Overview
overview
10Static
static
9Released/B...UI.exe
windows11-21h2-x64
10Released/a...in.dll
windows11-21h2-x64
3Released/l...ng.dll
windows11-21h2-x64
1Released/l...ng.dll
windows11-21h2-x64
1Released/l...ng.dll
windows11-21h2-x64
1Released/l...er.dll
windows11-21h2-x64
1Released/l...-1.dll
windows11-21h2-x64
1Released/r...er.dll
windows11-21h2-x64
1Released/r...er.dll
windows11-21h2-x64
1Released/r...er.dll
windows11-21h2-x64
3Released/s...Dex.js
windows11-21h2-x64
3Released/s...eld.js
windows11-21h2-x64
3Released/s...Env.js
windows11-21h2-x64
3Released/w...re.dll
windows11-21h2-x64
1Released/w...pet.js
windows11-21h2-x64
3Analysis
-
max time kernel
150s -
max time network
148s -
platform
windows11-21h2_x64 -
resource
win11-20241007-en -
resource tags
arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system -
submitted
23-12-2024 19:11
Behavioral task
behavioral1
Sample
Released/BootstrapperUI.exe
Resource
win11-20241007-en
Behavioral task
behavioral2
Sample
Released/autoexec/bin.dll
Resource
win11-20241007-en
Behavioral task
behavioral3
Sample
Released/locales/resources/app.asar.unpacked/node_modules/btime/binding.dll
Resource
win11-20241007-en
Behavioral task
behavioral4
Sample
Released/locales/resources/app.asar.unpacked/node_modules/get-fonts/binding.dll
Resource
win11-20241007-en
Behavioral task
behavioral5
Sample
Released/locales/resources/app.asar.unpacked/node_modules/vibrancy-win/binding.dll
Resource
win11-20241007-en
Behavioral task
behavioral6
Sample
Released/locales/resources/vk_swiftshader.dll
Resource
win11-20241007-en
Behavioral task
behavioral7
Sample
Released/locales/resources/vulkan-1.dll
Resource
win11-20241007-en
Behavioral task
behavioral8
Sample
Released/runtimes/win-arm64/native/WebView2Loader.dll
Resource
win11-20241007-en
Behavioral task
behavioral9
Sample
Released/runtimes/win-x64/native/WebView2Loader.dll
Resource
win11-20241007-en
Behavioral task
behavioral10
Sample
Released/runtimes/win-x86/native/WebView2Loader.dll
Resource
win11-20241007-en
Behavioral task
behavioral11
Sample
Released/scripts/Dex.js
Resource
win11-20241007-en
Behavioral task
behavioral12
Sample
Released/scripts/Infinite Yield.js
Resource
win11-20241007-en
Behavioral task
behavioral13
Sample
Released/scripts/UNCCheckEnv.js
Resource
win11-20241007-en
Behavioral task
behavioral14
Sample
Released/workspace/Xeno.exe.WebView2/EBWebView/Speech Recognition/1.15.0.1/Microsoft.CognitiveServices.Speech.core.dll
Resource
win11-20241007-en
Behavioral task
behavioral15
Sample
Released/workspace/Xeno.exe.WebView2/EBWebView/Subresource Filter/Unindexed Rules/10.34.0.57/adblock_snippet.js
Resource
win11-20241007-en
General
-
Target
Released/BootstrapperUI.exe
-
Size
292KB
-
MD5
b0a74e83add05a9c0860e95c7c4a568b
-
SHA1
7d2dc67ce9131589072528f8ae8c8e0be4bf0dea
-
SHA256
74570a5fadda2982eb8aa481b04677382f04d24c78b8dce3dca4bc526b85cc37
-
SHA512
adcdbad014c11988d6382f481759031b3744e79a9a03068040df6f21cde1f435098aae9dc8f7a442588c699ec3fbaae10fd866efc4d3ad58cc0b52c4dc25cb50
-
SSDEEP
6144:tvKu90jCF+IPsir88THYrBBoJvEV1i9q9F5fN:dKu90jAUi1THyMszi9qL
Malware Config
Extracted
lumma
https://sordid-snaked.cyou/api
https://awake-weaves.cyou/api
https://wrathful-jammy.cyou/api
https://debonairnukk.xyz/api
https://diffuculttan.xyz/api
https://effecterectz.xyz/api
https://deafeninggeh.biz/api
https://immureprech.biz/api
https://spellshagey.biz/api
Signatures
-
Lumma family
-
Drops file in Windows directory 1 IoCs
