lumma | hxxps://www[.]mediafire[.]com/folder/omrzoe61xxf63/a

Analysis

max time kernel
118s
max time network
118s
platform
windows10-2004_x64
resource
win10v2004-20241007-es
resource tags

arch:x64arch:x86image:win10v2004-20241007-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
08-01-2025 18:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/folder/omrzoe61xxf63/a

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

https://robinsharez.shop/api

https://handscreamny.shop/api

https://chipdonkeruz.shop/api

https://versersleep.shop/api

https://crowdwarek.shop/api

https://apporholis.shop/api

https://femalsabler.shop/api

https://soundtappysk.shop/api

https://letterdrive.shop/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

.NET Reactor proctector 2 IoCs

Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

resource	yara_rule
behavioral1/files/0x0012000000022f38-639.dat	net_reactor
behavioral1/memory/2956-641-0x0000000000D40000-0x0000000000DAA000-memory.dmp	net_reactor

Executes dropped EXE 3 IoCs

pid	Process
2956	Aura.exe
228	Aura.exe
3944	Aura.exe

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 2956 set thread context of 3944	2956	Aura.exe	112
PID 3448 set thread context of 804	3448	Aura.exe	119

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 2 IoCs

pid	pid_target	Process	procid_target
4412	2956	WerFault.exe	108
2956	3448	WerFault.exe	117

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Aura.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Aura.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Aura.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Aura.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133808328407670523"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3328	chrome.exe
3328	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe

Suspicious use of SendNotifyMessage 40 IoCs

pid	Process
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3576	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3328 wrote to memory of 2456	3328	chrome.exe	83
PID 3328 wrote to memory of 2456	3328	chrome.exe	83
PID 3328 wrote to memory of 2440	3328	chrome.exe	84
PID 3328 wrote to memory of 2440	3328	chrome.exe	84
PID 3328 wrote to memory of 2440	3328	chrome.exe	84
PID 3328 wrote to memory of 2440	3328	chrome.exe	84
PID 3328 wrote to memory of 2440	3328	chrome.exe	84
PID 3328 wrote to memory of 2440	3328	chrome.exe	84
PID 3328 wrote to memory of 2440	3328	chrome.exe	84
PID 3328 wrote to memory of 2440	3328	chrome.exe	84
PID 3328 wrote to memory of 2440	3328	chrome.exe	84
PID 3328 wrote to memory of 2440	3328	chrome.exe	84
PID 3328 wrote to memory of 2440	3328	chrome.exe	84
PID 3328 wrote to memory of 2440	3328	chrome.exe	84
PID 3328 wrote to memory of 2440	3328	chrome.exe	84
PID 3328 wrote to memory of 2440	3328	chrome.exe	84
PID 3328 wrote to memory of 2440	3328	chrome.exe	84
PID 3328 wrote to memory of 2440	3328	chrome.exe	84
PID 3328 wrote to memory of 2440	3328	chrome.exe	84
PID 3328 wrote to memory of 2440	3328	chrome.exe	84
PID 3328 wrote to memory of 2440	3328	chrome.exe	84
PID 3328 wrote to memory of 2440	3328	chrome.exe	84
PID 3328 wrote to memory of 2440	3328	chrome.exe	84
PID 3328 wrote to memory of 2440	3328	chrome.exe	84
PID 3328 wrote to memory of 2440	3328	chrome.exe	84
PID 3328 wrote to memory of 2440	3328	chrome.exe	84
PID 3328 wrote to memory of 2440	3328	chrome.exe	84
PID 3328 wrote to memory of 2440	3328	chrome.exe	84
PID 3328 wrote to memory of 2440	3328	chrome.exe	84
PID 3328 wrote to memory of 2440	3328	chrome.exe	84
PID 3328 wrote to memory of 2440	3328	chrome.exe	84
PID 3328 wrote to memory of 2440	3328	chrome.exe	84
PID 3328 wrote to memory of 4932	3328	chrome.exe	85
PID 3328 wrote to memory of 4932	3328	chrome.exe	85
PID 3328 wrote to memory of 908	3328	chrome.exe	86
PID 3328 wrote to memory of 908	3328	chrome.exe	86
PID 3328 wrote to memory of 908	3328	chrome.exe	86
PID 3328 wrote to memory of 908	3328	chrome.exe	86
PID 3328 wrote to memory of 908	3328	chrome.exe	86
PID 3328 wrote to memory of 908	3328	chrome.exe	86
PID 3328 wrote to memory of 908	3328	chrome.exe	86
PID 3328 wrote to memory of 908	3328	chrome.exe	86
PID 3328 wrote to memory of 908	3328	chrome.exe	86
PID 3328 wrote to memory of 908	3328	chrome.exe	86
PID 3328 wrote to memory of 908	3328	chrome.exe	86
PID 3328 wrote to memory of 908	3328	chrome.exe	86
PID 3328 wrote to memory of 908	3328	chrome.exe	86
PID 3328 wrote to memory of 908	3328	chrome.exe	86
PID 3328 wrote to memory of 908	3328	chrome.exe	86
PID 3328 wrote to memory of 908	3328	chrome.exe	86
PID 3328 wrote to memory of 908	3328	chrome.exe	86
PID 3328 wrote to memory of 908	3328	chrome.exe	86
PID 3328 wrote to memory of 908	3328	chrome.exe	86
PID 3328 wrote to memory of 908	3328	chrome.exe	86
PID 3328 wrote to memory of 908	3328	chrome.exe	86
PID 3328 wrote to memory of 908	3328	chrome.exe	86
PID 3328 wrote to memory of 908	3328	chrome.exe	86
PID 3328 wrote to memory of 908	3328	chrome.exe	86
PID 3328 wrote to memory of 908	3328	chrome.exe	86
PID 3328 wrote to memory of 908	3328	chrome.exe	86
PID 3328 wrote to memory of 908	3328	chrome.exe	86
PID 3328 wrote to memory of 908	3328	chrome.exe	86
PID 3328 wrote to memory of 908	3328	chrome.exe	86
PID 3328 wrote to memory of 908	3328	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.mediafire.com/folder/omrzoe61xxf63/a
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffdae85cc40,0x7ffdae85cc4c,0x7ffdae85cc58
  2⤵
  PID:2456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1792,i,5183293036624608056,3705755725073947793,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1784 /prefetch:2
  2⤵
  PID:2440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2124,i,5183293036624608056,3705755725073947793,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  PID:4932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2220,i,5183293036624608056,3705755725073947793,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2424 /prefetch:8
  2⤵
  PID:908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,5183293036624608056,3705755725073947793,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3120 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3108,i,5183293036624608056,3705755725073947793,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:3380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4728,i,5183293036624608056,3705755725073947793,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4712 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4736,i,5183293036624608056,3705755725073947793,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5368 /prefetch:8
  2⤵
  PID:3664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5080,i,5183293036624608056,3705755725073947793,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5300 /prefetch:8
  2⤵
  PID:4656

