Analysis Overview
SHA256
aefc68a09627909d0bd3b761065f52ab15d7f4eb93c94894761fd274b68ce796
Threat Level: Known bad
The file ExtraSoft v.2.2.rar was found to be: Known bad.
Malicious Activity Summary
Lumma Stealer
Downloads MZ/PE file
Executes dropped EXE
Enumerates connected drives
Suspicious use of SetThreadContext
Drops file in Program Files directory
Unsigned PE
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Enumerates system info in registry
Suspicious behavior: LoadsDriver
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-25 14:12
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-25 14:12
Reported
2024-05-25 14:15
Platform
win10-20240404-en
Max time kernel
150s
Max time network
160s
Command Line
Signatures
Lumma Stealer
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\MuMuInstaller_3.1.6.0_yx-gl-codex_all_1709777287.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7z901DEE38\nemu-downloader.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7z901DEE38\ColaBoxChecker.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7z901DEE38\HyperVChecker.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7z901DEE38\HyperVChecker.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7z901DEE38\HyperVChecker.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7z901DEE38\MuMuDownloader.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\7z901DEE38\nemu-downloader.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 3240 set thread context of 516 | N/A | C:\Users\Admin\AppData\Local\Temp\ExtraSoft v.2.2\ExtraSoft.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\1.txt | C:\Users\Admin\AppData\Local\Temp\7z901DEE38\nemu-downloader.exe | N/A |
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133611199978663148" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7z901DEE38\nemu-downloader.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7z901DEE38\nemu-downloader.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7z901DEE38\nemu-downloader.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7z901DEE38\nemu-downloader.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7z901DEE38\nemu-downloader.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7z901DEE38\nemu-downloader.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\ExtraSoft v.2.2\ExtraSoft.exe
"C:\Users\Admin\AppData\Local\Temp\ExtraSoft v.2.2\ExtraSoft.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc89c89758,0x7ffc89c89768,0x7ffc89c89778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1524 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2076 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2968 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2988 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3884 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4648 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4748 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5000 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5036 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5052 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5276 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3364 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3ec
