lumma | hxxps://www[.]youtube[.]com/redirect?event=video_description&redir_token=QUFFLUhqbnZtOU0xdFgyVkk1a3N2NUtpRlFnbWVUd0dNd3xBQ3Jtc0ttdTdITE0zbE1HRG9BNUJGc2NCOGJZdU5ZVm9fYTlyZXg4ZFVJMF9GaDQwRFBWbWFTRWpWU28zeGl1ekxLY3ctQlJZbjVHVG5aNUROeEN6Yk9HYmV0SlltNUVWYVFCRF9CNkZVaGxScEVuMXVpYmRzYw&q=https%3A%2F%2Fsites[.]google[.]com%2Fview%2Fexlauncher69%2Fdownload&v=DM1vNjMmI_o

Analysis

max time kernel
89s
max time network
83s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250113-de
resource tags

arch:x64arch:x86image:win10ltsc2021-20250113-delocale:de-deos:windows10-ltsc 2021-x64systemwindows
submitted
15-01-2025 18:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbnZtOU0xdFgyVkk1a3N2NUtpRlFnbWVUd0dNd3xBQ3Jtc0ttdTdITE0zbE1HRG9BNUJGc2NCOGJZdU5ZVm9fYTlyZXg4ZFVJMF9GaDQwRFBWbWFTRWpWU28zeGl1ekxLY3ctQlJZbjVHVG5aNUROeEN6Yk9HYmV0SlltNUVWYVFCRF9CNkZVaGxScEVuMXVpYmRzYw&q=https%3A%2F%2Fsites.google.com%2Fview%2Fexlauncher69%2Fdownload&v=DM1vNjMmI_o

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

https://inflameopooi.shop/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

Executes dropped EXE 2 IoCs

pid	Process
1064	vs-game-force-sof.exe
2616	vs-game-force-sof.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
20	sites.google.com
21	sites.google.com
22	sites.google.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vs-game-force-sof.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vs-game-force-sof.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133814410839990320"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
1064	vs-game-force-sof.exe
1064	vs-game-force-sof.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2196	chrome.exe
Token: SeCreatePagefilePrivilege	2196	chrome.exe
Token: SeShutdownPrivilege	2196	chrome.exe
Token: SeCreatePagefilePrivilege	2196	chrome.exe
Token: SeShutdownPrivilege	2196	chrome.exe
Token: SeCreatePagefilePrivilege	2196	chrome.exe
Token: SeShutdownPrivilege	2196	chrome.exe
Token: SeCreatePagefilePrivilege	2196	chrome.exe
Token: SeShutdownPrivilege	2196	chrome.exe
Token: SeCreatePagefilePrivilege	2196	chrome.exe
Token: SeShutdownPrivilege	2196	chrome.exe
Token: SeCreatePagefilePrivilege	2196	chrome.exe
Token: SeShutdownPrivilege	2196	chrome.exe
Token: SeCreatePagefilePrivilege	2196	chrome.exe
Token: SeShutdownPrivilege	2196	chrome.exe
Token: SeCreatePagefilePrivilege	2196	chrome.exe
Token: SeShutdownPrivilege	2196	chrome.exe
Token: SeCreatePagefilePrivilege	2196	chrome.exe
Token: SeShutdownPrivilege	2196	chrome.exe
Token: SeCreatePagefilePrivilege	2196	chrome.exe
Token: SeShutdownPrivilege	2196	chrome.exe
Token: SeCreatePagefilePrivilege	2196	chrome.exe
Token: SeShutdownPrivilege	2196	chrome.exe
Token: SeCreatePagefilePrivilege	2196	chrome.exe
Token: SeShutdownPrivilege	2196	chrome.exe
Token: SeCreatePagefilePrivilege	2196	chrome.exe
Token: SeShutdownPrivilege	2196	chrome.exe
Token: SeCreatePagefilePrivilege	2196	chrome.exe
Token: SeShutdownPrivilege	2196	chrome.exe
Token: SeCreatePagefilePrivilege	2196	chrome.exe
Token: SeShutdownPrivilege	2196	chrome.exe
Token: SeCreatePagefilePrivilege	2196	chrome.exe
Token: SeShutdownPrivilege	2196	chrome.exe
Token: SeCreatePagefilePrivilege	2196	chrome.exe
Token: SeShutdownPrivilege	2196	chrome.exe
Token: SeCreatePagefilePrivilege	2196	chrome.exe
Token: SeShutdownPrivilege	2196	chrome.exe
Token: SeCreatePagefilePrivilege	2196	chrome.exe
Token: SeShutdownPrivilege	2196	chrome.exe
Token: SeCreatePagefilePrivilege	2196	chrome.exe
Token: SeShutdownPrivilege	2196	chrome.exe
Token: SeCreatePagefilePrivilege	2196	chrome.exe
Token: SeShutdownPrivilege	2196	chrome.exe
Token: SeCreatePagefilePrivilege	2196	chrome.exe
Token: SeShutdownPrivilege	2196	chrome.exe
Token: SeCreatePagefilePrivilege	2196	chrome.exe
Token: SeShutdownPrivilege	2196	chrome.exe
Token: SeCreatePagefilePrivilege	2196	chrome.exe
Token: SeShutdownPrivilege	2196	chrome.exe
Token: SeCreatePagefilePrivilege	2196	chrome.exe
Token: SeShutdownPrivilege	2196	chrome.exe
Token: SeCreatePagefilePrivilege	2196	chrome.exe
Token: SeShutdownPrivilege	2196	chrome.exe
Token: SeCreatePagefilePrivilege	2196	chrome.exe
Token: SeShutdownPrivilege	2196	chrome.exe
Token: SeCreatePagefilePrivilege	2196	chrome.exe
Token: SeShutdownPrivilege	2196	chrome.exe
Token: SeCreatePagefilePrivilege	2196	chrome.exe
Token: SeShutdownPrivilege	2196	chrome.exe
Token: SeCreatePagefilePrivilege	2196	chrome.exe
Token: SeShutdownPrivilege	2196	chrome.exe
Token: SeCreatePagefilePrivilege	2196	chrome.exe
Token: SeShutdownPrivilege	2196	chrome.exe
Token: SeCreatePagefilePrivilege	2196	chrome.exe

