lumma | hxxps://sourceforge[.]net/projects/solara-free-executor/files/latest/download

Analysis

max time kernel
46s
max time network
47s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
07-01-2025 16:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://sourceforge.net/projects/solara-free-executor/files/latest/download

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

https://fancywaxxers.shop/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

.NET Reactor proctector 1 IoCs

Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

resource	yara_rule
behavioral1/memory/3860-315-0x0000000000180000-0x00000000001E2000-memory.dmp	net_reactor

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 3860 set thread context of 3884	3860	Setup.exe	102
PID 3860 set thread context of 3676	3860	Setup.exe	103

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1688	3860	WerFault.exe	96

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133807395107731879"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings	chrome.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Setupv2.5.1.zip:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1472	chrome.exe
1472	chrome.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe

Suspicious use of SendNotifyMessage 33 IoCs

pid	Process
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1472 wrote to memory of 3980	1472	chrome.exe	77
PID 1472 wrote to memory of 3980	1472	chrome.exe	77
PID 1472 wrote to memory of 4380	1472	chrome.exe	78
PID 1472 wrote to memory of 4380	1472	chrome.exe	78
PID 1472 wrote to memory of 4380	1472	chrome.exe	78
PID 1472 wrote to memory of 4380	1472	chrome.exe	78
PID 1472 wrote to memory of 4380	1472	chrome.exe	78
PID 1472 wrote to memory of 4380	1472	chrome.exe	78
PID 1472 wrote to memory of 4380	1472	chrome.exe	78
PID 1472 wrote to memory of 4380	1472	chrome.exe	78
PID 1472 wrote to memory of 4380	1472	chrome.exe	78
PID 1472 wrote to memory of 4380	1472	chrome.exe	78
PID 1472 wrote to memory of 4380	1472	chrome.exe	78
PID 1472 wrote to memory of 4380	1472	chrome.exe	78
PID 1472 wrote to memory of 4380	1472	chrome.exe	78
PID 1472 wrote to memory of 4380	1472	chrome.exe	78
PID 1472 wrote to memory of 4380	1472	chrome.exe	78
PID 1472 wrote to memory of 4380	1472	chrome.exe	78
PID 1472 wrote to memory of 4380	1472	chrome.exe	78
PID 1472 wrote to memory of 4380	1472	chrome.exe	78
PID 1472 wrote to memory of 4380	1472	chrome.exe	78
PID 1472 wrote to memory of 4380	1472	chrome.exe	78
PID 1472 wrote to memory of 4380	1472	chrome.exe	78
PID 1472 wrote to memory of 4380	1472	chrome.exe	78
PID 1472 wrote to memory of 4380	1472	chrome.exe	78
PID 1472 wrote to memory of 4380	1472	chrome.exe	78
PID 1472 wrote to memory of 4380	1472	chrome.exe	78
PID 1472 wrote to memory of 4380	1472	chrome.exe	78
PID 1472 wrote to memory of 4380	1472	chrome.exe	78
PID 1472 wrote to memory of 4380	1472	chrome.exe	78
PID 1472 wrote to memory of 4380	1472	chrome.exe	78
PID 1472 wrote to memory of 4380	1472	chrome.exe	78
PID 1472 wrote to memory of 3876	1472	chrome.exe	79
PID 1472 wrote to memory of 3876	1472	chrome.exe	79
PID 1472 wrote to memory of 1068	1472	chrome.exe	80
PID 1472 wrote to memory of 1068	1472	chrome.exe	80
PID 1472 wrote to memory of 1068	1472	chrome.exe	80
PID 1472 wrote to memory of 1068	1472	chrome.exe	80
PID 1472 wrote to memory of 1068	1472	chrome.exe	80
PID 1472 wrote to memory of 1068	1472	chrome.exe	80
PID 1472 wrote to memory of 1068	1472	chrome.exe	80
PID 1472 wrote to memory of 1068	1472	chrome.exe	80
PID 1472 wrote to memory of 1068	1472	chrome.exe	80
PID 1472 wrote to memory of 1068	1472	chrome.exe	80
PID 1472 wrote to memory of 1068	1472	chrome.exe	80
PID 1472 wrote to memory of 1068	1472	chrome.exe	80
PID 1472 wrote to memory of 1068	1472	chrome.exe	80
PID 1472 wrote to memory of 1068	1472	chrome.exe	80
PID 1472 wrote to memory of 1068	1472	chrome.exe	80
PID 1472 wrote to memory of 1068	1472	chrome.exe	80
PID 1472 wrote to memory of 1068	1472	chrome.exe	80
PID 1472 wrote to memory of 1068	1472	chrome.exe	80
PID 1472 wrote to memory of 1068	1472	chrome.exe	80
PID 1472 wrote to memory of 1068	1472	chrome.exe	80
PID 1472 wrote to memory of 1068	1472	chrome.exe	80
PID 1472 wrote to memory of 1068	1472	chrome.exe	80
PID 1472 wrote to memory of 1068	1472	chrome.exe	80
PID 1472 wrote to memory of 1068	1472	chrome.exe	80
PID 1472 wrote to memory of 1068	1472	chrome.exe	80
PID 1472 wrote to memory of 1068	1472	chrome.exe	80
PID 1472 wrote to memory of 1068	1472	chrome.exe	80
PID 1472 wrote to memory of 1068	1472	chrome.exe	80
PID 1472 wrote to memory of 1068	1472	chrome.exe	80
PID 1472 wrote to memory of 1068	1472	chrome.exe	80