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3036 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2112 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3852 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4892 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3884 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=816 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5376 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5544 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5096 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4748 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5708 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=4424 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=2016 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=5432 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=5980 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=3000 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6204 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3172 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6604 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6624 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5976 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6196 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4880 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:8
C:\Users\Admin\Downloads\MuMuInstaller_3.1.6.0_yx-gl-codex_all_1709777287.exe
"C:\Users\Admin\Downloads\MuMuInstaller_3.1.6.0_yx-gl-codex_all_1709777287.exe"
C:\Users\Admin\AppData\Local\Temp\7z901DEE38\nemu-downloader.exe
C:\Users\Admin\AppData\Local\Temp\7z901DEE38\nemu-downloader.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=6924 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=5272 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6732 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\7z901DEE38\ColaBoxChecker.exe
"C:\Users\Admin\AppData\Local\Temp\7z901DEE38\ColaBoxChecker.exe" checker /baseboard
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6260 --field-trial-handle=1772,i,8469466361401217558,17639043095845277915,131072 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\7z901DEE38\HyperVChecker.exe
"C:\Users\Admin\AppData\Local\Temp\7z901DEE38\HyperVChecker.exe"
C:\Users\Admin\AppData\Local\Temp\7z901DEE38\HyperVChecker.exe
"C:\Users\Admin\AppData\Local\Temp\7z901DEE38\HyperVChecker.exe"
C:\Users\Admin\AppData\Local\Temp\7z901DEE38\HyperVChecker.exe
"C:\Users\Admin\AppData\Local\Temp\7z901DEE38\HyperVChecker.exe"
C:\Users\Admin\AppData\Local\Temp\7z901DEE38\MuMuDownloader.exe
"C:\Users\Admin\AppData\Local\Temp\7z901DEE38\MuMuDownloader.exe" --log="C:\Users\Admin\AppData\Local\Temp\nemu-downloader-aria.log" --log-level=notice --check-certificate=false --enable-rpc=true --rpc-listen-port=50682 --continue --max-concurrent-downloads=10 --max-connection-per-server=5 --async-dns=false --file-allocation=prealloc --enable-mmap=true --connect-timeout=5 --rpc-max-request-size=1024M --stop-with-process=720
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | sideindexfollowragelrew.pw | udp |
| US | 8.8.8.8:53 | museumtespaceorsp.shop | udp |
| US | 104.21.32.80:443 | museumtespaceorsp.shop | tcp |
| US | 8.8.8.8:53 | 80.32.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | buttockdecarderwiso.shop | udp |
| US | 104.21.45.202:443 | buttockdecarderwiso.shop | tcp |
| US | 8.8.8.8:53 | averageaattractiionsl.shop | udp |
| US | 104.21.62.60:443 | averageaattractiionsl.shop | tcp |
| US | 8.8.8.8:53 | femininiespywageg.shop | udp |
| US | 104.21.71.3:443 | femininiespywageg.shop | tcp |
| US | 8.8.8.8:53 | employhabragaomlsp.shop | udp |
| US | 8.8.8.8:53 | 60.62.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.45.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.71.21.104.in-addr.arpa | udp |
| US | 104.21.85.81:443 | employhabragaomlsp.shop | tcp |
| US | 8.8.8.8:53 | stalfbaclcalorieeis.shop | udp |
