Overview
overview
7Static
static
7Lunar Clie...er.exe
windows7-x64
4Lunar Clie...er.exe
windows10-2004-x64
4$PLUGINSDI...p.html
windows7-x64
3$PLUGINSDI...p.html
windows10-2004-x64
3$PLUGINSDI...x.html
windows7-x64
3$PLUGINSDI...x.html
windows10-2004-x64
3$PLUGINSDI...app.js
windows7-x64
3$PLUGINSDI...app.js
windows10-2004-x64
3$PLUGINSDI...uts.js
windows7-x64
3$PLUGINSDI...uts.js
windows10-2004-x64
3$PLUGINSDI...dle.js
windows7-x64
3$PLUGINSDI...dle.js
windows10-2004-x64
3$PLUGINSDI...min.js
windows7-x64
3$PLUGINSDI...min.js
windows10-2004-x64
3$PLUGINSDI...ons.js
windows7-x64
3$PLUGINSDI...ons.js
windows10-2004-x64
3$PLUGINSDI...ics.js
windows7-x64
3$PLUGINSDI...ics.js
windows10-2004-x64
3$PLUGINSDI...nds.js
windows7-x64
3$PLUGINSDI...nds.js
windows10-2004-x64
3$PLUGINSDI...ies.js
windows7-x64
3$PLUGINSDI...ies.js
windows10-2004-x64
3$PLUGINSDI...ate.js
windows7-x64
3$PLUGINSDI...ate.js
windows10-2004-x64
3$PLUGINSDI...der.js
windows7-x64
3$PLUGINSDI...der.js
windows10-2004-x64
3$PLUGINSDI...ils.js
windows7-x64
3$PLUGINSDI...ils.js
windows10-2004-x64
3$PLUGINSDI...ler.js
windows7-x64
3$PLUGINSDI...ler.js
windows10-2004-x64
3$PLUGINSDI...ate.js
windows7-x64
3$PLUGINSDI...ate.js
windows10-2004-x64
3Resubmissions
22/10/2024, 19:51
241022-yk8gtstckl 722/10/2024, 19:48
241022-yjkpdatbnk 721/10/2024, 21:25
241021-z9xx3axema 7Analysis
-
max time kernel
24s -
max time network
157s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
22/10/2024, 19:51
Behavioral task
behavioral1
Sample
Lunar Client - Installer.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
Lunar Client - Installer.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/app/cmp.html
Resource
win7-20241010-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/app/cmp.html
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/app/index.html
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/app/index.html
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/app/js/app.js
Resource
win7-20240708-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/app/js/app.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/app/js/block_inputs.js
Resource
win7-20240708-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/app/js/block_inputs.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/app/js/libs/cmp.bundle.js
Resource
win7-20241010-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/app/js/libs/cmp.bundle.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/app/js/libs/jquery-1.10.2.min.js
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/app/js/libs/jquery-1.10.2.min.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
$PLUGINSDIR/app/js/models/notifications.js
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
$PLUGINSDIR/app/js/models/notifications.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
$PLUGINSDIR/app/js/utils/analytics.js
Resource
win7-20240708-en
Behavioral task
behavioral18
Sample
$PLUGINSDIR/app/js/utils/analytics.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
$PLUGINSDIR/app/js/utils/commands.js
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
$PLUGINSDIR/app/js/utils/commands.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
$PLUGINSDIR/app/js/utils/cookies.js
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
$PLUGINSDIR/app/js/utils/cookies.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
$PLUGINSDIR/app/js/utils/modal-events-delegate.js
Resource
win7-20240903-en
Behavioral task
behavioral24
Sample
$PLUGINSDIR/app/js/utils/modal-events-delegate.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
