Overview

overview

10

Static

static

1

URLScan

urlscan

https://www.youtube....

windows10-2004-x64

10

Analysis

  • max time kernel
    223s
  • max time network
    227s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/12/2024, 23:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqa1dBS1RqMENnZ01IZ01BQXZrNDBUVTVYb0s0UXxBQ3Jtc0ttYkk2cVVPV3pJQzd4Z1Z6TEJuYl95TXFOUlJyLXN4UTRXLUo0Rk5ucUhTVEZnV0VyZTZKS2dYc090OFNUdU1PUDk5WGUtTkF3VUFfdmtfYXVVeXNEc2UzaXV2cmhYcWNSNENfczlPTUlkQTJRVTB4NA&q=https%3A%2F%2Fwww.mediafire.com%2Ffolder%2F1zyvrbjb384bs%2Ftesdt&v=XQ1JwElXAlY

Score
10/10
lummadiscoveryphishingstealer

Malware Config

Extracted

Family

lumma

C2

https://hummskitnj.buzz/api

https://cashfuzysao.buzz/api

https://appliacnesot.buzz/api

https://screwamusresz.buzz/api

https://inherineau.buzz/api

https://scentniej.buzz/api

https://rebuildeso.buzz/api

https://prisonyfork.buzz/api

https://begguinnerz.biz/api

Extracted

Family

lumma

C2

https://begguinnerz.biz/api

Signatures

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Lumma family
    lumma
  • A potential corporate email address has been identified in the URL: 8D6867C25245AEFB0A490D4C@AdobeOrg
    phishing
  • A potential corporate email address has been identified in the URL: [email protected]
    phishing
  • A potential corporate email address has been identified in the URL: [email protected]
    phishing
  • A potential corporate email address has been identified in the URL: [email protected]
    phishing
  • A potential corporate email address has been identified in the URL: [email protected]
    phishing
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 25 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqa1dBS1RqMENnZ01IZ01BQXZrNDBUVTVYb0s0UXxBQ3Jtc0ttYkk2cVVPV3pJQzd4Z1Z6TEJuYl95TXFOUlJyLXN4UTRXLUo0Rk5ucUhTVEZnV0VyZTZKS2dYc090OFNUdU1PUDk5WGUtTkF3VUFfdmtfYXVVeXNEc2UzaXV2cmhYcWNSNENfczlPTUlkQTJRVTB4NA&q=https%3A%2F%2Fwww.mediafire.com%2Ffolder%2F1zyvrbjb384bs%2Ftesdt&v=XQ1JwElXAlY
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3396
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd7eb846f8,0x7ffd7eb84708,0x7ffd7eb84718
      2⤵
        PID:4424
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,1627244836399293942,17441186516373935562,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
        2⤵
          PID:3524
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,1627244836399293942,17441186516373935562,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1128
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,1627244836399293942,17441186516373935562,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
          2⤵
            PID:2492
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1627244836399293942,17441186516373935562,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
            2⤵
              PID:2580
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1627244836399293942,17441186516373935562,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
              2⤵
                PID:1972
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1627244836399293942,17441186516373935562,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4004 /prefetch:1
                2⤵
                  PID:2916
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,1627244836399293942,17441186516373935562,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 /prefetch:8
                  2⤵
                    PID:776
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,1627244836399293942,17441186516373935562,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:3600
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1627244836399293942,17441186516373935562,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
                    2⤵
                      PID:2964
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1627244836399293942,17441186516373935562,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1
                      2⤵
                        PID:4832
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1627244836399293942,17441186516373935562,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6928 /prefetch:1
                        2⤵
                          PID:2092
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1627244836399293942,17441186516373935562,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6856 /prefetch:1
                          2⤵
                            PID:8
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2020,1627244836399293942,17441186516373935562,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7008 /prefetch:8
                            2⤵
                              PID:5236
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1627244836399293942,17441186516373935562,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7016 /prefetch:1
                              2⤵
                                PID:5244
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1627244836399293942,17441186516373935562,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1
                                2⤵
                                  PID:5256
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1627244836399293942,17441186516373935562,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6696 /prefetch:1
                                  2⤵
                                    PID:5608
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1627244836399293942,17441186516373935562,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
                                    2⤵
                                      PID:5616
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1627244836399293942,17441186516373935562,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:1
                                      2⤵
                                        PID:5832
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2020,1627244836399293942,17441186516373935562,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5732 /prefetch:8
                                        2⤵
                                        • Suspicious behavior: EnumeratesProcesses
                                        PID:5540
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1627244836399293942,17441186516373935562,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7052 /prefetch:1
                                        2⤵
                                          PID:5936
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,1627244836399293942,17441186516373935562,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5936 /prefetch:2
                                          2⤵
                                          • Suspicious behavior: EnumeratesProcesses
                                          PID:5204
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1627244836399293942,17441186516373935562,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:1
                                          2⤵
                                            PID:4488
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1627244836399293942,17441186516373935562,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7108 /prefetch:1
                                            2⤵
                                              PID:1520
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1627244836399293942,17441186516373935562,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
