lumma | 4c86e5f7cb1bb90e731820a3e11962be6bf6c33e6418ef9471d33f77332bfe52

Analysis

max time kernel
113s
max time network
111s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
10-01-2025 12:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

installer.rar
Size

4.5MB
MD5

5ecc8146b1ced97f71149caaa44df87a
SHA1

b19bf11d72268b7ae92fdbc72b4f30b4908341cd
SHA256

4c86e5f7cb1bb90e731820a3e11962be6bf6c33e6418ef9471d33f77332bfe52
SHA512

94c2fbc86556b4ff73c083423e236292105a23b93c6e771feb5247f0253cb7c38f2d92313d85ccd4446b80883e1c0c6118caf316b992e05d43f63ce0b1938ca1
SSDEEP

98304:wYHdfi1iHA+/sONh/f3xDYQpRdapmYpQmDl7rnq1ygG7fh:wf1ig3ONh/fBb4C6lnnmhG75

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

https://truculengisau.biz/api

https://spookycappy.biz/api

https://punishzement.biz/api

https://nuttyshop/api

https://nuttyshopr.biz/api

https://marketlumpe.biz/api

https://littlenotii.biz/api

https://grandiouseziu.biz/api

https://fraggielek.biz/api

https://whisperusz.biz/api

Extracted

Family

lumma

https://whisperusz.biz/api

https://fraggielek.biz/api

https://grandiouseziu.biz/api

https://littlenotii.biz/api

https://marketlumpe.biz/api

https://nuttyshopr.biz/api

https://punishzement.biz/api

https://spookycappy.biz/api

https://truculengisau.biz/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

Executes dropped EXE 2 IoCs

pid	Process
2376	Installer.exe
3976	Installer.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2376 set thread context of 3976	2376	Installer.exe	125

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4964	2376	WerFault.exe	123

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Installer.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133809860994140594"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
932	chrome.exe
932	chrome.exe
1668	7zFM.exe
1668	7zFM.exe
1668	7zFM.exe
1668	7zFM.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1668	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeRestorePrivilege	1668	7zFM.exe
Token: 35	1668	7zFM.exe
Token: SeSecurityPrivilege	1668	7zFM.exe
Token: SeShutdownPrivilege	932	chrome.exe
Token: SeCreatePagefilePrivilege	932	chrome.exe
Token: SeShutdownPrivilege	932	chrome.exe
Token: SeCreatePagefilePrivilege	932	chrome.exe
Token: SeShutdownPrivilege	932	chrome.exe
Token: SeCreatePagefilePrivilege	932	chrome.exe
Token: SeShutdownPrivilege	932	chrome.exe
Token: SeCreatePagefilePrivilege	932	chrome.exe
Token: SeShutdownPrivilege	932	chrome.exe
Token: SeCreatePagefilePrivilege	932	chrome.exe
Token: SeShutdownPrivilege	932	chrome.exe
Token: SeCreatePagefilePrivilege	932	chrome.exe
Token: SeShutdownPrivilege	932	chrome.exe
Token: SeCreatePagefilePrivilege	932	chrome.exe
Token: SeShutdownPrivilege	932	chrome.exe
Token: SeCreatePagefilePrivilege	932	chrome.exe
Token: SeShutdownPrivilege	932	chrome.exe
Token: SeCreatePagefilePrivilege	932	chrome.exe
Token: SeShutdownPrivilege	932	chrome.exe
Token: SeCreatePagefilePrivilege	932	chrome.exe
Token: SeShutdownPrivilege	932	chrome.exe
Token: SeCreatePagefilePrivilege	932	chrome.exe
Token: SeShutdownPrivilege	932	chrome.exe
Token: SeCreatePagefilePrivilege	932	chrome.exe
Token: SeShutdownPrivilege	932	chrome.exe
Token: SeCreatePagefilePrivilege	932	chrome.exe
Token: SeShutdownPrivilege	932	chrome.exe
Token: SeCreatePagefilePrivilege	932	chrome.exe
Token: SeShutdownPrivilege	932	chrome.exe
Token: SeCreatePagefilePrivilege	932	chrome.exe
Token: SeShutdownPrivilege	932	chrome.exe
Token: SeCreatePagefilePrivilege	932	chrome.exe
Token: SeShutdownPrivilege	932	chrome.exe
Token: SeCreatePagefilePrivilege	932	chrome.exe
Token: SeShutdownPrivilege	932	chrome.exe
Token: SeCreatePagefilePrivilege	932	chrome.exe
Token: SeShutdownPrivilege	932	chrome.exe
Token: SeCreatePagefilePrivilege	932	chrome.exe
Token: SeShutdownPrivilege	932	chrome.exe
Token: SeCreatePagefilePrivilege	932	chrome.exe
Token: SeShutdownPrivilege	932	chrome.exe
Token: SeCreatePagefilePrivilege	932	chrome.exe
Token: SeShutdownPrivilege	932	chrome.exe
Token: SeCreatePagefilePrivilege	932	chrome.exe
Token: SeShutdownPrivilege	932	chrome.exe
Token: SeCreatePagefilePrivilege	932	chrome.exe
Token: SeShutdownPrivilege	932	chrome.exe
Token: SeCreatePagefilePrivilege	932	chrome.exe
Token: SeShutdownPrivilege	932	chrome.exe
Token: SeCreatePagefilePrivilege	932	chrome.exe
Token: SeShutdownPrivilege	932	chrome.exe
Token: SeCreatePagefilePrivilege	932	chrome.exe
Token: SeShutdownPrivilege	932	chrome.exe
Token: SeCreatePagefilePrivilege	932	chrome.exe
Token: SeShutdownPrivilege	932	chrome.exe
Token: SeCreatePagefilePrivilege	932	chrome.exe
Token: SeShutdownPrivilege	932	chrome.exe
Token: SeCreatePagefilePrivilege	932	chrome.exe
Token: SeShutdownPrivilege	932	chrome.exe
Token: SeCreatePagefilePrivilege	932	chrome.exe
Token: SeShutdownPrivilege	932	chrome.exe

