lumma | c745ca7fae116ef43c7329ea75b6d395ed86f38f71fb6557fb03960230afb352

Analysis

max time kernel
264s
max time network
266s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250113-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250113-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
22-01-2025 18:28

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

exlauncher43.html
Size

72KB
MD5

cb6b6132a66210df95e060df9b23d83e
SHA1

e0be4deed6b359eb3f91a4c7c85ac193a3adfa25
SHA256

c745ca7fae116ef43c7329ea75b6d395ed86f38f71fb6557fb03960230afb352
SHA512

a6cbe262dba0c417349abc07dbdc8ba447854bc277eaf51af15c3d5f25a3139658f3e3a226312704d4553093661f8b1da65f56cc51262904903ebd9dfcafae0c
SSDEEP

1536:Nk8iW/o/qz3fW8iW9IqjkbTM/k85SMPKwEpXfM12bMAs8EpnWFSQovqBfbtc:N3wqz3fEd85SMPKTXfMOMWEISQo0xc

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

https://toppyneedus.biz/api

https://suggestyuoz.biz/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

Executes dropped EXE 3 IoCs

pid	Process
4736	merge-force-ww.exe
2400	merge-force-ww.exe
4964	merge-force-ww.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
28	sites.google.com
29	sites.google.com
27	sites.google.com

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	merge-force-ww.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	merge-force-ww.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	merge-force-ww.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 17 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "11"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133820441523450417"	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2449540194-3226363261-2578591490-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 28 IoCs