                                              2⤵
                                                PID:4676
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1627244836399293942,17441186516373935562,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1
                                                2⤵
                                                  PID:4372
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1627244836399293942,17441186516373935562,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
                                                  2⤵
                                                    PID:2292
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2020,1627244836399293942,17441186516373935562,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5584 /prefetch:8
                                                    2⤵
                                                      PID:4572
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2020,1627244836399293942,17441186516373935562,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=904 /prefetch:8
                                                      2⤵
                                                      • Modifies registry class
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      PID:3244
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1627244836399293942,17441186516373935562,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2240 /prefetch:1
                                                      2⤵
                                                        PID:2568
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1627244836399293942,17441186516373935562,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
                                                        2⤵
                                                          PID:3168
                                                      • C:\Windows\System32\CompPkgSrv.exe
                                                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                        1⤵
                                                          PID:1700
                                                        • C:\Windows\System32\CompPkgSrv.exe
                                                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                          1⤵
                                                            PID:3240
                                                          • C:\Windows\System32\rundll32.exe
                                                            C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                            1⤵
                                                              PID:2964
                                                            • C:\Windows\system32\NOTEPAD.EXE
                                                              "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_[1.1.0]-Aрр-UNC-x64.zip\PA$$.txt
                                                              1⤵
                                                                PID:3532
                                                              • C:\Users\Admin\Documents\Release\Release\New Upd [v1.1.0].exe
                                                                "C:\Users\Admin\Documents\Release\Release\New Upd [v1.1.0].exe"
                                                                1⤵
                                                                • System Location Discovery: System Language Discovery
                                                                • Suspicious behavior: EnumeratesProcesses
                                                                PID:5800
                                                              • C:\Users\Admin\Documents\Release\Release\New Upd [v1.1.0].exe
                                                                "C:\Users\Admin\Documents\Release\Release\New Upd [v1.1.0].exe"
                                                                1⤵
                                                                • System Location Discovery: System Language Discovery
                                                                • Suspicious behavior: EnumeratesProcesses
                                                                PID:5868
                                                              • C:\Users\Admin\Documents\Release\Release\New Upd [v1.1.0].exe
                                                                "C:\Users\Admin\Documents\Release\Release\New Upd [v1.1.0].exe"
                                                                1⤵
                                                                • System Location Discovery: System Language Discovery
                                                                • Suspicious behavior: EnumeratesProcesses
                                                                PID:8
                                                              • C:\Windows\system32\OpenWith.exe
                                                                C:\Windows\system32\OpenWith.exe -Embedding
                                                                1⤵
                                                                • Modifies registry class
                                                                • Suspicious use of SetWindowsHookEx
                                                                PID:5464
                                                              • C:\Windows\system32\OpenWith.exe
                                                                C:\Windows\system32\OpenWith.exe -Embedding
                                                                1⤵
                                                                • Modifies registry class
                                                                • Suspicious use of SetWindowsHookEx
                                                                PID:2296
                                                              • C:\Windows\system32\OpenWith.exe
                                                                C:\Windows\system32\OpenWith.exe -Embedding
                                                                1⤵
                                                                • Modifies registry class
                                                                • Suspicious behavior: GetForegroundWindowSpam
                                                                • Suspicious use of SetWindowsHookEx
                                                                PID:5644
                                                                • C:\Windows\system32\NOTEPAD.EXE
                                                                  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Documents\Release\Release\autoexec\bin
                                                                  2⤵
                                                                    PID:6116

                                                                Network

                                                                MITRE ATT&CK Enterprise v15

                                                                Replay Monitor

                                                                Loading Replay Monitor...

