lumma | fc76c1e2c7c03b92d7b8bcd5ea8894d5ed172f6f5f39ce2f70b2279f171986fc

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
04-01-2025 02:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Bootstrapper-x64.exe
Size

303KB
MD5

97c96dd8f6e86e7e1a06b1c72b40723c
SHA1

f5cdf2ff0e8491ce18309f08e52696438ff5c083
SHA256

fc76c1e2c7c03b92d7b8bcd5ea8894d5ed172f6f5f39ce2f70b2279f171986fc
SHA512

b63c9ce1a4537c15ba5e20858a29b29150c61a156c4e9a8028a5157f200a8aa56297b5bf5c6dcc1adaed26b494e85f8fd1ade5c0027fd5af6d65265c04805b24
SSDEEP

6144:aL71E/e7L3CSGOceSFHw9RAmtphOjEXwZovTJ:anaC2SXcaCWqjEX9TJ

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

Extracted

Family

lumma

https://abruptyopsn.shop/api

https://wholersorie.shop/api

https://framekgirus.shop/api

https://tirepublicerj.shop/api

https://noisycuttej.shop/api

https://rabidcowse.shop/api

https://cloudewahsj.shop/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Crashpad\metadata	setup.exe
File opened for modification	C:\Program Files\Crashpad\settings.dat	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4844	4032	WerFault.exe	84

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Bootstrapper-x64.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133804310032053664"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3200	chrome.exe
3200	chrome.exe
4624	chrome.exe
4624	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3200 wrote to memory of 2252	3200	chrome.exe	108
PID 3200 wrote to memory of 2252	3200	chrome.exe	108
PID 3200 wrote to memory of 4040	3200	chrome.exe	109
PID 3200 wrote to memory of 4040	3200	chrome.exe	109
PID 3200 wrote to memory of 4040	3200	chrome.exe	109
PID 3200 wrote to memory of 4040	3200	chrome.exe	109
PID 3200 wrote to memory of 4040	3200	chrome.exe	109
PID 3200 wrote to memory of 4040	3200	chrome.exe	109
PID 3200 wrote to memory of 4040	3200	chrome.exe	109
PID 3200 wrote to memory of 4040	3200	chrome.exe	109
PID 3200 wrote to memory of 4040	3200	chrome.exe	109
PID 3200 wrote to memory of 4040	3200	chrome.exe	109
PID 3200 wrote to memory of 4040	3200	chrome.exe	109
PID 3200 wrote to memory of 4040	3200	chrome.exe	109
PID 3200 wrote to memory of 4040	3200	chrome.exe	109
PID 3200 wrote to memory of 4040	3200	chrome.exe	109
PID 3200 wrote to memory of 4040	3200	chrome.exe	109
PID 3200 wrote to memory of 4040	3200	chrome.exe	109
PID 3200 wrote to memory of 4040	3200	chrome.exe	109
PID 3200 wrote to memory of 4040	3200	chrome.exe	109
PID 3200 wrote to memory of 4040	3200	chrome.exe	109
PID 3200 wrote to memory of 4040	3200	chrome.exe	109
PID 3200 wrote to memory of 4040	3200	chrome.exe	109
PID 3200 wrote to memory of 4040	3200	chrome.exe	109
PID 3200 wrote to memory of 4040	3200	chrome.exe	109
PID 3200 wrote to memory of 4040	3200	chrome.exe	109
PID 3200 wrote to memory of 4040	3200	chrome.exe	109
PID 3200 wrote to memory of 4040	3200	chrome.exe	109
PID 3200 wrote to memory of 4040	3200	chrome.exe	109
PID 3200 wrote to memory of 4040	3200	chrome.exe	109
PID 3200 wrote to memory of 4040	3200	chrome.exe	109
PID 3200 wrote to memory of 4040	3200	chrome.exe	109
PID 3200 wrote to memory of 4824	3200	chrome.exe	110
PID 3200 wrote to memory of 4824	3200	chrome.exe	110
PID 3200 wrote to memory of 2136	3200	chrome.exe	111
PID 3200 wrote to memory of 2136	3200	chrome.exe	111
PID 3200 wrote to memory of 2136	3200	chrome.exe	111
PID 3200 wrote to memory of 2136	3200	chrome.exe	111
PID 3200 wrote to memory of 2136	3200	chrome.exe	111
PID 3200 wrote to memory of 2136	3200	chrome.exe	111
PID 3200 wrote to memory of 2136	3200	chrome.exe	111
PID 3200 wrote to memory of 2136	3200	chrome.exe	111
PID 3200 wrote to memory of 2136	3200	chrome.exe	111
PID 3200 wrote to memory of 2136	3200	chrome.exe	111
PID 3200 wrote to memory of 2136	3200	chrome.exe	111
PID 3200 wrote to memory of 2136	3200	chrome.exe	111
PID 3200 wrote to memory of 2136	3200	chrome.exe	111
PID 3200 wrote to memory of 2136	3200	chrome.exe	111
PID 3200 wrote to memory of 2136	3200	chrome.exe	111
PID 3200 wrote to memory of 2136	3200	chrome.exe	111
PID 3200 wrote to memory of 2136	3200	chrome.exe	111
PID 3200 wrote to memory of 2136	3200	chrome.exe	111
PID 3200 wrote to memory of 2136	3200	chrome.exe	111
PID 3200 wrote to memory of 2136	3200	chrome.exe	111
PID 3200 wrote to memory of 2136	3200	chrome.exe	111
PID 3200 wrote to memory of 2136	3200	chrome.exe	111
PID 3200 wrote to memory of 2136	3200	chrome.exe	111
PID 3200 wrote to memory of 2136	3200	chrome.exe	111
PID 3200 wrote to memory of 2136	3200	chrome.exe	111
PID 3200 wrote to memory of 2136	3200	chrome.exe	111
PID 3200 wrote to memory of 2136	3200	chrome.exe	111
PID 3200 wrote to memory of 2136	3200	chrome.exe	111
PID 3200 wrote to memory of 2136	3200	chrome.exe	111
PID 3200 wrote to memory of 2136	3200	chrome.exe	111