pid	Process
4776	chrome.exe
4776	chrome.exe
3548	chrome.exe
3548	chrome.exe
3548	chrome.exe
3548	chrome.exe
4736	merge-force-ww.exe
4736	merge-force-ww.exe
3028	taskmgr.exe
3028	taskmgr.exe
3028	taskmgr.exe
3028	taskmgr.exe
3028	taskmgr.exe
3028	taskmgr.exe
3028	taskmgr.exe
3028	taskmgr.exe
3028	taskmgr.exe
3028	taskmgr.exe
3028	taskmgr.exe
3028	taskmgr.exe
3028	taskmgr.exe
3028	taskmgr.exe
3028	taskmgr.exe
3028	taskmgr.exe
3028	taskmgr.exe
3028	taskmgr.exe
2400	merge-force-ww.exe
2400	merge-force-ww.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
1380	7zG.exe
560	7zG.exe
4776	chrome.exe
4776	chrome.exe
3028	taskmgr.exe
3028	taskmgr.exe
3028	taskmgr.exe
3028	taskmgr.exe
3028	taskmgr.exe
3028	taskmgr.exe
3028	taskmgr.exe
3028	taskmgr.exe
3028	taskmgr.exe
3028	taskmgr.exe
3028	taskmgr.exe
3028	taskmgr.exe
3028	taskmgr.exe
3028	taskmgr.exe
3028	taskmgr.exe
3028	taskmgr.exe
3028	taskmgr.exe
3028	taskmgr.exe
3028	taskmgr.exe
3028	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
3028	taskmgr.exe
3028	taskmgr.exe
3028	taskmgr.exe
3028	taskmgr.exe
3028	taskmgr.exe
3028	taskmgr.exe
3028	taskmgr.exe
3028	taskmgr.exe
3028	taskmgr.exe
3028	taskmgr.exe
3028	taskmgr.exe
3028	taskmgr.exe
3028	taskmgr.exe
3028	taskmgr.exe
3028	taskmgr.exe
3028	taskmgr.exe
3028	taskmgr.exe
3028	taskmgr.exe
3028	taskmgr.exe
3028	taskmgr.exe
3028	taskmgr.exe
3028	taskmgr.exe
3028	taskmgr.exe
3028	taskmgr.exe
3028	taskmgr.exe
3028	taskmgr.exe
3028	taskmgr.exe
3028	taskmgr.exe
3028	taskmgr.exe
3028	taskmgr.exe
3028	taskmgr.exe
3028	taskmgr.exe
3028	taskmgr.exe
3028	taskmgr.exe
3028	taskmgr.exe
3028	taskmgr.exe
3028	taskmgr.exe
3028	taskmgr.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4280	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4776 wrote to memory of 4352	4776	chrome.exe	82
PID 4776 wrote to memory of 4352	4776	chrome.exe	82
PID 4776 wrote to memory of 2228	4776	chrome.exe	83
PID 4776 wrote to memory of 2228	4776	chrome.exe	83
PID 4776 wrote to memory of 2228	4776	chrome.exe	83
PID 4776 wrote to memory of 2228	4776	chrome.exe	83
PID 4776 wrote to memory of 2228	4776	chrome.exe	83
PID 4776 wrote to memory of 2228	4776	chrome.exe	83
PID 4776 wrote to memory of 2228	4776	chrome.exe	83
PID 4776 wrote to memory of 2228	4776	chrome.exe	83
PID 4776 wrote to memory of 2228	4776	chrome.exe	83
PID 4776 wrote to memory of 2228	4776	chrome.exe	83
PID 4776 wrote to memory of 2228	4776	chrome.exe	83
PID 4776 wrote to memory of 2228	4776	chrome.exe	83
PID 4776 wrote to memory of 2228	4776	chrome.exe	83
PID 4776 wrote to memory of 2228	4776	chrome.exe	83
PID 4776 wrote to memory of 2228	4776	chrome.exe	83
PID 4776 wrote to memory of 2228	4776	chrome.exe	83
PID 4776 wrote to memory of 2228	4776	chrome.exe	83
PID 4776 wrote to memory of 2228	4776	chrome.exe	83
PID 4776 wrote to memory of 2228	4776	chrome.exe	83
PID 4776 wrote to memory of 2228	4776	chrome.exe	83
PID 4776 wrote to memory of 2228	4776	chrome.exe	83
PID 4776 wrote to memory of 2228	4776	chrome.exe	83
PID 4776 wrote to memory of 2228	4776	chrome.exe	83
PID 4776 wrote to memory of 2228	4776	chrome.exe	83
PID 4776 wrote to memory of 2228	4776	chrome.exe	83
PID 4776 wrote to memory of 2228	4776	chrome.exe	83
PID 4776 wrote to memory of 2228	4776	chrome.exe	83
PID 4776 wrote to memory of 2228	4776	chrome.exe	83
PID 4776 wrote to memory of 2228	4776	chrome.exe	83
PID 4776 wrote to memory of 2228	4776	chrome.exe	83
PID 4776 wrote to memory of 1832	4776	chrome.exe	84
PID 4776 wrote to memory of 1832	4776	chrome.exe	84
PID 4776 wrote to memory of 4924	4776	chrome.exe	85
PID 4776 wrote to memory of 4924	4776	chrome.exe	85
PID 4776 wrote to memory of 4924	4776	chrome.exe	85
PID 4776 wrote to memory of 4924	4776	chrome.exe	85
PID 4776 wrote to memory of 4924	4776	chrome.exe	85
PID 4776 wrote to memory of 4924	4776	chrome.exe	85
PID 4776 wrote to memory of 4924	4776	chrome.exe	85
PID 4776 wrote to memory of 4924	4776	chrome.exe	85
PID 4776 wrote to memory of 4924	4776	chrome.exe	85
PID 4776 wrote to memory of 4924	4776	chrome.exe	85
PID 4776 wrote to memory of 4924	4776	chrome.exe	85
PID 4776 wrote to memory of 4924	4776	chrome.exe	85
PID 4776 wrote to memory of 4924	4776	chrome.exe	85
PID 4776 wrote to memory of 4924	4776	chrome.exe	85
PID 4776 wrote to memory of 4924	4776	chrome.exe	85
PID 4776 wrote to memory of 4924	4776	chrome.exe	85
PID 4776 wrote to memory of 4924	4776	chrome.exe	85
PID 4776 wrote to memory of 4924	4776	chrome.exe	85
PID 4776 wrote to memory of 4924	4776	chrome.exe	85
PID 4776 wrote to memory of 4924	4776	chrome.exe	85
PID 4776 wrote to memory of 4924	4776	chrome.exe	85
PID 4776 wrote to memory of 4924	4776	chrome.exe	85
PID 4776 wrote to memory of 4924	4776	chrome.exe	85
PID 4776 wrote to memory of 4924	4776	chrome.exe	85
PID 4776 wrote to memory of 4924	4776	chrome.exe	85
PID 4776 wrote to memory of 4924	4776	chrome.exe	85
PID 4776 wrote to memory of 4924	4776	chrome.exe	85
PID 4776 wrote to memory of 4924	4776	chrome.exe	85
PID 4776 wrote to memory of 4924	4776	chrome.exe	85
PID 4776 wrote to memory of 4924	4776	chrome.exe	85

