Analysis Overview
SHA256
656377d0b9fed711a106596e0e97695805b100f8173fda6f0a9629647975dcf4
Threat Level: Known bad
The file esx_job_creatorneu_4.rar was found to be: Known bad.
Malicious Activity Summary
Lumma Stealer
Command and Scripting Interpreter: JavaScript
Enumerates physical storage devices
Enumerates system info in registry
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Modifies data under HKEY_USERS
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-20 12:54
Signatures
Analysis: behavioral7
Detonation Overview
Submitted
2024-05-20 12:54
Reported
2024-05-20 12:57
Platform
win7-20240221-en
Max time kernel
134s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1DEAD9F1-16A8-11EF-A7F1-FA5112F1BCBF} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000071c834f68b8ed044a0afda50fbc58a7000000000020000000000106600000001000020000000355f6b81182a1198c2d3eee2b14f53e38b9550a9b9f4df0a7caea34716582785000000000e8000000002000020000000cad086f026b610182d90a896828c98e05bec198f96532a1a16fa556443f95b0190000000a13e7bc0dae8774d48edea311032f224b4468896f6c155e00dcc461d911781e20ca0b5cfd6f21e72367e9bc8ca6b274473970d005504414729c54eeae02251a5fb7d454350d8b52b8500479496906ae52734090e9e070d4f1bfd581ce04901d3652070b4aa4d9bd63cde851f83a624c2e6c87cae2f50853e44b221aec155c34bc9b5ed347c8c8e1197e2769f4e1440ac40000000cfcd2949c353f182d4942bd5a9ed6316d27cd0522221fd04f3f514304f9caa383f2042650970736016b60ae1d8c7c54d7b2369a5a89deaece2714268f75c6fdd | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000071c834f68b8ed044a0afda50fbc58a700000000002000000000010660000000100002000000054b393087f54cd080438a3bf182847fd497b2afda8d5bbd1e29f95c9f777d0d7000000000e80000000020000200000008b9600f0adb6d9da0d0dfc864a77999e7a3cbdd922f5c973ec18b3651aebbfe220000000778e200cc26e863ccf57d59fdb8183f2872b93d0e69ae7b3ceb8ff9c4c9aad4540000000a35067fa897f3b533467a97b38b550c73e9f9e72c533c5c706ab957acdf0c0bce24dac7e29f33d841019bfc41b4dfd0eabf89b5b6d5655134c26a168e63bdee8 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422371546" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0459af3b4aada01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2372 wrote to memory of 2340 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2372 wrote to memory of 2340 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2372 wrote to memory of 2340 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2372 wrote to memory of 2340 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\esx_job_creator\html\index.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2372 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| GB | 142.250.187.202:443 | ajax.googleapis.com | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| GB | 142.250.187.202:443 | ajax.googleapis.com | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab12E7.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar12EA.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\Local\Temp\Cab13B8.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar13CD.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | af6443aa46b1c8bfc0a9d12d1e39726a |
| SHA1 | 08aa205e033c4a59dec472f181a7adfc241e5808 |
| SHA256 | 17b19df00d77512b84bd955d7a63e0e5cdb2c5076958528e50543dd8fee48983 |
| SHA512 | ffe9254eea536e690aa965053ec03998d37a2f781b1649091b7db6748d06eaa63759c83491ce68dd34c36c88011b6acd4218cb0fff4032a439b6d3c4ed9eb2fd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e8d62d7533575b4e6b305cb531f3a5eb |
| SHA1 | b4d1aa122fae3840b8166818716436896d89074d |
| SHA256 | 7f033af2d1b73a29dc9693f66576a960ea4eb0dc77a29c5718c11043ea551d1d |
| SHA512 | 20f7b2bcebd05d886037cd87cad83c618f6665b2135aea06b2cb001383eb24ab997ee6dfa99d3770cc819974733d4c43adb138ae7eeca4dde5304f3245c0debf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 59d96a39884ecd3f472acd7417e56ae7 |
| SHA1 | 3f8022caf7d1ab51f5e69198e19d8e60fb38fb52 |
| SHA256 | de0a6b47ae35ead9c967435681da107464b8b8428c3e722c05e9002c19448922 |
| SHA512 | fcac3a54bc603d0579ee909368f6cc53181640cb41b55dffcf344c680d964fe2b35b58e5ad363ec6c0aa7f2496651204193b25a7a1885ece95decaf7ef29c807 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1
| MD5 | c5dfb849ca051355ee2dba1ac33eb028 |
| SHA1 | d69b561148f01c77c54578c10926df5b856976ad |
| SHA256 | cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b |
| SHA512 | 88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3336d322ba0af55ee05bd38d77239132 |
| SHA1 | 3eaed53cadabe834b76c82b874208230c4377fce |
| SHA256 | 564686c21f12e6fe21d8ee8126a83d75d7b5e7f1d5cf2bfa568fafb0dc081f3d |
| SHA512 | 21caf7c267b2c502d14ef3fa4cb48a633702eeffa3068c7243c546de05e52e2131f735f8990a944caa926d32310227b89239a2e8a099b57d97190403020ee57c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4b1ca0942495638dcc8ae7d1d5b274e4 |
| SHA1 | 38cb3ad071d45d944219fce977e98cb8d1cfbecd |
| SHA256 | 68d0d77eb6dac40ce528eadb67f8b4e79a9b11da3106c74417391ca2dc401397 |
| SHA512 | 29b029f064068e729b002758c7aacef3d9733beab4a46dcade33048af353bd5dd68b4fb48e6b13a697957e1d1725a7bb6db8612a3d0a763504719292c840fa58 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d21fb884dc77473fd5bd34a00278a0fd |
| SHA1 | a251add06ccf9a0cfaadbbb087bbbdacd9f98aa7 |
| SHA256 | 45577f4f02adf9d6a0feac7e49e526d093cea02bcb34af06b5be73908a70ee74 |
| SHA512 | 71b2e5508ea540c819ff5dad7280f66b5534209f456285b57e0f10e9c797c522f3d4ced6272a9931ee5f4f8513cb5def9e346a53fe06411bf5dff2e3d11b9826 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1
| MD5 | 448f7e61791049af64306e3bde93978b |
| SHA1 | 8cebad7081ccdb67330c90875a7a1e6c463e2194 |
| SHA256 | 3c865b9a5902377b404702b5dafd170558b96c8de142e21211b2dbb473463e7b |
| SHA512 | 878ae73add409ffc1df8761492085c6f3fb9f4df4b2cd11257055e36eabc3d04b1a3dad7acaf3843d4a0d0e950f6980a3ef7a6d313eabcfc0d178effd38a837a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3f67be35b26673799fe162260711fb73 |