| US | 104.21.3.197:443 | stalfbaclcalorieeis.shop | tcp |
| US | 8.8.8.8:53 | civilianurinedtsraov.shop | udp |
| US | 104.21.49.245:443 | civilianurinedtsraov.shop | tcp |
| US | 8.8.8.8:53 | 81.85.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.3.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.49.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | roomabolishsnifftwk.shop | udp |
| US | 104.21.55.87:443 | roomabolishsnifftwk.shop | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.187.238:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | labs.google.com | udp |
| GB | 142.250.187.238:443 | labs.google.com | tcp |
| GB | 142.250.187.238:443 | labs.google.com | tcp |
| GB | 142.250.187.238:443 | labs.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| NL | 142.251.18.94:443 | id.google.com | tcp |
| US | 8.8.8.8:53 | 94.18.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 172.217.169.54:443 | i.ytimg.com | tcp |
| GB | 172.217.169.54:443 | i.ytimg.com | tcp |
| GB | 172.217.169.54:443 | i.ytimg.com | tcp |
| GB | 172.217.169.54:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | 54.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 172.217.169.54:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 154.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | repository-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | tcp |
| US | 185.199.109.133:443 | repository-images.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | repository-images.githubusercontent.com | tcp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.49.178.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.187.202:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.114.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 142.251.18.94:443 | id.google.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.213.6:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 98.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 142.250.179.234:443 | jnn-pa.googleapis.com | udp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | codexexecutor.net | udp |
| US | 104.21.77.216:443 | codexexecutor.net | tcp |
| US | 104.21.77.216:443 | codexexecutor.net | tcp |
| US | 104.21.77.216:443 | codexexecutor.net | udp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 192.0.76.3:443 | stats.wp.com | tcp |
| US | 8.8.8.8:53 | 216.77.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.76.0.192.in-addr.arpa | udp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | pixel.wp.com | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | tcp |
| US | 192.0.76.3:443 | pixel.wp.com | udp |
| US | 8.8.8.8:53 | partner.googleadservices.com | udp |
| GB | 142.250.178.2:443 | partner.googleadservices.com | tcp |
| US | 8.8.8.8:53 | a11.gdl.netease.com | udp |
| US | 2.17.251.38:443 | a11.gdl.netease.com | tcp |
| US | 2.17.251.38:443 | a11.gdl.netease.com | tcp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.251.17.2.in-addr.arpa | udp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | api.mumuglobal.com | udp |
| JP | 3.115.32.176:443 | api.mumuglobal.com | tcp |
| JP | 3.115.32.176:443 | api.mumuglobal.com | tcp |
| US | 8.8.8.8:53 | 176.32.115.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.65.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dns.update.easebar.com | udp |
| BE | 104.68.95.105:443 | dns.update.easebar.com | tcp |
| US | 8.8.8.8:53 | 105.95.68.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mumu-global.fp.ps.easebar.com | udp |
| NL | 23.197.91.229:443 | mumu-global.fp.ps.easebar.com | tcp |
| US | 8.8.8.8:53 | 229.91.197.23.in-addr.arpa | udp |