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\exlauncher43.html
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x220,0x224,0x228,0x21c,0x1f8,0x7ffa57accc40,0x7ffa57accc4c,0x7ffa57accc58
  2⤵
  PID:4352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1860,i,14621241683579411479,16097452471677869514,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=1856 /prefetch:2
  2⤵
  PID:2228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2168,i,14621241683579411479,16097452471677869514,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=2256 /prefetch:3
  2⤵
  PID:1832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2188,i,14621241683579411479,16097452471677869514,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=2208 /prefetch:8
  2⤵
  PID:4924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3128,i,14621241683579411479,16097452471677869514,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=3112 /prefetch:1
  2⤵
  PID:2504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3136,i,14621241683579411479,16097452471677869514,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:1232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4012,i,14621241683579411479,16097452471677869514,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4536 /prefetch:1
  2⤵
  PID:3968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4764,i,14621241683579411479,16097452471677869514,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4776 /prefetch:8
  2⤵
  PID:4612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5056,i,14621241683579411479,16097452471677869514,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4984 /prefetch:8
  2⤵
  PID:2064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5192,i,14621241683579411479,16097452471677869514,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5312,i,14621241683579411479,16097452471677869514,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:1896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5300,i,14621241683579411479,16097452471677869514,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5708 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5888,i,14621241683579411479,16097452471677869514,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5880 /prefetch:1
  2⤵
  PID:4740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=6080,i,14621241683579411479,16097452471677869514,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=6064 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4584,i,14621241683579411479,16097452471677869514,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5708 /prefetch:1
  2⤵
  PID:3876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5804,i,14621241683579411479,16097452471677869514,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5348,i,14621241683579411479,16097452471677869514,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5368 /prefetch:8
  2⤵
  PID:2392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5812,i,14621241683579411479,16097452471677869514,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4772 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5732,i,14621241683579411479,16097452471677869514,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4416 /prefetch:1
  2⤵
  PID:3128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5996,i,14621241683579411479,16097452471677869514,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5628 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5556,i,14621241683579411479,16097452471677869514,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:1644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=4572,i,14621241683579411479,16097452471677869514,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:1016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6432,i,14621241683579411479,16097452471677869514,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:2584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5352,i,14621241683579411479,16097452471677869514,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5828 /prefetch:1
  2⤵
  PID:2336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=4424,i,14621241683579411479,16097452471677869514,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:1724

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4520

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2424

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4964

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\merge-force-ww\" -spe -an -ai#7zMap775:90:7zEvent26644
1⤵
- Suspicious use of FindShellTrayWindow
PID:1380

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\merge-force-ww\merge-force-ww\" -spe -an -ai#7zMap30001:120:7zEvent28055
1⤵
- Suspicious use of FindShellTrayWindow
PID:560

C:\Users\Admin\Downloads\merge-force-ww\merge-force-ww\merge-force-ww.exe
"C:\Users\Admin\Downloads\merge-force-ww\merge-force-ww\merge-force-ww.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:4736

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3028

C:\Users\Admin\Downloads\merge-force-ww\merge-force-ww\merge-force-ww.exe
"C:\Users\Admin\Downloads\merge-force-ww\merge-force-ww\merge-force-ww.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:2400

C:\Users\Admin\Downloads\merge-force-ww\merge-force-ww\merge-force-ww.exe
"C:\Users\Admin\Downloads\merge-force-ww\merge-force-ww\merge-force-ww.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4964

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa39f9855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:4280

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
6f68795eb8c0d0ffdd5706138192119e