| SHA1 | 2463a8909272218fbdfda73d8355a88688e66c82 |
| SHA256 | bf129b7a05c1d967e20a68fefcfb41a7cb28ab50563fd662c3aa036502508658 |
| SHA512 | d732383d91a5c936c75fafaa269b6475fee3879746345d2a4b3246cd9ad3ce59a5fdf355d68e24f8aeeae59f2bd94156ce98799d9dbb269613723cb4e4e022d0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bb6b335ee8e818e0b220c792e1508ef7 |
| SHA1 | 8e93dfe620e0ee9caef9caea1818541332fb6eb1 |
| SHA256 | ee90dd54618e2e510ec153cc2e5d5be8222a10823ed8b8cfa8007d436a51f2f9 |
| SHA512 | c4fb6031cd2048f9f421d08315802052c5001832abc6dfbc30384da8dae1616968d5df98eecf82fd344bde34bb92a07b943d26f4413b0a8ecbc10fc12f04ad88 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 54e4cc33740f0255cf8e695a2c322542 |
| SHA1 | 4e1f204b0a13dbe997ac281ab232f216c158b85f |
| SHA256 | 623b1d91ce961a653eec76af4f184d839e36b459e1c0d2cc6521fa96f2199b24 |
| SHA512 | 518483b03b931d30fe43fb7fdc2ff01bfc7ea43bb1dd9562789bc6ea2eef50ac39aaf20070de6671653e7e8910fb3b6c0a7057d88d35994b1dbbcaf486cccdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4665d3d871e7a5af5dcc2b194ade285a |
| SHA1 | 07a2a9a07e2f02343183aabf8b1f9c9becedbf69 |
| SHA256 | 3f8fa61c569b26cbbe97467c6bc150e3cd8b7cde4cf534f8624d9308ef289b87 |
| SHA512 | 5527e358560f50cb475ab4242fb36187a321a8933791db08258c840483f7fe70f67a7f82adaecd1658bf289a53c6de8104277d71a59fb6a6ce5d91c18ab77fa3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9812b758d211b31981a12c2476cf7d65 |
| SHA1 | 07620fff907baef441e31fd42fa4280961379241 |
| SHA256 | 219279c236a0776698924a75f8c3ae6a265eed7c45413bee3cf17617ab9f6bb4 |
| SHA512 | 852b0d1304bf34d116ceb28368d065d1d12e20845d5feb95f5f309bd00f4169a4c9c3d9b3821d0427b44e9c7b46d78076b3c61ae9baad8ffbc6cd517f4e8898d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e77da0284861d1990b3e8259aae504da |
| SHA1 | bdaa3a5584c5637dc3c9ff742011f8904c8cf8d4 |
| SHA256 | 0f2f229417c343d00024661ef7a5460d197ef21479c8d316382b833d06ee8301 |
| SHA512 | 007f80f4629eaa73b0f9d09b0027fe0f175bfd5ebe742556721c652b4d4d95a14ea563b4b233f4e45dfc31acebda4f9d073d327edd9a2a527197c6d550bdc200 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f414c26c6649e16ad5cedca872a9ef9e |
| SHA1 | 323e1aa6b706ebaff5636eb5a83f0183d0e1b891 |
| SHA256 | 6eb731361fc279d01f6d97cb33350f4ab37d623e0ca78c605b67fc49225eca84 |
| SHA512 | ed144ef5911f510f7e0dbba8d85c165c1058a06b97add23f56683b6c3760b9fd4b4380b96ab95185556d34b94e625f7815be0d50e2bf3d4552579ef3ababd22e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c4c4234907567ef3f9a7be03db768766 |
| SHA1 | 6b7443879d9dc12010e94b4cec7ff219c5baa324 |
| SHA256 | 0d225dcfa1c09f6f618ff0ea4d9f32497a727c45628cc91c78592af545c0cc86 |
| SHA512 | 85dd43c52b213cef6c1ef038e569456d7ad230622dc3b6f1448e4aa296f7601ba20f8c6212d05c5231de0eccb7ccbdafd455b3ed8aeca764c92faf9643a4a03e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f8776326fd85aa8a1e3a36ba5a85fa68 |
| SHA1 | a4565a0d941b107fda299db20c50b9125d503003 |
| SHA256 | 7dcb5887d0ba60c3cdf27e81fe42a0b8f92200655959dfb739f51bd7ab3afd2c |
| SHA512 | 29950f87265cab6db4095833cabe1e10064a3c93b22a5a392cbcdc441dca32890a884690ecc50417f67ee17e76aa5539717fe81aca43b4ea18afebe84bc023bd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4a438779f96f83e58471327f6e868d82 |
| SHA1 | 36e74440bb3acbb646f8630c71be1e2220562d1d |
| SHA256 | d611fbbbb14116d50dbe01df8d2d0fec57bc3daa855fa344c2fb7648cbb5251c |
| SHA512 | f96f306564ddc8fc1fdfc9eeff0d2888757cd890576d4226eeb77983b8b2bb2b99bc66ea930f831b508db5c69c27c2359fa6233c22a9c8e768269cb1fcb3b30c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e0a9edb58afc7e429b5d31de68fbbe2d |
| SHA1 | 1333fd35e939864b652dfbe6e8bd4624b1657917 |
| SHA256 | a3543a6057d69bde8bfe32b5d2ee6fc2fe0c03c37841d41d46a4869bdaa7fce2 |
| SHA512 | 5f2f7c145671e1cb51b5daa2f62efc84982b21adfc07f70fd930a55cbfa9ecdda28892b2657ee17c1db8078dc8cf2e048ded3b968ebe383644713c962811ab9c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5627ceb3a617428f595ca94cdb99f13f |
| SHA1 | 706440c77b0bea9fda14f4e91e8e39a4abc16c09 |
| SHA256 | 72f841bdf519a4339e466136674a0e134c3199fe159ca7a6872e9c34a6986593 |
| SHA512 | 46dfe251e5f735994027c559f68e7369a6f65dc8e1877f4d488fed33b771e7f4b3ca8e8767a117ad208d64de9dbf7a28664e31665e50d049c49ee09c26381761 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 00d4507a501e748942afb78453267dff |
| SHA1 | 11a295a30c13175d168bdbf1ddb28365b1ed2382 |
| SHA256 | 6c471884bbea3ac75ad41d08a4d309b221beb6a094b6c137ded903e43bc4a274 |
| SHA512 | d374350d063222d6bf47aa913bcc5e23a03808c7dd78a9fce3b65fff22581f0a51922dc406ef8ca771c1a23fcb14dac82e7bf9b54c00db3eb2d2b4c258e9b9ff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 117429b5e1daab8d6df7c38a0c448119 |
| SHA1 | 2b2e30c18ef3bd23105266cedf2864d11b2c6c42 |
| SHA256 | 33b2909ad7f2b38595ac4f15ae7bd1c0cde3a2dfbaf6e145c6cd33cf07954984 |
| SHA512 | 6f8b38e80687f5424c62fd69bbff7f322b5e5fc6e148b4ea0f57222aea567e765bfc06d32edd0c1370c77f71b34fcdc0926c9ded5146eb475efb5e03203f2155 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c65f0978f2d628568aff5d4d14a6840f |
| SHA1 | 32b6c60187de5f4dcae577ab5b0b19683006dcc0 |
| SHA256 | 690544acbb50d090b0d01803677b4968f6af0b454bc35983ff2ed7878da89f5a |
| SHA512 | 6abe1ee55e4ac6c0bdb7957c75673dbe98325601ce2095dc39f230bf7d4fb34a5bf79ad426a8f6e53c574980e3f59c9ba4a721623b516ef9de3d98e20942a79d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7e282874de24335eeb19f7af999ba91b |
| SHA1 | 58be4bf55e97c16ab91eb316b8fed2cee37e0584 |
| SHA256 | 4e7a25cb521d2fe0698877aed3d6de3e9e852bbd175834f1d253b3fe4a9b7597 |
| SHA512 | bb32e249d05adb742a69d616eaabec533f5c9fb6f66899c1a6cbf131a1dde8e450e5b721f712804e3cfaaec8d9ca3cb087057d511df1f87c9da592aca50531f7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3840d8af49cc722b82ba9675a7087f62 |