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://sourceforge.net/projects/solara-free-executor/files/latest/download
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb976cc40,0x7ffcb976cc4c,0x7ffcb976cc58
  2⤵
  PID:3980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1812,i,1633824114934868198,12166873575084288201,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1804 /prefetch:2
  2⤵
  PID:4380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2032,i,1633824114934868198,12166873575084288201,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2096 /prefetch:3
  2⤵
  PID:3876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2172,i,1633824114934868198,12166873575084288201,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2248 /prefetch:8
  2⤵
  PID:1068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3084,i,1633824114934868198,12166873575084288201,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3104 /prefetch:1
  2⤵
  PID:4184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3092,i,1633824114934868198,12166873575084288201,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3140 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4344,i,1633824114934868198,12166873575084288201,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4440 /prefetch:1
  2⤵
  PID:2468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4268,i,1633824114934868198,12166873575084288201,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4572 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4404,i,1633824114934868198,12166873575084288201,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4908 /prefetch:8
  2⤵
  PID:3172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4948,i,1633824114934868198,12166873575084288201,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4716 /prefetch:1
  2⤵
  PID:2408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4960,i,1633824114934868198,12166873575084288201,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:2196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5312,i,1633824114934868198,12166873575084288201,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5776,i,1633824114934868198,12166873575084288201,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5760 /prefetch:1
  2⤵
  PID:2672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5908,i,1633824114934868198,12166873575084288201,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5740 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4588,i,1633824114934868198,12166873575084288201,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5668 /prefetch:8
  2⤵
  - NTFS ADS
  PID:2212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=6260,i,1633824114934868198,12166873575084288201,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:1940

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1200

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3128

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3584

C:\Users\Admin\AppData\Local\Temp\Temp1_Setupv2.5.1.zip\Setup\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Setupv2.5.1.zip\Setup\Setup.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:3860
- C:\Users\Admin\AppData\Local\Temp\Temp1_Setupv2.5.1.zip\Setup\Setup.exe
  "C:\Users\Admin\AppData\Local\Temp\Temp1_Setupv2.5.1.zip\Setup\Setup.exe"
  2⤵
  PID:2108
- C:\Users\Admin\AppData\Local\Temp\Temp1_Setupv2.5.1.zip\Setup\Setup.exe
  "C:\Users\Admin\AppData\Local\Temp\Temp1_Setupv2.5.1.zip\Setup\Setup.exe"
  2⤵
  PID:3568
- C:\Users\Admin\AppData\Local\Temp\Temp1_Setupv2.5.1.zip\Setup\Setup.exe
  "C:\Users\Admin\AppData\Local\Temp\Temp1_Setupv2.5.1.zip\Setup\Setup.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3884
- C:\Users\Admin\AppData\Local\Temp\Temp1_Setupv2.5.1.zip\Setup\Setup.exe
  "C:\Users\Admin\AppData\Local\Temp\Temp1_Setupv2.5.1.zip\Setup\Setup.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3676
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 152
  2⤵
  - Program crash
  PID:1688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 3860 -ip 3860
1⤵
PID:980

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:488

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
eaaa7c06b9e2f41dba78d45c5c8ea2a5

SHA1
f5431159bdff1669c1ad140f42883bc978213b0e

SHA256
e16982d1817abcf2d59f3e95757787e428c6bf731d48cf4a75201658ce581407

SHA512
90996d5635c7b7eba665f7b6e639daee616899523d3e4fababdfbbdcba7a9052b6537f6e4b6a34f0c7b8bebf537d95ffb43221932539094e9943d3ec48a15060