Suspicious use of FindShellTrayWindow 45 IoCs

pid	Process
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2972	7zG.exe
2140	7zG.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2196 wrote to memory of 636	2196	chrome.exe	83
PID 2196 wrote to memory of 636	2196	chrome.exe	83
PID 2196 wrote to memory of 2588	2196	chrome.exe	84
PID 2196 wrote to memory of 2588	2196	chrome.exe	84
PID 2196 wrote to memory of 2588	2196	chrome.exe	84
PID 2196 wrote to memory of 2588	2196	chrome.exe	84
PID 2196 wrote to memory of 2588	2196	chrome.exe	84
PID 2196 wrote to memory of 2588	2196	chrome.exe	84
PID 2196 wrote to memory of 2588	2196	chrome.exe	84
PID 2196 wrote to memory of 2588	2196	chrome.exe	84
PID 2196 wrote to memory of 2588	2196	chrome.exe	84
PID 2196 wrote to memory of 2588	2196	chrome.exe	84
PID 2196 wrote to memory of 2588	2196	chrome.exe	84
PID 2196 wrote to memory of 2588	2196	chrome.exe	84
PID 2196 wrote to memory of 2588	2196	chrome.exe	84
PID 2196 wrote to memory of 2588	2196	chrome.exe	84
PID 2196 wrote to memory of 2588	2196	chrome.exe	84
PID 2196 wrote to memory of 2588	2196	chrome.exe	84
PID 2196 wrote to memory of 2588	2196	chrome.exe	84
PID 2196 wrote to memory of 2588	2196	chrome.exe	84
PID 2196 wrote to memory of 2588	2196	chrome.exe	84
PID 2196 wrote to memory of 2588	2196	chrome.exe	84
PID 2196 wrote to memory of 2588	2196	chrome.exe	84
PID 2196 wrote to memory of 2588	2196	chrome.exe	84
PID 2196 wrote to memory of 2588	2196	chrome.exe	84
PID 2196 wrote to memory of 2588	2196	chrome.exe	84
PID 2196 wrote to memory of 2588	2196	chrome.exe	84
PID 2196 wrote to memory of 2588	2196	chrome.exe	84
PID 2196 wrote to memory of 2588	2196	chrome.exe	84
PID 2196 wrote to memory of 2588	2196	chrome.exe	84
PID 2196 wrote to memory of 2588	2196	chrome.exe	84
PID 2196 wrote to memory of 2588	2196	chrome.exe	84
PID 2196 wrote to memory of 2908	2196	chrome.exe	85
PID 2196 wrote to memory of 2908	2196	chrome.exe	85
PID 2196 wrote to memory of 2060	2196	chrome.exe	86
PID 2196 wrote to memory of 2060	2196	chrome.exe	86
PID 2196 wrote to memory of 2060	2196	chrome.exe	86
PID 2196 wrote to memory of 2060	2196	chrome.exe	86
PID 2196 wrote to memory of 2060	2196	chrome.exe	86
PID 2196 wrote to memory of 2060	2196	chrome.exe	86
PID 2196 wrote to memory of 2060	2196	chrome.exe	86
PID 2196 wrote to memory of 2060	2196	chrome.exe	86
PID 2196 wrote to memory of 2060	2196	chrome.exe	86
PID 2196 wrote to memory of 2060	2196	chrome.exe	86
PID 2196 wrote to memory of 2060	2196	chrome.exe	86
PID 2196 wrote to memory of 2060	2196	chrome.exe	86
PID 2196 wrote to memory of 2060	2196	chrome.exe	86
PID 2196 wrote to memory of 2060	2196	chrome.exe	86
PID 2196 wrote to memory of 2060	2196	chrome.exe	86
PID 2196 wrote to memory of 2060	2196	chrome.exe	86
PID 2196 wrote to memory of 2060	2196	chrome.exe	86
PID 2196 wrote to memory of 2060	2196	chrome.exe	86
PID 2196 wrote to memory of 2060	2196	chrome.exe	86
PID 2196 wrote to memory of 2060	2196	chrome.exe	86
PID 2196 wrote to memory of 2060	2196	chrome.exe	86
PID 2196 wrote to memory of 2060	2196	chrome.exe	86
PID 2196 wrote to memory of 2060	2196	chrome.exe	86
PID 2196 wrote to memory of 2060	2196	chrome.exe	86
PID 2196 wrote to memory of 2060	2196	chrome.exe	86
PID 2196 wrote to memory of 2060	2196	chrome.exe	86
PID 2196 wrote to memory of 2060	2196	chrome.exe	86