Suspicious use of FindShellTrayWindow 31 IoCs

pid	Process
1668	7zFM.exe
1668	7zFM.exe
1668	7zFM.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
1668	7zFM.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 932 wrote to memory of 4900	932	chrome.exe	104
PID 932 wrote to memory of 4900	932	chrome.exe	104
PID 932 wrote to memory of 8	932	chrome.exe	105
PID 932 wrote to memory of 8	932	chrome.exe	105
PID 932 wrote to memory of 8	932	chrome.exe	105
PID 932 wrote to memory of 8	932	chrome.exe	105
PID 932 wrote to memory of 8	932	chrome.exe	105
PID 932 wrote to memory of 8	932	chrome.exe	105
PID 932 wrote to memory of 8	932	chrome.exe	105
PID 932 wrote to memory of 8	932	chrome.exe	105
PID 932 wrote to memory of 8	932	chrome.exe	105
PID 932 wrote to memory of 8	932	chrome.exe	105
PID 932 wrote to memory of 8	932	chrome.exe	105
PID 932 wrote to memory of 8	932	chrome.exe	105
PID 932 wrote to memory of 8	932	chrome.exe	105
PID 932 wrote to memory of 8	932	chrome.exe	105
PID 932 wrote to memory of 8	932	chrome.exe	105
PID 932 wrote to memory of 8	932	chrome.exe	105
PID 932 wrote to memory of 8	932	chrome.exe	105
PID 932 wrote to memory of 8	932	chrome.exe	105
PID 932 wrote to memory of 8	932	chrome.exe	105
PID 932 wrote to memory of 8	932	chrome.exe	105
PID 932 wrote to memory of 8	932	chrome.exe	105
PID 932 wrote to memory of 8	932	chrome.exe	105
PID 932 wrote to memory of 8	932	chrome.exe	105
PID 932 wrote to memory of 8	932	chrome.exe	105
PID 932 wrote to memory of 8	932	chrome.exe	105
PID 932 wrote to memory of 8	932	chrome.exe	105
PID 932 wrote to memory of 8	932	chrome.exe	105
PID 932 wrote to memory of 8	932	chrome.exe	105
PID 932 wrote to memory of 8	932	chrome.exe	105
PID 932 wrote to memory of 8	932	chrome.exe	105
PID 932 wrote to memory of 4556	932	chrome.exe	106
PID 932 wrote to memory of 4556	932	chrome.exe	106
PID 932 wrote to memory of 4912	932	chrome.exe	107
PID 932 wrote to memory of 4912	932	chrome.exe	107
PID 932 wrote to memory of 4912	932	chrome.exe	107
PID 932 wrote to memory of 4912	932	chrome.exe	107
PID 932 wrote to memory of 4912	932	chrome.exe	107
PID 932 wrote to memory of 4912	932	chrome.exe	107
PID 932 wrote to memory of 4912	932	chrome.exe	107
PID 932 wrote to memory of 4912	932	chrome.exe	107
PID 932 wrote to memory of 4912	932	chrome.exe	107
PID 932 wrote to memory of 4912	932	chrome.exe	107
PID 932 wrote to memory of 4912	932	chrome.exe	107
PID 932 wrote to memory of 4912	932	chrome.exe	107
PID 932 wrote to memory of 4912	932	chrome.exe	107
PID 932 wrote to memory of 4912	932	chrome.exe	107
PID 932 wrote to memory of 4912	932	chrome.exe	107
PID 932 wrote to memory of 4912	932	chrome.exe	107
PID 932 wrote to memory of 4912	932	chrome.exe	107
PID 932 wrote to memory of 4912	932	chrome.exe	107
PID 932 wrote to memory of 4912	932	chrome.exe	107
PID 932 wrote to memory of 4912	932	chrome.exe	107
PID 932 wrote to memory of 4912	932	chrome.exe	107
PID 932 wrote to memory of 4912	932	chrome.exe	107
PID 932 wrote to memory of 4912	932	chrome.exe	107
PID 932 wrote to memory of 4912	932	chrome.exe	107
PID 932 wrote to memory of 4912	932	chrome.exe	107
PID 932 wrote to memory of 4912	932	chrome.exe	107
PID 932 wrote to memory of 4912	932	chrome.exe	107
PID 932 wrote to memory of 4912	932	chrome.exe	107
PID 932 wrote to memory of 4912	932	chrome.exe	107
PID 932 wrote to memory of 4912	932	chrome.exe	107