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
71KB

MD5
4428f4fcfb59f032684fb30328015357

SHA1
74658cb3cd89981e859db3574e620af057c2870c

SHA256
ae93168fbab94d77ce32845022a86ba49652e9f16c1d1eb42c766636db0f7432

SHA512
b3356a0908020f3362554cd9f5b97219767fc818397352439afc75b4565afd2eeb426df164ab4b99f5c0925240453e4924e2fd34214c8f071d02650ea46f74a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
95KB

MD5
06a863615fd1074e2466d98e80033bd5

SHA1
19a022ffa381f01262c58aa183fe7be2d9af25a8

SHA256
6855213ff419361ee06b00400b1a26f5a2ccbd5f138ff8e03c1370d4c03d3ed4

SHA512
c0d4f1c4a4771fb04d1edda65fa508f1bc7a9afc7bc3865b0fcd5207a918508018a06b044b245ee9bd3bfdab3d058f8c5fe17f780f0b431663d3162fb517429c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
19KB

MD5
16ea2a01894c38666bc185757b4f1b74

SHA1
435bb15c8de2e0ef76512618ab291da1b40776a4

SHA256
16e88923203a6b50f5a1b4c2c52001720833d07f7f0b1ce1510d42d66c40db11

SHA512
e333308b517a4c647cbb36b429224390a5c1afcaedaba81a7c8d68d88bc48c60a348af07956dbf3de8c7bada355e27128ce10ba3a0aa764bd6d807dd531025d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
18KB

MD5
ce4c7d1372a2686ca61a83a53cc53481

SHA1
1fb11b54ce19ae72cd5cc13c0fe28c9f6389a9c7

SHA256
326a1140babd8fbdde8633873c0fd56acb5bd4550f9b285a13d0a1bdc3810ac4

SHA512
79d4f9b24dc9d4b4897b4df65e3a28960bdf64c72f04d0ac565b73c18b5b8b38f6235ad9f28f2c24b698946c56084d7cd9050fce48a78a8c4ff1bafd7d2da7fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
52KB

MD5
da6f4e7395c68ce818560f3169b8d0c1

SHA1
e1333b9427e6b72bb0a7ed6c033ab5cf4b4d6d03

SHA256
21750b0b0e9238c8120ec102851223adf913542fd47175868282d5e29501dbf0

SHA512
3d77bb72fd5616137e88a943a07be65dbf678700c2920f0ea02319bca80c0b9c499ca5f5959f902d7ca41380c38f3e0d914d99c206432edddb9010ed0d316ee8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
33KB

MD5
f97783438d5aaad967f2bf200a846567

SHA1
af401e7014f41ed0e8139285444f57f5b512ba0a

SHA256
9dc29af55f6a947ca2a38431ccdcee1e69228711901b0d044eeb2fe56aaa6663

SHA512
49c3091e149c2a3917d90feb74291e071546011bc2c7afdf8247dcd13363a80743d0ba09501e61e1704cc8b28654857c9a10cd50b02a13bbd767a5c80124ebc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
16KB

MD5
fa2f2d9b6e2646db961cec325b6e0676

SHA1
11924e3c9b999d731a8662088caccfee46ccc129

SHA256
4c214f6c0d1bc9aa90e426763d0daf9dd9ca1ad4bf68d0c6e2ecbd210661307c

SHA512
370427a150f1ec2913ef530ac7bf88462bccc9ac783a9d16bfc16bd71c22422b24e745d36ea511a60a4505c12c683532d7443ecd50f89a49d1a4611d7dc8f75e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
19KB

MD5
c08676575f96205540c83e1a7db2c9ed

SHA1
5c2181b930ea6e7f5db31ef3d059856be3a62b1d

SHA256
9e9a6d518afb182d93412df6a648f37dc2265460fbdc901aa7c8b7cf5e807a50

SHA512
0aa5a246ac5c43bf4e87d135d0a7d5fd4a0d7de577925e3a88cec32fd79f4bea67fbc3572268962bfee2e77cb3a1aeca842496d9d4231ea1513b4270e106b6f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
110KB

MD5
a09e62fe3ee17ff291bcdcc2f10695ab

SHA1
cf644d25d89b6ebd256170fb6dc96f0b933f7c0d

SHA256
855ed986df5b2bf7480e9fc85a24b213347608c85438cbf2c5e28de13fdebd70

SHA512
1021ab68bbf39dcee9b36a3d48c8dbc5f4a32922dd78f369f19773c36e53af285d5029b3dbbca0119f9dcd22e305ae1d7687a5ae2ceac0f041adee7fd610faf5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
153KB