| SHA1 | debad9708f05e4407d7a1ba246c63c190997e2e0 |
| SHA256 | 87be8bb73c1a34817b25972f59dc191cef8de72c534958723bddc58bc97cd4fe |
| SHA512 | 266e90f98269fd7142975e2672aa26933c2e26dedee701db48198c56f20ccc06aa1b6213aca7ab72e982d2324efd67bffcebd01a0574c2411f9fb65b8aebc123 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b69aa9ed0d5134f97e2fc25f5c1af3a6 |
| SHA1 | ef6f6d166ece6e0a97089cfc3ea0feddead93c10 |
| SHA256 | 7481542001e97d621e21f6244f5459054b873bc1a594b8fab5bc71391822ce0a |
| SHA512 | 0f3a44e245b9d765a2e3d4b42492c205d0559108c273b7c4875456bb5587dcfd54e53d2a06f56b18bada86c5311047100a7d09bd60d46c0dca05a632cbf209ae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e49a9cd8756189b3b04c7a5ee9df6386 |
| SHA1 | 34b3027c5a9a4a5d87ab0e312490d7c2d317d9e2 |
| SHA256 | fe9cabf31e44d4d93e3b61daf4163b0c82cc375862d79c2ae9d8ec8fac25c8af |
| SHA512 | 0a6ff613b550559698c4895aca56febececdebb95b15344ffbbcb5d929ac884a6c043ca0e88237c2104035ea779bcb172f552ba51a59d7e1d0372112172cd658 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d525bb430bb1822ed28cc918fefb430d |
| SHA1 | de4ce4fed71225f9bf35b92ec903735f38b85a80 |
| SHA256 | 8e5af7c3aa239e8be4a6a9d54ac2cc3bfa94106f8b8c21370fb4e7317335c9f7 |
| SHA512 | 5437cf802f31df42d2afd72f360752e10d3c13b39d6a8ef3a187210ffb4e477ccf2321d26256af312ac4693049f63af99fdaaae7b307a9fe2182967958d6af58 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 10b160aaf41815a061f6eb2d09d11b1e |
| SHA1 | 815f592a4bf9fa81379809a773fa628b22f99f76 |
| SHA256 | 2f04f3e72ce6beefbb299080e2fb82fadd104ddad4c1f81c56350abf7a3d6ce9 |
| SHA512 | 007a69bf83dc21f51c5832458c48d2ebdfd24b8c3d5d210a53e015f942c16b1302c746ea99fa84051521900be4803bb35152133a536de9a5616dc47c3f21247a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a1649b2f868b3e292aaf38b8dad564ef |
| SHA1 | 556378070fa8b1789b79914360f1d973eddf94f9 |
| SHA256 | f4cb32627cd5275b81aa21f3d80e7d064295a9b526509067f3dbf5de5009133a |
| SHA512 | c1258e558484ad911d681d6ecf753c1ee8404397be296e41c57cf7cd5375c2f3f7cda5d8b80f58c8eb2a6ae3fcbbe96ac0d7b777377faa5a5ef8ef1e04703473 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8449266ffa5fd3940486b8f19ae04c70 |
| SHA1 | 6552f91cc6ed244eaf8e19b5cd2430155410cbc4 |
| SHA256 | 96ef154b2135d1743c7b284f25bc4bec55dfbc59d1610ba4a8354dcccace3faa |
| SHA512 | 099c0e981b6fd41763a3d57d1edebda1d0af01e6713372680f5913905e66e21bdd55d348af4e1b99c313e887d65e1bd9e3349da9fbf64502e625275cb968580c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f80faa257bff0dd34db971ad30de268b |
| SHA1 | b7d01a65f7c05ba9906efec6296f9c2d177886fd |
| SHA256 | 3b48be87a18e5e0f4dc4e41c3fec8dd2473582ce2a1439057e7891d9eb29c81b |
| SHA512 | aa9aae1bc63587832dbcc49dbb7d0edd41dd522aa2a63e59a45ea3ff75f777cd4dd0c3e7cbf4b2ce837f91f6c8e0c72af586652d9d70cacd31e70f7728e1849e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e59b1cef3801be9ed8a5612adfbfc333 |
| SHA1 | 562471691f1c604927ff08800e52505defb25b68 |
| SHA256 | fe3ee319bcf35e7221a2770ae5b7b8d708a2b41a1669c4f54861f87dba1abdb7 |
| SHA512 | fa50fbe6bcf9cce800463140e0a9958b21c4ec4cab467d90325a339e4d4ac765cf595e33800826966f39e31a1bcd997aa200d45c18a479666197e1f99c38baec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a35043bde7acabb1965a31bab00073ba |
| SHA1 | e62fa4ba48301536b06d612c1ff36c90843002e0 |
| SHA256 | 5e757c57a43c24ab9004daa878b1aad1bf04f9d0b55a1bce3e466725b53ad220 |
| SHA512 | 95da0070ab2aa101afa41515af90a51f4e65c7641c7f4de1afd93ca5beabbf56fa28d81008339c71d96026757f6ee7228014d0854548aaa94b57ce77d2707254 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | b3f4d9f3d256f7a3b6884572d6b87ac8 |
| SHA1 | 586fb341f4ba754e074d9e2246c9c8669dd41231 |
| SHA256 | 2ebe4da1ad978dda0babb5278156772aad29dfcb5d62113f47066a158a39b40f |
| SHA512 | 3c875a6a3f36c957dcc1a5d5e01360a44600e4d99cd0545d1ec038e49ce4087a5b86f2de1b08fe1195a888f67bfd340236b45bd9cc83f9b4141b3da70c0618e4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e6b3c3cb2ef62efc24b536f82f5c001c |
| SHA1 | 91fc2731e26cc64ea8f7a57feaf63fec60b11f8c |
| SHA256 | eb9075fca78802b3e83c86bad49df496084b5187b7d3d3b72e806a01c45f441c |
| SHA512 | 167b4d15abb6e00ce342fa4bba4057f4c2b41530e88d07ddfdd0489ac3fc996a46db2dd70de7094c5db6e2840227c4de20121d9037c17e02c5ba6dfa08e17d3f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1a056c5982c499ba4641ca6059a00e01 |
| SHA1 | 5dfea8fd3a036f03413d207530153ad9ea5b4094 |
| SHA256 | a534192784cc3e4828bc1078d3f86c4677976909ced02dd1f151f6c7268c0796 |
| SHA512 | e6e19026a015cb321669593906ef99e2a377e6f418b00ad5f7683bac688151e471c541f6d943eb51e645db2eff4857f8e7d969db07c47ebbbad3df15f98028fa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b97c86af804b6304b7b5df4533f52e47 |
| SHA1 | 20c42334794ef30d691bdb0c803e2ac3f1f548d4 |
| SHA256 | 61f25740c9523c4f2bae731363444581362a017b2c3acc86eba7523554f763db |
| SHA512 | 4cb5702e9ea05b86ba4ee569bc689c8c3b353949daac7fafdf9a635fb3d297780ce3bff95145c66d27f1fa5ccab935213f4518980a48fa5b16a79cc41e0624b5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5cda3e2f8f02fe1cce86be931fd547b7 |
| SHA1 | c541c31e64b718130a0e766222feb0b3f8f58ce9 |
| SHA256 | 3249b18447c5b37a2c667f730efb7743e7ac133e24afbca52775327dfc7c9e0e |
| SHA512 | 951c4666bd2947156137b2d5af203dc4f514361609a3d07edcbe89cadf91639c3e4d05d6c351279eb00aafe4091d4ef95bbc6b41fe06c35a3e7d53d371a6f8f7 |
Analysis: behavioral10
Detonation Overview
Submitted
2024-05-20 12:54
Reported
2024-05-20 12:56
Platform
win10v2004-20240508-en
Max time kernel
134s
Max time network
128s
Command Line
Signatures
Lumma Stealer
Command and Scripting Interpreter: JavaScript
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133606833336397679" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\esx_job_creator\html\index.js