SHA1
9eb4d494cc094582bf832504b4821ba31038ceca

SHA256
6d711b2d7c14f0df9f453a540bb51af7bb40febe4a03d826d6210b507f2fb770

SHA512
8ae5a7c31181ce26aaddf7e4f6963bd61737bc66e9a099d3726c2b3aa580db7a1d2b30dc80caefab7be7bac413c47419fa9d8df24055044f1b301d3bf5932bac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
193KB

MD5
69cc7633b5905b4629ded7c73ecc5f02

SHA1
f6470cef7c1b6fe082115915c3a298d6299814dc

SHA256
017fb67d489d4c110ccd1b16d26509976f9559395ba998ff018ec96cbf31b51e

SHA512
30a700599261bf08a0a1a5883a46ed031780fa5fc48aa7f0ed443a496dd654cfd6a4f86e4899a02f80d1b976416ea95a1ebe3f4b6b49c0698341639486325490

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000032

Filesize
47KB

MD5
015c126a3520c9a8f6a27979d0266e96

SHA1
2acf956561d44434a6d84204670cf849d3215d5f

SHA256
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

SHA512
02a20f2788bb1c3b2c7d3142c664cdec306b6ba5366e57e33c008edb3eb78638b98dc03cdf932a9dc440ded7827956f99117e7a3a4d55acadd29b006032d9c5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003d

Filesize
35KB

MD5
7c702451150c376ff54a34249bceb819

SHA1
3ab4dc2f57c0fd141456c1cbe24f112adf3710e2

SHA256
77d21084014dcb10980c296e583371786b3886f5814d8357127f36f8c6045583

SHA512
9f1a79e93775dc5bd4aa9749387d5fa8ef55037ccda425039fe68a5634bb682656a9ed4b6940e15226f370e0111878ecd6ec357d55c4720f97a97e58ece78d59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
c46706d04630a1508db7ad719c274169

SHA1
94eca97f0d1a51949985174de0dae77e75ce1689

SHA256
66b2ca5f37868c760a7814d7852b163a2e3441961f7c57537f018fedd7024cac

SHA512
e696e0c33237e382f2499a2eb0f5432ac8dd0f1c6ef494cd673492a79cab596c102fad6e4186c4b4b6e739fbaed7b215d90751aac339e699da3980b3f1c58c36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
f35fe48ab2bb431c7272137b71bc35c3

SHA1
f4ba8b4ec2827f7f870bb44e8c9fcaf4c69f64a1

SHA256
ea7871f4a0e524daa0ba9171f4fe1d1ccac22f6a62381e8d035e5540a7006343

SHA512
1f86ec1d0a757ee9cf3bc23d071613f050c27e995451aee8f866b794b3dea5811a798d492d90869990c112c997f5e2a6d7ae5081ffe525011d3cb91e1d730cb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
9e0f5c1607b2984300d99eb2ae51bf36

SHA1
2a5cbbf40ccef4dbc2df9a4c95b3a410fd3929a4

SHA256
bd2309bd01f1f206eaa98da31b12d6766fe2c3bd4606f7c183f2023aefb0de26

SHA512
e7d297a689d77f730bd0c3ac717f4d4876af703c5e845499950990607f1c85e734cfaf9f84854fff1b8881c52714d247db4126e52d2b7a66b8c118527531e610

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\2500e7b6-32ed-4956-b06b-2476e7a1dcf6.tmp

Filesize
11KB

MD5
efbafb97006107bf1a5f55b34c5baf39

SHA1
f336c5e435798a1bac469adf7dfd5b3eac03b92b

SHA256
bec0e6a20bc7f67f565ccf9d21af296729d52536fd363d7c2328fba6fc616ce5

SHA512
6dfa3263dc5e5c70da6ae3fb6dfd61742b7e2d252a5951e6c4adf1fefe39840b869bb88df2abbaef011ea87bf0eeb586547239c10cf271667d116dfcf1d5c3eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
522B

MD5
662f4c4be16c7e49d1f0d6aee96c7604

SHA1
7a541566c9d7519f10f22627395a4d869ab197db

SHA256
d13ae73a855069b1d90538db51e6f24aca34c9f7670e3c3d884095a67d7f6b64

SHA512
0ba5a95da2fa6c9394174229f2fde417039ce2f5b7acfb32b36b6ec29b6b5593b1c22e7a399ce1a3456c28d1a015baf7ff6f9d8974dff39a86fea93693401a61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1023B