MD5
1b2731006f2b2597b02859e501bc2d4c

SHA1
118d27a703cef3fb083593a56bbc93e62420f30a

SHA256
59dc184cbc1a318493460d1d78999cfdaaaac9a457b5a3a02c2567dfa17314bd

SHA512
f7452f91afe2fbfcb04f80dc7b051d874224de8790bbc53858678332a6b49f7295a15989a587811e1e8fb58a38625ec3e15657d88a367fd50d5b201d7abbe90c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
132KB

MD5
72d0b6297a40df1074bbec3c2873248c

SHA1
7cc8bfc8b00a0c2ffb4c21f3c612a0fba2ac5ec9

SHA256
ca1f23bb1400b2855577eb315219158d62dbca0dff2e7e48bab1d1ec1357d3b6

SHA512
49c63dc3093024912495098c776ba46ee0d8052b90e89e027e02957df44e8a70e3fcf9cf936e22384fb59efdf02a8d71d36cb067d83e3cf94bc115d67108dd62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
52KB

MD5
2b7709c3d4f4503a1c7d32ea64541866

SHA1
ff4b61364bec4633240aa930d056c5abf64fc3ed

SHA256
700fe3b421dee7c2c5a53f1c9856b445f2773a6cb1ac6403ae8ed992d6f1448b

SHA512
35efaea3e2af344ebc0953e875181573dfd981fd3a71760c23b6c8ee57c7fa4ed695f18715438dd9326ebe24c64d5e0f2605d922740e3ccede3f72823837c62a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
29KB

MD5
79ffcf947dd8385536d2cfcdd8fcce04

SHA1
a9a43ccbbb01d15a39fac57fa05290835d81468a

SHA256
ffc11b830ad653e7a9d4257c7cd7a8056db5e7d7e89439b8fd67d1207b1729bf

SHA512
3dc82ecb2abc8c567434666a9162cc188de669927c3dada6392d8bd97d5e746f1ed350e1a02ec016ee2b1dc8a9cc5c71c553f2ef1293d6793800c276560859a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

Filesize
67KB

MD5
bcfda9afc202574572f0247968812014

SHA1
80f8af2d5d2f978a3969a56256aace20e893fb3f

SHA256
7c970cd163690addf4a69faf5aea65e7f083ca549f75a66d04a73cb793a00f91

SHA512
508ca6011abb2ec4345c3b80bd89979151fee0a0de851f69b7aa06e69c89f6d8c3b6144f2f4715112c896c5b8a3e3e9cd49b05c9b507602d7f0d6b10061b17bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029

Filesize
20KB

MD5
efb9f6a1680c9d3ce3abe4d5a75c7c6c

SHA1
a454374b7f43f129d4245e73c2048849a78768c9

SHA256
96919908509422207d3fe3dbdf26a7bf0da651dae2b8481c4dce4ef0812add18

SHA512
1d6fa00634b899162a4e97adf05cdb97ca1eeaec3f43bdef4412ccbe4ae560ee19073817aab38508b724f177e7942b07982acbf918750fad0385d3b5db3d124a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
2446460ad44e237db511e2f7f372012a

SHA1
1484483d2e1a19e574c6d3f5c7bb5f28c5c8497f

SHA256
0d843471a11b7c52427739275b18d85f4eda81dc935e89ac44dab1e66fff51f7

SHA512
879070ba6b0fdbb2b4e98860bfd92309bee6b0349a957bbce61171afacb2b061f853329e3d2ffb21433a5fe4d5905c2282bb4e6dab084c932c14f3d1ccab946b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
0b8550c45acc07de996f96232a04e2d6

SHA1
764d4f1f75e44338d6fe9472a8dbacb445f41945

SHA256
9b89f5ee795662b01393205785d180b491f8986c9cdaff16100ae143eab182d2

SHA512
ebde8e59caf4e5a9488e909ae25c6f5de68fdec7bdcb211d28480709d00ba4614a45ac1579ac4dd4492001d20605f0f79ff5cad0ec88a8b4deb4aaf4db138529

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
392f5ccb8f22871c8c96b4f02e013d3c

SHA1
a906e8caabe9ac9ece09520825a156960d45168c

SHA256
7c87a35a990711acdb00f7b5c7362454740b27557f748ad736b66a33edbb6774

SHA512
a4cf815612cdeb113abe75f358045a7e3eb0d8eeac98fc350ce04994b989b3f20358a6c05f50cc6710cb707b641854dc4f3db70151094d6e9d4cae8cbfd5c9b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2a6e57fffaea66d2c354cc2c1b30d130