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa4526ab58,0x7ffa4526ab68,0x7ffa4526ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1692 --field-trial-handle=1812,i,15823263031866506277,10027482468863440689,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1812,i,15823263031866506277,10027482468863440689,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2252 --field-trial-handle=1812,i,15823263031866506277,10027482468863440689,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=1812,i,15823263031866506277,10027482468863440689,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3100 --field-trial-handle=1812,i,15823263031866506277,10027482468863440689,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4344 --field-trial-handle=1812,i,15823263031866506277,10027482468863440689,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4444 --field-trial-handle=1812,i,15823263031866506277,10027482468863440689,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4420 --field-trial-handle=1812,i,15823263031866506277,10027482468863440689,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4500 --field-trial-handle=1812,i,15823263031866506277,10027482468863440689,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4940 --field-trial-handle=1812,i,15823263031866506277,10027482468863440689,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4436 --field-trial-handle=1812,i,15823263031866506277,10027482468863440689,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x7ff72908ae48,0x7ff72908ae58,0x7ff72908ae68
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3948 --field-trial-handle=1812,i,15823263031866506277,10027482468863440689,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4512 --field-trial-handle=1812,i,15823263031866506277,10027482468863440689,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3176 --field-trial-handle=1812,i,15823263031866506277,10027482468863440689,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4684 --field-trial-handle=1812,i,15823263031866506277,10027482468863440689,131072 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\FiveM-Mod-Menu-2024-main\FiveM-Mod-Menu-2024-main\Lunacy.exe
"C:\Users\Admin\Downloads\FiveM-Mod-Menu-2024-main\FiveM-Mod-Menu-2024-main\Lunacy.exe"
C:\Users\Admin\Downloads\FiveM-Mod-Menu-2024-main\FiveM-Mod-Menu-2024-main\Lunacy.exe
"C:\Users\Admin\Downloads\FiveM-Mod-Menu-2024-main\FiveM-Mod-Menu-2024-main\Lunacy.exe"
C:\Users\Admin\Downloads\FiveM-Mod-Menu-2024-main\FiveM-Mod-Menu-2024-main\Lunacy.exe
"C:\Users\Admin\Downloads\FiveM-Mod-Menu-2024-main\FiveM-Mod-Menu-2024-main\Lunacy.exe"
C:\Users\Admin\Downloads\FiveM-Mod-Menu-2024-main\FiveM-Mod-Menu-2024-main\Lunacy.exe
"C:\Users\Admin\Downloads\FiveM-Mod-Menu-2024-main\FiveM-Mod-Menu-2024-main\Lunacy.exe"
C:\Users\Admin\Downloads\FiveM-Mod-Menu-2024-main\FiveM-Mod-Menu-2024-main\Lunacy.exe
"C:\Users\Admin\Downloads\FiveM-Mod-Menu-2024-main\FiveM-Mod-Menu-2024-main\Lunacy.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| BE | 2.17.196.177:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 19.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.196.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 46.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.187.238:443 | clients2.google.com | udp |
| GB | 142.250.187.238:443 | clients2.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 142.250.187.238:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | private-user-images.githubusercontent.com | udp |
| US | 185.199.108.133:443 | private-user-images.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 172.217.169.42:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | 42.169.217.172.in-addr.arpa | udp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 172.217.169.42:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 21.114.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| GB | 20.26.156.216:443 | codeload.github.com | tcp |
| US | 8.8.8.8:53 | 216.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sideindexfollowragelrew.pw | udp |
| US | 8.8.8.8:53 | cleartotalfisherwo.shop | udp |
| US | 172.67.185.32:443 | cleartotalfisherwo.shop | tcp |
| US | 8.8.8.8:53 | worryfillvolcawoi.shop | udp |
| US | 104.21.44.125:443 | worryfillvolcawoi.shop | tcp |
| US | 8.8.8.8:53 | 32.185.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | enthusiasimtitleow.shop | udp |
| US | 172.67.183.226:443 | enthusiasimtitleow.shop | tcp |
| US | 8.8.8.8:53 | dismissalcylinderhostw.shop | udp |
| US | 172.67.205.132:443 | dismissalcylinderhostw.shop | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | affordcharmcropwo.shop | udp |
| US | 172.67.181.34:443 | affordcharmcropwo.shop | tcp |
| US | 8.8.8.8:53 | diskretainvigorousiw.shop | udp |
| US | 8.8.8.8:53 | 125.44.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.183.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.205.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 172.67.185.32:443 | cleartotalfisherwo.shop | tcp |
| US | 188.114.97.2:443 | diskretainvigorousiw.shop | tcp |
| US | 104.21.44.125:443 | worryfillvolcawoi.shop | tcp |
| US | 8.8.8.8:53 | communicationgenerwo.shop | udp |
| US | 172.67.166.251:443 | communicationgenerwo.shop | tcp |
| US | 172.67.183.226:443 | enthusiasimtitleow.shop | tcp |
| US | 172.67.205.132:443 | dismissalcylinderhostw.shop | tcp |
| US | 8.8.8.8:53 | pillowbrocccolipe.shop | udp |
| US | 8.8.8.8:53 | 2.97.114.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.181.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.166.67.172.in-addr.arpa | udp |
| US | 188.114.96.2:443 | pillowbrocccolipe.shop | tcp |
| US | 172.67.181.34:443 | affordcharmcropwo.shop | tcp |
| US | 188.114.97.2:443 | pillowbrocccolipe.shop | tcp |
| US | 172.67.166.251:443 | communicationgenerwo.shop | tcp |