                                                                Downloads

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                  Filesize

                                                                  152B

                                                                  MD5

                                                                  8749e21d9d0a17dac32d5aa2027f7a75

                                                                  SHA1

                                                                  a5d555f8b035c7938a4a864e89218c0402ab7cde

                                                                  SHA256

                                                                  915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304

                                                                  SHA512

                                                                  c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                  Filesize

                                                                  152B

                                                                  MD5

                                                                  34d2c4f40f47672ecdf6f66fea242f4a

                                                                  SHA1

                                                                  4bcad62542aeb44cae38a907d8b5a8604115ada2

                                                                  SHA256

                                                                  b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33

                                                                  SHA512

                                                                  50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030
                                                                  Filesize

                                                                  20KB

                                                                  MD5

                                                                  87e8230a9ca3f0c5ccfa56f70276e2f2

                                                                  SHA1

                                                                  eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

                                                                  SHA256

                                                                  e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

                                                                  SHA512

                                                                  37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                  Filesize

                                                                  1KB

                                                                  MD5

                                                                  91850f02ce8869baf6808f8469b5123f

                                                                  SHA1

                                                                  21ff18544ba997efee2a1b564f6b8570063304f0

                                                                  SHA256

                                                                  4f7a96f937887e024703881bbefb868d30731fb0f19ce513af3c918e3400c4c7

                                                                  SHA512

                                                                  c70bb19380272b5d2109015a892dc06c279f318d1da04c8d5e50d90a8895d64bbaf9bfd45e1578b492c2f2c06e9e72c5c6a5f0ae821d7a18b31d83f657ef09ad

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                  Filesize

                                                                  1KB

                                                                  MD5

                                                                  054c8a94c0567473642587d5a0772de7

                                                                  SHA1

                                                                  0635ffc12efe4767e950035271d3856c3147bc26

                                                                  SHA256

                                                                  0a6ba4504f97d1dccd444f9accf2d4c8268028fd9db25eeeb40d1f3f3e14c50c

                                                                  SHA512

                                                                  d17c9ff1fd9e01fec75cf9a1787eab1bfc5b70f317f3ed526cbbced05cc5e3a86b59bddfc2311cc0b9a2788897c5d31c40667270f0f92ca5b6f56706c8d3cc1b

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                  Filesize

                                                                  1KB

                                                                  MD5

                                                                  ed96d979e6f2f31e01d51ec9ccf89501

                                                                  SHA1

                                                                  f1e4c49013d94b626e59fc4a3db6932f4d74523f

                                                                  SHA256

                                                                  19d88eeee27d0fdb438602c81649b13003fc59b5dbe7710e0b68017714009ab0

                                                                  SHA512

                                                                  4435e0cfade9f3196d1935878d13631fceaf6c46011144b9cbf56dfd622c1e9762c0e68127192d05588cdb16f8bc4df9305cc40e5fc761dadfd3e66b77aade68

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                  Filesize

                                                                  1KB

                                                                  MD5

                                                                  69ce870b1ab8d7440c13a3ed3d3c1c22

                                                                  SHA1

                                                                  5f86320488e5fd8451b6085addb2972ac0a41397

                                                                  SHA256

                                                                  e6f4740c6177c2ccd49dcc3928df8a7810a2b7db642d06e4e23c77d59c0229a9

                                                                  SHA512

                                                                  fcb37d46d12b02c3b7b190a80c61b47b84445320714ea70b364516367398826bc82492b361be6cb36d5639a4fe05b474d308e15ba06a37703d54fddf0f508744

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                  Filesize

                                                                  3KB

                                                                  MD5

                                                                  24d9199a47d90aab0f802be0b81c2bea

                                                                  SHA1

                                                                  8b1aa9f137a18df9f013e09e903b194bcbccede6

                                                                  SHA256

                                                                  17523633248b974b6e83412b73e8766de892ed9785c8dd2d22ec9b675c7b6556

                                                                  SHA512

                                                                  3b6e95d5074a9a51b6dd05dc3377b753236c42cd0e9f8b6e072805558d62ddbd8c9e971405498a67d301bef9696b7fd42bf0eb2709b98c9056983aedb22ad63e