description ioc Process File opened for modification C:\Windows\SystemTemp chrome.exe -
Program crash 1 IoCs
pid pid_target Process procid_target 548 2112 WerFault.exe 76 -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language BootstrapperUI.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133794547907670947" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 3664 chrome.exe 3664 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
pid Process 3664 chrome.exe 3664 chrome.exe 3664 chrome.exe 3664 chrome.exe 3664 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3664 chrome.exe Token: SeCreatePagefilePrivilege 3664 chrome.exe Token: SeShutdownPrivilege 3664 chrome.exe Token: SeCreatePagefilePrivilege 3664 chrome.exe Token: SeShutdownPrivilege 3664 chrome.exe Token: SeCreatePagefilePrivilege 3664 chrome.exe Token: SeShutdownPrivilege 3664 chrome.exe Token: SeCreatePagefilePrivilege 3664 chrome.exe Token: SeShutdownPrivilege 3664 chrome.exe Token: SeCreatePagefilePrivilege 3664 chrome.exe Token: SeShutdownPrivilege 3664 chrome.exe Token: SeCreatePagefilePrivilege 3664 chrome.exe Token: SeShutdownPrivilege 3664 chrome.exe Token: SeCreatePagefilePrivilege 3664 chrome.exe Token: SeShutdownPrivilege 3664 chrome.exe Token: SeCreatePagefilePrivilege 3664 chrome.exe Token: SeShutdownPrivilege 3664 chrome.exe Token: SeCreatePagefilePrivilege 3664 chrome.exe Token: SeShutdownPrivilege 3664 chrome.exe Token: SeCreatePagefilePrivilege 3664 chrome.exe Token: SeShutdownPrivilege 3664 chrome.exe Token: SeCreatePagefilePrivilege 3664 chrome.exe Token: SeShutdownPrivilege 3664 chrome.exe Token: SeCreatePagefilePrivilege 3664 chrome.exe Token: SeShutdownPrivilege 3664 chrome.exe Token: SeCreatePagefilePrivilege 3664 chrome.exe Token: SeShutdownPrivilege 3664 chrome.exe Token: SeCreatePagefilePrivilege 3664 chrome.exe Token: SeShutdownPrivilege 3664 chrome.exe Token: SeCreatePagefilePrivilege 3664 chrome.exe Token: SeShutdownPrivilege 3664 chrome.exe Token: SeCreatePagefilePrivilege 3664 chrome.exe Token: SeShutdownPrivilege 3664 chrome.exe Token: SeCreatePagefilePrivilege 3664 chrome.exe Token: SeShutdownPrivilege 3664 chrome.exe Token: SeCreatePagefilePrivilege 3664 chrome.exe Token: SeShutdownPrivilege 3664 chrome.exe Token: SeCreatePagefilePrivilege 3664 chrome.exe Token: SeShutdownPrivilege 3664 chrome.exe Token: SeCreatePagefilePrivilege 3664 chrome.exe Token: SeShutdownPrivilege 3664 chrome.exe Token: SeCreatePagefilePrivilege 3664 chrome.exe Token: SeShutdownPrivilege 3664 chrome.exe Token: SeCreatePagefilePrivilege 3664 chrome.exe Token: SeShutdownPrivilege 3664 chrome.exe Token: SeCreatePagefilePrivilege 3664 chrome.exe Token: SeShutdownPrivilege 3664 chrome.exe Token: SeCreatePagefilePrivilege 3664 chrome.exe Token: SeShutdownPrivilege 3664 chrome.exe Token: SeCreatePagefilePrivilege 3664 chrome.exe Token: SeShutdownPrivilege 3664 chrome.exe Token: SeCreatePagefilePrivilege 3664 chrome.exe Token: SeShutdownPrivilege 3664 chrome.exe Token: SeCreatePagefilePrivilege 3664 chrome.exe Token: SeShutdownPrivilege 3664 chrome.exe Token: SeCreatePagefilePrivilege 3664 chrome.exe Token: SeShutdownPrivilege 3664 chrome.exe Token: SeCreatePagefilePrivilege 3664 chrome.exe Token: SeShutdownPrivilege 3664 chrome.exe Token: SeCreatePagefilePrivilege 3664 chrome.exe Token: SeShutdownPrivilege 3664 chrome.exe Token: SeCreatePagefilePrivilege 3664 chrome.exe Token: SeShutdownPrivilege 3664 chrome.exe Token: SeCreatePagefilePrivilege 3664 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 3664 chrome.exe 3664 chrome.exe 3664 chrome.exe 3664 chrome.exe 3664 chrome.exe 3664 chrome.exe 3664 chrome.exe 3664 chrome.exe 3664 chrome.exe 3664 chrome.exe 3664 chrome.exe 3664 chrome.exe 3664 chrome.exe 3664 chrome.exe 3664 chrome.exe 3664 chrome.exe 3664 chrome.exe 3664 chrome.exe 3664 chrome.exe 3664 chrome.exe 3664 chrome.exe 3664 chrome.exe 3664 chrome.exe 3664 chrome.exe 3664 chrome.exe 3664 chrome.