| US | 8.8.8.8:53 | 2.96.114.188.in-addr.arpa | udp |
| US | 188.114.96.2:443 | pillowbrocccolipe.shop | tcp |
| US | 8.8.8.8:53 | sideindexfollowragelrew.pw | udp |
| US | 172.67.185.32:443 | cleartotalfisherwo.shop | tcp |
| US | 104.21.44.125:443 | worryfillvolcawoi.shop | tcp |
| US | 172.67.183.226:443 | enthusiasimtitleow.shop | tcp |
| US | 172.67.205.132:443 | dismissalcylinderhostw.shop | tcp |
| US | 172.67.181.34:443 | affordcharmcropwo.shop | tcp |
| US | 188.114.97.2:443 | pillowbrocccolipe.shop | tcp |
| US | 172.67.166.251:443 | communicationgenerwo.shop | tcp |
| US | 188.114.96.2:443 | pillowbrocccolipe.shop | tcp |
| US | 8.8.8.8:53 | sideindexfollowragelrew.pw | udp |
| US | 172.67.185.32:443 | cleartotalfisherwo.shop | tcp |
| US | 104.21.44.125:443 | worryfillvolcawoi.shop | tcp |
| US | 172.67.183.226:443 | enthusiasimtitleow.shop | tcp |
| US | 172.67.205.132:443 | dismissalcylinderhostw.shop | tcp |
| US | 172.67.181.34:443 | affordcharmcropwo.shop | tcp |
| US | 188.114.97.2:443 | pillowbrocccolipe.shop | tcp |
| US | 172.67.166.251:443 | communicationgenerwo.shop | tcp |
| US | 188.114.96.2:443 | pillowbrocccolipe.shop | tcp |
| US | 172.67.185.32:443 | cleartotalfisherwo.shop | tcp |
| US | 104.21.44.125:443 | worryfillvolcawoi.shop | tcp |
| US | 172.67.183.226:443 | enthusiasimtitleow.shop | tcp |
| US | 172.67.205.132:443 | dismissalcylinderhostw.shop | tcp |
| US | 172.67.181.34:443 | affordcharmcropwo.shop | tcp |
| US | 188.114.97.2:443 | pillowbrocccolipe.shop | tcp |
| US | 172.67.166.251:443 | communicationgenerwo.shop | tcp |
| US | 188.114.96.2:443 | pillowbrocccolipe.shop | tcp |
Files
\??\pipe\crashpad_3376_AKAENOHTWQBWTFYM
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | bdbba55fc8f80e98b4660d9f734527dd |
| SHA1 | 145270dd621d8d6684d176ab6759e6a1c44bd753 |
| SHA256 | e3001322dcc354926eda0ea804f40805609cb702fc6524d73b2710ef34435b42 |
| SHA512 | 84a2c4335be265971a8c2d05dad6fcf15c5f6a8ad2da8d507a9c88aeb1f22fff330b5d998514a274e25e758bd8c1030911ad681bf1ca0c8f406e00096b92fed3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 65b72cf6212b90bed76cb9c793c87274 |
| SHA1 | 4d7f1697aeb671f074b9ba86b535ec5599b637be |
| SHA256 | 24d9fb6263f39e901f39d783156f679d0134b593d7326441cac15c29873978db |
| SHA512 | bdd6a60bdc940628504ec77b5b3544643bb7fb746f499e80fa927e75a4fbadad3ad21737f0b5ae2b7eb4cc27a6067217b7edf66e44bb3c564aaf58043ac89f60 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 1c282700247f4b219febecfbeb767fc1 |
| SHA1 | 2bbf9f3e6f8b25cc98273a4c3dd04dd4f384056c |
| SHA256 | 5370798e1f6ddec6bbb40ba2fbcfc38aa93d95dd609d14e99dfa368cf3f48bf6 |
| SHA512 | 37b5f6d80906fb4e2a96b4f60f67b6c01da04f87e8836f8a3cf37bfb1045a831c2af3b3a03c9e333d74b1fedbb2f50989c61d63a1bae9c76abeba463ff861338 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | d261072132eb550f154d7245e9f662df |
| SHA1 | a39b8e36398947db39715c83b4345cb79baaf73b |
| SHA256 | b9557f22dcf6b6508897fc791c0d5d89cb6b3ee6dce512b882d3f18f4b559839 |
| SHA512 | 7ee15740e667caca8105482087072aa59a46184717964e5116e321b5c76949a49fe2a9449901ac701b9b3430d7f6e1f742cf3b29acbfaf1e8b863fe26886060b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 1d4d4640cb9669ddb53b95901f8fe528 |
| SHA1 | 5ca61d8c800fb5894f81c2d1bc3286e358aa03d6 |
| SHA256 | 32e3fd8ffdce8105487d339be1222e1a12bcb47be4bd0123a1915975115f6e93 |
| SHA512 | 82e0b5b9f1ff4c803c8d3074cda5946e9ec1ace600281e3e9ef4b357e252aa9428e2ff9449bd533ac77e5cf136ec68681875007c64af1033fb8170b85aa261b4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 137ae987c2eaf8bd97e079fc63350193 |
| SHA1 | f8dc885e48fdfe1c97009a62f928fb45fac6e765 |
| SHA256 | 02952e78ce7fb7cfdbb5a3d475eb75ca6411bf3779385b4e7ddedb197264f30f |
| SHA512 | 4fbd6561ec0b736eb7f1ceb4a0b5dfd25c3a4ab6e5bdd9ebc6f99e33ce28bf220eedf53847d50c817779ff3c3b5f47bc39546765e601477249a78c074f50e8a3 |
C:\Users\Admin\Downloads\FiveM-Mod-Menu-2024-main.zip.crdownload
| MD5 | bb2620f820e39f6665e2c78674de4c18 |
| SHA1 | 7c71eea5ca476c75b6ce749a1f9727f97b1a5dce |
| SHA256 | b0444e3347efacb6dad8d4442ac7b16d568a1de1681df46ae333e500ca758904 |
| SHA512 | ea6a2b3ef001e4eca793fc0020a44c9f2d97e0e747a914c44e33d1cb8c42887ce7ebb3999abf74f76e903fd3e71d3a8e59f8009f1a4543b8ccdbc77bd84795d9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 536a280041bbcb254259b9736fe78605 |
| SHA1 | 194eb5c6144385a4ba0dcd33ef474d7f6b3fdc13 |
| SHA256 | 2d0eeee55adc689c936ebb9f02e85e33d1ebc50a58c38e057258f3ee7f7a0591 |
| SHA512 | 269c098a556193a3309e396fe08a003b5691dfa9f6fe379fa5d60878ee22de9bd499144cf8c934a02bd75c7590e04e495b0a64dfc4da89c7e09bfaf60716f9b2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 716a739fd6364f724ef73327d13bc479 |
| SHA1 | 225f3c813d74f518b6d5a9c6a6a1738dce0d31f2 |
| SHA256 | ad401a59142a2d0c487f2d4bf69e9920fb7cad44994817174d20fbfd437c8b2f |
| SHA512 | a06488b38ab53c7e511e3a8626ebd6f6e8748c015962240057e27c104624bfff3c9471753e99965457a7c7e80da9c52a1bfc07e78954f7dbbe5aa30dc121ffce |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 9bc6ef76b465fa6be2af443f42bbe50f |
| SHA1 | 9d7678b21ec0fc4e8f7661405a6e3621b595832f |
| SHA256 | 3c98cd6da153d4176d8e20e5d96436707fc40499125a5d1539fa59c08e6bfbb6 |
| SHA512 | 3452dcc853b12bab669ac0a3c90b884d2769e1a6a4990d6ce330dcbdc9497ad92d1d8cc50e0fc3b258e41798ea3f928797778fe8b2427c68a1ff4611d69eecbf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58bc56.TMP
| MD5 | d3dbbcd7cf27a0ce805626900c43b1e7 |
| SHA1 | 46b9a7299b1cd64edc6167c05f12858380a0ebb7 |
| SHA256 | e6ca999b31f4a624d6095ceeabbe333c8db442d5ac9ab34d31f3fe20937ddbb4 |
| SHA512 | 87ac76864b3bc1b148cf9bcf17f9f6a309b3a4ec2930db9a13a5a0ed94a7b05da3d7fcc2e561eb638216d3ca42ed8a3c0c0b1a44991a067932207a679637987c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e83be85b28714eccb1d229d65513d76f |
| SHA1 | 0bf21dbb084ff350fcbe55120d649d0b23d13951 |