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\installer.rar"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1668
- C:\Users\Admin\AppData\Local\Temp\7zO48630A49\Installer.exe
  "C:\Users\Admin\AppData\Local\Temp\7zO48630A49\Installer.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  PID:2376
- - C:\Users\Admin\AppData\Local\Temp\7zO48630A49\Installer.exe
    "C:\Users\Admin\AppData\Local\Temp\7zO48630A49\Installer.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:3976
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 792
    3⤵
    - Program crash
    PID:4964

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff8defccc40,0x7ff8defccc4c,0x7ff8defccc58
  2⤵
  PID:4900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1776,i,3051342366075444492,5547893402366963195,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1772 /prefetch:2
  2⤵
  PID:8
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2096,i,3051342366075444492,5547893402366963195,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2120 /prefetch:3
  2⤵
  PID:4556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1356,i,3051342366075444492,5547893402366963195,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2448 /prefetch:8
  2⤵
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3140,i,3051342366075444492,5547893402366963195,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:3716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3212,i,3051342366075444492,5547893402366963195,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3712,i,3051342366075444492,5547893402366963195,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3700 /prefetch:1
  2⤵
  PID:1732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4796,i,3051342366075444492,5547893402366963195,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4812 /prefetch:8
  2⤵
  PID:5040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5044,i,3051342366075444492,5547893402366963195,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5048 /prefetch:8
  2⤵
  PID:1500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5068,i,3051342366075444492,5547893402366963195,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5064 /prefetch:8
  2⤵
  PID:1300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5088,i,3051342366075444492,5547893402366963195,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5212 /prefetch:8
  2⤵
  PID:1304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4844,i,3051342366075444492,5547893402366963195,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5132 /prefetch:8
  2⤵
  PID:928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5172,i,3051342366075444492,5547893402366963195,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5168 /prefetch:8
  2⤵
  PID:2472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4820,i,3051342366075444492,5547893402366963195,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5108 /prefetch:2
  2⤵
  PID:3376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5548,i,3051342366075444492,5547893402366963195,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:2504

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4384

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2376 -ip 2376
1⤵
PID:1228

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\4d8751ea-9746-401c-b7d1-2c16100c8d2e.tmp