MD5
2f9ad0d69efa34dc0cebf59c1778d385

SHA1
a748a12aa6b12324a9542e2d9fe7efcc95084d87

SHA256
9bafafdc0c624e76229c5b084b16c704961ffe41d0d83cb5cd4c523a26bb5c03

SHA512
bb7ffb73eeafe05c8f9a0de69cdf2e85ac222ae6dc30f78b4dfcf6293d8ff3fc020dfe1ebab26f3c25e02e24382a05f73dbb7a3737ea669c3893fd7f5d3a6f53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1023B

MD5
10cefb8e6fcb71ed468d3c91885c6950

SHA1
7ac53ab63b6548a6a89ee093f7e8d0dda009e06f

SHA256
c3c12730bfcaa489b1b3ce66c278af517bf52768bf6f51f3a9621f60fb5a80f2

SHA512
171ed89555ff46101e1340e7fc16922a9980c51b3717620d7bbf05cd74616584269d48f433d9411724b64d26143e5c4c79a9bdaf4094d9f8dfe0b05269780275

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1023B

MD5
cc47d14b405a24f92c392a3ce339527c

SHA1
9fea0c75fe0bde77e08b650d740d932c57c7d698

SHA256
a41140849d9f68edacb1200171e97265908393765ca8d7d4b596f72950feda8e

SHA512
c8f502b9564725d4d5ffeb52ea605a4c241ec07509f9e25338fe82d55155c2fa69221269fe875965ef7aa38b6c670732151d051c0840aff81de49147897fddce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1023B

MD5
5b325d64cba631ff01cfc3eeb0c62bda

SHA1
46d60ee05ee27e9002afb216586bc187c7ce55b2

SHA256
5c5607f58007a098b0eb80e50d3c7962d3c0a3b223a3b1a50e95b93b95b4940c

SHA512
1ec5f9e8269d22604e1e7a8837d0159008952a6715f962f44cab346ca6aa6fd57c4e695ae65c34ff5294e436c83a3a557cc938c86023038666f118af02600546

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
02d7490be43b4d7280e7059dab91e5e2

SHA1
5d3a96f7b234b321eeb7b3c7e9685c367c5343b4

SHA256
0bf7f0c5a01515f82d2933b5b13778570d7f402efc39feac37511d8afc28f302

SHA512
b62f424e4ca7fd866f101b9b45c80f64a9132b893428efa35f661569d9130832993730b13c5a7fef5b827ad58907db5d9eed1449c149afbe857c1c552a4edfe0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0bb2c63f7a49fee422732967dbde1fef

SHA1
b6d32b9c16dd38a48384362ac00b5c386aaf554c

SHA256
7c52799685734ffb5adcb4666b762f5ae3c4e22ebfef2a985dcde71969b406e8

SHA512
9357fd14d276a48ddeb111cf6df98573dbc8d76a9b510e378cd46234c82e61c05036b3fd1b6109dda5f9ceadf0189674cd49e4479ac5dd7d6abef6a4962e74ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5afa8d9f38ead2d62bf50fa934f8a6a1

SHA1
b5637fa4015ed7c9c9a40d8837b277483c51e9bf

SHA256
05428caf4e5f3b2bd07b42d1adb0b9de33449beb9204f9a78034a339f4bf9ab0

SHA512
5562537eb0e96f109c3c4c6b0097a673b998257517144dcc047b9ab483813fe1c11fdae1949dc679934721c7acdbd2d00015f3b1c4f861930bf3fdb28a265a24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2e25e125b7347ff9ae141029f0f3a8ca

SHA1
0ba6a47b7e7910f26e3c765ee295ff794756ef6e

SHA256
d374f57d0e5a4d9d8f75023ad59a0814cd48bd3cf573899085e64ce236f732b2

SHA512
bfb8e7be1b646824f188f8aaf5838c2347d17a0d001e00267cf4f6163a8f654d3c3915099bf0e56132baa42a69f0f2991b3e2f4632770f1ba902835d0677c58a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8e1163fd4bbcc50267010ec650afa635