$PLUGINSDIR/app/js/utils/strings-loader.js
Resource
win7-20240708-en
Behavioral task
behavioral26
Sample
$PLUGINSDIR/app/js/utils/strings-loader.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral27
Sample
$PLUGINSDIR/app/js/utils/utils.js
Resource
win7-20240903-en
Behavioral task
behavioral28
Sample
$PLUGINSDIR/app/js/utils/utils.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral29
Sample
$PLUGINSDIR/app/js/windows/cri/cri-controller.js
Resource
win7-20240903-en
Behavioral task
behavioral30
Sample
$PLUGINSDIR/app/js/windows/cri/cri-controller.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral31
Sample
$PLUGINSDIR/app/js/windows/cri/template.js
Resource
win7-20240729-en
Behavioral task
behavioral32
Sample
$PLUGINSDIR/app/js/windows/cri/template.js
Resource
win10v2004-20241007-en
General
-
Target
Lunar Client - Installer.exe
-
Size
2.3MB
-
MD5
5dae543a90c57b5441f4c2995f2b5436
-
SHA1
066629ae4d2f56e054a4479288d6c9fd43ee2a7e
-
SHA256
b38150ba19809c027431ec9ac11e3f560d2bed0708c5f7332167c40032e9632b
-
SHA512
769473317ddb413bb47719910fc477bd2ede23c13b37f9eb4d4c14f49b421672382782325080b97342f8487788929a97334ae4436a743004ef9c331643c1267b
-
SSDEEP
49152:ImAhWNzxE87vxpsrFpIvZRW/z4GEfOM6HsFWB3YONkhWocU/:IhAPN+TIvZI/z9NRHyTd
Malware Config
Signatures
-
Loads dropped DLL 4 IoCs
pid Process 2872 Lunar Client - Installer.exe 2872 Lunar Client - Installer.exe 2872 Lunar Client - Installer.exe 2872 Lunar Client - Installer.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Lunar Client - Installer.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 884 chrome.exe 884 chrome.exe -
Suspicious use of AdjustPrivilegeToken 28 IoCs
description pid Process Token: SeShutdownPrivilege 884 chrome.exe Token: SeShutdownPrivilege 884 chrome.exe Token: SeShutdownPrivilege 884 chrome.exe Token: SeShutdownPrivilege 884 chrome.exe Token: SeShutdownPrivilege 884 chrome.exe Token: SeShutdownPrivilege 884 chrome.exe Token: SeShutdownPrivilege 884 chrome.exe Token: SeShutdownPrivilege 884 chrome.exe Token: SeShutdownPrivilege 884 chrome.exe Token: SeShutdownPrivilege 884 chrome.exe Token: SeShutdownPrivilege 884 chrome.exe Token: SeShutdownPrivilege 884 chrome.exe Token: SeShutdownPrivilege 884 chrome.exe Token: SeShutdownPrivilege 884 chrome.exe Token: SeShutdownPrivilege 884 chrome.exe Token: SeShutdownPrivilege 884 chrome.exe Token: SeShutdownPrivilege 884 chrome.exe Token: SeShutdownPrivilege 884 chrome.exe Token: SeShutdownPrivilege 884 chrome.exe Token: SeShutdownPrivilege 884 chrome.exe Token: SeShutdownPrivilege 884 chrome.exe Token: SeShutdownPrivilege 884 chrome.exe Token: SeShutdownPrivilege 884 chrome.exe Token: SeShutdownPrivilege 884 chrome.exe Token: SeShutdownPrivilege 884 chrome.exe Token: SeShutdownPrivilege 884 chrome.exe Token: SeShutdownPrivilege 884 chrome.exe Token: SeShutdownPrivilege 884 chrome.exe -
Suspicious use of FindShellTrayWindow 34 IoCs
pid Process 884 chrome.exe 884 chrome.exe 884 chrome.exe 884 chrome.exe 884 chrome.exe 884 chrome.exe 884 chrome.exe 884 chrome.exe 884 chrome.exe 884 chrome.exe 884 chrome.exe 884 chrome.exe 884 chrome.exe 884 chrome.exe 884 chrome.exe 884 chrome.exe 884 chrome.exe 884 chrome.exe 884 chrome.exe 884 chrome.exe 884 chrome.exe 884 chrome.exe 884 chrome.exe 884 chrome.exe 884 chrome.exe 884 chrome.exe 884 chrome.exe 884 chrome.exe 884 chrome.exe 884 chrome.exe 884 chrome.exe 884 chrome.exe 884 chrome.exe 884 chrome.exe -
Suspicious use of SendNotifyMessage 32 IoCs