Filesize
9KB

MD5
105486671da41bddeb08250cea62cd88

SHA1
61ae76e162324410c9558fda3d0ac5452a861c52

SHA256
094900af295b4374de99e51ac2a9549cef0fdd0de495839016c59b26665a042d

SHA512
b40a9edc229aa0de133952bf3563d75fb48ed4ab6eeb001a27dcd02560af7f1ab4cd927329dd111693bc6d8386c9ee78f6940dbc72f85192eb0484885559102b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
71087cecb78a303e228eda14f66eec30

SHA1
a0b52f570ca2ae088b4954658870c63b1390b968

SHA256
90e027d4fe04c24122e7979621648d3c8c743ea383fe51c4af249c6a8a7ecd40

SHA512
365a7c16906b402e3c31ac4e0bb2cde93569b5028ed1285cab50957a24621b3648044ecc455b8d70d00c03999fa5c8d357771f4c5cf48fa26548efd514a99e4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
408f4fc1385bd8469bfc864a03484405

SHA1
4135c25573c4beeea3c86c5cc5f35a0bbc5c9d70

SHA256
311cfd879f0363d876a37bc19cf1273aa51a5fb2288e6b97c80ddb7090ef3a91

SHA512
4cccc39d6a378d02e782e733545c00ab15e143f4a855879cd42adad6b299798bfcf8c37a131ed02649433c7025bac4ff60882e92265f950668dbc74b309386a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
e16d1af8d931577f2dc0e35898e3e826

SHA1
6a78ae3e0eedff0e06f09eba7e2d85e123b2fac7

SHA256
a86947bce3492dd0f506fbe829734c451e5105621664fc9353a8767cb4a5002a

SHA512
b88f6279203a936ef3b568902c2ad9804fdf0c6547f289c167e7e7933da2e2e366f6b242a77366247d01fc28dbd02c0529829bc5c710d18f5f2ffa39ef4ef038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
3d031f8cac4ac42e79277a990a09698a

SHA1
79307fd76971f7d7feeab44aa45183334dd2ea72

SHA256
6fae0625066059ca453fe7561c7468d790b19d5bb6a6bff531865ce9cd1dd850

SHA512
5fa121e3e2a3d6553955fe6784a2ed8402d996bc76bc7842e361bf5c82951d49fa28341c3daa12194a520222bb0fbd1bac360e2928017da8760bfc575923564e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
ee7dc2e43c069fe12490b5ed86f3af59

SHA1
8a60438e751d3e6311a3f8c7bc68ffc12d8a705d

SHA256
2158f30062dec89a4cfd27b247d654af389abb3b2e769ae06920e7ec995bdec7

SHA512
4b08df4646065c3e3c29224b55d9e3cdf4b796d741957ab255147f2c4991a484c116520da9d673d8d5a19e7b1c39efc431b4e7f33121376855ee7f1b6ddb667a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
6c9ec402d3b483a8be176d18b3ea23fa

SHA1
64e3cda1e072f5afc15098d61f377a5f652104a1

SHA256
06e14fdc7f057ef78da4e6c6ffed6a85ff05a089444db67c908551b800568952

SHA512
6410fe8c862af3de241d188f995559fa562c57ffd55b81f30cd81cc7fd394a6e41044ef8eeb5bf8526aab99899d85c789c3fd95180917f0dbaafb8957debab67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
25ec92786115e593e8ad4d441d699848

SHA1
77c5aab0a401e183ef35cf969e8aac614d8618d0

SHA256
48569a442f8868c094940ce4ae9912956bed05363a7daa04bc3861495396b6b2

SHA512
2bae159cd1740adddc6ce44e0fc51598d13daa5461256767c66dccab85159438f1edd926a8d4524132aa828af21fd075962b921ffba802a520eb5d0bf3e54627

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b55eba9d60777f787ce56357196e88f4

SHA1
ccb2dcc135d0249a9f8e3f4851923594e657ad34

SHA256
f66838562e390d2d08103f7bf59ef797b412ec3f50564774feb4212f00816877

SHA512
e3c3e3555989af80696066e46888987a9a33d25160c42f373fe193e89641496da1231fdb638cc19783958cecb850b445f4881d0318b6cd4e58c6ea92af5808e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fb3f59a92d83c26f09466601caee7fbf