SHA1
17d9902e7d0e91fcc07d6dac0bcff9355bb6c8ab

SHA256
2cd1fd150cfe5caaac17a2b88a5af7dcc44753496724eae0bd48ba2ca68b3d73

SHA512
825eb669d2b6b672baf23c216d86d00731efddb76a40bba9d74f07a3d04cfd005495870fce33355bbb90c24c0a788bedb62ce0eed7e119cf08b3a926d90ce2f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
33c1f5d93687fa47d668b662c4296676

SHA1
d2d1a364b0177c2e4a004f511c95a61a9dde2396

SHA256
f7df69b99b844ceec28302c3f4b65467d792b386da1191f949d0cfe87cc7f1b4

SHA512
f8e065624eacdd7d99b4ab9ecc58d04383cbcd0960e62838a9f4bc8826f8afc759bef9f1b43c503bc0960b37c3963958cba5a631b73bb4f1934374120de8e1de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
84bc08c7026bfa4408667faddba0f8bf

SHA1
e976846a582968e318fc97619c0b7653749aac09

SHA256
7ca9d571c94ffdeb19fa7232239472091686a6226935d9f3cef23a65bb90a3c8

SHA512
dae4c1a556f42c219fc1943261af6088a963bbb0bb92695edd22ad218cc72d46f92a6cd465a8f6d36a2ffb9e6ea8d0e70a526ca97b5e259cbc9f80fbd2155d79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
c3ddcff5e04fb9afe31cf9055b37bb2f

SHA1
78ff708018ca3b16fd400f669b3a9019299eb269

SHA256
1246ffbb8624e9ddbe5cf82c5df78cc71a1fe783801c9eaefa1fd34e86290da2

SHA512
058bddbd2fadf297f1cfd858acec042536324aa7814b97d8be084f72c4550b29fa17110d0d8916d3998c7b259966f4cb9683860a79c19f6020abf550ffdb1ade

Download Submit
C:\Users\Admin\Downloads\Setupv2.5.1.zip.crdownload

Filesize
11.3MB

MD5
fb713cd74363ef0b0286eb324366a9a3

SHA1
ea60b2584670603dc2f636ce63f6d89067058bb1

SHA256
b84757f61afe1e60e646e29163c32db9c4ca4317f52b2e0382f3f0a740677c57

SHA512
61df7b381911976e338ab28a840e726a81c78fb5a90442dbe2fa1f0246d1baab6e1347f6d25219eff6c8f210b151063e063b35df40d956ac1bee43dca300402c

Download Submit
C:\Users\Admin\Downloads\Setupv2.5.1.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/488-363-0x0000010B5F4D0000-0x0000010B5F4D1000-memory.dmp

Filesize
4KB

Download
memory/488-415-0x0000010B5F4D0000-0x0000010B5F4D1000-memory.dmp

Filesize
4KB

Download
memory/488-410-0x0000010B5F4D0000-0x0000010B5F4D1000-memory.dmp

Filesize
4KB

Download
memory/488-411-0x0000010B5F4D0000-0x0000010B5F4D1000-memory.dmp

Filesize
4KB

Download
memory/488-366-0x0000010B5F4D0000-0x0000010B5F4D1000-memory.dmp

Filesize
4KB

Download
memory/488-365-0x0000010B5F4D0000-0x0000010B5F4D1000-memory.dmp

Filesize
4KB

Download
memory/488-412-0x0000010B5F4D0000-0x0000010B5F4D1000-memory.dmp

Filesize
4KB

Download
memory/488-416-0x0000010B5F4D0000-0x0000010B5F4D1000-memory.dmp

Filesize
4KB

Download
memory/488-413-0x0000010B5F4D0000-0x0000010B5F4D1000-memory.dmp

Filesize
4KB

Download
memory/488-414-0x0000010B5F4D0000-0x0000010B5F4D1000-memory.dmp

Filesize
4KB

Download
memory/3676-321-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3676-337-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3676-323-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3860-322-0x0000000073E80000-0x0000000074631000-memory.dmp

Filesize
7.7MB

Download
memory/3860-315-0x0000000000180000-0x00000000001E2000-memory.dmp

Filesize
392KB

Download
memory/3860-316-0x0000000005130000-0x00000000056D6000-memory.dmp

Filesize
5.6MB

Download
memory/3860-336-0x0000000073E80000-0x0000000074631000-memory.dmp

Filesize
7.7MB

Download
memory/3860-305-0x0000000073E8E000-0x0000000073E8F000-memory.dmp

Filesize
4KB

Download
memory/3884-318-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3884-326-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download