pid Process 884 chrome.exe 884 chrome.exe 884 chrome.exe 884 chrome.exe 884 chrome.exe 884 chrome.exe 884 chrome.exe 884 chrome.exe 884 chrome.exe 884 chrome.exe 884 chrome.exe 884 chrome.exe 884 chrome.exe 884 chrome.exe 884 chrome.exe 884 chrome.exe 884 chrome.exe 884 chrome.exe 884 chrome.exe 884 chrome.exe 884 chrome.exe 884 chrome.exe 884 chrome.exe 884 chrome.exe 884 chrome.exe 884 chrome.exe 884 chrome.exe 884 chrome.exe 884 chrome.exe 884 chrome.exe 884 chrome.exe 884 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 884 wrote to memory of 3048 884 chrome.exe 31 PID 884 wrote to memory of 3048 884 chrome.exe 31 PID 884 wrote to memory of 3048 884 chrome.exe 31 PID 884 wrote to memory of 2412 884 chrome.exe 33 PID 884 wrote to memory of 2412 884 chrome.exe 33 PID 884 wrote to memory of 2412 884 chrome.exe 33 PID 884 wrote to memory of 2412 884 chrome.exe 33 PID 884 wrote to memory of 2412 884 chrome.exe 33 PID 884 wrote to memory of 2412 884 chrome.exe 33 PID 884 wrote to memory of 2412 884 chrome.exe 33 PID 884 wrote to memory of 2412 884 chrome.exe 33 PID 884 wrote to memory of 2412 884 chrome.exe 33 PID 884 wrote to memory of 2412 884 chrome.exe 33 PID 884 wrote to memory of 2412 884 chrome.exe 33 PID 884 wrote to memory of 2412 884 chrome.exe 33 PID 884 wrote to memory of 2412 884 chrome.exe 33 PID 884 wrote to memory of 2412 884 chrome.exe 33 PID 884 wrote to memory of 2412 884 chrome.exe 33 PID 884 wrote to memory of 2412 884 chrome.exe 33 PID 884 wrote to memory of 2412 884 chrome.exe 33 PID 884 wrote to memory of 2412 884 chrome.exe 33 PID 884 wrote to memory of 2412 884 chrome.exe 33 PID 884 wrote to memory of 2412 884 chrome.exe 33 PID 884 wrote to memory of 2412 884 chrome.exe 33 PID 884 wrote to memory of 2412 884 chrome.exe 33 PID 884 wrote to memory of 2412 884 chrome.exe 33 PID 884 wrote to memory of 2412 884 chrome.exe 33 PID 884 wrote to memory of 2412 884 chrome.exe 33 PID 884 wrote to memory of 2412 884 chrome.exe 33 PID 884 wrote to memory of 2412 884 chrome.exe 33 PID 884 wrote to memory of 2412 884 chrome.exe 33 PID 884 wrote to memory of 2412 884 chrome.exe 33 PID 884 wrote to memory of 2412 884 chrome.exe 33 PID 884 wrote to memory of 2412 884 chrome.exe 33 PID 884 wrote to memory of 2412 884 chrome.exe 33 PID 884 wrote to memory of 2412 884 chrome.exe 33 PID 884 wrote to memory of 2412 884 chrome.exe 33 PID 884 wrote to memory of 2412 884 chrome.exe 33 PID 884 wrote to memory of 2412 884 chrome.exe 33 PID 884 wrote to memory of 2412 884 chrome.exe 33 PID 884 wrote to memory of 2412 884 chrome.exe 33 PID 884 wrote to memory of 2412 884 chrome.exe 33 PID 884 wrote to memory of 2740 884 chrome.exe 34 PID 884 wrote to memory of 2740 884 chrome.exe 34 PID 884 wrote to memory of 2740 884 chrome.exe 34 PID 884 wrote to memory of 1552 884 chrome.exe 35 PID 884 wrote to memory of 1552 884 chrome.exe 35 PID 884 wrote to memory of 1552 884 chrome.exe 35 PID 884 wrote to memory of 1552 884 chrome.exe 35 PID 884 wrote to memory of 1552 884 chrome.exe 35 PID 884 wrote to memory of 1552 884 chrome.exe 35 PID 884 wrote to memory of 1552 884 chrome.exe 35 PID 884 wrote to memory of 1552 884 chrome.exe 35 PID 884 wrote to memory of 1552 884 chrome.exe 35 PID 884 wrote to memory of 1552 884 chrome.exe 35 PID 884 wrote to memory of 1552 884 chrome.exe 35 PID 884 wrote to memory of 1552 884 chrome.exe 35 PID 884 wrote to memory of 1552 884 chrome.exe 35 PID 884 wrote to memory of 1552 884 chrome.exe 35 PID 884 wrote to memory of 1552 884 chrome.exe 35 PID 884 wrote to memory of 1552 884 chrome.exe 35 PID 884 wrote to memory of 1552 884 chrome.exe 35 PID 884 wrote to memory of 1552 884 chrome.exe 35 PID 884 wrote to memory of 1552 884 chrome.exe 35
Processes
-