PID 2196 wrote to memory of 2060	2196	chrome.exe	86
PID 2196 wrote to memory of 2060	2196	chrome.exe	86
PID 2196 wrote to memory of 2060	2196	chrome.exe	86

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbnZtOU0xdFgyVkk1a3N2NUtpRlFnbWVUd0dNd3xBQ3Jtc0ttdTdITE0zbE1HRG9BNUJGc2NCOGJZdU5ZVm9fYTlyZXg4ZFVJMF9GaDQwRFBWbWFTRWpWU28zeGl1ekxLY3ctQlJZbjVHVG5aNUROeEN6Yk9HYmV0SlltNUVWYVFCRF9CNkZVaGxScEVuMXVpYmRzYw&q=https%3A%2F%2Fsites.google.com%2Fview%2Fexlauncher69%2Fdownload&v=DM1vNjMmI_o
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ffc3bf9cc40,0x7ffc3bf9cc4c,0x7ffc3bf9cc58
  2⤵
  PID:636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1964,i,8154214827690750895,15271511585338501437,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=1960 /prefetch:2
  2⤵
  PID:2588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1544,i,8154214827690750895,15271511585338501437,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  PID:2908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2204,i,8154214827690750895,15271511585338501437,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=2436 /prefetch:8
  2⤵
  PID:2060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3144,i,8154214827690750895,15271511585338501437,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:1420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3136,i,8154214827690750895,15271511585338501437,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4612,i,8154214827690750895,15271511585338501437,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4628 /prefetch:8
  2⤵
  PID:2520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4784,i,8154214827690750895,15271511585338501437,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4848 /prefetch:1
  2⤵
  PID:1788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4976,i,8154214827690750895,15271511585338501437,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:2912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5076,i,8154214827690750895,15271511585338501437,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:3020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5396,i,8154214827690750895,15271511585338501437,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4876 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5380,i,8154214827690750895,15271511585338501437,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:3732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5848,i,8154214827690750895,15271511585338501437,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:4696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5072,i,8154214827690750895,15271511585338501437,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5844 /prefetch:1
  2⤵
  PID:1904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5660,i,8154214827690750895,15271511585338501437,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5448 /prefetch:8
  2⤵
  PID:3548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5052,i,8154214827690750895,15271511585338501437,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5484 /prefetch:8
  2⤵
  PID:1680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5736,i,8154214827690750895,15271511585338501437,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4884 /prefetch:8
  2⤵
  PID:1404