| US | 76.223.88.1:80 | 76.223.88.1 | tcp |
| US | 2.17.251.38:80 | a11.gdl.netease.com | tcp |
| US | 8.8.8.8:53 | a11.gdl.netease.com | udp |
| US | 8.8.8.8:53 | 1.88.223.76.in-addr.arpa | udp |
| US | 2.17.251.38:80 | a11.gdl.netease.com | tcp |
| US | 2.17.251.38:80 | a11.gdl.netease.com | tcp |
| US | 2.17.251.38:80 | a11.gdl.netease.com | tcp |
| US | 2.17.251.38:80 | a11.gdl.netease.com | tcp |
| N/A | 127.0.0.1:50682 | tcp |
Files
memory/3240-0-0x00000000012C0000-0x00000000012C1000-memory.dmp
memory/3240-1-0x00000000012C0000-0x00000000012C1000-memory.dmp
memory/3240-3-0x00000000012C0000-0x00000000012C1000-memory.dmp
memory/516-2-0x0000000000400000-0x0000000000455000-memory.dmp
memory/516-5-0x0000000000400000-0x0000000000455000-memory.dmp
memory/516-6-0x0000000000400000-0x0000000000455000-memory.dmp
memory/516-10-0x0000000000400000-0x0000000000455000-memory.dmp
\??\pipe\crashpad_2948_EVSBOYLBHFYMVJDL
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\d06eb52b-2df7-4c08-9f63-07ef5539e0b5.tmp
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | ea9f8e1a1aa1959402aea0d01bc13c7c |
| SHA1 | 5f7b0512af06b4317a9e3eda192d728f804dc1ec |
| SHA256 | 10ffbbb4254dde094797d964c7dd22706a9a54627dfa01403ceed176cf4404f3 |
| SHA512 | 1d6dbd85488025af97aa16af1567ecc1ed3bf701e957c308ff72b42a0ef98bff1cfab655d68b176d8378475fd59d7285d8eccb5fcb29303fc711a57d1068c1e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | dfeb75ab5b71689fd07d8873d5af9d98 |
| SHA1 | 0f00534b4e5b53023cf363f6338d093bf7339e65 |
| SHA256 | 8e0a1a98548e0abe786e9279b41aecccb544097ea82a017a34d2c86c72977144 |
| SHA512 | 7304dd85f805afda47b3ac9b5423c26773f69618e48da81ee7e4c358fc62f5e9b391a251a4bd3e069521689b5e90c3fd1a38fdebd72281415ff2fa5296fccccd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 35a023dc83f8bf62645b2aedf7434b4f |
| SHA1 | 75e195fedd5f94529e9a936df0b1de60fbc26a5d |
| SHA256 | b26fe2cc7746ee180c9a5fad1c9c042fcf32b9acc661c570962b62c33aced098 |
| SHA512 | de9a3435b8a9ac23b574c32ccabf34f05f22bf9d9300436897aa33d76167a7acfca97234730891ab58f2143c3313411fef7c3ae421f3745cc70f1db1777e0dfe |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | bfe988983af5f5f7e09887b3a0bb1e9b |
| SHA1 | 0c7945b2fd8c9f0ea109bc3c0579f58e232023ed |
| SHA256 | 4e68a75b82a0705f6ecf9f0c7660ef0430087c6b7ac7c3cf7614ae9d84a31cd3 |
| SHA512 | 8c1470e2be2fc2ba2f47c4aeeda627411f32b8295f190faf84e63435c8d54e5cf6f3de1b95e2a4af767e15aed2bf7d200f85b93a1c61d74b2f8ffcf161518581 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\93699ea7-9bb8-41ba-8efc-cdbe9e35bc7a.tmp
| MD5 | bc78ce8a27e6e83c652c20857625571f |
| SHA1 | 9bba33f9edbef04627ac01455069be2c16aa25d2 |
| SHA256 | 2129c72ea4a182e5cccdb1600f0f1e9dcff8865a53f3b552fe541367fd552d9d |
| SHA512 | a2453b8c2d34f10c61c2c87311d3b6da13883ae11727134b70ea08c77a4ab9d3592145dc5334c19f87898b6f756fc3f268532aebeb19f94d1407aa4aff9d97f2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002
| MD5 | 7626aade5004330bfb65f1e1f790df0c |
| SHA1 | 97dca3e04f19cfe55b010c13f10a81ffe8b8374b |
| SHA256 | cdeaef4fa58a99edcdd3c26ced28e6d512704d3a326a03a61d072d3a287fd60e |
| SHA512 | f7b1b34430546788a7451e723a78186c4738b3906cb2bca2a6ae94b1a70f9f863b2bfa7947cc897dfb88b6a3fe98030aa58101f5f656812ff10837e7585e3f74 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003
| MD5 | 5ce7bdeeea547dc5e395554f1de0b179 |
| SHA1 | 3dba53fa4da7c828a468d17abc09b265b664078a |
| SHA256 | 675cd5fdfe3c14504b7af2d1012c921ab0b5af2ab93bf4dfbfe6505cae8b79a9 |
| SHA512 | 0bf3e39c11cfefbd4de7ec60f2adaacfba14eac0a4bf8e4d2bc80c4cf1e9d173035c068d8488436c4cf9840ae5c7cfccbefddf9d184e60cab78d1043dc3b9c4e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | fa7aabca1fcfab3a03656e6524e818e4 |
| SHA1 | fb3c464a15f94fae8d232e1f15aab08182fd457c |
| SHA256 | 914af35658d8483a17e54013a6ba6abdab53011a6e838cb1fa533dd8f9e50c36 |
| SHA512 | cde0d00b6150f2faf1545ae8fba1fcc3962aa03a751ee40ea2edc974c16b5cbf5a2b6b001f185a11d23df9912da7ebbf27e6fbfdc615fcdc6d4fe54c68e3ecc5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 0c940a26f84ca477fe2f2ffee5ff2931 |
| SHA1 | ff2eb757f1c760213d7c10fcaca56c0bc129f042 |
| SHA256 | 7fe9d9ee38c5fa23a3e15afbb95cad118952c016742c2f08c4a4dc2453d05865 |
| SHA512 | 094a11f43b6f8a1d13ee8d6b887ef39b68e8404d4d31360199c50886170e6b10bdfcb9d40778ab1bc06e85cc903cb4cfca2fa01ca456c89bb277438578ae0e82 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\1884648a-7014-4a75-8448-2dc8ee101eee.tmp
| MD5 | 9ad3a161e98e3fe7da209f2eb67021f9 |
| SHA1 | 8859c1212a60ed7073e0eb91810ac1607105ba52 |
| SHA256 | 219d525a04bb87af7d3ff65ff2a2bf9e5b24962ae0f815de21be67a9dfd3dbaf |
| SHA512 | d4a99a4960c0fc66570056228ccae060f78be64ef160eb5f178e90393dc1f5610f6ee3f6ea8eebaac2614261443bf63f0d7eb3e45262371bce12314972093537 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7d8caf8f19cd653b161c37a5d18dea61 |
| SHA1 | 4cc032367e7b34122ee0aa58f8c53abca4b86e70 |
| SHA256 | 75e00c2293e4db9ca1a3d2998c1fd98c76d620d2edfb0a6865e1095543105576 |
| SHA512 | 99eb53eff078c13948eb1b93771fb815f157af18312b4c81f17a3032b7376eecaf177f1b83b7908e6abe444c93a5a97f86ca76613434c6c07e0a95ac9a0073c0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b2cf6fbed4beaeded2637f1c58adea5d |
| SHA1 | 420c58e4fb109fbc76b2c6da38eafd6ba6b7c07c |
| SHA256 | 11e799bc936b70847a8a9d8758664f76d4434e3e8403d98f5d03d86913fa5593 |
| SHA512 | 17405a234b4483509bf612767a8da351c852e528f277aa0ed44f8311ff09f708c1124a8cf91b73e342cffe35676f07041ecb952de3b33b4b436c5c624b36f69c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c64751a97d845ff3463567cef86d549e |
| SHA1 | 475a2d3e62a6e421d32c9df0ada90c295b655173 |
| SHA256 | 24d800e619af7009c542ea78701016dc7bf8ce21ff123eaf5552158981d4d560 |
| SHA512 | e838a270215afd5e685720df36b9951de1a146dc57fbdc538a84641c698dc1b6a6d9cd98f651d88f527222d0d0c0514d86125b9f47f9a8bb6c01e39e98482778 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | bedcd4a1cf1a610f2d9a9ed025348bbf |
| SHA1 | 9e2768e434e92e438b301cad77eb4855ed4f603e |
| SHA256 | e04e6ffac93749181ca79844b56d51907a60bd315db6f4f613878f98438934c7 |
| SHA512 | dfbfb3a6fc22d07abca1ca06366fea5ddf6435d6e64b675ef639aec6616fd14d08dcc3baaba4c82bfc1f9cf262cd2cf783922a16569c0e49ce239062e45e24ab |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58b2c1.TMP
| MD5 | 0d02d9832339538110262d930dc1a1d8 |
| SHA1 | 805bdab19bfdfccce59170a41b1af5c7793e79f7 |
| SHA256 | b1619f20103ffa7f9f2f48205bbb6bc83f42ed55891faadc67cc7e87f9ef74f0 |
| SHA512 | 6bd7d2a8e3aa93ea4205b8ba6d8c4d6cbdbc90c1bca9d77be49c8200f753a464dcaaa889113598d130848a26882e88e72113978e5c6f9f38f59d3790883cf334 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\e29248a6-ae14-4a32-b2b0-b15eef7e7c11.tmp
| MD5 | 61df28715853094e7e1f8484f97e7663 |
| SHA1 | 6b842abfe05836a47ba7b60cee37ba33c421c6b1 |
| SHA256 | bcea67642fbb45b4eeb3e2d81b8c396b8ca244d96291728423dc87803c3acd3d |
| SHA512 | 6fe33292d0abc786821e4c7382558b9eb9898c9555e4fa7ee70ff302c24466da30f7942b0bbfab70e6c4ac25e79fd6e37ac96aaf72ca3abe9debbba41ce41f24 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | ab3b00867cbcf7a060703ea22af100eb |
| SHA1 | 8a98d22e13ca8d66e5ef59f20d85fb3972e4f3fe |
| SHA256 | 8e60b6d4c14d0b56ddaee7f6e39037955e6edab535cc501403af465e513434da |
| SHA512 | ef7e0c41b247f437d48f1fe6d2a2f3b337c4a9f38081a9d158e2440cb70c7a5b79eaf4b29f78ba41824cb0eba341940fb1f8619c0cd27346898ab4e9a1b15557 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 170937257784a633fdc5276e55b2d37c |
| SHA1 | 89e6b52092b6b59b9f2164d730f87795cbbd8a0c |
| SHA256 | d4ef1c19c5b7252e93be6f2ccffdf63a66481cf567ed16b2db36fce6e4dc4c74 |
| SHA512 | 06be90cb66f5e0ae86e2e8643d1824de54796e3c2a0a6c4dcaca2d1a9f7f476bc1420167504c9f99f07da077ede2ea1ddb4f7bccbb9f94997e2cc3a9c825867c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | ae1bccd6831ebfe5ad03b482ee266e4f |
| SHA1 | 01f4179f48f1af383b275d7ee338dd160b6f558a |
| SHA256 | 1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649 |
| SHA512 | baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58dafa.TMP
| MD5 | 6cf7090d872224f968f3b6bab683baa4 |
| SHA1 | 380eab3abcd7422883eb869ff4c71b6300971ddf |
| SHA256 | c57d8a2f21a9b5b8cb7a125fef54e6b4f3e40c1fe977e6bf79bb6c9ee0aa2571 |
| SHA512 | 7ddda0d49b01664b27d8e4e4d3eecd5f6629d87d0303dfc0806e90be75f65f33e184e31513bff645bc5c1cbeb12c89f52763b2b03fee96493e6528ae0fd55bdf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d
| MD5 | 0ed8278b11742681d994e5f5b44b8d3d |
| SHA1 | 28711624d01da8dbd0aa4aad8629d5b0f703441e |
| SHA256 | 354730711c3ca9845bf98ec5dfb58a16e50984f9edcf0e8f432742326334f8a2 |
| SHA512 | d296ab1f1b418b125f09598ca6645d984a1cf67092a914956b8879d285ee35521b408363b47da195de79086e3be3ed9b1709bc8f9cd2e32d5dccb720a010bc8c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 51f467557c2dc2b97a1ed327115ff5e6 |
| SHA1 | da9e23fec234d5b7c0000d1b43ae660da3daa12f |
| SHA256 | 31946053d9281f861f807dd8735eb31a9b41b823f68a2435422429dad8ead56d |
| SHA512 | 55b68f06549437e6e137ee84ef1337968f13524cbdd7d5b3108b210d3414c06d797e6379564695f5a9f41cd4252345c9d38992ae3ed4c226c7563288f03083ba |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e
| MD5 | f04cc7d5ee9150a73ba2eac920e78841 |
| SHA1 | 92b4c0ad93889f3d1e851b83e0fd027caca10d59 |
| SHA256 | 1a87118c3d118dade65324586a2930cf11fb929362f9612cc93f875c67e2c4bd |
| SHA512 | 52b1a050e6da4c57cba4623dd225844d83d9a47e4cb1f5512e4aa1365537022bbb0b9b3217465c258facf576b4706e577a83078f2fa71b4442a4a7624ac1fdab |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f
| MD5 | da1d252e947bce39c6b4fc3270383195 |
| SHA1 | f6e8fcd9d63683e56e457bbf1dfbd684586382fc |
| SHA256 | 28ac23c8020d600a3141888b982e3061d34aeaad83fe5993d8e61cf2a70b7bd4 |
| SHA512 | 320539f5ec40d9bf31f6b9b7c1c99f6c644937060c5f29726b6719f2ff5d2043d237ddcbf4be20055e9b13673fc0e4e025d172bcd51495caf65ca57a689e2eb4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018
| MD5 | 16c0a2c82dc0ab50f23123f7ecb11f51 |
| SHA1 | fbaef7794f352126af25aedaa99f1bc22d131f71 |
| SHA256 | 5749a98e9383a271b4f6cac8caefea4d86a6b40e203a750d45fda652e167583d |
| SHA512 | 0bf3c5458b647601a1f28c194ac1bcc424ecdeba91871fab9178e8daf1fdf2ee956ba55bbf61b3cd2f54cb1ca008dc894e6a54730f5caf754c61d9ba20da8244 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019
| MD5 | 0f978383950b924d31b77aad56c0ae79 |
| SHA1 | 4481f7635c1cf3d98c542542d0106cfe498446e1 |
| SHA256 | afca43c7931d9ddc33882d9a079772bddced944debbf84143192c4eea3292c77 |
| SHA512 | b8ffaaf2d63b9582ec4917e970b2033989bd414b9bbf2b9d3b5359aa4a8a15cd3206e556514483e511df2433adab4c8cef9b8a251e2fb942fe4e7d846fdf936f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017
| MD5 | b4e4c40ba1b021933f86142b1010c253 |
| SHA1 | 8901690b1040e46b360f7b39ecb9f9e342bd20af |
| SHA256 | a1ad4fde10e0f378aeeb97ec0aaa27bbdba9ed434a0334052f0230e09fd891ae |
| SHA512 | 452cbfc40d99d69d65271ab7a6fb62c87d123813fe20898d13b938c13d54efb2e33eb04e165f18e9e91b6a0d02b3282b8e3bf2b8c65efaa974022d14c07bcfd4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5effdac89cf57163e7de1548224cf36b |
| SHA1 | 706423fb7bc3e8a8acae2c1528e896c7c688947c |
| SHA256 | 24c52668245184f8179d919fda8875e821ddffaa1915ddc8a4df31f0877526f3 |
| SHA512 | 541ea5d4a644c94bd90d5b2a1683f47d8ddc4d611747c2a830a77079ea3f3d4e1e7a261f618dab16379ae14267b6bd2f227c848893573a8ad8420d1cf69a6b7e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003e
| MD5 | d84862513956cbe61aeb4ebbfdd3355a |
| SHA1 | 14ab269df17cb0333b1556ce120d587324479f6b |
| SHA256 | a18b26912ab9e034923cc64fbfdb59d682500f2c556456930e480b6bd69e33b5 |
| SHA512 | d04ca96d72595f1e291a6ce96f092c1707064800103cde733512a186c1b22e089b63690a0c53965c97248dd782731b22fa2d27b8ee3ae112647382f1c06d1a9d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4aeb7d44529f26f5f9880f7b9f6fa2f4 |
| SHA1 | f362b204d5874bd404feeba6ad20186af6172dbf |
| SHA256 | 05940ccd1153d8f57c164e3c98e96226dedaaf045e4bf819c5506326b4bca305 |
| SHA512 | 5c7a14ceb472913fccb9a341dc520b8f2a5ca3b1bd24ac2df907f5160cb5a0fc30580a0c4c4808b65b0a97c87857360348904e856d0ce91cede406a2369c622c |
C:\Users\Admin\Downloads\Unconfirmed 933943.crdownload
| MD5 | 86e0f88dcc69e631df6cfd28bb5babb1 |
| SHA1 | e7b3552cf10983c97bf3381fe66053f8f5a1ea9c |
| SHA256 | baa175b6fa6ee27992d80995f9eae285f3a3eceb35b655c0c5a5f58b7ac748dc |
| SHA512 | c2e0b76ea267cbe01019cd826c90ffcf84e88da1f16c83ae36cebe543cf75316b5a375a3f053165d4e8fe0b6d65a70558cb08693473d5710dc9de4a44fef7843 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 46c84d228efceec02534395262f2754c |
| SHA1 | 6acf17646e703f387314686237426801c87437ba |
| SHA256 | 478d94aa3f5397ae96726e2399ebbe8949cdaae5d28c78073dacd72473ac90b0 |
| SHA512 | 0b21ab972bfc9c72b0d874f4dc2f709a56c1675907eb32333c0e800b53dc485c37808773bc4043deaca159683fb176c3ac81d780647e12531c26e4576d971655 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 1dc3bb967cdf426aeeeaf7777b340046 |
| SHA1 | 70787d886a017c0c1d84698d3d96d2939beb9233 |
| SHA256 | 6504193876fdf2fbcb66a0a89cd3d949400ecfeb225c92b1af26949ca3aede94 |
| SHA512 | 478926cef458af67e16b3959832cc827a464e426de1549e5853f84d0df12a614f700b37956f45f8de999cda33fb76580fcefc4499e53547ccf6652b778a860e1 |
C:\Users\Admin\AppData\Local\Temp\7z901DEE38\nemu-downloader.exe
| MD5 | b311535e3673c225b4095f77ca7ea4f5 |
| SHA1 | 4206e1cbe58428fdbc9b319b8919373646807583 |
| SHA256 | 7662f1e4e1b4a52cce2fb8c57ffdd4ec8654f3bd1a830814845e75fdcd3f1735 |
| SHA512 | 57d9d6e592a6cdc3a8ffd514ad21729de15fcdd8b4fd321ce013c9541e08ad6cf3a11bf1479464b5b0fff771552c19ccad2720239779fcd25290c436a287b6c2 |
C:\Users\Admin\AppData\Local\Temp\7z901DEE38\skin.zip
| MD5 | d59a09fb475ed8cd967e1a5366d7884d |
| SHA1 | 8636b3f7d18482ce940607af9d0e51232d8491d4 |
| SHA256 | 45a97dba97f3613ec8f357d9a36fe336c2795ead0f32081856b9b2dad4620ce1 |
| SHA512 | 39a667a970f66ba6c28351a038c23bb4f4427e1b584a2cabf962711c64ad7540f09a00b2771c01c965d59f69b5b707e9659349aaf68b6f675695e9e83cf40e58 |
C:\Users\Admin\AppData\Local\Temp\7z901DEE38\config.ini
| MD5 | 048404eeb7f19ff7aea3e0e282b2668f |
| SHA1 | 4ee3a5f86c9cc6a0f2fd597e41264249d49d7e30 |
| SHA256 | 536276708fd9e141dc5036a7feb791a2467c667bb16d7ce90bf2917a68a772a2 |
| SHA512 | 6fe975bfc6994edb1fddab0fa635a6d34d5624836fa7f77f6029c13ff633ee0af49fe513f1bb24d7c3cc90e83fcba837d82c8e593ca6e68e8101d4f44cf43b2c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 28d297753391ed5afc1190c0d67c4547 |
| SHA1 | edd3867d9be9c52ea0f23c309a6882e625cf40f1 |
| SHA256 | 917ed7c2a13ca43e172c37c178d96fd462d22e1855ea505a02bb7c854152c67b |
| SHA512 | fbb523d517d66e1929529da5410dbe78523c6bc6e9b4d36ff61c6b538e4f8d08fdca240d1d68dc79a3c839c980836d0b193fe1be0f72fa1250b690c5cad05cec |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000047
| MD5 | d41d72406bf403e2a2d1ec60ef889531 |
| SHA1 | 3af9e732d1366595da6737bd0f943df4704ac4ac |
| SHA256 | 913bf99a86dde22866e137811794ce0a5737a1741583c2e06483c31a6b43629c |
| SHA512 | e1268f335a51062f1d59dd392e13730045cf0b4eac1eef48659f280330a0c280aa3d28064a94918acb3b1c6f6d53ee674f9ecb51eb0e78729672205c25f490ff |
C:\Users\Admin\AppData\Local\Temp\7z901DEE38\ColaBoxChecker.exe
| MD5 | 839708e3f96cf055436fa08d6205263c |
| SHA1 | a4579f8cb6b80fe3fd50099794f63eb51be3292f |
| SHA256 | 1373c5d006a5dbcd9b86cfff9a37616f1245d1333c4adcefc7cd18926b98d752 |
| SHA512 | ece67e031e06a0442d935e7d81d0eed57ae92b348b5d104423577478ce226e4a4bde834c54e31d33bfe6f574fb7798ba96886d9e8edb738edee6e7c9c43054cd |
C:\Users\Admin\AppData\Local\Temp\7z901DEE38\baseboard
| MD5 | 0ce266dae74ed7669e7075da1e0600e8 |
| SHA1 | c69253e45e98d96047c8dc60b4a0adfee92771d3 |
| SHA256 | 5d0e133e7edfe5383cd7625b44604615f64a0c65b8c0986e400978e813cd5adf |
| SHA512 | 15602c131b494431a65bbbe9ee9c6ed47175fb54915082aab25dd6eb106c263904e1f9ba06caf0fd530a2ee38ad8cd4b5430ca8ff78d148b275febe68bec24a3 |
C:\Users\Admin\AppData\Local\Temp\7z901DEE38\HyperVChecker.exe
| MD5 | dbd84c6083e4badf4741d95ba3c9b5f8 |
| SHA1 | 4a555adf8e0459bfd1145d9bd8d91b3fff94aad0 |
| SHA256 | 9ff467bc5a1c377102d25da9fa9c24dcc4375f456510f71584f0714fdfb2af39 |
| SHA512 | fb5fe74f64254609e07d6642acf904562bb905cd7c14c6f85ba31bcdbaf06686c0586609ec4f5d2f8f55ff90334dcbb774a3a6e78df74bf1b1d0cd03dec21870 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | f26adb4f725120721d9b581b9e0accbf |
| SHA1 | dc17f7eeefcb7d63ea045659404a48b10e498409 |
| SHA256 | 47cc2457a6bf52e037aa7e93d30b8695a6aea8537a526bd3d805eae18f413a4f |
| SHA512 | e2dfcbf186a4647d53e289e04211ac088010b45f466e737232f397c63835d57dce5530a8986bdfd3b50e9b3a6d0c039603640241453785d547dc255a6dc2eb20 |
C:\Users\Admin\AppData\Local\Temp\7z901DEE38\MuMuDownloader.exe
| MD5 | 2f3d77b4f587f956e9987598b0a218eb |
| SHA1 | c067432f3282438b367a10f6b0bc0466319e34e9 |
| SHA256 | 2f980c56d81f42ba47dc871a04406976dc490ded522131ce9a2e35c40ca8616e |
| SHA512 | a63afc6d708e3b974f147a2d27d90689d8743acd53d60ad0f81a3ab54dfa851d73bcb869d1e476035abc5e234479812730285c0826a2c3da62f39715e315f221 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 74573a8359304e7bc22fcad18b339160 |
| SHA1 | dcecff8e2e6c79f14ec646d6c3ffbe42e2d19898 |
| SHA256 | df0648a91e483e3db7cae5eb610d5185e85b15e19b90bcbbd53c47a41c3d376c |
| SHA512 | 798a0ac02ec5600013e297f140e12212e14a92a9aade4356c2e5dec6cc31b1011e09830ff30da73492c2746463168ec59a347d7a66d066f525f1f6921c1b05dc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 92e568aef33c25d3f0c42e8b32f15dbd |
| SHA1 | b7234bcdadea9e6e0a8a91725a5609e5fc2e4895 |
| SHA256 | 6e3c3b527962c490bc2ee07ed46459f4888af18b842f1ce4c16cfa364f0ae154 |
| SHA512 | be22b154fdecbdb69c5023bb96914c77a7ce1af92ad5fa7f69b9eab2be1117fd2c9857511365d202b5608d23e92c3e47c2f412011c6607b20689a0ef441d9541 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-25 14:12
Reported
2024-05-25 14:16
Platform
win10-20240404-en
Max time kernel
131s
Max time network
141s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\ExtraSoft v.2.2\UniteFxUpdate.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.80.50.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-05-25 14:12
Reported
2024-05-25 14:15
Platform
win10-20240404-en
Max time kernel
131s
Max time network
140s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\ExtraSoft v.2.2\api64.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.117.168.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |