hxxps://mega[.]nz/file/ZLFRDQjT#sPQ-e7zUA995LQ5hR_u_ciERnjWYrLviJ9wmPz9u_TM

Resubmissions

19/05/2024, 10:46

240519-mt968sef35 4

07/05/2024, 00:50

07/05/2024, 00:47

07/05/2024, 00:44

08/04/2024, 00:07

Analysis

max time kernel
147s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
07/05/2024, 00:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mega.nz/file/ZLFRDQjT#sPQ-e7zUA995LQ5hR_u_ciERnjWYrLviJ9wmPz9u_TM

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-877519540-908060166-1852957295-1000\{5C0F68E4-4A0C-4BBF-8232-61CC32C37990}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
1648	msedge.exe
1648	msedge.exe
1328	msedge.exe
1328	msedge.exe
2276	identity_helper.exe
2276	identity_helper.exe
5244	msedge.exe
5244	msedge.exe
6064	msedge.exe
6064	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1328 wrote to memory of 4732	1328	msedge.exe	86
PID 1328 wrote to memory of 4732	1328	msedge.exe	86
PID 1328 wrote to memory of 4424	1328	msedge.exe	87
PID 1328 wrote to memory of 4424	1328	msedge.exe	87
PID 1328 wrote to memory of 4424	1328	msedge.exe	87
PID 1328 wrote to memory of 4424	1328	msedge.exe	87
PID 1328 wrote to memory of 4424	1328	msedge.exe	87
PID 1328 wrote to memory of 4424	1328	msedge.exe	87
PID 1328 wrote to memory of 4424	1328	msedge.exe	87
PID 1328 wrote to memory of 4424	1328	msedge.exe	87
PID 1328 wrote to memory of 4424	1328	msedge.exe	87
PID 1328 wrote to memory of 4424	1328	msedge.exe	87
PID 1328 wrote to memory of 4424	1328	msedge.exe	87
PID 1328 wrote to memory of 4424	1328	msedge.exe	87
PID 1328 wrote to memory of 4424	1328	msedge.exe	87
PID 1328 wrote to memory of 4424	1328	msedge.exe	87
PID 1328 wrote to memory of 4424	1328	msedge.exe	87
PID 1328 wrote to memory of 4424	1328	msedge.exe	87
PID 1328 wrote to memory of 4424	1328	msedge.exe	87
PID 1328 wrote to memory of 4424	1328	msedge.exe	87
PID 1328 wrote to memory of 4424	1328	msedge.exe	87
PID 1328 wrote to memory of 4424	1328	msedge.exe	87
PID 1328 wrote to memory of 4424	1328	msedge.exe	87
PID 1328 wrote to memory of 4424	1328	msedge.exe	87
PID 1328 wrote to memory of 4424	1328	msedge.exe	87
PID 1328 wrote to memory of 4424	1328	msedge.exe	87
PID 1328 wrote to memory of 4424	1328	msedge.exe	87
PID 1328 wrote to memory of 4424	1328	msedge.exe	87
PID 1328 wrote to memory of 4424	1328	msedge.exe	87
PID 1328 wrote to memory of 4424	1328	msedge.exe	87
PID 1328 wrote to memory of 4424	1328	msedge.exe	87
PID 1328 wrote to memory of 4424	1328	msedge.exe	87
PID 1328 wrote to memory of 4424	1328	msedge.exe	87
PID 1328 wrote to memory of 4424	1328	msedge.exe	87
PID 1328 wrote to memory of 4424	1328	msedge.exe	87
PID 1328 wrote to memory of 4424	1328	msedge.exe	87
PID 1328 wrote to memory of 4424	1328	msedge.exe	87
PID 1328 wrote to memory of 4424	1328	msedge.exe	87
PID 1328 wrote to memory of 4424	1328	msedge.exe	87
PID 1328 wrote to memory of 4424	1328	msedge.exe	87
PID 1328 wrote to memory of 4424	1328	msedge.exe	87
PID 1328 wrote to memory of 4424	1328	msedge.exe	87
PID 1328 wrote to memory of 1648	1328	msedge.exe	88
PID 1328 wrote to memory of 1648	1328	msedge.exe	88
PID 1328 wrote to memory of 2792	1328	msedge.exe	89
PID 1328 wrote to memory of 2792	1328	msedge.exe	89
PID 1328 wrote to memory of 2792	1328	msedge.exe	89
PID 1328 wrote to memory of 2792	1328	msedge.exe	89
PID 1328 wrote to memory of 2792	1328	msedge.exe	89
PID 1328 wrote to memory of 2792	1328	msedge.exe	89
PID 1328 wrote to memory of 2792	1328	msedge.exe	89
PID 1328 wrote to memory of 2792	1328	msedge.exe	89
PID 1328 wrote to memory of 2792	1328	msedge.exe	89
PID 1328 wrote to memory of 2792	1328	msedge.exe	89
PID 1328 wrote to memory of 2792	1328	msedge.exe	89
PID 1328 wrote to memory of 2792	1328	msedge.exe	89
PID 1328 wrote to memory of 2792	1328	msedge.exe	89
PID 1328 wrote to memory of 2792	1328	msedge.exe	89
PID 1328 wrote to memory of 2792	1328	msedge.exe	89
PID 1328 wrote to memory of 2792	1328	msedge.exe	89
PID 1328 wrote to memory of 2792	1328	msedge.exe	89
PID 1328 wrote to memory of 2792	1328	msedge.exe	89
PID 1328 wrote to memory of 2792	1328	msedge.exe	89
PID 1328 wrote to memory of 2792	1328	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/file/ZLFRDQjT#sPQ-e7zUA995LQ5hR_u_ciERnjWYrLviJ9wmPz9u_TM
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdf3c146f8,0x7ffdf3c14708,0x7ffdf3c14718
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,4978483918672318680,14818446747424755077,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:2
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2216,4978483918672318680,14818446747424755077,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2216,4978483918672318680,14818446747424755077,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
  2⤵
  PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,4978483918672318680,14818446747424755077,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,4978483918672318680,14818446747424755077,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1
  2⤵
  PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,4978483918672318680,14818446747424755077,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8
  2⤵
  PID:1760
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,4978483918672318680,14818446747424755077,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,4978483918672318680,14818446747424755077,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4620 /prefetch:1
  2⤵
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,4978483918672318680,14818446747424755077,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,4978483918672318680,14818446747424755077,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,4978483918672318680,14818446747424755077,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:1060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,4978483918672318680,14818446747424755077,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,4978483918672318680,14818446747424755077,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2216,4978483918672318680,14818446747424755077,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6032 /prefetch:8
  2⤵
  PID:5236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2216,4978483918672318680,14818446747424755077,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3512 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,4978483918672318680,14818446747424755077,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:5520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,4978483918672318680,14818446747424755077,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4060 /prefetch:1
  2⤵
  PID:5764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,4978483918672318680,14818446747424755077,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:1
  2⤵
  PID:5780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2216,4978483918672318680,14818446747424755077,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5552 /prefetch:8
  2⤵
  PID:6044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,4978483918672318680,14818446747424755077,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6580 /prefetch:1
  2⤵
  PID:6052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2216,4978483918672318680,14818446747424755077,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6604 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,4978483918672318680,14818446747424755077,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3152 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3580

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3224

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4536

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3696

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Luna-Grabber-1.5.5-alpha\Luna-Grabber-1.5.5-alpha\run.bat" "
1⤵
PID:5404

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Luna-Grabber-1.5.5-alpha\Luna-Grabber-1.5.5-alpha\setup.bat" "
1⤵
PID:5484

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Luna-Grabber-1.5.5-alpha\Luna-Grabber-1.5.5-alpha\run.bat" C:\Users\Admin\Downloads\Luna-Grabber-1.5.5-alpha\Luna-Grabber-1.5.5-alpha\setup.bat"
1⤵
PID:5932

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Luna-Grabber-1.5.5-alpha\Luna-Grabber-1.5.5-alpha\run.bat" "
1⤵
PID:3680

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Luna-Grabber-1.5.5-alpha\Luna-Grabber-1.5.5-alpha\run.bat" C:\Users\Admin\Downloads\Luna-Grabber-1.5.5-alpha\Luna-Grabber-1.5.5-alpha\setup.bat"
1⤵
PID:6120

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Luna-Grabber-1.5.5-alpha\Luna-Grabber-1.5.5-alpha\run.bat" "
1⤵
PID:5208

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Luna-Grabber-1.5.5-alpha\Luna-Grabber-1.5.5-alpha\setup.bat" C:\Users\Admin\Downloads\Luna-Grabber-1.5.5-alpha\Luna-Grabber-1.5.5-alpha\run.bat"
1⤵
PID:4608