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                  Filesize

                                                                  6KB

                                                                  MD5

                                                                  de76700056e2a3f66f6226cb8848938e

                                                                  SHA1

                                                                  2ca1d0bb9739bc18c60aa0665e77b0e06fc28db2

                                                                  SHA256

                                                                  559d27e9395c303a9c611b2edbf063ebd15369d311d61cc314de56fd11dec477

                                                                  SHA512

                                                                  725a938b40d6439c410f50bc7801c96cc80b426800a1d48d5dadb8325b8ddf2d8799b70283650f7ff8a60bcd34890f859e6320a816e0ab77f6907240a543f3bd

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                  Filesize

                                                                  6KB

                                                                  MD5

                                                                  6d88c2533ce398f2209cbbfd527c720c

                                                                  SHA1

                                                                  c58223505f0a422143e484050df6187395b4082e

                                                                  SHA256

                                                                  29463662240b1e3ad5456843c0f233392b49018925e876dc89992e806e3670bd

                                                                  SHA512

                                                                  811a024d5013b5708bf62eadda2ded343d62e870914a1b48fe9d64812070661c933013fb360843c47908acf36ffdf7e03c0a4d45abdda64763dc5b372d5108dd

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                  Filesize

                                                                  7KB

                                                                  MD5

                                                                  a9ed1a715fdbba533cfecf21d4a173d6

                                                                  SHA1

                                                                  7357461d43d0878a71bcf10392def220c16dcc20

                                                                  SHA256

                                                                  514bebea5fa9ec2ea97bdf5f51051307b0a9e396ad14b2644a0731d7f8e775c6

                                                                  SHA512

                                                                  536a1d5dbee74ec129b15886cc95395c34f88b2edfb5c0c9c2e85dfdcfe15642c9f3ab58762e784d3277a643a92bd4159abadc4985b8f019337f2d7eba10b2f3

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                  Filesize

                                                                  9KB

                                                                  MD5

                                                                  29a7a43e95790c859bde886923730518

                                                                  SHA1

                                                                  399d89d95a1fcdf405810b121bb7f2dfc81525fb

                                                                  SHA256

                                                                  71ab06e1051c965c894901ef59f2bd2a50374f18add08c467bfe7a210a5c1ef0

                                                                  SHA512

                                                                  820fdaf9214b174cdad57538aa0d3a0e90b9562f617f194cb8f62384d3bbf7b91d134d1f0f9da086b7b92013f78cb0399be11b0be112a9c9d3349e1169dfc1d3

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                  Filesize

                                                                  9KB

                                                                  MD5

                                                                  2c03e7a3be918ad34034202a1ccd447e

                                                                  SHA1

                                                                  84a91d8a853e8b037a65c90a57ffb0568223fd75

                                                                  SHA256

                                                                  de78ebd589bde9279f3e1092049049b91c80a0bef0d0995d5f5b1e9082235911

                                                                  SHA512

                                                                  58970a098a575fce628c05fee4b7090f94f71648acd1175ceb1f81be0b3136e76f8735c62308e3d4dda3a9daff67de41f5d41813c3504f58d300d369b404d556

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                  Filesize

                                                                  10KB

                                                                  MD5

                                                                  b1eb52652a934558e468a44cf351dee1

                                                                  SHA1

                                                                  e84774a11da5c05e69446cb09042a8297fec2742

                                                                  SHA256

                                                                  ea04fee2013704457085c2d4ee176f89002604955e1414139b27842ae0ff267e

                                                                  SHA512

                                                                  db8c417ab6362dd8eb9990a034dfb893f1f63e555c76fe3af9fe8418c80398e1c55e02248b7f8a3f9778be9ac33ed744e2c9941f91c9980709fbc7eb4129d121

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                  Filesize

                                                                  11KB

                                                                  MD5

                                                                  ccec00934c5adc2a262e0ada2a3f10cc

                                                                  SHA1

                                                                  934622a0a2e386d55aa65dd278743a049b93cb7b

                                                                  SHA256

                                                                  65594463b314498ac1afeadc28e4b9648cb3eaa3ce376ac194734d15afcd1c62

                                                                  SHA512

                                                                  f793f340d95a9370403cddde15c61e6dd76a4e8820471f9b5c40ef1563197292f79232264fbf3777ef0fc2c0f9fc4621ca05a5358167dd4b3a9dc2696e2b7766