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 3664 chrome.exe 3664 chrome.exe 3664 chrome.exe 3664 chrome.exe 3664 chrome.exe 3664 chrome.exe 3664 chrome.exe 3664 chrome.exe 3664 chrome.exe 3664 chrome.exe 3664 chrome.exe 3664 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3664 wrote to memory of 4808 3664 chrome.exe 85 PID 3664 wrote to memory of 4808 3664 chrome.exe 85 PID 3664 wrote to memory of 1820 3664 chrome.exe 86 PID 3664 wrote to memory of 1820 3664 chrome.exe 86 PID 3664 wrote to memory of 1820 3664 chrome.exe 86 PID 3664 wrote to memory of 1820 3664 chrome.exe 86 PID 3664 wrote to memory of 1820 3664 chrome.exe 86 PID 3664 wrote to memory of 1820 3664 chrome.exe 86 PID 3664 wrote to memory of 1820 3664 chrome.exe 86 PID 3664 wrote to memory of 1820 3664 chrome.exe 86 PID 3664 wrote to memory of 1820 3664 chrome.exe 86 PID 3664 wrote to memory of 1820 3664 chrome.exe 86 PID 3664 wrote to memory of 1820 3664 chrome.exe 86 PID 3664 wrote to memory of 1820 3664 chrome.exe 86 PID 3664 wrote to memory of 1820 3664 chrome.exe 86 PID 3664 wrote to memory of 1820 3664 chrome.exe 86 PID 3664 wrote to memory of 1820 3664 chrome.exe 86 PID 3664 wrote to memory of 1820 3664 chrome.exe 86 PID 3664 wrote to memory of 1820 3664 chrome.exe 86 PID 3664 wrote to memory of 1820 3664 chrome.exe 86 PID 3664 wrote to memory of 1820 3664 chrome.exe 86 PID 3664 wrote to memory of 1820 3664 chrome.exe 86 PID 3664 wrote to memory of 1820 3664 chrome.exe 86 PID 3664 wrote to memory of 1820 3664 chrome.exe 86 PID 3664 wrote to memory of 1820 3664 chrome.exe 86 PID 3664 wrote to memory of 1820 3664 chrome.exe 86 PID 3664 wrote to memory of 1820 3664 chrome.exe 86 PID 3664 wrote to memory of 1820 3664 chrome.exe 86 PID 3664 wrote to memory of 1820 3664 chrome.exe 86 PID 3664 wrote to memory of 1820 3664 chrome.exe 86 PID 3664 wrote to memory of 1820 3664 chrome.exe 86 PID 3664 wrote to memory of 1820 3664 chrome.exe 86 PID 3664 wrote to memory of 1688 3664 chrome.exe 87 PID 3664 wrote to memory of 1688 3664 chrome.exe 87 PID 3664 wrote to memory of 5016 3664 chrome.exe 88 PID 3664 wrote to memory of 5016 3664 chrome.exe 88 PID 3664 wrote to memory of 5016 3664 chrome.exe 88 PID 3664 wrote to memory of 5016 3664 chrome.exe 88 PID 3664 wrote to memory of 5016 3664 chrome.exe 88 PID 3664 wrote to memory of 5016 3664 chrome.exe 88 PID 3664 wrote to memory of 5016 3664 chrome.exe 88 PID 3664 wrote to memory of 5016 3664 chrome.exe 88 PID 3664 wrote to memory of 5016 3664 chrome.exe 88 PID 3664 wrote to memory of 5016 3664 chrome.exe 88 PID 3664 wrote to memory of 5016 3664 chrome.exe 88 PID 3664 wrote to memory of 5016 3664 chrome.exe 88 PID 3664 wrote to memory of 5016 3664 chrome.exe 88 PID 3664 wrote to memory of 5016 3664 chrome.exe 88 PID 3664 wrote to memory of 5016 3664 chrome.exe 88 PID 3664 wrote to memory of 5016 3664 chrome.exe 88 PID 3664 wrote to memory of 5016 3664 chrome.exe 88 PID 3664 wrote to memory of 5016 3664 chrome.exe 88 PID 3664 wrote to memory of 5016 3664 chrome.exe 88 PID 3664 wrote to memory of 5016 3664 chrome.exe 88 PID 3664 wrote to memory of 5016 3664 chrome.exe 88 PID 3664 wrote to memory of 5016 3664 chrome.exe 88 PID 3664 wrote to memory of 5016 3664 chrome.exe 88 PID 3664 wrote to memory of 5016 3664 chrome.exe 88 PID 3664 wrote to memory of 5016 3664 chrome.exe 88 PID 3664 wrote to memory of 5016 3664 chrome.exe 88 PID 3664 wrote to memory of 5016 3664 chrome.exe 88 PID 3664 wrote to memory of 5016 3664 chrome.exe 88 PID 3664 wrote to memory of 5016 3664 chrome.exe 88 PID 3664 wrote to memory of 5016 3664 chrome.exe 88
Processes
-
C:\Users\Admin\AppData\Local\Temp\Released\BootstrapperUI.exe"C:\Users\Admin\AppData\Local\Temp\Released\BootstrapperUI.exe"1⤵
- System Location Discovery: System Language Discovery
PID:2112 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 9682⤵
- Program crash
PID:548
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 2112 -ip 21121⤵PID:1408
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:3152
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3664 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff87ea2cc40,0x7ff87ea2cc4c,0x7ff87ea2cc582⤵PID:4808
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1760,i,18077429772718797525,10511501090721747360,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1752 /prefetch:22⤵PID:1820
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1520,i,18077429772718797525,10511501090721747360,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2108 /prefetch:32⤵PID:1688
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1672,i,18077429772718797525,10511501090721747360,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2196 /prefetch:82⤵PID:5016
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,18077429772718797525,10511501090721747360,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3128 /prefetch:12⤵PID:4548
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,18077429772718797525,10511501090721747360,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3284 /prefetch:12⤵PID:3612
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3548,i,18077429772718797525,10511501090721747360,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4484 /prefetch:12⤵PID:2104
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4740,i,18077429772718797525,10511501090721747360,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4768 /prefetch:82⤵PID:1656
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4772,i,18077429772718797525,10511501090721747360,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4788 /prefetch:82⤵PID:1292
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4788,i,18077429772718797525,10511501090721747360,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5064 /prefetch:82⤵PID:4332
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4716,i,18077429772718797525,10511501090721747360,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4792 /prefetch:82⤵PID:1404
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4940,i,18077429772718797525,10511501090721747360,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5076 /prefetch:82⤵PID:3924
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4988,i,18077429772718797525,10511501090721747360,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5204 /prefetch:82⤵PID:4728
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5156,i,18077429772718797525,10511501090721747360,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5208 /prefetch:22⤵PID:4332