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Luna-Grabber-1.5.5-alpha\Luna-Grabber-1.5.5-alpha\setup.bat" C:\Users\Admin\Downloads\Luna-Grabber-1.5.5-alpha\Luna-Grabber-1.5.5-alpha\run.bat"
1⤵
PID:4384

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Luna-Grabber-1.5.5-alpha\Luna-Grabber-1.5.5-alpha\run.bat" C:\Users\Admin\Downloads\Luna-Grabber-1.5.5-alpha\Luna-Grabber-1.5.5-alpha\setup.bat"
1⤵
PID:4292

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Luna-Grabber-1.5.5-alpha\Luna-Grabber-1.5.5-alpha\setup.bat" "
1⤵
PID:6012

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Luna-Grabber-1.5.5-alpha\Luna-Grabber-1.5.5-alpha\setup.bat" "
1⤵
PID:1860

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
62c02dda2bf22d702a9b3a1c547c5f6a

SHA1
8f42966df96bd2e8c1f6b31b37c9a19beb6394d6

SHA256
cb8a0964605551ed5a0668c08ab888044bbd845c9225ffee5a28e0b847ede62b

SHA512
a7ce2c0946382188e1d8480cfb096b29bd0dcb260ccdc74167cc351160a1884d04d57a2517eb700b3eef30eaf4a01bfbf31858365b1e624d4b0960ffd0032fa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
850f27f857369bf7fe83c613d2ec35cb

SHA1
7677a061c6fd2a030b44841bfb32da0abc1dbefb

SHA256
a7db700e067222e55e323a9ffc71a92f59829e81021e2607cec0d2ec6faf602a

SHA512
7b1efa002b7a1a23973bff0618fb4a82cd0c5193df55cd960c7516caa63509587fd8b36f3aea6db01ece368065865af6472365b820fadce720b64b561ab5f401

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\5cc06fa8-ecc7-4ada-959b-10f09d189e1f.tmp

Filesize
5KB

MD5
a3a3cb0090cbb25af0153d0514d6a630

SHA1
011b357fb9a6ece5c387461f2fc0b1d290ae9ff4

SHA256
4824994881bbcfe6d7eb1802f058c181e8f4ee4f4939209986f491bcb85ddb2b

SHA512
0a61f5f2f3779993ad05814393eb04c1349757d7debdf9f8f161ce104a179c9b870be268f9d8750cd285ed5c6fc562b3c48d80bde7ec5dadfdcace6dcbc4ff39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
c851f3e9498602687c75ddc3707b2afe

SHA1
56e754ec613ecf3694ed4a35d8635b61ded951e9

SHA256
00f1b5580d723763df25840986a71c7bfebd8edf4c1918478579f34f35f218e6

SHA512
4cb59e5e54401e63aebc45dcdad411ccfb5348492f8ccc5d7aca441a1596e7bf80260ba581f863c3b8c9c91cfba035d59bb9d9b7fdabc8a77e5bcca5bac0212d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1022B

MD5
8ed70495e988fa4a30b7ad1a708e6ec3

SHA1
1360162f2df2d784b1e7e0c455432744ea33d9e6

SHA256
035a1ff4ba50c23d1cfd682a0a48f8c3eb4a6ede9b48c0b5d03d8294659b9784

SHA512
7dc9230ee70830bdd47f9f43393f7241c55bcc9776fa190675743d977ffc8eee974a1750c3b53e93af6d27d47d493c3d8fe7e4b8ca54958618723026d88f3088

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
92ec7169243af1742307d461beb5f95b

SHA1
248883ffcf03e5c0a9fecb69cb7f5805550efc20

SHA256
c1079e6b459145331269c0ad2ff1a5ece088ce17a23956cc91641360317afe19

SHA512
4f798a66a1a388441aed72461769fa1b6192d6f387f7308655790d1fb39ee0d7ba047210c5d3e5e2ac6df789430f5883b0d1353a40576ebab961134a512f9552

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2a36eb49f8ad8ca133f109fc2fba55be

SHA1
abb06f6a1706badfc84f469f8432c4355165e908

SHA256
de7550d333503ed3494e0a57ff1414615890410fa32bde48b934c5bf2b6717e0

SHA512
404c53e77ae653834a06fac90c6010ef36646aac0c3f0c3e840c447b60c53f5ceb44a4800d41a53fc154bf0c02f1637ef56eab530b84ac3616c154d018fb932a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
763ab7a18845e27e874f73a436f01761

SHA1
570c9fa7fa34e5ee49808e78b705e18336882159

SHA256
944425a7a02d112816140cd20c0fbdc9ec8729fb36039366c95f850b90a243b2

SHA512
c605e0aaac55aea83d5a86cd19738dea45f11871c6ee598d7591028daa4c78567963405ce60fbaaca66998c954c3bc72f68679d5b464f13e2ccc30f6c1640619

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
baef35089984bab94844b1abd853fb06

SHA1
9dc26133f0ad1318fda1154a7160aff06a130ebc

SHA256
49f0fd96a56d5ae18451718f0bd3687832f57743f1128d25dc9c09d05e0072e3

SHA512
ed6316f497fb240ce411039a4def1eff807838b8fa07ed7f8318707918dca39d35bf738a8b6c998a749ec033239927de70e21a3511c3821b4c5126e46b0a142e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5795f6.TMP

Filesize
48B

MD5
e09939c78c1f661730fa8949e87e4efc

SHA1
af6739ed9100b13284f5855799fd708543ef60b7

SHA256
6ecf7a07eb455bd9a616261f2e63fb55b353deaa862aab323060a4ae36d221b5

SHA512
825c133041a20eef1d8b097a4951e6d248fbc56adf5da2ef5014531de6fb02839887c4e5fd88adde093a247005a5a35b473daca77f18c9d68b37ca321765be14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b959e0e6a22a23aa8d68a8a9a60654e9

SHA1
a7255a6d63b962f0ab36c562d4177bbc80cc71fe

SHA256
f19edc87c382a143ce3c90fecc3b88b6882eab3520c7c03db0a94944ca9a9278

SHA512
5ac415ceeecfe043c173adace6443c48855b9020b501aa7d865543f97a71d8661864e180ec4e7d33f954adf93f2dbc7d85964b2a334ef332ade5e7c947c9daeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
509c23a785f260cd2366d61862246c62

SHA1
2913aa652fbe81d546c6db1d0069ac319efd13a6

SHA256
2abb36f9f153fe195e42b9e4a86c5d88a63500a9203ad8eb6b0a3a420d8484d1

SHA512
9a94b189cce91fa3ae98813e6c7a8f93f941a34fc643199d7f492d129817a28432b324eff8672c686edf49dcc80ad7cc9dfdbe2f62a66af2a29a84ecd50d15d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe579a8a.TMP

Filesize
203B

MD5
ccc880237b3f3191f91b32125b912683

SHA1
a4c62e6a18a87c2d29712449b65e5686115d7bd5

SHA256
0c95755b5ff9f5235b54964835d6776dbf2b799bce454487d141b4d5756001cf

SHA512
7e2e52808cb26028c9368987332f8cb1a639657e214a129a39e47d99e4626b542456a38f214df5caf6c32593b8b6583c05d1c9212a4de212c019e1fcabb1d644

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
305387eba7a97a4862f177d570d87a55

SHA1
1299428b7dc0aa4f512bfb9bb90aa26b7547d325

SHA256
e6223976c89d7ea0cc74a93353cc74142b8d9e38deaee53fe53168a64d8cecaa

SHA512
308ce6a51bd8aa47d786d691edcce5a1c0e2d641adddf495e8e4d942555d3ca9b2b4249d66949eeea47520a6c389e5b97041510c316ced332bda6bc60a8ff733

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4769b82a06589bc05b9f66d90a1ade49

SHA1
8fac1e3d382d48e19b58334a06bc8c86020c9b3d

SHA256
0d7363f1bb4abf06ca201ba73ac0f29ebd7069b065d0ae4567844bc2b3702b99

SHA512
ac35cdcc6d7b2d0bd176c497e2b878e9f4359fa1c5cb53b26c148f971a9d8e5b307cc3e3eff8dddfc78a5dcd1d8369b88a4e087f18292a6859e301b32fcdb388

Download Submit
C:\Users\Admin\Downloads\Luna-Grabber-1.5.5-alpha.zip

Filesize
51KB

MD5
ccc607d45de5d50c71ed018b5c1012c7

SHA1
310327cb901f9ae976732ae97d0b0d021f88efd6

SHA256
74bdec0a83536cbe6a47030bb06a8a223369028b4ba9608ae1beba0107b0381f

SHA512
67954d50f0ac196b89a7decc50df1e95ecd8108d5c17acdc07f330973b3f5da5aeac934322acca5ac594a2bdfc4c9f3df8926fd15ad49a6a36d1670c41aaba66

Download Submit