SHA1
16c71601e61199a35d5ab8c2b55cf38d780292c5

SHA256
d803467204b7ca1b62443a44a850fd096b7067a22da3878be80c616b66772548

SHA512
bd3ff44901e205a3c536c508066091d956c118029afe4c716a556c5c4b85878d21d008c539e05a0cc80594694fbf92019679d6bb33d7104aaba840b206344f54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6a3cf18378d8f7b3c48d0bdf5c202ba9

SHA1
e332d524234218d04b0c3fb901a3419d80cccdc9

SHA256
f34121a4e594066888775454ca3b185b23bdbd51a243a2d20d4a3834dd3803dd

SHA512
bbd1278f8edcdeacd570f2bb5c06e3140a7afe717de0372f584ed8300a95a3d78f39b9059f960d49f77ca210321d14226d06e7f11562a590f962e1b9f8a96435

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2918902281cacf1dcf37eed85138103a

SHA1
b716df08acc1c8a20138a009e93e361b71adc3c7

SHA256
e9e6cd3e9a05acbf01eba7816ffec74b4cbc8a4e2d954d15656528fc14c43549

SHA512
44457de42b42f963915587a8a11479804686af2028f7f92360b7b84873b753992dc632b96f75c3b2e3dedcdbf52efbf0dc4fcc55b32ad21384ff1f45ea88ba0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
9cd4432b8eb4f25945c588a21062da06

SHA1
a10c5081a1a1d287714f5ba10f40c200c4eddcb1

SHA256
b261e936e9e513b4ee9d8beb5b27328c11c40dafb49f5de07a5ace2b187682e5

SHA512
dd259e6e80911f0d0912ba38530386ee8406aac960f1101b1a9f9566d0f0b65baf302541ea2e24bf7a8e75192546f56ee56bfe3197023be10a8b38c7af9f6b47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

Filesize
72B

MD5
13afce985f192e5e461a0575790acfb1

SHA1
118b85dc582a718174a17e8a6434ddf001f0cd49

SHA256
a81106ed6da936b0ec6c3065cfe25758e94a245b110c3551a549de6f63a3aa69

SHA512
c8036faf62308df3c8189b579378239813e0975b1ef4f5044f71ec1788f2a66df3fa43fd844f10e03da5110ef9184e36b83b52a6d4d2c882ad9b5eacab7b111a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
8ec82e74d8ba1c5138755282222c1e3f

SHA1
ed63c086040b6b6466a51658a332ae4c53dd990f

SHA256
83e3cf9a3d414f2511c4a1c75b017e4b73fd31f969f4c0e66a38c3cd71f5eaf2

SHA512
c1af1cd90d6f8052d8d7539295f2a06432f18fa9d6c0d22d9792b4d8f7b945c40f2e4773b6e22045a9df143b8dd259f794933bdcd6867fd52a880b05da930c76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
8045dbe2f252096ed64b43086b894945

SHA1
edc843d006343da30ada54aba5ab15446c6e122f

SHA256
fd8eaee74d345fcbdc47977d4fe9daccc92cc11d0b2ef53fbeff4c6c6e832d6b

SHA512
79b044c5692e749f5326220fbb0317d49039fb7a13320390c7af7ef57e664a1a88ae10c4722db1fdcebee5db3d554329aaded9e5a19141a3863f6a913e251f8b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO48630A49\Installer.exe

Filesize
344KB

MD5
8596edf23e14b8f42512a944d4936006

SHA1
317ae885be4c576cd305ac7c7e29555d9fd79515

SHA256
6b8fbe52f67c8bf579204130397a30472a9f226a293ac7e19e1537ac1ff4b866

SHA512
f7df6abcbdd9a1cc0bf2f2bb3bf6d918a16ad3fdc1d50a8485cf8edf59c255f64e0caf0083e2cb907cd5cc521f4ff3600a51a3b496b845c3dcd3f469d640ba53

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir932_838718926\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir932_838718926\adda928d-0901-40f8-b179-eab47222afe2.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
memory/2376-581-0x0000000000240000-0x000000000029C000-memory.dmp

Filesize
368KB

Download
memory/2376-582-0x0000000005060000-0x0000000005604000-memory.dmp

Filesize
5.6MB

Download
memory/3976-586-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/3976-584-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download