| SHA256 | d5cb8b12408427f8f2ef272a5d07ee8a155ca12cbf4124b756fb3e8b404e4526 |
| SHA512 | 90337f63c7b558efef7aa83ff8d6d83c0e841e27d3862bcc1476cfb2805930c0f370151932af746aa406559c1a781ff21f72365c5aa6ff49d2cb694046b241e7 |
memory/1264-291-0x00000000005B0000-0x00000000005FB000-memory.dmp
memory/832-297-0x0000000000FB0000-0x0000000000FFB000-memory.dmp
memory/1264-301-0x00000000005B0000-0x00000000005FB000-memory.dmp
memory/264-302-0x0000000000D80000-0x0000000000DCB000-memory.dmp
memory/832-307-0x0000000000FB0000-0x0000000000FFB000-memory.dmp
memory/264-308-0x0000000000D80000-0x0000000000DCB000-memory.dmp
memory/3616-310-0x00000000009B0000-0x00000000009FB000-memory.dmp
memory/3616-315-0x00000000009B0000-0x00000000009FB000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 883817201d1c721c6070c03bf3477185 |
| SHA1 | 5217cac535148b53903851ae0e4a2dabae263fd2 |
| SHA256 | 457b88398db1fbc06161cd3bb2eb224a52eda287404d1852cdf50042106d9706 |
| SHA512 | 75aa290d13903eb00de67dff9af3a8979a69bd6fa78cd086e77bed2726bb3f477b3341a1a6c6c12015143440e34decf5afc3514492aed6af5149257b0ee56ad8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 22394f16b012379a9aced7ea570f6d89 |
| SHA1 | 8445b3e0ba8aac5ab4ce727f20a6f551366e1a1c |
| SHA256 | 845df1443fccb99ae9d09e3947d5dfecf40cfba1678635227d2ab80918fc0ded |
| SHA512 | 7ac750373060fe2e9ed58dc559a9242408f5780fe4582ee4e65c439e6364625b794c4a5fdc5e170b58aef4f720d3137533070a4688c3d97f21a1056cb45fb6d8 |
memory/1564-339-0x00000000009B0000-0x00000000009FB000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | c9179cb7827ff099aeeb23d5deec0723 |
| SHA1 | 569db08ec4d45adad3e7e9915024d65e1eff8257 |
| SHA256 | 41928955cbf1f1a16c08fd2179ed1923339124f116aba61f89f88cda1c61051f |
| SHA512 | fd1161a48b1448e6a5c2c392126f751dd8d321cc3636ee305e488319564e0adb07d8f24771d8d467b886a60a543f749a9f376ed313a5caf00640995e0618b999 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-05-20 12:54
Reported
2024-05-20 12:57
Platform
win7-20231129-en
Max time kernel
118s
Max time network
119s
Command Line
Signatures
Processes
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\esx_job_creator\client\actions\checkvehicleowner.vbs"
Network
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-05-20 12:54
Reported
2024-05-20 12:57
Platform
win7-20240220-en
Max time kernel
122s
Max time network
123s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\esx_job_creator\client\markers\crafting_table.js
Network
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-05-20 12:54
Reported
2024-05-20 12:57
Platform
win10v2004-20240508-en
Max time kernel
139s
Max time network
123s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\esx_job_creator\client\markers\crafting_table.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| BE | 2.17.196.177:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.196.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-05-20 12:54
Reported
2024-05-20 12:57
Platform
win10v2004-20240508-en
Max time kernel
136s
Max time network
106s
Command Line
Signatures
Processes
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\esx_job_creator\client\actions\checkvehicleowner.vbs"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| BE | 2.17.196.145:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 145.196.17.2.in-addr.arpa | udp |
| BE | 2.17.196.145:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 52.111.229.48:443 | tcp | |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
Analysis: behavioral8
Detonation Overview
Submitted
2024-05-20 12:54
Reported
2024-05-20 12:57
Platform
win10v2004-20240426-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\esx_job_creator\html\index.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0xd8,0x7ffc835446f8,0x7ffc83544708,0x7ffc83544718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,4229650976620969910,7835733553794649799,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2024,4229650976620969910,7835733553794649799,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2024,4229650976620969910,7835733553794649799,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,4229650976620969910,7835733553794649799,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,4229650976620969910,7835733553794649799,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,4229650976620969910,7835733553794649799,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,4229650976620969910,7835733553794649799,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,4229650976620969910,7835733553794649799,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,4229650976620969910,7835733553794649799,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,4229650976620969910,7835733553794649799,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,4229650976620969910,7835733553794649799,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,4229650976620969910,7835733553794649799,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4836 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 142.250.187.234:443 | ajax.googleapis.com | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.181.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| BE | 2.17.196.105:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.196.17.2.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| BE | 2.17.196.105:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.117.168.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ea98e583ad99df195d29aa066204ab56 |
| SHA1 | f89398664af0179641aa0138b337097b617cb2db |
| SHA256 | a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6 |
| SHA512 | e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f |
\??\pipe\LOCAL\crashpad_4644_UCXCFKFEKFDRLMAL
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4f7152bc5a1a715ef481e37d1c791959 |
| SHA1 | c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7 |
| SHA256 | 704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc |
| SHA512 | 2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 748cb1ade0751758828ee326416161f2 |
| SHA1 | ae708aebb707c361c21a63ec5bc983ffe192774c |
| SHA256 | 9134e3c6ba29a2d2246aeb1fcd76fb417d522dcfced13f060dfce22cd75f1de0 |
| SHA512 | a7b1fd7ea15b71b7ae2998a468d3436f804a6b66929eeae28f82097f293dcbfdd82f92dc7bdf9f3e02d9fd14ce56a7bf83e4a32990a7b5b4ad98c384fceb7080 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f2a085b7f9eb109fb1cfc3ec1dced4a9 |
| SHA1 | 13157c39056053fa9ea4db678591f6df306366ca |
| SHA256 | caea072d78e5eb9965da9fc9887f444fdf74e02285cfe0fbed95ff69ffc27269 |
| SHA512 | 391b71f41a0b1cc4430a4e05bd8e566eab99f7373f2c210aa71a57c9628044a34e9085b5fe77b576b42483c07e548bc6ff13c93b695b00102b059889ce775624 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0f64bcf859362c3d7249206f52b2b455 |
| SHA1 | c007788cf535fd5b4720350ff942211c34a3fc71 |
| SHA256 | 07e82db96868722fe5323534dfc4e434c9818f05c6ad80ce58b93eeec3413ee1 |
| SHA512 | 8cecbf33bd031910befe470d33bb2a3812e4201e11785036c57161c01f10685677103ec572b414b1914e69974d3136daab72f35e4b767195b3983f379a720261 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 6c10ebe54790026f5a857ffd3c289c3b |
| SHA1 | ceb004a93510c209dc72b27d19017efbd664fcc3 |
| SHA256 | 5f610392169dcba5c38c469cb5f47da95c24f3cf222c2a5c0f7db02350e3c319 |
| SHA512 | b05876ce56d420753379aca3202e02fc0ab7b3bd7abc6892114fcd8fd383b314a02e84010bdecd143034223d8da1e3f01fbfcbd942861fc5749088ce722c82f7 |
Analysis: behavioral9
Detonation Overview
Submitted
2024-05-20 12:54
Reported
2024-05-20 12:57
Platform
win7-20240221-en
Max time kernel
118s
Max time network
123s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\esx_job_creator\html\index.js
Network
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-20 12:54
Reported
2024-05-20 12:57
Platform
win7-20240419-en
Max time kernel
92s
Max time network
144s
Command Line
Signatures
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_Classes\Local Settings | C:\Windows\system32\rundll32.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\esx_job_creator\cl_config.lua
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\esx_job_creator\cl_config.lua
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6d99758,0x7fef6d99768,0x7fef6d99778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1184 --field-trial-handle=1400,i,3510576869187384022,7079308337816526282,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1572 --field-trial-handle=1400,i,3510576869187384022,7079308337816526282,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1668 --field-trial-handle=1400,i,3510576869187384022,7079308337816526282,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2228 --field-trial-handle=1400,i,3510576869187384022,7079308337816526282,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2236 --field-trial-handle=1400,i,3510576869187384022,7079308337816526282,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1048 --field-trial-handle=1400,i,3510576869187384022,7079308337816526282,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3204 --field-trial-handle=1400,i,3510576869187384022,7079308337816526282,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3432 --field-trial-handle=1400,i,3510576869187384022,7079308337816526282,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3548 --field-trial-handle=1400,i,3510576869187384022,7079308337816526282,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3676 --field-trial-handle=1400,i,3510576869187384022,7079308337816526282,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3696 --field-trial-handle=1400,i,3510576869187384022,7079308337816526282,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2484 --field-trial-handle=1400,i,3510576869187384022,7079308337816526282,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2468 --field-trial-handle=1400,i,3510576869187384022,7079308337816526282,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2448 --field-trial-handle=1400,i,3510576869187384022,7079308337816526282,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2348 --field-trial-handle=1400,i,3510576869187384022,7079308337816526282,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2420 --field-trial-handle=1400,i,3510576869187384022,7079308337816526282,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3768 --field-trial-handle=1400,i,3510576869187384022,7079308337816526282,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2396 --field-trial-handle=1400,i,3510576869187384022,7079308337816526282,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3920 --field-trial-handle=1400,i,3510576869187384022,7079308337816526282,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3940 --field-trial-handle=1400,i,3510576869187384022,7079308337816526282,131072 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | ezmod-vip.webpkgcache.com | udp |
| GB | 216.58.212.225:443 | ezmod-vip.webpkgcache.com | tcp |
| GB | 216.58.212.225:443 | ezmod-vip.webpkgcache.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 142.250.187.238:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | encrypted-vtbn0.gstatic.com | udp |
| GB | 142.250.180.14:443 | encrypted-vtbn0.gstatic.com | tcp |
| GB | 142.250.180.14:443 | encrypted-vtbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| GB | 172.217.169.42:443 | content-autofill.googleapis.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 192.178.49.163:443 | beacons.gvt2.com | tcp |
| US | 192.178.49.163:443 | beacons.gvt2.com | tcp |
| US | 192.178.49.163:443 | beacons.gvt2.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| GB | 216.58.213.3:443 | beacons3.gvt2.com | tcp |