SHA1
53c686626cbcc411cd7b0e73b586800bebde45cd

SHA256
b7010f2e6625b1168f91e4084b20a4323c0215384173c8137a3a3bc2066ae620

SHA512
b00981ea63443c3fb1701f7712131a163365f1b5bb43d1f0b563fc00fbc32e266dee9c8b216565c360b5ab4550476e6e7b68d1e6f3645124b0e0f455c9b35cdb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4a4432cc1c927c9a3d585ebe6b1ac307

SHA1
75810871760b5da33b8c55110b747ff77217a2c1

SHA256
49a43ee0c2ec6e097cc7a2b0eeb080172abbb334c5b1d7e4c0fd7b0319b9838d

SHA512
7fc5b2537235c96a06ccd3bead0ac5e0cd6ee438b1ae02aee64c421f79f8c5f1542d4279147a1ab6d33fce1a1a05096d64e3341a9baef2a873170f0bd6ee458a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
db0418a94566fb342265bc98bf5ad6aa

SHA1
f7d2d4b2fca77cc273be69fa4db23f15bfd71f75

SHA256
fd68431229011962953bdd3f0fbcf2a0191d79770b460186ac2881f7fde0b553

SHA512
bfcf66c0955f9e0b2322af5561eeaa7f15e6a79fb1abb8326cb679e3e89d0916b7c2779a79895258483854ae9792b0dc29db01c97fe6d9cbb17a3e6a22f1f179

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a0fced55a0d0c3bc0f9c03960db3369c

SHA1
552d0d9e2e5c4afbb34896f214e86407daa39749

SHA256
628a2337d79d72de3299a3c08077de304eb77f109cd3233f022956022949393d

SHA512
447b67b1b7b2d0622abb3145fd77c39527531d40bc43f516526ef7365325a7bb48ccee6955e12a91e5fb42d6024d93305b40f2a651bf4ba7681d148f53ba1a92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
13b2d8535a00294b4be4fd3d7d3702b7

SHA1
b0c3e8d4a96db323cda5934f4212062dfb4803c8

SHA256
7792b94240c27d071e21cee20848f4695261e61f77467d7936b961d218bde8ca

SHA512
991612fc0967d7c51992960b38d6b586d77dfe362237d6dbb66ee8ced4c8fd12e36645b76df7a1c2e2703a01c67e8834572e6c5ef544efed125e1613577a8103

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9ef29cdf417dd5883f2464880cc6dc0d

SHA1
143acaa7024177c16d038e2516d2644d618d12e6

SHA256
6d6702f15303e0e829979368ae467e6e7154a53d79396f6efb6bf7d87dcfc7af

SHA512
4f4d7e8ec04bc05f73f55c38f676827c3d19cc196cf289c483cdad1571976b0be47472418824f29cd1ba3878609521a00b2aa97e2692e1ff2b96491d72e66381

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
af955f3c6a02f78e268068c8f2ae4d39

SHA1
010540f9c5bc777c5f8d7c8a0397a3028593f19a

SHA256
0a932b602da8346484c7caba5fb089d6585dba1737602906d7b9f573bd6a8163

SHA512
c3238ec14d97d0d7ad26f906250fa7504733ce42936a6de376bfb80515cd827d8e5f9f6c27997ced5445250c90ab2939e4d6cbd95d5cc6338c8ea995393948eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
112c835aa49d8796571fc0647a952055

SHA1
f85d677cf2e57e0209136bb80b01a2cbb5ccc9d0

SHA256
f1d73cba06a5e9676bec1f5a7be5237bdffa249b15f547a797f25f54f4af9168

SHA512
0ad277d4b95c99ebb95c0447d66814bf48c55451fabf0874b92a5adfe38500ce549617c02a1ce42ed51bdc5f1007a88bdfdb29ee064c6622d2f52af25d3e2a0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ca3a2599a02034b8761421ce71aaff9b