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                  Filesize

                                                                  5KB

                                                                  MD5

                                                                  bc481636604cbdb437caf5fec7622c62

                                                                  SHA1

                                                                  13bd57f4714b2609c0869e1e04e8bb5b219fa859

                                                                  SHA256

                                                                  69dc3dbaf5a1f62e2fd3e9da7ec9ce58d100a9443fe4f0a85d7c788b4ef8e299

                                                                  SHA512

                                                                  befa3f35cfdef92f345d201c4efadf2771cacd605ff4d0add6e3c6fead7f2a68aceaa4f7ac6d287958057c454abe8d22ac2ad56218023fd5aac02a4f707e07fc

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
                                                                  Filesize

                                                                  72B

                                                                  MD5

                                                                  7aa69c5b281d5654cc00db9a642e115d

                                                                  SHA1

                                                                  81a3e9a6682f1808d4f5e7eb7d5e9e98e0893058

                                                                  SHA256

                                                                  a6b09418d2d749828fa7bda99c7a4fed25e7d9520d60feb00b6d07675875ae6c

                                                                  SHA512

                                                                  27ae447164622f58b302cc04b9a27d6e84aedd230871e060d64c5ddbfea41879909b3a66825bfe6eea2b4536d8166eb8e25acb868f4900fe0275a8610f92a8b9

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe582517.TMP
                                                                  Filesize

                                                                  48B

                                                                  MD5

                                                                  40589b5ff1b31399d0bed0e97e8753a8

                                                                  SHA1

                                                                  00da7001d3702bf8e4fa6e9e1071aacddbda97bc

                                                                  SHA256

                                                                  eaf662527a3d9b3aa5a553b79a19492fdfb68077031125b1332081beecc682ea

                                                                  SHA512

                                                                  2ac9163fb17aab138ee7b97b63aedb58024de9a1e42750a1818701dc876a03ac7f8d05bc11bb0fcb5a397a26de3888954ee9f3672a0983909c1e6496b384b1bc

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                  Filesize

                                                                  1KB

                                                                  MD5

                                                                  61e9e8907c1e3ad9d64b8a460e6a31c6

                                                                  SHA1

                                                                  244d71b0f8f4df7be0d360c8e0e199025d302cf8

                                                                  SHA256

                                                                  b435e1711ab859695729c25a505b31e8d97352e2ab1710e7a8b9026cdbc12ac8

                                                                  SHA512

                                                                  85027f49af6e03a26ef5c9d4312db500c033239b9bef5867d1b5f88b9960c950556398cc875be190bb1342aea6f2c70ded1c1866cadc54e5108f50bde0c10d72

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                  Filesize

                                                                  3KB

                                                                  MD5

                                                                  adb354998b9de8dd6377ef5c9ef45631

                                                                  SHA1

                                                                  f09348ff6ada60cb17fe685daa7c2f4b2b6af875

                                                                  SHA256

                                                                  43323b25e8e34802ed17bfc0a65075dd81dc56bb67173094eda17ff384587ea4

                                                                  SHA512

                                                                  c319d7d79b184b57fe94a64806715ee04456e51d2cf6e196af876771e693f9784dcdae72ffdac2dda3e0738b82deb30390c6558bac9820ec7b4c7a2be8560cc2

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                  Filesize

                                                                  1KB

                                                                  MD5

                                                                  45045e5f7c7c233ea99f676b5e3f6553

                                                                  SHA1

                                                                  107f97891dc047d761b0968394fcebd0d8e52a60

                                                                  SHA256

                                                                  74f35301aee2b7110415ed82ae69b38ad6e24eb99a7de9f5aed0d3b4c4301e2b

                                                                  SHA512

                                                                  ce45d58f5fae62628b54ab1b180a1235683437aabc6904cd2c6bf6426468b120f478a67aeb7cdf74bf032ea5635b2841df4c7ed21d28c89403c97909b94bf8e1

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d244.TMP
                                                                  Filesize

                                                                  1KB

                                                                  MD5

                                                                  e2b1ce5415382c28dc3db90aeb419f8c

                                                                  SHA1

                                                                  a1279709ace4f33c90dfd2bb84fc38bd8020f1e0

                                                                  SHA256

                                                                  9d62ac5439668a0f2209274307fa55941e19067e874e517cbfe3e617429a459a

                                                                  SHA512

                                                                  c76c9c4528a26ceb000dbb16301800bd77ccf2e501517abea496ff82695afae7f0240a041e0d5b5e32ed13ba547acac90ec39109aa8e18a0b7cef6371c46e00e

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                  Filesize

                                                                  16B

                                                                  MD5

                                                                  206702161f94c5cd39fadd03f4014d98

                                                                  SHA1

                                                                  bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                                  SHA256

                                                                  1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                                  SHA512

                                                                  0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                  Filesize

                                                                  16B

                                                                  MD5

                                                                  46295cac801e5d4857d09837238a6394

                                                                  SHA1

                                                                  44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                  SHA256

                                                                  0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                  SHA512

                                                                  8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                  Filesize

                                                                  11KB

                                                                  MD5

                                                                  7f220bc96039f52b8b804f21655817f2

                                                                  SHA1

                                                                  ca4f62b40345f227440a1493ee0590a6a8594d9c

                                                                  SHA256

                                                                  2f9b48607a4fe17981f2a92cb9e9f1d499f6f126d9056a5efbf2459fdc1d3905

                                                                  SHA512

                                                                  c66421ee6922c475c6daf86b6fa764bbaa72b549cc78b49a37290ce4d69253d90084e032b3cdfd9ee5805b05979af47ba76751edf7bc7974d879b78fe1039692

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                  Filesize

                                                                  10KB

                                                                  MD5

                                                                  87b32910bb84ad3e181d6fea0a6afc66

                                                                  SHA1

                                                                  b8179e3dd021dc7476ee82d607bd4e8f1337c650

                                                                  SHA256

                                                                  0324c43940094e0583f6b88eef3aefff9ab8a0a0f41b7469938503889c8aede6

                                                                  SHA512

                                                                  983ad0ee839b89643cd7b23b880b19408b41108595182c8ae77511213ab8f990986de620a0bd19b5797b539afd47579c761ac36551f166ff91d0d907becbf34f

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                  Filesize

                                                                  11KB

                                                                  MD5

                                                                  8f22ad3569da705447caa4c200083bc5

                                                                  SHA1

                                                                  585d886cc88e620485142424306da4a9bf113710

                                                                  SHA256

                                                                  cbca642656b5c3271708908c338b5281cc248b693b68a3770993bfc240c75d02

                                                                  SHA512

                                                                  75f5daeb1e36482197686937dc8199794366b3b5ca019161b62900b2a8ac05c10b7ddf697be30f8f19eafab88915cf36794eb7cbd2e3e6cf0df114b787e12a09

                                                                  Download Submit

                                                                • C:\Users\Admin\Downloads\[1.1.0]-Aрр-UNC-x64.zip
                                                                  Filesize

                                                                  25.2MB

                                                                  MD5

                                                                  64ce57bc90647558771d193e6400cdec

                                                                  SHA1

                                                                  d5e3bb4b27a87c9a5592d52b35cb4f76ccd760d8

                                                                  SHA256

                                                                  e067fdedf390e6c321e63775d5d1ee17504a3ccbd704f2cf0381f3682bcbce7b

                                                                  SHA512

                                                                  d63d95b575d36d2621cff0ebe017e5e43d6b1c77fedadd824c0ace8036c33a51e168f4b300a1b021df8cd565f0505c5e9c37d535b225adfc3077c2c7e0ae4b49

                                                                  Download Submit

                                                                • memory/8-518-0x0000000000400000-0x0000000000A60000-memory.dmp

                                                                  Filesize

                                                                  6.4MB

                                                                  Download

                                                                • memory/5800-489-0x0000000000400000-0x0000000000A60000-memory.dmp

                                                                  Filesize

                                                                  6.4MB

                                                                  Download

                                                                • memory/5800-486-0x0000000000BE0000-0x0000000000C35000-memory.dmp

                                                                  Filesize

                                                                  340KB

                                                                  Download

                                                                • memory/5800-481-0x0000000000400000-0x0000000000A60000-memory.dmp

                                                                  Filesize

                                                                  6.4MB

                                                                  Download

                                                                • memory/5868-502-0x0000000002400000-0x0000000002455000-memory.dmp

                                                                  Filesize

                                                                  340KB

                                                                  Download

                                                                • memory/5868-490-0x0000000000400000-0x0000000000A60000-memory.dmp

                                                                  Filesize

                                                                  6.4MB

                                                                  Download