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:744

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2960

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2172

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap19491:96:7zEvent3854
1⤵
- Suspicious use of FindShellTrayWindow
PID:2972

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\vs-game-force-sof\" -ad -an -ai#7zMap11623:96:7zEvent7685
1⤵
- Suspicious use of FindShellTrayWindow
PID:2140

C:\Users\Admin\Downloads\vs-game-force-sof\vs-game-force-sof.exe
"C:\Users\Admin\Downloads\vs-game-force-sof\vs-game-force-sof.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:1064

C:\Users\Admin\Downloads\vs-game-force-sof\vs-game-force-sof.exe
"C:\Users\Admin\Downloads\vs-game-force-sof\vs-game-force-sof.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2616

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028

Filesize
35KB

MD5
7c702451150c376ff54a34249bceb819

SHA1
3ab4dc2f57c0fd141456c1cbe24f112adf3710e2

SHA256
77d21084014dcb10980c296e583371786b3886f5814d8357127f36f8c6045583

SHA512
9f1a79e93775dc5bd4aa9749387d5fa8ef55037ccda425039fe68a5634bb682656a9ed4b6940e15226f370e0111878ecd6ec357d55c4720f97a97e58ece78d59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
9a5877fe7b1fe7229d25d7159991bdaf

SHA1
65ee958d7d4561fd61e9575c731cc099846b6e1f

SHA256
82704c6e1c13b532fa719acb0ff6817c865f9268c0cba8e9c7dc66ad84d0c354

SHA512
0225e700d5190ca9b6ff3971c2677176d75f530b034fd4a7113d824e828913e9a486a538845904e769edcc20e7f7a517387c4699fd7c1809f18a24c858ca9a2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
11KB

MD5
099350eb74aa2e8cb80bfdf286d1055b

SHA1
724772e4892e016ccc1a895bdd45ff49ed9ddf49

SHA256
d0574e0e8a94bf4515685a4ef0717bffb21131bb2f6d273ed31b14b0805636d3

SHA512
9db32af99c77ef7ae0942ad0d9804b4b75f4ef97da17ef43c741fd5d82bb9278b051af06395a7efc3eef71398df8a5b0ea4d073cfb0019072c8fac93bbeb2d1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
692B

MD5
a35d1621866c82d19d96c79b443fdaaa

SHA1
d70456af612c0416258d4be61cfeaa3fa1b3d0e9

SHA256
af834910863f164f4fc70e3811b51e1d5e178307be60dab432a16f000e0be0e4

SHA512
70d7c0fb40dff11d1f095564a9de7bd8955eec59bfe30cdd25b242b75ff96bec17f634e4ba9835b2a61ce9d50b1e7e22dd5f586d85af287929e374ccaba48b20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
806023669d22d538ee931c0d01553455

SHA1
3766a2b3f265efbdd170085e2f8cf832761e73a3

SHA256
4cbf0b54aa7ad82757c99407735b75421d7bffe694df82d4c3770051ed4cfecb

SHA512
dcf4d71958a582f9b9ddba84cafcad2dcd5aa46567598e4ee253f773f80b74af6b0452b348b186ea3cbe12cc128a146de095108819507696f41e23a4aadcd903