SHA1
7cea3c360569663a8f2f7fdcd4922d66dde8bb0b

SHA256
9a7422d9a78017dfc03c2015b70efc41f2b0fbc0b50d71d603e65cf03891d0f8

SHA512
c8c17b6521727584716e177b8cef7f6928cd2df6e440958c03565c17e100a8cfc58c2643b411595f1027cc52f806ef2044a371de90817c96d3f8168ca1e51b28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
75528e726a244cbbd14ccf451b6dfbb5

SHA1
58897ef0ee1ea6274a9b9d4b5523cf0f35d9ceab

SHA256
982dffb8df5d745e62a57e2373479547ce2afff6c92f7ed64847c2b45fac7c18

SHA512
f9687316e686ed0cd4e0691189e8887d2b1a54618f97d4504dee556b79213cd5562288b3a268d377991e857cf876a1a39e2688a6fc349de78d57b250c4472cd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
80bd3bfb91a574d51e3a6c6f31b6cc65

SHA1
f066a5d94c2060bb855d36f48fe8bd8a88b342bb

SHA256
d9a66c54c40a01227a76d2e36f4d27116cc5ceac8df37d901d19e22a993a268a

SHA512
3e22c7b264638800121a20111914afc4148bc9b7dd86fdea5bc640fa1f96de501acaa1e707dbbfd6f9bc5df748bcb6bdaedc25f6990dee1b0671dec9fbc3c128

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c6ff4486d502a47f205a5494af036cd4

SHA1
6d4cf5cacec171370b6caa24fe81225f590d51f4

SHA256
11bca3430b1662f8a9ca36e3d75fff6a0880f7ed8e732a1e0f2b91fed2ce3d96

SHA512
118ea93fc6530ec12a509d240de0d1279403cee492fb0669d49acc8fa484ea12aa9d25f9baee5aa628d5221bc715de6a05f5beb3e0674e96a9e88d9bcc566f08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c397e3b374ebfec7e1e961f36bb490c9

SHA1
b85d55faf7e465cd933509a90283ca8ca803f71c

SHA256
53f5ed0c374a514f051d09cd421b2280a7dbd4bceeffad1444e456e367c2ef20

SHA512
5b5457e8f9f0050111dac5af65fcac39e700821beb96174e1727eac249707392de404d603f3295b596499f8c2c927ee609d669a5ebf9c163bb7b09d734fca31c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f9d01a537a60bce68c10b08f65a2428a

SHA1
61749a5af16978909b527f2681c513ce9c7fb7de

SHA256
518941ecf88feab9caca93412d509334a94d9e46241e52d48c648c1520c6035a

SHA512
dc088f30db672125394edb785f1a18cb6d40d8eb75cfdc2b5f3555489b496fe13d00e2bb49020b9b3c2fe79923d3d5658fd6048b0af51e5243f9030343269b41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
4d633bed2e502dd05fe9fd3530090a75

SHA1
d77b00a746804ab38dfef8c426a0148ca56e2d5e

SHA256
61bb0f6218dffdaa880c819918b37527a6c521608e0871ffbf4d9e97ae5dfa4e

SHA512
2e612f6b5c8749840c3e8bfb84681a2bdcaf7c0b597a35c803e7db3b85862f8723c3754f3312fb086df332ecc980d7a097f711c8663c4d5d09ff4701a0444064

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
8b0e9162d878b68dd8165be8a268b3fe

SHA1
1935f8a91f3d47dbbd24246401e38272b220cf6b

SHA256
77426289ff6c1c9d5e5bf372522793fd23bfe01b42509c7c3ec202a5e4cd5547

SHA512
adfcdc0418cacf3e2dc0613bdfcf90af4e7099e3de9254f7ad5b790031eca428fa7bb1b6c51b90cebf2270daf6c1a0a35f960c01e1ef1de80a63145bb244f45b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
2a72294d8ec0eb17c8a50159f65fd984

SHA1
04c4e34aabf1601ec06fac1efdce7824506e4fc3

SHA256
1f0e554dc9d6541e63a9cbf595ae1332e88bf8239aabd393c43c5ec1f377597d

SHA512
576c98688a75f5684bbabc1aaeb524ff0c1269e27ae9018722351384273cc7a36bd71cff9b37334707fc95f79f03eae41cf9745902367ea0cafd954825e26a2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
73079fecdbe10b43f88d23884cab39c8