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1680

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2508

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3576

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:228

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap23952:70:7zEvent14159
1⤵
PID:2052

C:\Users\Admin\Downloads\Aura\Aura.exe
"C:\Users\Admin\Downloads\Aura\Aura.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:2956
- C:\Users\Admin\Downloads\Aura\Aura.exe
  "C:\Users\Admin\Downloads\Aura\Aura.exe"
  2⤵
  - Executes dropped EXE
  PID:228
- C:\Users\Admin\Downloads\Aura\Aura.exe
  "C:\Users\Admin\Downloads\Aura\Aura.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3944
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 784
  2⤵
  - Program crash
  PID:4412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2956 -ip 2956
1⤵
PID:1052

C:\Users\Admin\Desktop\Aura\Aura.exe
"C:\Users\Admin\Desktop\Aura\Aura.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:3448
- C:\Users\Admin\Desktop\Aura\Aura.exe
  "C:\Users\Admin\Desktop\Aura\Aura.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:804
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 808
  2⤵
  - Program crash
  PID:2956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 3448 -ip 3448
1⤵
PID:1316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
0992659913caf2420d135ef29ae4e26d

SHA1
23cf84a9d3345a87fa1ed0ab64e9da744e41d871

SHA256
c0e32a38fc4cc419fac05a07a328f3a70d1bad4ccf5ce859c3aef91a9daa7103

SHA512
8a3635221a1ba85ac3a5365ba79c4ea90b7205d91ac6ab7d3b26a6e815c7e1c82aa067ece0836e655ca3910f0db49baf00e4ac1f7f554c13062b88b695702a25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
1KB

MD5
816f4c2abdfbdef69e44ab1299cb12d5

SHA1
a4b309ddd97c1b02bdb4837819e8a5e3e1eb48ec

SHA256
1e46b33546f995e6230df081d150f8ade3069e17d9d616fcdf7a4f017e467531

SHA512
14b25e6dc643ba5d797316fa421421f88f832a1eb5f9c332e1515a60f03cdd045d8a5dd00472993bee5e82e975da51b4156117b846c3c08267bf8473c2bbdde4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f4df38c719964cf34038624ae3965eb7

SHA1
b64e1d5d45dd52f7bd77a455887ed2b0a4eea9d7

SHA256
0a2c6e6a5383a5596c368cddcdad4b673a4fe18728cb16c83849486499ae208d

SHA512
6036bcc0ef2983dbe76a9cda02dc44bd11a8d4c84fca1bb25b80507aaf61fd6e515883e1affba145694b6ccc85ce83709e0300bcc3c5f712da8fc0f95fb42ef7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
9634b58e7f04417f3b74476110004ba8

SHA1
6baab9d631e1f8c80bd5caad55f4a1e1b760771e

SHA256
0d3b2f159356acdaf7181d1eec4eb06669440d60b1a8611039574239b4a7daa3

SHA512
955289c12da4d5834ec76cbbfd6980140955f1d4afe99a7d069f38db92517b13d300337c470dd2287166d4dd5df30f48decf37161472d1f30e01a03fe48f9254

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
abed1c8b20830b710d162fe1b2bc3243

SHA1
ac0bf75ad4a7ac2ec93fde8cd9bdc334974d7029

SHA256
1a30da4c1230c68960faefe678f09a1b9b8cd4b85406b6d119cc91a70e108975

SHA512
5a68008d3299cf223d9ca34857d4765b7120feb25e778166118104db8c6ebfa3c0b085170a33c68093340861bd44a08b17c164b93ee8070eaab662b8202ca97e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
b79e5100f933ccc866d9bc29450df382

SHA1
dc3ad6ef0e20d9cd0798d1dc5bfe49265fb6d05c

SHA256
94f96adc42de32cea8db65d07e02d2b346eb499903b00cee98140a7801026c89

SHA512
84690654d76a991becfb7287e43782738276eaeb1e8b043aa5bf3b85bf8def89638f367fb088a3a536ad4317c541bc382f42a82ef36c7aa62b42ec8758dc7bec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0425ede08e22966fcf56c58a92b050da

SHA1
93275dd59888ea49b0fa96115ba47c22fd2c133b

SHA256
d666df7b195859735e2f48a33a07c71f97eec3e602375dfa9ed104125a4e84c7

SHA512
0a02c241b8075a04d341dd08cb6fe64626358a1cd4baf991f2c9bfa951f5ffc3ab0ae28bd00828f371e18399b4537761f18ccb8076af2ac88837fc5ceffc08ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c414b9d5cd809fb60a3760d37751eb4c

SHA1
7f43d7eddfb2d77b07ed2549a5b2481f1a9b2625

SHA256
a0aff61918f60e60989b44f9e4d6a9d342a6ffb141fb06961ab32f163b1a5402

SHA512
c2a189fcae306b4b6ce84c17157065f801dd693565d8724ee2162dbf7567226129ef76c29680bd110579aaeabee89aae42645fab26c153f11aee86297cfbf4c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9ecc006abf2d3097833648fab78cfc12

SHA1
330e39f7a855a384065e580fa27543eb8bd95d8d

SHA256
230d147e3c4cd88fdd3e0fa7f25bba07553d9bdbb9b564a33dc6c6960e9005be

SHA512
705ab9b3409bf33e881867a0692fb17c2df6ee487646f48d760b9214bcb584c37ca5a0ffb408339cf7b06ce25f6e11a17c4071f31f0f0ab1ca0c7abe354a6a10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
72c6fdc90e598ac209c292ca0d1d8b8c

SHA1
44a8d35760d02c5865704143453b87e3e04fb146

SHA256
79922feaac1697c4e0d4294d116678f24fc6fb8adeb3e6ac88bb7b4baf44e355

SHA512
2cb6690d8c1c1192ff664f2b738a54cd3fde902dc91b0d92f3668f0e065476ffdfc257c5b64838863fe0a824cc8e93b19819c0bf4ada3ae47030cf36672a7550

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
028d24cc32ead6d076f8874d3961bbf4

SHA1
5aef43b6215ba960424659c34486902dd3ef66a4

SHA256
bf653650b7810f8eb7d0ecafc25ff1c502c4bd73d75ddebd63cfcd0434251c2f

SHA512
ba54c0ccdc08c49ae7b152ca8cfba9bb365b6323156ef3a1428e7c389fe3203efc50b37504f43b2934d36538091ba0df171635a5e6bdb5ff5421977212c1d2dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d7fa6f2c958d79090b206c026d779446

SHA1
1319a117b3e5e81d7922dbabe709c6c8647c293b

SHA256
3116dc3e4465242007e063702b07e5fc3add037b9455e4a976097867122e0ac1

SHA512
311b1d66d2bac9d78f47624ed56664ab30cdf7ab785beaf7d8be71cc82ae0029d353148dab8e64f39f46a661e8a5ec23d3483a8141e63567ae46bec1a58ad8cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
118f51196e8faf2d4cd8eabee753eaf4

SHA1
1fd0cfd50581dcb5aa5be9a04f539cea19a5d286

SHA256
fe08dfb21ec52ea3c1ee6e03171d40f85b931d428c6f7388c98e498e16ad8624

SHA512
bd1644ebd281b36138e1e63f47a33816190ce4340a609ff0b37ba73e358f9efbb6ff3ec4532b4f05f3ab56a30e3cc1e35eaa69a271630a10c9dc4daa6a190db8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
37428324d120310b7f08873b8f0fe87d

SHA1
385b4f01ff4d882e729213e905eaf15334144bce

SHA256
bfa4348defc87f913777167afe1955ef93f325ffff234bf2ad2eadda7133449b

SHA512
5c03dd445383f4a5c12739ebca19ab3171575073f0376dc973f11e867650381950ef95b96180ee044ad2526494d9fe30784f92da2e37a73c58c2f4eaff7756d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a9bce4dd34ef4da126231ed61b8c8860

SHA1
00365c849b79903e3a18c28e9138eb5f9e5bd530

SHA256
39d9d68d51030b3900f8eaa5d6c4a6ffb7c0d57b78c0e64a915aa48b82a96370

SHA512
0d7d9a3bf00a20f264251e33a5601b759b356a3cd44966dc510133a375bc5975bd1d0d590b55f017bc3b35a557c39199b15128aab2d3524c1a3ccd1e6f46d56a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
d2d677aa54f042f87232096c824f0653

SHA1
514aa32d72ff22fa1172744b851f554d13fa8638

SHA256
bd9151cfdb3b0fe493c44140a0aa61a14f892b51718e73f165c3ece6d3beb25e

SHA512
65c867abace312e94c5a9b22a2ce6e7d6050c0a49999f10bef6a33e0effba1d4007fa48830666677f9912eed348cace714a62d6596825da78f99ae9d30647c85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
e588e75da4b1d122f91b2d22da41bd89

SHA1
fce5fbcd771fc136e066cf743ba51f2b5417a091

SHA256
4628c301a4e7142f8ae0767a03554faa22d4ebae538bf33567649adf1c4c99c3

SHA512
d1943b7156f335bc53342284a9dbaf563035dc6a32c968db0ad6aa053019d3e7fc97cebfd4dc6afd1ad8e606291a1fc7a9f56ce52f2e9b38dba955513b897636

Download Submit
C:\Users\Admin\Downloads\Aura\Aura.exe

Filesize
406KB

MD5
61e9dcf8c9d21d5a28c36965bede623b

SHA1
c1bd331db0d73a8a13c590585c8b03f9762a8885

SHA256
02cdf353999f2d1d920a436ba1d3b3a93c9a3200509a1461483d580ad0c1c98f

SHA512
d06c3fe12f86bd5be19534d8088d34f4adb5184aae704b1940416fc38201db6867775224762337aa0ac927cea13fd65c6747616962599e7b31b495856deffe4f

Download Submit
memory/2956-642-0x0000000005E40000-0x00000000063E4000-memory.dmp

Filesize
5.6MB

Download
memory/2956-641-0x0000000000D40000-0x0000000000DAA000-memory.dmp

Filesize
424KB

Download
memory/3944-647-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/3944-645-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download