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3f92abd9e5cbcefd3a583fb4cb467bf8

SHA1
446b302dd323eadab25ed6a82e32f66ba0c6af0b

SHA256
dcea613e36feedf3bed0b2a662a6686db6315ae337ac424eb4aa98f4d8ec3bb1

SHA512
c7f153dba9b593c5c26e29f9fa4ee9a4ac0e1fb9bda1182101b732c602b0ca2049d60330968651db7fde7e56e12d479500db46f1a51ed85b8dc3789fc028e6fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8599d3ac073204c48e9fec7ca63123aa

SHA1
80d1fae212c758f8901e11d3b125046618042816

SHA256
e2fd06e5813327947c468e577ade0e439b29c79038bf610ff2f42be8a6032fef

SHA512
75a163ef58cc46554301fd3b3280ffcae21c8e6347c4f28827ab65764831508ef06384ffc0e5e69139e18d005734473b92b0d729f370bebf670eb2f8eab85f1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8d6ce6a1b718b1f5fb5acbcd1f50c7d4

SHA1
0acdd8de239f1ad55c7d8bc9027fdf0d913cb959

SHA256
5cde183cee0142eddea02f513245d4a1f63e9588234b86cea394ba25ae515316

SHA512
9481574b86e9d018d450cc7dd95d6a6ceef8d1d338525875548ddb3214d32503b7b4a5666e93be9fe54011fd923395edd3989455cee789976c8e91419b6297b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1d2ccf19b1a081099736f0f33465803e

SHA1
0a99826fb87b0856d4286a8b98e9c682e37dbc43

SHA256
1aeac463d41a75aec0117ab43072afc2f84042bc85b42d6ceb183c614d717449

SHA512
22a3d1f70f340f582f434783788000aed5bc5431ff445fe583a2f7758279c6b57c7d85e9e5fcbace89758bef035564a0e6a6278774c07c763dabac5c41a8a998

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
68769a6c01e835607f6fc9056824bb67

SHA1
153e7039b3fda697541f2b6b537742a34b1212f1

SHA256
6c42213c5f9ddec32cab19119b4cf8ee288ec74d5362a0848aadd47d3ba0afb5

SHA512
cdb485cda9f784c409d39fd2c47ab7fcb3585a97a6af96dcc9225db6066967e55f5f9c8949455262f7c69cfa2fdbdd727bb8c74b1c989bfe711c890c4623fc65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
be52431e6865ac20edc145598e3f850f

SHA1
77cccd26600f35a45fd577a6fb97e29fc0285185

SHA256
d4a3cb95064a6c19c483e466fd27d2414c955508669efd9b7d27c1a8203c1ad1

SHA512
36224ec6fb9b81204f2ede5a83ecf9a12342b189f9a8f9ac467fd88fc09cf1b409cb179f9549cf22fe7c991fbaf40551c70caeecc45d385848d8085f9820b50c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
30b6eddd334c13ad35e5db126624bb2a

SHA1
b00e32e4330741cf9fd61bf732d1b029bf209281

SHA256
3e17c90f6e0c70a468b1724cca92941c7e14f242e0f2e6434ab29e8cada214c4

SHA512
e829f34400d799d52a8a2a805ff48465bd07b05c3c6aa0e2a19a34d0b3e1fef69e04937b7e2becd431952941c90e695606bf531cc00d092a55484a45808c733d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
120KB

MD5
7840c44d29d96796568fc1e130a2ac87

SHA1
53bdc308cd516d8c0a37d5969434cfbe1cef0299

SHA256
865af0cdc8347f8fb8f8623ab331b394a11390dc689fce16181f582db949c588

SHA512
dc73a0f807a688bc76ac923829b1281571e462559f640e50967d97e1cc1bd802dce30a722f88c599ebf97b3323d3960c8909baa5927aca899ba01dd8857f5127

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
120KB

MD5
ebad5beaef3af93d4958e6081c57435d

SHA1
a624a4c303e043f3b281afe0f5a28cf9108916e4

SHA256
1c1667af44b7684019eae0aeeb74757be327574f4bab442d31cb0347a4a61136

SHA512
58c34175afe28def4353c4d8b2e8661bb638508e7c9adfe0ceaaad1b7d51f523d3767f23385bc20fce0e5eb6cdd6621190b3589ea55f6834182c5f50f9c28bd0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
120KB

MD5
5aa7e3c308bfe0ce85f8f624fd84d6e1

SHA1
4ebe12039162137e31ec918b6b8147d5515b15df

SHA256
5a4c858bab53e84a9c8dba034b186f3b1f9956cfef8ba6d4318021a61255b75a

SHA512
d843d7dae24a4ce6d0acec3659387cb12c0011a6a0435d0eb021a68b787589f906a1b96b504fb837a4f836bddfa90ccc163630f594dcd8d7efe6264ad416a0a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
120KB

MD5
9284a94f118456118e62557e1d46b55a

SHA1
6a6bc948dfef2535ab02bd02d58cc33ba84387a1

SHA256
0d37a381b7afeb1b501f33ab910527f19e3639ffa2cc92002ca3889bd61685bf

SHA512
b21c9721c439f5334acad066f6f794c929d30cd200e452f907f24f9094b0cf4bf244ff532049ffcbed9e038e797b46aa40597160bbe61db1c5fa62fa277ae0e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
177KB

MD5
2aaad1547089c0668b267cf787dce066

SHA1
b20275abe3671e3646b63bf72d3cd22094ff5071

SHA256
7dab2274f049b7b92d494135cacf7b7ac15f2afc83db72eab7ada45ca6349ff8

SHA512
b6134f4135afe28ba329d5166cab64f2410c5b839e2a5746bb201fd4709ebf1d5ff80e78d18de243f4f120b19fbd8aa257b3473c6cae166117873a77932ef526

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
120KB

MD5
a891f595cbe977a4eeb782d4db1e2a0f

SHA1
a015ecc74c2cfbdf1b7cd347d52b36e9b1478369

SHA256
9bd5181c98a38c3ca9be70a1305837fe8f23c22fb24aed99c2487bfda48c9587

SHA512
ffd55ed2d8f3897e0455424b07a77dbac725639114a30b9c733d41319fb97962c546520d11226509399c7f79bc498b6e75c67479acc30c2fabe6d5de84ce3bfb

Download Submit
C:\Users\Admin\Downloads\vs-game-force-sof.rar

Filesize
1.4MB

MD5
103c31245bb23f4ad5d2b22569e3e2f0

SHA1
7da612196b5877227ab25ad649738701bec252d3

SHA256
effaaa42dbf1e325a68bd05e818d79f2c1ee7ae9cfcf67aa7cd970726ad8e7f4

SHA512
8e258f2cba5ae9b8a6d1842611a52b8a05f0c1d152b3cf7bd1acf0af94cf6635ab25a25ae4e335540b0cfb5104379930b2f750fe743721e7e344043602a2e22a

Download Submit
C:\Users\Admin\Downloads\vs-game-force-sof.zip.crdownload

Filesize
8.4MB

MD5
6fe73c8cc8c7b5d5817022c53779d547

SHA1
16a8c5c1bca86b64a7e90823f19af40bfcf1590d

SHA256
dfaca0b7dffb83c75470cd4e018fdfce420f6c2880c84c652ef56b8d9fcf249b

SHA512
32828ab2fd1f60e6cf1825c5bc710bb3962b684f69d2d47915ff40356a9ee595620ac96a175e9002eb70d153efb019c4d213fbb6a23cdb39d53c2071d22faa18

Download Submit
memory/1064-388-0x0000000000400000-0x00000000007AA000-memory.dmp

Filesize
3.7MB

Download
memory/1064-390-0x0000000002630000-0x0000000002680000-memory.dmp

Filesize
320KB

Download
memory/1064-410-0x0000000000400000-0x00000000007AA000-memory.dmp

Filesize
3.7MB

Download