SHA1
37a83155b5028e27d1608a5033e173347f2364f2

SHA256
d1a3d0d754260e5292533b11066994adf218db70828afc853f804a25a2c661af

SHA512
f3236e884cb16e787eddad6f11dd7334c4ad011e5a14397655e1810d47fd647b3d1ca0dafc73b29b88f7b0017bb8d5c481faa23908d1c2fabf11ee3a625cf03a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
0a8688589c7614518f89e9d058482767

SHA1
481a3501bab66319bf16c75fc096befa022aa9de

SHA256
975c2f6066af05e80ac59312477b3a910a6bf4a261185a5b34e94df4bed55d2b

SHA512
8705a113574a06d869ffba5a54d0b6e0d2abb97b77347abfe75e55417b10970b495c0f6d96673376042c93c99778ff883bd95d1fab71d7a2d183c8b4b99113fc

Download Submit
C:\Users\Admin\Downloads\merge-force-ww.zip.crdownload

Filesize
4.1MB

MD5
151224aea1f1f71a3c67eec0433ab912

SHA1
89aea4aa3ec698918267cd055eb77dbe27c48714

SHA256
985091a0be061d583ec38842d547e70be5d2dd96b8a10ba190fce4a70f40c957

SHA512
6d2edf4bcba2954930ae74e94c6d6c81c2329accd2c7d822a1fd8ff871d268778581ee522976a254cba190c6a05ac50c5851707d37d1208414f14b7c0f2b0aec

Download Submit
C:\Users\Admin\Downloads\merge-force-ww\merge-force-ww.rar

Filesize
4.1MB

MD5
927ba86d131f8572aab559a7f4cbf72c

SHA1
cddac1a1b188b82e26f0e9836be5cc74b10ff44c

SHA256
98006b1f770d32b7e53fa61a6a8eb81e0c2294dfb793da83b8654c9f2471469f

SHA512
eb68d562476e8913bf6ecf01a7d2900b16831c5c8c4023c1716097cc09f90f4abf2774650256ea551c4317be9843452fd9ca6277b90ce63dabeaca7874a8be46

Download Submit
memory/2400-762-0x0000000000400000-0x0000000000A64000-memory.dmp

Filesize
6.4MB

Download
memory/3028-727-0x000001E96E5B0000-0x000001E96E5B1000-memory.dmp

Filesize
4KB

Download
memory/3028-726-0x000001E96E5B0000-0x000001E96E5B1000-memory.dmp

Filesize
4KB

Download
memory/3028-723-0x000001E96E5B0000-0x000001E96E5B1000-memory.dmp

Filesize
4KB

Download
memory/3028-722-0x000001E96E5B0000-0x000001E96E5B1000-memory.dmp

Filesize
4KB

Download
memory/3028-721-0x000001E96E5B0000-0x000001E96E5B1000-memory.dmp

Filesize
4KB

Download
memory/3028-715-0x000001E96E5B0000-0x000001E96E5B1000-memory.dmp

Filesize
4KB

Download
memory/3028-725-0x000001E96E5B0000-0x000001E96E5B1000-memory.dmp

Filesize
4KB

Download
memory/3028-724-0x000001E96E5B0000-0x000001E96E5B1000-memory.dmp

Filesize
4KB

Download
memory/3028-716-0x000001E96E5B0000-0x000001E96E5B1000-memory.dmp

Filesize
4KB

Download
memory/3028-717-0x000001E96E5B0000-0x000001E96E5B1000-memory.dmp

Filesize
4KB

Download
memory/4736-730-0x0000000000400000-0x0000000000A64000-memory.dmp

Filesize
6.4MB

Download
memory/4736-713-0x0000000002810000-0x0000000002866000-memory.dmp

Filesize
344KB

Download
memory/4736-712-0x0000000000400000-0x0000000000A64000-memory.dmp

Filesize
6.4MB

Download
memory/4964-786-0x0000000000400000-0x0000000000A64000-memory.dmp

Filesize
6.4MB

Download

Analysis

Sharing

Errors

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads