30e4ef261071d62901febd2589bd4c19b59fe2f50e70347b0b7878cc73d88a7b932dac34726530e28ac62af2eb8b15a53b809a346422ec5f35c02e5004871efa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
127KB

MD5
8998f97b898754b77f75e92aa2475b5d

SHA1
870a13c506bf6f3994da8c00d7177316f0ae13b6

SHA256
121a68073bc1fe2288cffce3e679f82ff2ae429f4a38427f0cc216326d068e27

SHA512
90b400beea907550d23efe4d8e2b91173abd318bb7aa1e8a3fad8d6369be0a903112cc71bf2a7eb79d458a7f041df88679a7ce8131e41f0f35658ebc85083269

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
91KB

MD5
3726e09ed78056b9db19b4465225c5f0

SHA1
f31e3697e567e24565a61fbb18410e910bb41458

SHA256
4ea8332de2d001a9f09588826c70e2a395a7a0eac944cecdea627ac2dc3d04e2

SHA512
cfa7cf9163ddc6c8b89d74d4b37b96af9fc583d3df19781335f992826e067a82124f448fccde0a3389886d26cf39dd2f2905058e7ff04d9be500da1b805c50cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe579c40.TMP

Filesize
88KB

MD5
4f79cafbd8a8f472b0703d43769380f2

SHA1
6f624d496d63b0a148a33407fefc23dbe49a170e

SHA256
135b0afbf518cded761bc47c2af020c7e82836c1f94fb05c4478bdd9896ae8ae

SHA512
07b8752c73e6f590bcf205be5ed496f17554c9e18e7164a3c85808221f0b06fb477da47c6f338d33f79d695c601ff3ec89c0af82f2eaf0c6af326ae9c944454d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
1e106d656ecb11808abd63b45607467a

SHA1
e303891c14abb16f561bd29a6648e5860f838be1

SHA256
9e66515f47f71c7dbd06e869c3cb21c85aa7139d4b559b14cf81ea437c4b9364

SHA512
fc8e5877500ee62656f40fee3743665e9fb75c0b0b809202e7d9b07b1a2931e4901c8ee0b151cebdb35160251834e2e401a089d4d875392415460100d3cae142

Download Submit
C:\Users\Admin\Downloads\Insomnia Loader.zip.crdownload

Filesize
1.2MB

MD5
79b7da2272896a71195d145364937c52

SHA1
ea210f11b4bd3180254c70fc39c0c748a440b526

SHA256
21351d81e521250f61fa28108dc8e1d2b589118b22dcc4a1c8f4fda4e24615e6

SHA512
a9509e1fff38662875c362e49046a4eb24bfbee6cf7bbcb9b4e02a67aff49b2f80313ebc4086e42514b6dddee369a956cae99c52e311028bb1e6ff22fa88d9e4

Download Submit
\??\pipe\crashpad_1976_BGZSRMAZFWFQDATQ

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2964-247-0x00000000003F0000-0x0000000000520000-memory.dmp

Filesize
1.2MB

Download
memory/2964-252-0x00000000003F0000-0x0000000000520000-memory.dmp

Filesize
1.2MB

Download
memory/4324-248-0x0000000000400000-0x000000000044D000-memory.dmp

Filesize
308KB

Download
memory/4324-250-0x0000000000400000-0x000000000044D000-memory.dmp

Filesize
308KB

Download
memory/4324-251-0x0000000000400000-0x000000000044D000-memory.dmp

Filesize
308KB

Download
memory/4324-253-0x0000000000400000-0x000000000044D000-memory.dmp

Filesize
308KB

Download