C:\Users\Admin\AppData\Local\Temp\Lunar Client - Installer.exe"C:\Users\Admin\AppData\Local\Temp\Lunar Client - Installer.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2872
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:884 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef8119758,0x7fef8119768,0x7fef81197782⤵PID:3048
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=1220,i,12351759750770800536,8431059082784890722,131072 /prefetch:22⤵PID:2412
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1504 --field-trial-handle=1220,i,12351759750770800536,8431059082784890722,131072 /prefetch:82⤵PID:2740
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1536 --field-trial-handle=1220,i,12351759750770800536,8431059082784890722,131072 /prefetch:82⤵PID:1552
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2284 --field-trial-handle=1220,i,12351759750770800536,8431059082784890722,131072 /prefetch:12⤵PID:2340
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2316 --field-trial-handle=1220,i,12351759750770800536,8431059082784890722,131072 /prefetch:12⤵PID:2112
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1236 --field-trial-handle=1220,i,12351759750770800536,8431059082784890722,131072 /prefetch:22⤵PID:2928
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2248 --field-trial-handle=1220,i,12351759750770800536,8431059082784890722,131072 /prefetch:12⤵PID:1976
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3424 --field-trial-handle=1220,i,12351759750770800536,8431059082784890722,131072 /prefetch:82⤵PID:3004
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3544 --field-trial-handle=1220,i,12351759750770800536,8431059082784890722,131072 /prefetch:82⤵PID:2960
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3628 --field-trial-handle=1220,i,12351759750770800536,8431059082784890722,131072 /prefetch:82⤵PID:2160
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3856 --field-trial-handle=1220,i,12351759750770800536,8431059082784890722,131072 /prefetch:12⤵PID:632
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2456 --field-trial-handle=1220,i,12351759750770800536,8431059082784890722,131072 /prefetch:12⤵PID:2584
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2400 --field-trial-handle=1220,i,12351759750770800536,8431059082784890722,131072 /prefetch:12⤵PID:2396
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3904 --field-trial-handle=1220,i,12351759750770800536,8431059082784890722,131072 /prefetch:12⤵PID:980
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3784 --field-trial-handle=1220,i,12351759750770800536,8431059082784890722,131072 /prefetch:12⤵PID:940
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=1932 --field-trial-handle=1220,i,12351759750770800536,8431059082784890722,131072 /prefetch:82⤵PID:364
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2680
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
193KB
MD5d9f9cd5a6dc6cde367e03292a5530455
SHA1ef8613e9114aace9a2e4907979b4dcee673a44bc
SHA25601a750dbed8727486e4581c35d610dc71736961f55dd83b4abdd99578d35713d
SHA512e4a5e968028db8d898bb840c10d8e52ed92776e57b0f82cfd6117662294cd5126f0fe75e41faae2c342f142c829f3e7eb87497aec297a531366f3481d026ed35
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.xvideos.com_0.indexeddb.leveldb\CURRENT~RFf77e2e0.TMP
Filesize16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
3KB
MD537a521722df2bfec568d675ef2883c73
SHA12de1b07d15c4a3de60ca455019d28c7002924b3e
SHA256aea7f7c15d70fc0cd780ea97da567a79d2ea4b8b2be8271251406b656da888a7
SHA5126dd5089a5991a9214f0bc5d98bb73cdb7e2ddaf328a000fea6b62d15d52ebdeeda99c82e661a169878ffa02e1389b1990606004d07fc64eeaeb76bc0a0fd0c65