C:\Users\Admin\AppData\Local\Temp\Bootstrapper-x64.exe
"C:\Users\Admin\AppData\Local\Temp\Bootstrapper-x64.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4032
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 1404
  2⤵
  - Program crash
  PID:4844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4032 -ip 4032
1⤵
PID:3324

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4592

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa9a2bcc40,0x7ffa9a2bcc4c,0x7ffa9a2bcc58
  2⤵
  PID:2252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1836,i,9898885847551389410,15901104986258978622,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1832 /prefetch:2
  2⤵
  PID:4040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2008,i,9898885847551389410,15901104986258978622,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2020 /prefetch:3
  2⤵
  PID:4824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2320,i,9898885847551389410,15901104986258978622,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2264 /prefetch:8
  2⤵
  PID:2136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3164,i,9898885847551389410,15901104986258978622,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3336,i,9898885847551389410,15901104986258978622,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4524,i,9898885847551389410,15901104986258978622,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4592 /prefetch:1
  2⤵
  PID:4036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4832,i,9898885847551389410,15901104986258978622,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4840 /prefetch:8
  2⤵
  PID:896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4428,i,9898885847551389410,15901104986258978622,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4876 /prefetch:8
  2⤵
  PID:3628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5080,i,9898885847551389410,15901104986258978622,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5092 /prefetch:8
  2⤵
  PID:4976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5184,i,9898885847551389410,15901104986258978622,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4856 /prefetch:8
  2⤵
  PID:184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4928,i,9898885847551389410,15901104986258978622,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4500 /prefetch:8
  2⤵
  PID:1160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4412,i,9898885847551389410,15901104986258978622,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5192 /prefetch:8
  2⤵
  PID:3000
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Program Files directory
  PID:5040
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x284,0x288,0x28c,0x260,0x290,0x7ff75e3f4698,0x7ff75e3f46a4,0x7ff75e3f46b0
    3⤵
    - Drops file in Program Files directory
    PID:4056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5460,i,9898885847551389410,15901104986258978622,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5484 /prefetch:2
  2⤵
  PID:2188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4704,i,9898885847551389410,15901104986258978622,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5484,i,9898885847551389410,15901104986258978622,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3532 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4624

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1028

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4492

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
51603810354a5d04f160e70100f99b19

SHA1
f82d8edd205f0594c2ebf0e97f2f5aabf2b52e9f

SHA256
2b2d8530567b3da32739c77f98bd18fb36eb094f4e91fc03136013d1bdda213a

SHA512
60ee6b254d36481db531f3f25a9c591720767a24912c40d9dec302fbd699aef0eeae518e716d8f4ddefb165e1bc55717482dc708e487577bf1a1df535fd59c7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
22b30b8966b6cb04de92c27108ec9e63

SHA1
04bc6d8b6e304aca393f6ed3b97a59adaf08c004

SHA256
ba4047999b53af66538a466d2070ee761d7b10d337f7c49b7a758a090cc81141

SHA512
7bc605c1154dcf00564f201f59373ff59d381e3f0f227cf788679778f828111a09f2e9458d2ac8481cf1abd4f21a7837c607961383101ffc1826b16a5fbe995e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
7e26a2d601c557831674abe3f0fff77f

SHA1
bc7f4cb8c8f8cbf6d55e624ec95ad2d7ad1a33dc

SHA256
2b855f38c969a65b17552b514dc29e1aaba2652848adb007ad7cb4699d8963ea

SHA512
3ffd2509386893b4eb41e38f71045215e3f35437d217f13da1a673dd01811eb4e02b78d4cfa95492a9b141a5986d2c79889acafd27269619e1f4a7eada89156d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
8dec8ecd89839b589816096f0db6a7ae

SHA1
7ef5daac012b9f49aa44a219c64e37141edcbf29

SHA256
2dc76a1ebb61dfbdd58c43eb715e88a920a67fdc5d1ef6abaf7cdaea217b9d79

SHA512
326f6e26e35a667ca83a1c6980a37087c7235ad18af3e6edfa220c07de5f39226c4ea00ff8229f9aed79f1c16129a6b96bac71f2314ccb3bf07c322dadb48340

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a61eddbd96f959c845a1f42b983c0560

SHA1
b91e92cddec7df6ca061ffe41144a1793d21e411

SHA256
952209716e99b313b61d385a08d5a810e4b7051a9b76dcff9e5f9003cafeb82d

SHA512
0cb93f1b7bcebdb4ef701cc3ffb59d4d5364e105e2bf8e640d85d64d9074929601e3889195815389388019f0a8aed918b2b7e54fd4e383674f0762c8d22003ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
57db258deb322c25fe57033c937273f7

SHA1
fe52670193e2485ccc205bd8539ce25066540d33

SHA256
50f1aac43e8562fc82d8dd12bd2f422dde2e575f5d2a34cd6bd7b5bc890fdcbd

SHA512
e6ccb5e4bf4cd3579418c06994b6762e0acd843a51669f6f7763d4e895e808d74102ae131e862628575ac6e62850046d25f5dc4ccd0d91954f26083eecb0f4e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
23400bd5436113f76567a90d40d0283e

SHA1
9cdbea9d49eef029c04f512a9c7919d616b8de45

SHA256
d1030e09af2c0d90a71c9966e2f53ac04c500b2629150fbf31753ef523d48181

SHA512
a990f82a0d54040f419341057b0f5a7002da8e767df8d68f5ae112838f364908a6636122ac9faf1468864f69288eb0ae5923070adf682182eef24ab29a1c453d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9eaaf0450c128d37b7ad94e3dd78cff0

SHA1
cc1670d03e26607b947b25b76bdf2b28e6248e7f

SHA256
cc63421b52fde712f9ff645983153327dc10c0c3f4a0e08bfd300853d412ad80

SHA512
c1efd46c6bc0d6cfb9d5da789475b173b094fb234abaf38162facfa8dfa69768833896aa0efb12f62f6b46952d41aef73ad4ad069ba80d3b4186eaf1db28d275

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
03b57b18caec2c85f33ab238dd769516

SHA1
fb977e8110439bc0704184935392362205ccde63

SHA256
fc244df320b986f904c283772c641052817f898bfd0da30577810bdac016281b

SHA512
d761c22a6c571232cc0be2f4fc41cc8893d73510a621c43739c46ab22a88e3b5f5ed0dc7d217b20afb987d34960826d8cebeac1315fe36ff0f5a160cfbfa2052

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e3f26cd28aed138f5072dc00c6338801

SHA1
17f7d4669d0fea08c8c2fe5391e70661066edd33

SHA256
1bb9d57d3524babb0ecad9b47be8965c6b450a817abfede475f56ed3b7292cc9

SHA512
450b379d2830e0eeeb9e3bd4d0b5f568526870fe96f048453d1842fa14609b470d3a4ffcf6e486c70ebe1c5ab952a199350e40236482e126a1eb90e8d6fe14ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
56f69967e498c7b350f41a017a442419

SHA1
4066307c7bef9626327c90486231d8d4ebc95486

SHA256
705ebc7f9a4c45960e064c18c43b9478c315ad6dd93fedfca74ae1a72ac5e26a

SHA512
39bf818cf3071ce923823d752949348d419c3abef3fbcd4451b78e8a5c23ca9180d66aecc25650427f43cc99179018a6af1cf25e59cb64578b4b48d9a6ae3f8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
01793d5aa0a9195ca1e8bbbe76b7ba86

SHA1
7b99e580db2d23a91b5e86e16b755ee0183b25ab

SHA256
75eb8dc052b0e64998edd15bb8eed3ad8b045f6ffd55ce4987ec78d3b8318e68

SHA512
5605a5f7fbcf982c454889cc4ce51ff255995387a977efcdaeef69125827ac6eb37848cf132349125556a89ab2a23090c2dd919a044b660d986040f62c05dd78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
65e1dc5f361cb14ed491b80cae33b357

SHA1
df410e53809c723a9cfc2cc1eaa23aad247ff4e3

SHA256
c28958bbd0ff910711a1f6efd9e75e7639b51f1ba525817bc516cdb62a35fe15

SHA512
c478b739aa6dc955f8bed6d7da66c607c089a62ef0cdfaca24a0915f647c0755837f0ec8da6ed918d5e357998ffa0d4c2b0ecbcd5e491a31f9fca542be9992b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
ef38d2cbb3e0d2b1bd2e6372659d27b6

SHA1
e95be642b8b8027024d4d510d1b516d0af147f9f

SHA256
4bb15b2afe7c3fce58874f9de7848c969c4f6d0bb5740e01bf1ea8b7f750f087

SHA512
aefa908991978e1f560ef5dedfa82b51f3275fd01e71aac0bbada48d5eda5b415fd7c40c1eb98b130b9c2d48ddcf3aaec15af5d8f7d28f2023a44da2a0f5417f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
02e0ec56578d1b0ca52d275cbf74c603

SHA1
1544a49cf2eea87e1edc2312ecfd62990f85fd62

SHA256
283163970d9f83fefc93a2d61ab9750bd7e821dfd363f32b8141fc5693d7c78e

SHA512
3b19d8102806de8b988454f83f4532a6e29c0fbdf68b30898b3f41f5b963fab1f7e388baba65be3ccbe19f74c2adb5e9c475597c01721811614bcd31c05b83b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3200_240203388\55afdadf-1b9f-4db3-b18d-fc473972eb38.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3200_240203388\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
memory/4032-0-0x0000000000600000-0x000000000062E000-memory.dmp

Filesize
184KB

Download
memory/4032-5-0x0000000000630000-0x000000000067D000-memory.dmp

Filesize
308KB

Download
memory/4032-4-0x0000000000600000-0x000000000062E000-memory.dmp

Filesize
184KB

Download
memory/4032-3-0x0000000000400000-0x0000000000457000-memory.dmp

Filesize
348KB

Download
memory/4032-2-0x0000000000400000-0x0000000000457000-memory.dmp

Filesize
348KB

Download
memory/4032-1-0x0000000000630000-0x000000000067D000-memory.dmp

Filesize
308KB

Download