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5316,i,18077429772718797525,10511501090721747360,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5312 /prefetch:12⤵PID:1776
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:476
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:828
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
231KB
MD59409ca13c76b7de03ef7123422eb4f99
SHA1040ad11add4eebb08b703a78822428399a47ac13
SHA256e40675b0064f82e9ea277cb4335f49d98d7985bd07522b4675905ff7bcf20de9
SHA51245563bfd75d39e2bfcaf0674a66bdf482d550c936b0b4afb0b8d50a37db51a5ffaedbdeb8b8e86685a7284fd9d7aa05009fe9c91163399385be59e5baa12f7cf
-
Filesize
649B
MD566dca7bc7592763154e99779f8dfb382
SHA1973aabe0f2f1ed25f640154b0c238fdcab082402
SHA2561f537d06eb3e2e0db9a91da4cee51ae675551ec91bb1fe3bee79bd576fcdf8b8
SHA51293551292d0d4126b1f4f9ea984b92688131c38e841952b51cff2cc52dc02727f075bb297624299f1b71a4665e2de8ccbb1cc62d7ec8abe2054c486758127c480
-
Filesize
215KB
MD5d79b35ccf8e6af6714eb612714349097
SHA1eb3ccc9ed29830df42f3fd129951cb8b791aaf98
SHA256c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365
SHA512f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a
-
Filesize
216B
MD5ace5c0640e4e17914cc00261c29a8a43
SHA15e43a9ea3b76e1fe0c044b36e058a4857c02f038
SHA2569bd5775ae34e825763a26a6e7c2e78aabdbd7fb962ef5e80a4a6e5fd8e207f06
SHA51244963d4b852c77483e7f1a31560c2de75de10055ef6892c873c8264908c963331da49ad1b0c0de44cad16e79de4b49470901796d97df67b7c64f60ec1a2895d3
-
Filesize
216B
MD5b1eb2b83997a332e7931d862900866ab
SHA17d19d5c14a4cbd403ee29de25022da57774ba02e
SHA2561a3a4fd21a69e4a323742ae417bf06b0e8e2209b56402627467861a78064857a
SHA5124e1daeb1c40696d252f82335c921071bd68b033dab1b9f58b46d886115b05055c430e74ad1599653aabfa11de45832a6ed0082808f31c65c54471c4e5c1fedb8
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json
Filesize851B
MD507ffbe5f24ca348723ff8c6c488abfb8
SHA16dc2851e39b2ee38f88cf5c35a90171dbea5b690
SHA2566895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c
SHA5127ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json
Filesize854B
MD54ec1df2da46182103d2ffc3b92d20ca5
SHA1fb9d1ba3710cf31a87165317c6edc110e98994ce
SHA2566c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6
SHA512939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d
-
Filesize
2KB
MD538ef0fd0b317d76b66d74ae95705a7a4
SHA1e10e6916205846b16cf9802590a6850aeac3b023
SHA256bba097baad3157cdc4f515fa4d13c1417fa167ff60d5257f19d8783e7a8ca710
SHA5122c2df405c28e5338fa6bda591aaef91ebe1a49b4a9e549ab9ae9bca953a0cad9aa85a11e4b8fee1c0dbf17a7a8d0df0e6bb41b0e0a6c2c4ea3c8a4c9591dc8b3
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
356B
MD56be7368aa8cdd35161b94acc2e350e25
SHA188e2b4a8b55977ff7617164d151885830f9665f8
SHA256110b0ea6caa44c0562e74e410be052b1e74d57f6469aa7ee9632ada951fe7587
SHA512e5bf8322505731da7ae1673339dc1e63e983b5b84a32ab98b95a54bbfa17239b1f96ce3bb341ce19e3f016ef4d3a5e7deb3e3d100df075d03b21b2aeffdcee4f
-
Filesize
356B
MD5e0613ad96707b52a9c55a7932cd1bc05
SHA12650976dd093c68a1ac38cbd48aebd6c2971d2b9
SHA256d764505ee6ea6fe4ebdee2843dad77299e5699bbe1aa8b5f62d847f82f43a421
SHA51285a485af061c30da3acb2f46c4e00c8a5dec56492a21659ad9f77a8f1b002767b5ef646c34f33494c854b8ad4dea9ed9d674feed5ec99ff088a8fc6d9bd9ee50
-
Filesize
9KB
MD54fc37fe4fb85f4f361eaa9d7877efa8d
SHA1aae8372216e3833c91cbe0179d52f31d8680bdf3
SHA256e3446dd9e18caa110153241b4d3ada116d5a0f485c326653d53726c94c275e87
SHA512e8b1dc049d961ebe638af0200d0aa2411385b0278e86abba23159a5a3bd0a65f6bb35eadef7a4a8dca52093c551af6c2c963dea98ce95d8b07ce5a860d834af4
-
Filesize
9KB
MD58dffb2f91a671438d4acd045451248df
SHA19cd0a6499e05d16dd4a4fb68799d7dc07d46cfe9
SHA256e2b4088a07d9fce713faaabbcfeccbef89616669efa29300652633eb22ee6ca6
SHA512c4a1f21d4229bf5c6779c1fddc22c985b9fae4d2fe653af26a73bd445948a9d3dce320fa3655f8728f5aa41441ca95568e8df55fa41009472ebc7f0e9b763671
-
Filesize
9KB
MD5949ba24082832e2b14cf4ccf8f046e72
SHA10e472f1816718b5ae29b690b3441d4b29afee3ac
SHA256728a1b986ba25e1d0586a6e06900c099195cc015037a1917507822580d717c2c
SHA5120cad9930718ca2fd8c6558b312466b110374ea4ad6027be2176d7ada0e8dececc07bcc9b3a4ce8bfae9a6308940512fe339b95c2227d02388b1c78dec4646a5b
-
Filesize
9KB
MD59415bd2eb4e8282ee73c0e9bd801153d
SHA136a4dd6f31d15fe3ef29e9e65bab34c30a9c0638
SHA2566c404ea1a1eb3c997335d7a8c79441392478f60f2d0004227769e1935a1d5a25
SHA512c82aad7172f99257d3120cc72b3b504f8c772f0fc1d712b7842c79ffd9f4c128a8e580d6328188ca0322816c8098042e00d123de5b4ced0dc44d86d2004154e0
-
Filesize
9KB
MD50ddeae8b72a74aba9f17f69856626760
SHA19f3a13ddea2ff1554d770ced58a27db73dd11fd3
SHA2562e69e9bce2f0517a551e93092c2e21e9429ff58f0233943eb1d2ca30fb70bd20
SHA5121510de84133b8602c779e718efccd64b5aa3d40bf102cd5cdd2b45a1de34f5bfbebd0ea8307c8bdaa952d111f9b6e199dfd91d2ffe841c70bc048b6c7e9d01fe
-
Filesize
9KB
MD5ebcfcd1f768024013541b9366adcf2f6
SHA1e05fa33d2ce206e8049b6d7805d1e1c6d1eb5737
SHA2565a00bcd101191d4af2e50f3821a33665f4704ddf439545f7a1d649f33bcf1416
SHA512becd59ab2899acf9f6278c600a35fda81d2c2cc4f30013abf8639009c70237c67d723b96ccca59daddb417e8edb30ae22cb080d4e3e90cdec7f3795f3a3527ee
-
Filesize
15KB
MD5223eb17f92ccccd2f557ef51d3fc03b2
SHA1037e32b19c6c0bb871f4b46992d774a4fd2be685
SHA256add4d600e8153e5f711c7566539deec8154f7b9e3602d49734f4874a70a18913
SHA512e90284c814e6ced1b8c339e37028db5cfa5e24a6598080ba240552319c7c4d6f045fc340b70b0686ff918b5f09af43c6e25e580392c2acf27000e20bc087fa7f
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize72B
MD55cabde997d5a7b049022559800ae4351
SHA19e7467190be8a3bce21d2351b9dc6e38257d62b4
SHA256b35272d091a29a1ee1c6e9d3fd5beec3842dabc3b86495fcf56f841502def293
SHA512091aa9355731ad634698653efdf7458fdbe9ae93d77f3a32d4de5725c2fa8144226e1aa01fa04a1f422808fee20cddaf3e628a93cba1cb2cd850740a24631505
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\fb37bcc3-1558-4c02-9fee-b6dcaf7e531d.tmp
Filesize9KB
MD5f33e029c30a607482e36f51a44008e46
SHA153437364a177f948dfd0222da1d0e8af2cf3de21
SHA256b3785e1677dc834354726fa21f949c8226e722f39ef8bb74fe2ec0aaf2405fe9
SHA512bacfef932c43dd59cfc7c2ed0efb99dd827f1f2e3e99577c36c43aa0136ecd37a7405ec442257f898fb2fc3633cb8cc2f231d8ca76e031bb261e5a3663f3c1fe
-
Filesize
231KB
MD5f79f93dca10bd5f0a9eae7f38a40464a
SHA189e0e1b30d87280b7bcdee68ead19d4d53de3a68
SHA256981b0d102fa8b1fd0e644c78de2eb870b67531d7c8e05c4cec76ea9a190a74e3
SHA512713b2c4f50d7a7f0fa43f6888b0101b3cd2f4875271694d1b8309ee8513bb9887ae2e201e01fd5c8bf24e3e7c7566320ccb4034bfdec5c7d2a6ddc959ff6a3fb
-
Filesize
150KB
MD514937b985303ecce4196154a24fc369a
SHA1ecfe89e11a8d08ce0c8745ff5735d5edad683730
SHA25671006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff
SHA5121d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c
-
Filesize
711B
MD5558659936250e03cc14b60ebf648aa09
SHA132f1ce0361bbfdff11e2ffd53d3ae88a8b81a825
SHA2562445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b
SHA5121632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727