| GB | 216.58.213.3:443 | beacons3.gvt2.com | udp |
Files
\??\pipe\crashpad_2768_VCRUAJNHZFAFIFMH
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | a74349233e619de0a22fa2ac6dd61559 |
| SHA1 | ca44ae892bdf1ce2b44596bb464ba0b0bf07a3f4 |
| SHA256 | 0fd29be8c9885e6c058a98d5abd6e78611bbc5335653c92681a9b7ac6ed33c26 |
| SHA512 | b852456ff54e7e7309d28842f6d86d1cf08faf844dbd424f7ed521c8852ee7413f44618cc1f89210e6a5790f5241df55cc0996a0ec9c1e6b32d8a8a89b82f648 |
C:\Users\Admin\AppData\Local\Temp\Cab6C1D.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar6C30.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e6ab72c5313d9cc564e434e26b2d7dc4 |
| SHA1 | c18062e2b7eabff91c36e31d1654cf503624fa90 |
| SHA256 | 25bca77cb9d3d84d0ee395691de451193bd3d6fce96ea937d144ba76ddeba157 |
| SHA512 | c8237ea6f46b0d44a141ea627102562c69b15f76cc7a7919388f444104c562accbccb23f864e7f7f5e08c08e8219e1797a4ce53879e32832cb175298a1cb9f11 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 2008f22dd739666f61de4c29b0aa97d4 |
| SHA1 | a6accc54317723be2564fb5612c351541517a53c |
| SHA256 | 8f5f8fc465f298078a827cef3dad17d05ed6ee1855bb51162bd12c0b35477c12 |
| SHA512 | 311e6e2a1a5573038ba8e1f3555fb3774abf9d37818ba41a97dd785b689c3ba4e32250402f564d4779d0a5d6092801b3f22028c54110e77a288dbfda6aaa9ebc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 32456ab8506cbf393d1ff571cc876a76 |
| SHA1 | fae3b5f67027b03b4e07ad03eb67dfa59129ff5b |
| SHA256 | 2c4fdf6a691628bf47107a137e589975511a04f3902d002be8d6b7503bf71ec6 |
| SHA512 | 6add4bfa2c046cfd920b597706161a43091d5fa0478cd382489e620d3689b590f796e7e0082be8bedbfc5a23029e105f364a773b4f7d8762f1cd3c70e6110934 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 907efe56d3ea82a9c8a0df93c1f9c5e7 |
| SHA1 | 084fa7a14cb6cb59a1e0e3d44c2cf6df3b0b7f67 |
| SHA256 | d85d9a0c9d7ce6bc6c1ddf08f9a569f5c0275d3a6094c56ed482901ec8422a2e |
| SHA512 | 6a0f2251dbf9f61e9a61f36ee8b61a08af26288bbf712433e697118bbf1501a24ac52efd9ed9291baba90ff69279c9497c0392bf11842d847c930b94d5aaf3de |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d0ac4354819d949246e8e338b093e788 |
| SHA1 | 5c0c7f6d939b57ffba7f502861aa3db4a91b1028 |
| SHA256 | 47c49d8698399979d6e9130d699d175bc7f304c3cc13b296a2f641626f5938bd |
| SHA512 | 4f6b28bb672b537364a67cc0f20beeeb62bcaaa989250558d036efbae9b3212dcb1ae4427e2f4ec4a290610f5148677d318f8261aa968e2ce511623d3eddd99a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1996469390c25233df37e9a5c3ca1091 |
| SHA1 | 76e8dbbb2863d890e49f49e9eade91f85d8cf9a9 |
| SHA256 | 8ee74b59f1abec01a20f746eaba188766280a9c23a443f7c5ee2c66ed8ae6843 |
| SHA512 | e0cc08add58446b4b9903ffd8d12854782c89771f4f62902cb908adf8d2433555c60a11f41cdf68b167304dbf7c4efe2094db17b9d306703409869c32de60c59 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3698469e9cb18a17caf581fcad2e99e1 |
| SHA1 | d5363f39520d75b35974daa55d44629cd1e5abaf |
| SHA256 | 1bf625b162c7bfb483504c3256d51da89d3cc959a0fc7fa621f61da576f7d0a4 |
| SHA512 | 4b3bc6a2bb538eccb1ad326fe785680cd36e9bc33b8eb4c71c6ad4c5be22dd084d3902e2d0f389bf4056b494f2dfbf037a33e6637c5a80f0f07fbabd453dd1d9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | fb645b49845a85d3bf3ba7de1ad6f7c1 |
| SHA1 | a171a4651bb6f0c4280f315fed5470ee3fcea42b |
| SHA256 | 284a6134c1c2495a76b69b1a14c29f084bb07a2122d5bc1c61f901c616f6e041 |
| SHA512 | 2690300dbd2fff84401f12fc50eaae3a4a78161a73024cb958abf38cc8a8d4f594c09ff56237520eec2408aa600ce905d8c7af2601ddb41aeeac45e79b439fc8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 30ecd2db9748369317fbec43deb74704 |
| SHA1 | 32a012374f8106e04c7cda823b0d99976aa86d3c |
| SHA256 | 2605994758bf14f86a845f92e92c380cb700e5dca644ad8dff473748db55f05c |
| SHA512 | d69013b61308d7b56aeb1aa98b9fd15134d8badbfa64b374ee806f8777b07f1cdaf44cefd1a1ebf885d75056cee4c8e403297b9658c875c7f8ac0b28be106d38 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\9ec6137b-222e-494f-aae9-18407c5f3875.tmp
| MD5 | b5893cc9aefcad961ae33a86432eae01 |
| SHA1 | 4c46abf93f5375edebe03ae7a8a1f49788ca70d2 |
| SHA256 | 91084802cc98d99aad51ee26661716cf3942f410d09ca9729481aec788607354 |
| SHA512 | 29d16c069433e82ffb44430294a3730b75ba42903fd60691c25b21edaa5bb73bbe93f2d1b85ce23a6bd7ad1a179a6d89a9eb702af64493fc7897bc2ac5564612 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\99fbc925-1dda-40ad-8ead-66f89a952d9c.tmp
| MD5 | 10c648bd7c28c00284a663ec61418fd5 |
| SHA1 | 947504657e4b461eee69d97d95315d0948c2fc22 |
| SHA256 | e89e15a74e19f2be1ee4fc16c2b2b12a463684f46d131fce34638d3c52ed28ad |
| SHA512 | a200c6dba73114ad89df4882cb0df495fc08e6d39649cb0b4d31f9c405253028dc48752af4a57b1aafc2fe3f83c3fd3f13c31cf92fb7f2937bc60bbf802df2bd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 9eec3d2ad9cb80f0d463303d33834f69 |
| SHA1 | 85e32a4ae04643e66afeb9e8135b86aa7ab827bb |
| SHA256 | e1d037dd7885f3d46159f4aa77aec483aefb6daed6392b51c5152e0675d808a9 |
| SHA512 | f19df019997a2250a110398bf6a69dd60800f4c512bdda19d876b03ddb919bad67f5e3e4919031447b5ea4b1175dc51c33fe870e0007bb8c8efcdd3f3b8e6072 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 4623fb3119424a06fcceab67cde95c2a |
| SHA1 | 28ea9a39708f588b929e6e5afff7613eebd85bd8 |
| SHA256 | ba8260fd53c4ef6c712848397630d08bf6d280d102e63e82d319fae31a7067dc |
| SHA512 | ebf0578812f9b33ca3c92c3f1c470d1d084b2073cf8dbce53d702f20df75b74dfad0e28201771f5b9163d3ece3eccb87393433206fe4c4aeb0efef92c30118e4 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-20 12:54
Reported
2024-05-20 12:57
Platform
win10v2004-20240508-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\esx_job_creator\cl_config.lua
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| BE | 2.17.196.96:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.196.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.73.42.20.in-addr.arpa | udp |