-
Filesize
363B
MD590d351c049fa17c68478cd1aa0be757b
SHA11be3c20dc6f66c4c3bb4f9b5b66cfb3a5cab9d76
SHA25671436627eba4902e82903dadbbc8ef21c9c68bb6d711847cbea72fd91ef45c89
SHA51297f8138e22b71cfc612108de9f55f11a54c9f584aa6c691eb879823ae3603d306a4278e9e579d53fdbc6f031ec6e28e2a5fcfc9796bdb1e48050cf6be37c9ac1
-
Filesize
363B
MD5b024b18618b181f63ec1329d9bc9cd44
SHA1942b6b293a6e26d0569cac7181fcd5190998e8e2
SHA256e51ff10ea1fef05af052a6228afbd3c742bd0632db479d51ad66a4eb836a2577
SHA512242617ca5c78535da676a5539a6e22877ef11e25da36372e4c32d889cc78bdd479e0ae862343c3b3885e43e1988ad7cffccd28d3161e28457e5619dd026c2395
-
Filesize
5KB
MD571ead9e9a6ef28fe9055cbc0920dd571
SHA1dacf6919a9e17de7e6e006252e85affe970ca129
SHA2568fdcbe149dda57b781b58d9f2accc1fdce76bc2f624c515c1a0394fdcddde696
SHA512c075386354ac30df70139c7458f3b8d448a6ab52505383a7976ac6cc750fcbcdfda201987f437a6a2a8b2cf834f8ef71214689d525ec7e66e4809bfb6b9b5d6b
-
Filesize
5KB
MD535e4a4ebf779233233b87839f7bb977a
SHA17307c873f4e7b1fef28287c0887cff91067b81cb
SHA256f9600e97590f47a18b639f3bc5d51d118e6becf452f87845343bcb120f9aa5d9
SHA5126d6a8783067cc2c70b0a89ce5c0c83c61e0ae1e5b5e6d087568cf2545de52a32d0dd35f374a23831c408185799434e54a852ba9d9f4f0a6532f54647417a3478
-
Filesize
5KB
MD5e423745a85ce0bb956852f2448777464
SHA156b237157cda44a95d4314f1f64ddaf7e73bf723
SHA25607dc42d5b99900064107c23664e273d6e3d73c119570dedc45e17871f68acea5
SHA51209c18409feb28da44561ef0e9d22e0037d43a3b661d0bbbdeea9550c11e6997f717561168b04abd826d3491dc2443ceb4f8510f0363226593302c150b96ba7a8
-
Filesize
5KB
MD53f967ecc6729e08c386cfdcc3633c878
SHA12f9c58c7afd487bb8901cc8dc11b8061434cd6a2
SHA256b9b36a5f951f81b9eeb13a5bc0eaba89c932bd7288c48476aeef2ae2a862bd07
SHA512adffc866ce44e41ac8829231ff35d8db6ae82e44929618ec90aeaaa942e4c43ef63d5f307630ee189b7c359426632a25d24ee0c7d8337b192657f3b62631f89a
-
Filesize
5KB
MD5bf67153d6b2cc2dd6a9b4f2a2f560ad2
SHA12ff368a3c2ec6539f092a9f5ca539cec072150e9
SHA256c7edce6f4c0670e544e0fd63000f1abcad7977fd764dfb1ffc2ff815752d1aa0
SHA512d1c42ff20a4b05dd3a874a2ce4c3c075405e7d898e3b9b944cc499d3a3812a9f2d2feafccf38047b37dab7ac2a09aa6cfc8aa91d57c85c9a0299a9bbd8854dfd
-
Filesize
16B
MD518e723571b00fb1694a3bad6c78e4054
SHA1afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA2568af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA51243bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
21KB
MD551bd16a2ea23ae1e7a92cedc6785c82e
SHA1a9fbaeb9a695b9f2ba8a3ed8f0d95d2bf6a3d36c
SHA2564dbc79d2b1c7987cc64bb5d014db81bb5108bdd6d8bf3a5f820fac1ded62be33
SHA51266ffc18b2daf6c4cba01aef0e4af2f006a51aa218eab0f21dc66e47eea0389d2b1748ef0e30d2ec9f0123fd7f38ed3aee964dd6bde5779aaee19ebf55369af79
-
Filesize
14KB
MD51dd4ca0f4a94155f8d46ec95a20ada4a
SHA15869f0d89e5422c5c4ad411e0a6a8d5b2321ff81
SHA256a27dc3069793535cb64123c27dca8748983d133c8fa5aaddee8cdbc83f16986d
SHA512f4914edc0357af44ed2855d5807c99c8168b305e6b7904dc865771ad0ee90756038612fe69c67b459c468396d1d39875395b1c8ec69e6da559fb92859204763e
-
Filesize
24KB
MD5861f7e800bb28f68927e65719869409c
SHA1a12bfcd2b9950e758ead281a9afbf1895bf10539
SHA25610a0e8cf46038ab3b2c3cf5dce407b9a043a631cbde9a5c8bcf0a54b2566c010
SHA512f2bf24a0da69bbe4b4a0f0b1bfc5af175a66b8bcc4f5cc379ed0b89166fa9ffe1e16206b41fca7260ac7f8b86f8695b76f016bb371d7642aa71e61e29a3976eb
-
Filesize
58KB
MD5c6b46a5fcdccbf3aeff930b1e5b383d4
SHA16d5a8e08de862b283610bad2f6ce44936f439821
SHA256251ab3e2690562dcfcd510642607f206e6dcf626d06d94b74e1fa8297b1050a0
SHA51297616475ef425421959489b650810b185488fcb02a1e90406b3014e948e66e5101df583815fd2be26d9c4d293a46b02ba4025426f743e682ed15d228f027f55c